public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] proj/portage:master commit in: lib/portage/tests/resolver/, lib/portage/dbapi/, lib/portage/
@ 2022-02-09 10:40 Sam James
  0 siblings, 0 replies; only message in thread
From: Sam James @ 2022-02-09 10:40 UTC (permalink / raw
  To: gentoo-commits

commit:     ad7882a1cba4cedf6288abeff0fd2b8052b5302a
Author:     Sheng Yu <syu.os <AT> protonmail <DOT> com>
AuthorDate: Wed Feb  2 11:54:18 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb  9 10:40:35 2022 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=ad7882a1

Ignore all XPAK when "binpkg-request-signature" enabled.

XPAK format does not support signature and should be avoided when
mandatory signature is expected.

Signed-off-by: Sheng Yu <syu.os <AT> protonmail.com>
Closes: https://github.com/gentoo/portage/pull/785
Signed-off-by: Sam James <sam <AT> gentoo.org>

 lib/portage/dbapi/bintree.py                     | 83 +++++++++++++++++++++++-
 lib/portage/exception.py                         |  8 +--
 lib/portage/tests/resolver/ResolverPlayground.py |  7 +-
 3 files changed, 90 insertions(+), 8 deletions(-)

diff --git a/lib/portage/dbapi/bintree.py b/lib/portage/dbapi/bintree.py
index 8bfe5e97d..b441fff9a 100644
--- a/lib/portage/dbapi/bintree.py
+++ b/lib/portage/dbapi/bintree.py
@@ -42,8 +42,10 @@ from portage.exception import (
     ParseError,
     PortageException,
     PortagePackageException,
+    SignatureException,
 )
 from portage.localization import _
+from portage.output import colorize
 from portage.package.ebuild.profile_iuse import iter_iuse_vars
 from portage.util.file_copy import copyfile
 from portage.util.futures import asyncio
@@ -887,6 +889,14 @@ class binarytree:
         # the Packages file will not be needlessly re-written due to
         # missing digests.
         minimum_keys = self._pkgindex_keys.difference(self._pkgindex_hashes)
+
+        if "binpkg-request-signature" in self.settings.features:
+            gpkg_only = True
+        else:
+            gpkg_only = False
+
+        gpkg_only_warned = False
+
         if True:
             pkg_paths = {}
             self._pkg_paths = pkg_paths
@@ -911,6 +921,17 @@ class binarytree:
                 if not path:
                     binpkg_format = d["BINPKG_FORMAT"]
                     if binpkg_format == "xpak":
+                        if gpkg_only:
+                            if not gpkg_only_warned:
+                                writemsg(
+                                    colorize(
+                                        "WARN",
+                                        "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n",
+                                    ),
+                                    noiselevel=-1,
+                                )
+                                gpkg_only_warned = True
+                            continue
                         path = cpv + ".tbz2"
                     elif binpkg_format == "gpkg":
                         path = cpv + ".gpkg.tar"
@@ -944,6 +965,19 @@ class binarytree:
                         SUPPORTED_XPAK_EXTENSIONS + SUPPORTED_GPKG_EXTENSIONS
                     ):
                         continue
+
+                    if myfile.endswith(SUPPORTED_XPAK_EXTENSIONS) and gpkg_only:
+                        if not gpkg_only_warned:
+                            writemsg(
+                                colorize(
+                                    "WARN",
+                                    "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n",
+                                ),
+                                noiselevel=-1,
+                            )
+                            gpkg_only_warned = True
+                        continue
+
                     mypath = os.path.join(mydir, myfile)
                     full_path = os.path.join(self.pkgdir, mypath)
                     s = os.lstat(full_path)
@@ -1004,6 +1038,22 @@ class binarytree:
                     binpkg_format = None
                     if match:
                         binpkg_format = match.get("BINPKG_FORMAT", None)
+
+                    if gpkg_only:
+                        if binpkg_format != "gpkg":
+                            if not gpkg_only_warned:
+                                writemsg(
+                                    colorize(
+                                        "WARN",
+                                        "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n",
+                                    ),
+                                    noiselevel=-1,
+                                )
+                                gpkg_only_warned = True
+                            continue
+                        else:
+                            binpkg_format = "gpkg"
+
                     try:
                         pkg_metadata = self._read_metadata(
                             full_path,
@@ -1011,7 +1061,7 @@ class binarytree:
                             keys=chain(self.dbapi._aux_cache_keys, ("PF", "CATEGORY")),
                             binpkg_format=binpkg_format,
                         )
-                    except PortagePackageException as e:
+                    except (PortagePackageException, SignatureException) as e:
                         writemsg(
                             f"!!! Invalid binary package: '{full_path}', {e}\n",
                             noiselevel=-1,
@@ -1202,6 +1252,12 @@ class binarytree:
 
         self._remote_has_index = False
         self._remotepkgs = {}
+
+        if "binpkg-request-signature" in self.settings.features:
+            gpkg_only = True
+        else:
+            gpkg_only = False
+
         # Order by descending priority.
         for repo in reversed(list(self._binrepos_conf.values())):
             base_url = repo.sync_uri
@@ -1211,6 +1267,8 @@ class binarytree:
             user = None
             passwd = None
             user_passwd = ""
+            gpkg_only_warned = False
+
             if "@" in host:
                 user, host = host.split("@", 1)
                 user_passwd = user + "@"
@@ -1480,6 +1538,20 @@ class binarytree:
                     if self.dbapi.cpv_exists(cpv):
                         continue
 
+                    if gpkg_only:
+                        binpkg_format = d.get("BINPKG_FORMAT", "xpak")
+                        if binpkg_format != "gpkg":
+                            if not gpkg_only_warned:
+                                writemsg(
+                                    colorize(
+                                        "WARN",
+                                        f"Remote XPAK packages in '{remote_base_uri}' are ignored due to 'binpkg-request-signature'.\n",
+                                    ),
+                                    noiselevel=-1,
+                                )
+                                gpkg_only_warned = True
+                            continue
+
                     d["CPV"] = cpv
                     d["BASE_URI"] = remote_base_uri
                     d["PKGINDEX_URI"] = url
@@ -1542,7 +1614,14 @@ class binarytree:
             )
             return
 
-        metadata = self._read_metadata(full_path, s)
+        try:
+            metadata = self._read_metadata(full_path, s)
+        except (PortagePackageException, SignatureException) as e:
+            writemsg(
+                f"!!! Invalid binary package: '{full_path}', {e}\n",
+                noiselevel=-1,
+            )
+            return
         binpkg_format = metadata["BINPKG_FORMAT"]
 
         invalid_depend = False

diff --git a/lib/portage/exception.py b/lib/portage/exception.py
index 3df4ce8fd..ff40e463b 100644
--- a/lib/portage/exception.py
+++ b/lib/portage/exception.py
@@ -224,10 +224,6 @@ class UnsupportedAPIException(PortagePackageException):
         return _unicode_decode(msg, encoding=_encodings["content"], errors="replace")
 
 
-class GPGException(PortageException):
-    """GPG operation failed"""
-
-
 class SignatureException(PortageException):
     """Signature was not present in the checked file"""
 
@@ -236,6 +232,10 @@ class DigestException(SignatureException):
     """A problem exists in the digest"""
 
 
+class GPGException(SignatureException):
+    """GPG operation failed"""
+
+
 class MissingSignature(SignatureException):
     """Signature was not present in the checked file"""
 

diff --git a/lib/portage/tests/resolver/ResolverPlayground.py b/lib/portage/tests/resolver/ResolverPlayground.py
index fa8b0cc76..6805ca601 100644
--- a/lib/portage/tests/resolver/ResolverPlayground.py
+++ b/lib/portage/tests/resolver/ResolverPlayground.py
@@ -587,8 +587,7 @@ class ResolverPlayground:
             "CLEAN_DELAY": "0",
             "DISTDIR": self.distdir,
             "EMERGE_WARNING_DELAY": "0",
-            "FEATURES": "${FEATURES} binpkg-signing binpkg-request-signature "
-            "gpg-keepalive",
+            "FEATURES": "${FEATURES} binpkg-signing gpg-keepalive",
             "PKGDIR": self.pkgdir,
             "PORTAGE_INST_GID": str(portage.data.portage_gid),
             "PORTAGE_INST_UID": str(portage.data.portage_uid),
@@ -611,6 +610,10 @@ class ResolverPlayground:
 
         if "make.conf" in user_config:
             make_conf_lines.extend(user_config["make.conf"])
+            if "BINPKG_FORMAT=gpkg" in user_config["make.conf"]:
+                make_conf_lines.append(
+                    'FEATURES="${FEATURES} binpkg-request-signature"'
+                )
 
         if not portage.process.sandbox_capable or os.environ.get("SANDBOX_ON") == "1":
             # avoid problems from nested sandbox instances


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2022-02-09 10:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-09 10:40 [gentoo-commits] proj/portage:master commit in: lib/portage/tests/resolver/, lib/portage/dbapi/, lib/portage/ Sam James

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox