From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/portage:master commit in: bin/, /
Date: Mon, 1 May 2023 07:21:58 +0000 (UTC) [thread overview]
Message-ID: <1682925656.b5cd549e07f3d835cbe04e5b718cdd47d7ee69f5.sam@gentoo> (raw)
commit: b5cd549e07f3d835cbe04e5b718cdd47d7ee69f5
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 30 05:08:06 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon May 1 07:20:56 2023 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=b5cd549e
emerge-webrsync: tidy up 'webrsync-gpg' case
webrsync-gpg is actually two distinct cases:
1. A user has FEATURES="webrsync-gpg" in make.conf and is calling
'emerge-webrsync'. This is deprecated.
2. A user has 'sync-type=webrsync', is using emaint/emerge to sync,
and Portage is shelling out to emerge-webrsync. This is what
users are encouraged to do, but it currently uses the legacy
webrsync-gpg path.
For the benefit of case #2 and to clarify things, don't mention
FEATURES="webrsync-gpg" if the user hasn't set it - this is to avoid
users *starting to set it* because it sounds like something they may
want.
We also silence the (new) 'gpg legacy path' phrasing for now with
--quiet given this is expected with case #2.
Consolidate some logic while at it.
The next step is, of course, to shift everything to the gemato path.
Bug: https://bugs.gentoo.org/905358
Signed-off-by: Sam James <sam <AT> gentoo.org>
NEWS | 5 +++++
bin/emerge-webrsync | 26 +++++++++++++++-----------
2 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/NEWS b/NEWS
index 8932289ba..f0b500471 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,11 @@ portage-3.0.48 (UNRELEASED)
Bug fixes:
* fowners, fperms: Fix handling of relative pathnames (bug #905223).
+* emerge-webrsync: Be less alarmist when a user is syncing with Portage
+ (not calling emerge-webrsync directly) with sync-type='webrsync'. We
+ were emitting a misleading warning about the validation method in use
+ which might in fact encourage people to use the older method.
+
Cleanups:
* Convert printf-style %-formats into fstrings.
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index 8ef22cbe9..faf7bb752 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -109,21 +109,17 @@ do_debug=0
keep=false
handle_pgp_setup() {
- has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+ # WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification
+ # WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg
+ # WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg"
+ WEBRSYNC_VERIFY_SIGNATURE=1
- if [[ ${webrsync_gpg} -eq 1 ]]; then
- ewarn "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
- fi
+ has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
repo_has_webrsync_verify=$(
has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | LC_ALL=C tr '[:upper:]' '[:lower:]') true yes
)
- # WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification
- # WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg
- # WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg"
- WEBRSYNC_VERIFY_SIGNATURE=1
-
if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || [[ ${repo_has_webrsync_verify} -eq 1 ]]; then
# If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
# calls for backward compatibility (this triggers a deprecation warning
@@ -134,10 +130,18 @@ handle_pgp_setup() {
fi
WEBRSYNC_VERIFY_SIGNATURE=2
- elif has webrsync-gpg ${FEATURES}; then
+ elif [[ ${webrsync_gpg} -eq 1 ]] then
+ # We only warn if FEATURES="webrsync-gpg" is in make.conf, not if
+ # Portage is calling us for 'type=webrsync' with verification.
+ # TODO: Change the Portage path to fully use gemato and unify the lot.
+ ewarn "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
WEBRSYNC_VERIFY_SIGNATURE=2
elif [[ -n ${no_pgp_verify} ]]; then
WEBRSYNC_VERIFY_SIGNATURE=0
+ else
+ # The default at the beginning of handle_pgp_setup is WEBRSYNC_VERIFY_SIGNATURE=1
+ # i.e. gemato.
+ :;
fi
case "${WEBRSYNC_VERIFY_SIGNATURE}" in
@@ -148,7 +152,7 @@ handle_pgp_setup() {
[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "PGP verification method: gemato"
;;
2)
- ewarn "PGP verification method: legacy FEATURES=webrsync-gpg"
+ [[ ${PORTAGE_QUIET} -eq 1 ]] || ewarn "PGP verification method: legacy gpg path"
;;
*)
die "Unknown WEBRSYNC_VERIFY_SIGNATURE state: \${WEBRSYNC_VERIFY_SIGNATURE}=${WEBRSYNC_VERIFY_SIGNATURE}"
next reply other threads:[~2023-05-01 7:22 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-01 7:21 Sam James [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-01-15 21:49 [gentoo-commits] proj/portage:master commit in: bin/, / Zac Medico
2025-01-09 17:10 James Le Cuirot
2024-12-15 7:58 Ulrich Müller
2024-11-21 12:22 Ulrich Müller
2024-11-04 20:52 Zac Medico
2023-08-02 6:31 Sam James
2023-06-09 13:03 Sam James
2023-05-14 5:04 Ulrich Müller
2023-04-18 15:22 Ulrich Müller
2023-04-09 6:52 Sam James
2022-11-30 22:29 Sam James
2022-11-30 1:22 Sam James
2022-10-04 0:25 Sam James
2022-09-29 20:45 Sam James
2022-09-29 20:45 Sam James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1682925656.b5cd549e07f3d835cbe04e5b718cdd47d7ee69f5.sam@gentoo \
--to=sam@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox