* [gentoo-commits] proj/portage:master commit in: lib/portage/tests/resolver/, lib/portage/dbapi/, lib/portage/
@ 2022-02-09 10:40 Sam James
0 siblings, 0 replies; only message in thread
From: Sam James @ 2022-02-09 10:40 UTC (permalink / raw
To: gentoo-commits
commit: ad7882a1cba4cedf6288abeff0fd2b8052b5302a
Author: Sheng Yu <syu.os <AT> protonmail <DOT> com>
AuthorDate: Wed Feb 2 11:54:18 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 9 10:40:35 2022 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=ad7882a1
Ignore all XPAK when "binpkg-request-signature" enabled.
XPAK format does not support signature and should be avoided when
mandatory signature is expected.
Signed-off-by: Sheng Yu <syu.os <AT> protonmail.com>
Closes: https://github.com/gentoo/portage/pull/785
Signed-off-by: Sam James <sam <AT> gentoo.org>
lib/portage/dbapi/bintree.py | 83 +++++++++++++++++++++++-
lib/portage/exception.py | 8 +--
lib/portage/tests/resolver/ResolverPlayground.py | 7 +-
3 files changed, 90 insertions(+), 8 deletions(-)
diff --git a/lib/portage/dbapi/bintree.py b/lib/portage/dbapi/bintree.py
index 8bfe5e97d..b441fff9a 100644
--- a/lib/portage/dbapi/bintree.py
+++ b/lib/portage/dbapi/bintree.py
@@ -42,8 +42,10 @@ from portage.exception import (
ParseError,
PortageException,
PortagePackageException,
+ SignatureException,
)
from portage.localization import _
+from portage.output import colorize
from portage.package.ebuild.profile_iuse import iter_iuse_vars
from portage.util.file_copy import copyfile
from portage.util.futures import asyncio
@@ -887,6 +889,14 @@ class binarytree:
# the Packages file will not be needlessly re-written due to
# missing digests.
minimum_keys = self._pkgindex_keys.difference(self._pkgindex_hashes)
+
+ if "binpkg-request-signature" in self.settings.features:
+ gpkg_only = True
+ else:
+ gpkg_only = False
+
+ gpkg_only_warned = False
+
if True:
pkg_paths = {}
self._pkg_paths = pkg_paths
@@ -911,6 +921,17 @@ class binarytree:
if not path:
binpkg_format = d["BINPKG_FORMAT"]
if binpkg_format == "xpak":
+ if gpkg_only:
+ if not gpkg_only_warned:
+ writemsg(
+ colorize(
+ "WARN",
+ "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n",
+ ),
+ noiselevel=-1,
+ )
+ gpkg_only_warned = True
+ continue
path = cpv + ".tbz2"
elif binpkg_format == "gpkg":
path = cpv + ".gpkg.tar"
@@ -944,6 +965,19 @@ class binarytree:
SUPPORTED_XPAK_EXTENSIONS + SUPPORTED_GPKG_EXTENSIONS
):
continue
+
+ if myfile.endswith(SUPPORTED_XPAK_EXTENSIONS) and gpkg_only:
+ if not gpkg_only_warned:
+ writemsg(
+ colorize(
+ "WARN",
+ "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n",
+ ),
+ noiselevel=-1,
+ )
+ gpkg_only_warned = True
+ continue
+
mypath = os.path.join(mydir, myfile)
full_path = os.path.join(self.pkgdir, mypath)
s = os.lstat(full_path)
@@ -1004,6 +1038,22 @@ class binarytree:
binpkg_format = None
if match:
binpkg_format = match.get("BINPKG_FORMAT", None)
+
+ if gpkg_only:
+ if binpkg_format != "gpkg":
+ if not gpkg_only_warned:
+ writemsg(
+ colorize(
+ "WARN",
+ "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n",
+ ),
+ noiselevel=-1,
+ )
+ gpkg_only_warned = True
+ continue
+ else:
+ binpkg_format = "gpkg"
+
try:
pkg_metadata = self._read_metadata(
full_path,
@@ -1011,7 +1061,7 @@ class binarytree:
keys=chain(self.dbapi._aux_cache_keys, ("PF", "CATEGORY")),
binpkg_format=binpkg_format,
)
- except PortagePackageException as e:
+ except (PortagePackageException, SignatureException) as e:
writemsg(
f"!!! Invalid binary package: '{full_path}', {e}\n",
noiselevel=-1,
@@ -1202,6 +1252,12 @@ class binarytree:
self._remote_has_index = False
self._remotepkgs = {}
+
+ if "binpkg-request-signature" in self.settings.features:
+ gpkg_only = True
+ else:
