Re: [gentoo-portage-dev] [PATCH] sync-rsync-openpgp-key-path -> generic sync-openpgp-key-path - gentoo-portage-dev

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-portage-dev@l.g.o
Subject:	Re: [gentoo-portage-dev] [PATCH] sync-rsync-openpgp-key-path -> generic sync-openpgp-key-path
Date:	Tue, 30 Jan 2018 19:40:54
Message-Id:	`1517341248.20159.6.camel@gentoo.org`
In Reply to:	Re: [gentoo-portage-dev] [PATCH] sync-rsync-openpgp-key-path -> generic sync-openpgp-key-path by Zac Medico

1

W dniu wto, 30.01.2018 o godzinie 11∶37 -0800, użytkownik Zac Medico

2

napisał:

3

> On 01/30/2018 10:56 AM, Michał Górny wrote:

4

> > W dniu wto, 30.01.2018 o godzinie 09∶32 -0800, użytkownik Zac Medico

5

> > napisał:

6

> > > On 01/30/2018 08:59 AM, Michał Górny wrote:

7

> > > > Rename the 'sync-rsync-openpgp-key-path' to a more generic

8

> > > > 'sync-openpgp-key-path'. OpenPGP is the basis of at least three

9

> > > > different verification schemes (git, rsync, snapshots) and at least

10

> > > > two of them use the same keys.

11

> > > > ---

12

> > > >  cnf/repos.conf                             | 2 +-

13

> > > >  man/portage.5                              | 9 +++++----

14

> > > >  pym/portage/repository/config.py           | 4 ++++

15

> > > >  pym/portage/sync/modules/rsync/__init__.py | 1 -

16

> > > >  pym/portage/sync/modules/rsync/rsync.py    | 8 ++------

17

> > > >  5 files changed, 12 insertions(+), 12 deletions(-)

18

> > > >

19

> > > > diff --git a/cnf/repos.conf b/cnf/repos.conf

20

> > > > index 0d2b1f4be..4a40ff4fc 100644

21

> > > > --- a/cnf/repos.conf

22

> > > > +++ b/cnf/repos.conf

23

> > > > @@ -7,7 +7,7 @@ sync-type = rsync

24

> > > >  sync-uri = rsync://rsync.gentoo.org/gentoo-portage

25

> > > >  auto-sync = yes

26

> > > >  sync-rsync-verify-metamanifest = yes

27

> > > > -sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg

28

> > > > +sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg

29

> > > >

30

> > > >  # for daily squashfs snapshots

31

> > > >  #sync-type = squashdelta

32

> > > > diff --git a/man/portage.5 b/man/portage.5

33

> > > > index 84999bd2f..1f6259715 100644

34

> > > > --- a/man/portage.5

35

> > > > +++ b/man/portage.5

36

> > > > @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes

37

> > > >  precedence over a declaration in [DEFAULT] section, that takes

38

> > > >  precedence over PORTAGE_RSYNC_EXTRA_OPTS.

39

> > > >  .TP

40

> > > > -.B sync\-rsync\-openpgp\-key\-path

41

> > > > -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only

42

> > > > -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset,

43

> > > > -the user's keyring is used.

44

> > > > +.B sync\-openpgp\-key\-path

45

> > > > +Path to the OpenPGP key(ring) used to verify received repository. Used

46

> > > > +only for protocols supporting cryptographic verification, provided

47

> > > > +that the respective verification option is enabled. If unset, the user's

48

> > > > +keyring is used.

49

> > > >  .TP

50

> > > >  .B sync-rsync-vcs-ignore = true|false

51

> > > >  Ignore vcs directories that may be present in the repository. It is the

52

> > > > diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py

53

> > > > index be31ed3b1..d3a622f7c 100644

54

> > > > --- a/pym/portage/repository/config.py

55

> > > > +++ b/pym/portage/repository/config.py

56

> > > > @@ -86,6 +86,7 @@ class RepoConfig(object):

57

> > > >  		'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest',

58

> > > >  		'update_changelog', '_eapis_banned', '_eapis_deprecated',

59

> > > >  		'_masters_orig', 'module_specific_options', 'manifest_required_hashes',

60

> > > > +		'openpgp_key_path',

61

> > > >  		)

62

> > > >

63

> > > >  	def __init__(self, name, repo_opts, local_config=True):

64

> > > > @@ -182,6 +183,9 @@ class RepoConfig(object):

65

> > > >  		self.strict_misc_digests = repo_opts.get(

66

> > > >  			'strict-misc-digests', 'true').lower() == 'true'

67

> > > >

68

> > > > +		self.openpgp_key_path = repo_opts.get(

69

> > > > +			'sync-openpgp-key-path', None)

70

> > > > +

71

> > > >  		self.module_specific_options = {}

72

> > > >

73

> > > >  		# Not implemented.

74

> > > > diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py

75

> > > > index 14af2120c..27a2548c0 100644

76

> > > > --- a/pym/portage/sync/modules/rsync/__init__.py

77

> > > > +++ b/pym/portage/sync/modules/rsync/__init__.py

78

> > > > @@ -27,7 +27,6 @@ module_spec = {

79

> > > >  			'validate_config': CheckSyncConfig,

80

> > > >  			'module_specific_options': (

81

> > > >  				'sync-rsync-extra-opts',

82

> > > > -				'sync-rsync-openpgp-key-path',

83

> > > >  				'sync-rsync-vcs-ignore',

84

> > > >  				'sync-rsync-verify-jobs',

85

> > > >  				'sync-rsync-verify-metamanifest',

86

> > > > diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py

87

> > > > index 552ac6f6b..d9d7d56f2 100644

88

> > > > --- a/pym/portage/sync/modules/rsync/rsync.py

89

> > > > +++ b/pym/portage/sync/modules/rsync/rsync.py

90

> > > > @@ -87,10 +87,6 @@ class RsyncSync(NewBase):

91

> > > >  		self.verify_metamanifest = (

92

> > > >  				self.repo.module_specific_options.get(

93

> > > >  					'sync-rsync-verify-metamanifest', False))

94

> > > > -		# Default to gentoo-keys keyring.

95

> > > > -		self.openpgp_key_path = (

96

> > > > -				self.repo.module_specific_options.get(

97

> > > > -					'sync-rsync-openpgp-key-path', None))

98

> > > >  		# Support overriding job count.

99

> > > >  		self.verify_jobs = self.repo.module_specific_options.get(

100

> > > >  				'sync-rsync-verify-jobs', None)

101

> > > > @@ -276,8 +272,8 @@ class RsyncSync(NewBase):

102

> > > >  		# if synced successfully, verify now

103

> > > >  		if exitcode == 0 and self.verify_metamanifest:

104

> > > >  			command = ['gemato', 'verify', '-s', self.repo.location]

105

> > > > -			if self.openpgp_key_path is not None:

106

> > > > -				command += ['-K', self.openpgp_key_path]

107

> > > > +			if self.repo.openpgp_key_path is not None:

108

> > > > +				command += ['-K', self.repo.openpgp_key_path]

109

> > > >  			if self.verify_jobs is not None:

110

> > > >  				command += ['-j', self.verify_jobs]

111

> > > >  			exitcode = portage.process.spawn(command, **self.spawn_kwargs)

112

> > > >

113

> > >

114

> > > Unless we update this patch to retain backward compatibility with

115

> > > sync-rsync-openpgp-key-path in portage-2.3.21, we'll need a to have a

116

> > > portage-2.3.22 release soon.

117

> >

118

> > Yes. We need it anyway because the boolean parsing in sync-rsync-verify-

119

> > metamanifest is broken ;-F.

120

>

121

> Okay, the patch looks good. Please merge.

122

123

All three merged, thanks! Please let me know if directory check also

124

looks good, or if you prefer to do it post-release.

125

126

--

127

Best regards,

128

Michał Górny

Gentoo Archives: gentoo-portage-dev

Replies

1	W dniu wto, 30.01.2018 o godzinie 11∶37 -0800, użytkownik Zac Medico
2	napisał:
3	> On 01/30/2018 10:56 AM, Michał Górny wrote:
4	> > W dniu wto, 30.01.2018 o godzinie 09∶32 -0800, użytkownik Zac Medico
5	> > napisał:
6	> > > On 01/30/2018 08:59 AM, Michał Górny wrote:
7	> > > > Rename the 'sync-rsync-openpgp-key-path' to a more generic
8	> > > > 'sync-openpgp-key-path'. OpenPGP is the basis of at least three
9	> > > > different verification schemes (git, rsync, snapshots) and at least
10	> > > > two of them use the same keys.
11	> > > > ---
12	> > > > cnf/repos.conf \| 2 +-
13	> > > > man/portage.5 \| 9 +++++----
14	> > > > pym/portage/repository/config.py \| 4 ++++
15	> > > > pym/portage/sync/modules/rsync/__init__.py \| 1 -
16	> > > > pym/portage/sync/modules/rsync/rsync.py \| 8 ++------
17	> > > > 5 files changed, 12 insertions(+), 12 deletions(-)
18	> > > >
19	> > > > diff --git a/cnf/repos.conf b/cnf/repos.conf
20	> > > > index 0d2b1f4be..4a40ff4fc 100644
21	> > > > --- a/cnf/repos.conf
22	> > > > +++ b/cnf/repos.conf
23	> > > > @@ -7,7 +7,7 @@ sync-type = rsync
24	> > > > sync-uri = rsync://rsync.gentoo.org/gentoo-portage
25	> > > > auto-sync = yes
26	> > > > sync-rsync-verify-metamanifest = yes
27	> > > > -sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
28	> > > > +sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
29	> > > >
30	> > > > # for daily squashfs snapshots
31	> > > > #sync-type = squashdelta
32	> > > > diff --git a/man/portage.5 b/man/portage.5
33	> > > > index 84999bd2f..1f6259715 100644
34	> > > > --- a/man/portage.5
35	> > > > +++ b/man/portage.5
36	> > > > @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes
37	> > > > precedence over a declaration in [DEFAULT] section, that takes
38	> > > > precedence over PORTAGE_RSYNC_EXTRA_OPTS.
39	> > > > .TP
40	> > > > -.B sync\-rsync\-openpgp\-key\-path
41	> > > > -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only
42	> > > > -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset,
43	> > > > -the user's keyring is used.
44	> > > > +.B sync\-openpgp\-key\-path
45	> > > > +Path to the OpenPGP key(ring) used to verify received repository. Used
46	> > > > +only for protocols supporting cryptographic verification, provided
47	> > > > +that the respective verification option is enabled. If unset, the user's
48	> > > > +keyring is used.
49	> > > > .TP
50	> > > > .B sync-rsync-vcs-ignore = true\|false
51	> > > > Ignore vcs directories that may be present in the repository. It is the
52	> > > > diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py
53	> > > > index be31ed3b1..d3a622f7c 100644
54	> > > > --- a/pym/portage/repository/config.py
55	> > > > +++ b/pym/portage/repository/config.py
56	> > > > @@ -86,6 +86,7 @@ class RepoConfig(object):
57	> > > > 'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest',
58	> > > > 'update_changelog', '_eapis_banned', '_eapis_deprecated',
59	> > > > '_masters_orig', 'module_specific_options', 'manifest_required_hashes',
60	> > > > + 'openpgp_key_path',
61	> > > > )
62	> > > >
63	> > > > def __init__(self, name, repo_opts, local_config=True):
64	> > > > @@ -182,6 +183,9 @@ class RepoConfig(object):
65	> > > > self.strict_misc_digests = repo_opts.get(
66	> > > > 'strict-misc-digests', 'true').lower() == 'true'
67	> > > >
68	> > > > + self.openpgp_key_path = repo_opts.get(
69	> > > > + 'sync-openpgp-key-path', None)
70	> > > > +
71	> > > > self.module_specific_options = {}
72	> > > >
73	> > > > # Not implemented.
74	> > > > diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py
75	> > > > index 14af2120c..27a2548c0 100644
76	> > > > --- a/pym/portage/sync/modules/rsync/__init__.py
77	> > > > +++ b/pym/portage/sync/modules/rsync/__init__.py
78	> > > > @@ -27,7 +27,6 @@ module_spec = {
79	> > > > 'validate_config': CheckSyncConfig,
80	> > > > 'module_specific_options': (
81	> > > > 'sync-rsync-extra-opts',
82	> > > > - 'sync-rsync-openpgp-key-path',
83	> > > > 'sync-rsync-vcs-ignore',
84	> > > > 'sync-rsync-verify-jobs',
85	> > > > 'sync-rsync-verify-metamanifest',
86	> > > > diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py
87	> > > > index 552ac6f6b..d9d7d56f2 100644
88	> > > > --- a/pym/portage/sync/modules/rsync/rsync.py
89	> > > > +++ b/pym/portage/sync/modules/rsync/rsync.py
90	> > > > @@ -87,10 +87,6 @@ class RsyncSync(NewBase):
91	> > > > self.verify_metamanifest = (
92	> > > > self.repo.module_specific_options.get(
93	> > > > 'sync-rsync-verify-metamanifest', False))
94	> > > > - # Default to gentoo-keys keyring.
95	> > > > - self.openpgp_key_path = (
96	> > > > - self.repo.module_specific_options.get(
97	> > > > - 'sync-rsync-openpgp-key-path', None))
98	> > > > # Support overriding job count.
99	> > > > self.verify_jobs = self.repo.module_specific_options.get(
100	> > > > 'sync-rsync-verify-jobs', None)
101	> > > > @@ -276,8 +272,8 @@ class RsyncSync(NewBase):
102	> > > > # if synced successfully, verify now
103	> > > > if exitcode == 0 and self.verify_metamanifest:
104	> > > > command = ['gemato', 'verify', '-s', self.repo.location]
105	> > > > - if self.openpgp_key_path is not None:
106	> > > > - command += ['-K', self.openpgp_key_path]
107	> > > > + if self.repo.openpgp_key_path is not None:
108	> > > > + command += ['-K', self.repo.openpgp_key_path]
109	> > > > if self.verify_jobs is not None:
110	> > > > command += ['-j', self.verify_jobs]
111	> > > > exitcode = portage.process.spawn(command, **self.spawn_kwargs)
112	> > > >
113	> > >
114	> > > Unless we update this patch to retain backward compatibility with
115	> > > sync-rsync-openpgp-key-path in portage-2.3.21, we'll need a to have a
116	> > > portage-2.3.22 release soon.
117	> >
118	> > Yes. We need it anyway because the boolean parsing in sync-rsync-verify-
119	> > metamanifest is broken ;-F.
120	>
121	> Okay, the patch looks good. Please merge.
122
123	All three merged, thanks! Please let me know if directory check also
124	looks good, or if you prefer to do it post-release.
125
126	--
127	Best regards,
128	Michał Górny