[gentoo-commits] proj/portage:master commit in: bin/, /

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     04302e2d4d5fafd3ed2f2375473d6fe3a2a2faa8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 29 06:37:19 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep 29 20:45:39 2022 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=04302e2d

bin: ecompress: zstd: pass -j from MAKEOPTS for parallel compression

Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS          | 3 +++
 bin/ecompress | 1 +
 2 files changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index 8ed871e5d..67cb6a795 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,9 @@ Features:
 * bin: ecompress: xz: Pass -T N where N is the number of jobs from ${MAKEOPTS}
   to xz for parallel compression.
 
+* bin: ecompress: zstd: Pass -T N where N is the number of jobs from ${MAKEOPTS}
+  to zstd for parallel compression.
+
 Bug fixes:
 * emerge: Scheduler: Fix filenames for binpkgs in some cases - reuse existing
   filename and don't allocate a new one (bug #872392).

diff --git a/bin/ecompress b/bin/ecompress
index 57c518705..a77bb7e35 100755
--- a/bin/ecompress
+++ b/bin/ecompress
@@ -129,6 +129,7 @@ if [[ ${PORTAGE_COMPRESS_FLAGS+set} != "set" ]] ; then
 		# Setting '--rm' will remove the source files after a successful compression.
 		lz4)  PORTAGE_COMPRESS_FLAGS="-m --rm";;
 		xz)   PORTAGE_COMPRESS_FLAGS="-9 -T$(__makeopts_jobs)";;
+		zstd) PORTAGE_COMPRESS_FLAGS="-T$(__makeopts_jobs)";;
 	esac
 fi
 

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     ca3c952992ad71181ca8f30d03151c771ec7ae2c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 29 06:37:19 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep 29 20:45:39 2022 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=ca3c9529

bin: ecompress: zstd: set --rm --quiet in PORTAGE_COMPRESS_FLAGS

This is needed to act like other compressors.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS          | 3 +++
 bin/ecompress | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index dced9688a..6ca656008 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,9 @@ Bug fixes:
 * bin: ecompress: zstd: Recognize .zst as a compressed file suffix for the purposes
   of the internal compressed file collision check.
 
+* bin: ecompress: zstd: Set '-q --rm' in PORTAGE_COMPRESS_FLAGS to behave
+  like other compressors.
+
 portage-3.0.37 (2022-09-23)
 --------------
 

diff --git a/bin/ecompress b/bin/ecompress
index 7fb2b9c00..96a83e4b4 100755
--- a/bin/ecompress
+++ b/bin/ecompress
@@ -129,7 +129,7 @@ if [[ ${PORTAGE_COMPRESS_FLAGS+set} != "set" ]] ; then
 		# Setting '--rm' will remove the source files after a successful compression.
 		lz4)  PORTAGE_COMPRESS_FLAGS="-m --rm";;
 		xz)   PORTAGE_COMPRESS_FLAGS="-9 -T$(__makeopts_jobs)";;
-		zstd) PORTAGE_COMPRESS_FLAGS="-T$(__makeopts_jobs)";;
+		zstd) PORTAGE_COMPRESS_FLAGS="-q --rm -T$(__makeopts_jobs)";;
 	esac
 fi
 

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     f7714cf7b4572085c67e8c4f0470defcefb1e6ab
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  4 00:23:04 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct  4 00:24:39 2022 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=f7714cf7

ecompress: fix typo in ___makeopts_jobs

Bug: https://bugs.gentoo.org/874597
Fixes: 04302e2d4d5fafd3ed2f2375473d6fe3a2a2faa8
Fixes: 9ae3ec1af0071354db3bf57bc5cdec963b056e77
Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS          | 6 ++++++
 bin/ecompress | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 615de4313..28e8f97ca 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+portage-3.0.38.1 (2022-10-04)
+--------------
+
+Bug fixes:
+* ecompress: Fix typo in ___makeopts_jobs (bug #874597).
+
 portage-3.0.38 (2022-10-01)
 --------------
 

diff --git a/bin/ecompress b/bin/ecompress
index 3e4b77a45..977f8d7b4 100755
--- a/bin/ecompress
+++ b/bin/ecompress
@@ -128,8 +128,8 @@ if [[ ${PORTAGE_COMPRESS_FLAGS+set} != "set" ]] ; then
 		# See: https://bugs.gentoo.org/672916
 		# Setting '--rm' will remove the source files after a successful compression.
 		lz4)  PORTAGE_COMPRESS_FLAGS="-m --rm";;
-		xz)   PORTAGE_COMPRESS_FLAGS="-9 -T$(__makeopts_jobs)";;
-		zstd) PORTAGE_COMPRESS_FLAGS="-q --rm -T$(__makeopts_jobs)";;
+		xz)   PORTAGE_COMPRESS_FLAGS="-9 -T$(___makeopts_jobs)";;
+		zstd) PORTAGE_COMPRESS_FLAGS="-q --rm -T$(___makeopts_jobs)";;
 	esac
 fi
 