+ gpkg_only = False
+
# Order by descending priority.
for repo in reversed(list(self._binrepos_conf.values())):
base_url = repo.sync_uri
@@ -1211,6 +1267,8 @@ class binarytree:
user = None
passwd = None
user_passwd = ""
+ gpkg_only_warned = False
+
if "@" in host:
user, host = host.split("@", 1)
user_passwd = user + "@"
@@ -1480,6 +1538,20 @@ class binarytree:
if self.dbapi.cpv_exists(cpv):
continue
+ if gpkg_only:
+ binpkg_format = d.get("BINPKG_FORMAT", "xpak")
+ if binpkg_format != "gpkg":
+ if not gpkg_only_warned:
+ writemsg(
+ colorize(
+ "WARN",
+ f"Remote XPAK packages in '{remote_base_uri}' are ignored due to 'binpkg-request-signature'.\n",
+ ),
+ noiselevel=-1,
+ )
+ gpkg_only_warned = True
+ continue
+
d["CPV"] = cpv
d["BASE_URI"] = remote_base_uri
d["PKGINDEX_URI"] = url
@@ -1542,7 +1614,14 @@ class binarytree:
)
return
- metadata = self._read_metadata(full_path, s)
+ try:
+ metadata = self._read_metadata(full_path, s)
+ except (PortagePackageException, SignatureException) as e:
+ writemsg(
+ f"!!! Invalid binary package: '{full_path}', {e}\n",
+ noiselevel=-1,
+ )
+ return
binpkg_format = metadata["BINPKG_FORMAT"]
invalid_depend = False
diff --git a/lib/portage/exception.py b/lib/portage/exception.py
index 3df4ce8fd..ff40e463b 100644
--- a/lib/portage/exception.py
+++ b/lib/portage/exception.py
@@ -224,10 +224,6 @@ class UnsupportedAPIException(PortagePackageException):
return _unicode_decode(msg, encoding=_encodings["content"], errors="replace")
-class GPGException(PortageException):
- """GPG operation failed"""
-
-
class SignatureException(PortageException):
"""Signature was not present in the checked file"""
@@ -236,6 +232,10 @@ class DigestException(SignatureException):
"""A problem exists in the digest"""
+class GPGException(SignatureException):
+ """GPG operation failed"""
+
+
class MissingSignature(SignatureException):
"""Signature was not present in the checked file"""
diff --git a/lib/portage/tests/resolver/ResolverPlayground.py b/lib/portage/tests/resolver/ResolverPlayground.py
index fa8b0cc76..6805ca601 100644
--- a/lib/portage/tests/resolver/ResolverPlayground.py
+++ b/lib/portage/tests/resolver/ResolverPlayground.py
@@ -587,8 +587,7 @@ class ResolverPlayground:
"CLEAN_DELAY": "0",
"DISTDIR": self.distdir,
"EMERGE_WARNING_DELAY": "0",
- "FEATURES": "${FEATURES} binpkg-signing binpkg-request-signature "
- "gpg-keepalive",
+ "FEATURES": "${FEATURES} binpkg-signing gpg-keepalive",
"PKGDIR": self.pkgdir,
"PORTAGE_INST_GID": str(portage.data.portage_gid),
"PORTAGE_INST_UID": str(portage.data.portage_uid),
@@ -611,6 +610,10 @@ class ResolverPlayground:
if "make.conf" in user_config:
make_conf_lines.extend(user_config["make.conf"])
+ if "BINPKG_FORMAT=gpkg" in user_config["make.conf"]:
+ make_conf_lines.append(
+ 'FEATURES="${FEATURES} binpkg-request-signature"'
+ )
if not portage.process.sandbox_capable or os.environ.get("SANDBOX_ON") == "1":
# avoid problems from nested sandbox instances
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-09 10:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-09 10:40 [gentoo-commits] proj/portage:master commit in: lib/portage/tests/resolver/, lib/portage/dbapi/, lib/portage/ Sam James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox