| 1 |
On 01/30/2018 10:56 AM, Michał Górny wrote: |
| 2 |
> W dniu wto, 30.01.2018 o godzinie 09∶32 -0800, użytkownik Zac Medico |
| 3 |
> napisał: |
| 4 |
>> On 01/30/2018 08:59 AM, Michał Górny wrote: |
| 5 |
>>> Rename the 'sync-rsync-openpgp-key-path' to a more generic |
| 6 |
>>> 'sync-openpgp-key-path'. OpenPGP is the basis of at least three |
| 7 |
>>> different verification schemes (git, rsync, snapshots) and at least |
| 8 |
>>> two of them use the same keys. |
| 9 |
>>> --- |
| 10 |
>>> cnf/repos.conf | 2 +- |
| 11 |
>>> man/portage.5 | 9 +++++---- |
| 12 |
>>> pym/portage/repository/config.py | 4 ++++ |
| 13 |
>>> pym/portage/sync/modules/rsync/__init__.py | 1 - |
| 14 |
>>> pym/portage/sync/modules/rsync/rsync.py | 8 ++------ |
| 15 |
>>> 5 files changed, 12 insertions(+), 12 deletions(-) |
| 16 |
>>> |
| 17 |
>>> diff --git a/cnf/repos.conf b/cnf/repos.conf |
| 18 |
>>> index 0d2b1f4be..4a40ff4fc 100644 |
| 19 |
>>> --- a/cnf/repos.conf |
| 20 |
>>> +++ b/cnf/repos.conf |
| 21 |
>>> @@ -7,7 +7,7 @@ sync-type = rsync |
| 22 |
>>> sync-uri = rsync://rsync.gentoo.org/gentoo-portage |
| 23 |
>>> auto-sync = yes |
| 24 |
>>> sync-rsync-verify-metamanifest = yes |
| 25 |
>>> -sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg |
| 26 |
>>> +sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg |
| 27 |
>>> |
| 28 |
>>> # for daily squashfs snapshots |
| 29 |
>>> #sync-type = squashdelta |
| 30 |
>>> diff --git a/man/portage.5 b/man/portage.5 |
| 31 |
>>> index 84999bd2f..1f6259715 100644 |
| 32 |
>>> --- a/man/portage.5 |
| 33 |
>>> +++ b/man/portage.5 |
| 34 |
>>> @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes |
| 35 |
>>> precedence over a declaration in [DEFAULT] section, that takes |
| 36 |
>>> precedence over PORTAGE_RSYNC_EXTRA_OPTS. |
| 37 |
>>> .TP |
| 38 |
>>> -.B sync\-rsync\-openpgp\-key\-path |
| 39 |
>>> -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only |
| 40 |
>>> -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset, |
| 41 |
>>> -the user's keyring is used. |
| 42 |
>>> +.B sync\-openpgp\-key\-path |
| 43 |
>>> +Path to the OpenPGP key(ring) used to verify received repository. Used |
| 44 |
>>> +only for protocols supporting cryptographic verification, provided |
| 45 |
>>> +that the respective verification option is enabled. If unset, the user's |
| 46 |
>>> +keyring is used. |
| 47 |
>>> .TP |
| 48 |
>>> .B sync-rsync-vcs-ignore = true|false |
| 49 |
>>> Ignore vcs directories that may be present in the repository. It is the |
| 50 |
>>> diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py |
| 51 |
>>> index be31ed3b1..d3a622f7c 100644 |
| 52 |
>>> --- a/pym/portage/repository/config.py |
| 53 |
>>> +++ b/pym/portage/repository/config.py |
| 54 |
>>> @@ -86,6 +86,7 @@ class RepoConfig(object): |
| 55 |
>>> 'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest', |
| 56 |
>>> 'update_changelog', '_eapis_banned', '_eapis_deprecated', |
| 57 |
>>> '_masters_orig', 'module_specific_options', 'manifest_required_hashes', |
| 58 |
>>> + 'openpgp_key_path', |
| 59 |
>>> ) |
| 60 |
>>> |
| 61 |
>>> def __init__(self, name, repo_opts, local_config=True): |
| 62 |
>>> @@ -182,6 +183,9 @@ class RepoConfig(object): |
| 63 |
>>> self.strict_misc_digests = repo_opts.get( |
| 64 |
>>> 'strict-misc-digests', 'true').lower() == 'true' |
| 65 |
>>> |
| 66 |
>>> + self.openpgp_key_path = repo_opts.get( |
| 67 |
>>> + 'sync-openpgp-key-path', None) |
| 68 |
>>> + |
| 69 |
>>> self.module_specific_options = {} |
| 70 |
>>> |
| 71 |
>>> # Not implemented. |
| 72 |
>>> diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py |
| 73 |
>>> index 14af2120c..27a2548c0 100644 |
| 74 |
>>> --- a/pym/portage/sync/modules/rsync/__init__.py |
| 75 |
>>> +++ b/pym/portage/sync/modules/rsync/__init__.py |
| 76 |
>>> @@ -27,7 +27,6 @@ module_spec = { |
| 77 |
>>> 'validate_config': CheckSyncConfig, |
| 78 |
>>> 'module_specific_options': ( |
| 79 |
>>> 'sync-rsync-extra-opts', |
| 80 |
>>> - 'sync-rsync-openpgp-key-path', |
| 81 |
>>> 'sync-rsync-vcs-ignore', |
| 82 |
>>> 'sync-rsync-verify-jobs', |
| 83 |
>>> 'sync-rsync-verify-metamanifest', |
| 84 |
>>> diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py |
| 85 |
>>> index 552ac6f6b..d9d7d56f2 100644 |
| 86 |
>>> --- a/pym/portage/sync/modules/rsync/rsync.py |
| 87 |
>>> +++ b/pym/portage/sync/modules/rsync/rsync.py |
| 88 |
>>> @@ -87,10 +87,6 @@ class RsyncSync(NewBase): |
| 89 |
>>> self.verify_metamanifest = ( |
| 90 |
>>> self.repo.module_specific_options.get( |
| 91 |
>>> 'sync-rsync-verify-metamanifest', False)) |
| 92 |
>>> - # Default to gentoo-keys keyring. |
| 93 |
>>> - self.openpgp_key_path = ( |
| 94 |
>>> - self.repo.module_specific_options.get( |
| 95 |
>>> - 'sync-rsync-openpgp-key-path', None)) |
| 96 |
>>> # Support overriding job count. |
| 97 |
>>> self.verify_jobs = self.repo.module_specific_options.get( |
| 98 |
>>> 'sync-rsync-verify-jobs', None) |
| 99 |
>>> @@ -276,8 +272,8 @@ class RsyncSync(NewBase): |
| 100 |
>>> # if synced successfully, verify now |
| 101 |
>>> if exitcode == 0 and self.verify_metamanifest: |
| 102 |
>>> command = ['gemato', 'verify', '-s', self.repo.location] |
| 103 |
>>> - if self.openpgp_key_path is not None: |
| 104 |
>>> - command += ['-K', self.openpgp_key_path] |
| 105 |
>>> + if self.repo.openpgp_key_path is not None: |
| 106 |
>>> + command += ['-K', self.repo.openpgp_key_path] |
| 107 |
>>> if self.verify_jobs is not None: |
| 108 |
>>> command += ['-j', self.verify_jobs] |
| 109 |
>>> exitcode = portage.process.spawn(command, **self.spawn_kwargs) |
| 110 |
>>> |
| 111 |
>> |
| 112 |
>> Unless we update this patch to retain backward compatibility with |
| 113 |
>> sync-rsync-openpgp-key-path in portage-2.3.21, we'll need a to have a |
| 114 |
>> portage-2.3.22 release soon. |
| 115 |
> |
| 116 |
> Yes. We need it anyway because the boolean parsing in sync-rsync-verify- |
| 117 |
> metamanifest is broken ;-F. |
| 118 |
|
| 119 |
Okay, the patch looks good. Please merge. |
| 120 |
-- |
| 121 |
Thanks, |
| 122 |
Zac |
Archives