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     69cac73ba0a7bcf2e2cff88c60d389895a550623
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 30 01:09:12 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Nov 30 01:22:35 2022 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=69cac73b

ebuild.sh: disable patsub_replacement in Bash 5.2

patsub_replacement is a new option in bash-5.2 that is also default-on
in that release. The default value is not gated by BASH_COMPAT (see bug #881383),
hence we need to disable it for older Bashes to avoid behaviour changes in ebuilds
and eclasses.

Thanks to Kerin for both raising this & being persistent with trying
to get Bash 5.2 to be suitable for use in Gentoo.

Bug: https://bugs.gentoo.org/881383
Thanks-to: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS          |  5 +++++
 bin/ebuild.sh | 14 ++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/NEWS b/NEWS
index 9284ff81d..1aa8f3e24 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,11 @@ Features:
   scratch using a crossdev environment under /usr/${CHOST}.
 
 Bug fixes:
+* ebuild: Handle Bash 5.2's change in behavior which enables the shopt
+  'patsub_replacement' by default. This is needed to avoid breaking existing
+  working ebuilds. Future EAPIs will need to adjust the logic
+  added by this change. See bug #881383.
+
 * sync: Clobber repositories using sync-type=git to match rsync behavior. This
   helps with issues where git-synced repositories can become confused
   if the remote is a CDN and then starts to diverge, preventing further

diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index c1fbcf75a..dc8d205f9 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -18,6 +18,7 @@ source "${PORTAGE_BIN_PATH}/isolated-functions.sh" || exit 1
 # used instead.
 __check_bash_version() {
 	# Figure out which min version of bash we require.
+	# Adjust patsub_replacement logic below on new EAPI!
 	local maj min
 	if ___eapi_bash_3_2 ; then
 		maj=3 min=2
@@ -50,6 +51,19 @@ __check_bash_version() {
 	if ___eapi_bash_3_2 && [[ ${BASH_VERSINFO[0]} -gt 3 ]] ; then
 		shopt -s compat32
 	fi
+
+	# patsub_replacement is a new option in bash-5.2 that is also default-on
+	# in that release. The default value is not gated by BASH_COMPAT (see bug #881383),
+	# hence we need to disable it for older Bashes to avoid behaviour changes in ebuilds
+	# and eclasses.
+	#
+	# New EAPI note: a newer EAPI (after 8) may well adopt Bash 5.2 as its minimum version.
+	# If it does, this logic will need to be adjusted to only disable patsub_replacement
+	# for < ${new_api}!
+	if (( BASH_VERSINFO[0] >= 6 || ( BASH_VERSINFO[0] == 5 && BASH_VERSINFO[1] >= 2 ) )) ; then
+		shopt -u patsub_replacement
+	fi
+
 }
 __check_bash_version
 

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     669b3d757cd287e193c04f910b5ebc8b74ad35b7
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 30 11:24:49 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Nov 30 22:28:58 2022 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=669b3d75

Make EAPI 8 `--disable-static` logic libtool-specific

* The intention has always been to only target `configure` scripts that use
  libtool, not just any script with a `--disable-static*` option.

* libtool has been using the same `configure` format for at least
  the past 15 years (going back to libtool 1.5.22):

  1. shared and static libraries enabled (the main use case):
       --enable-shared[=PKGS]  build shared libraries [default=yes]
       --enable-static[=PKGS]  build static libraries [default=yes]

  2. shared libraries enabled and static libraries disabled:
       --enable-static[=PKGS]  build static libraries [default=no]
       --enable-shared[=PKGS]  build shared libraries [default=yes]

  3. shared libraries disabled and static libraries enabled:
       --enable-shared[=PKGS]  build shared libraries [default=no]
       --enable-static[=PKGS]  build static libraries [default=yes]

Bug: https://bugs.gentoo.org/814380
Signed-off-by: David Seifert <soap <AT> gentoo.org>
Closes: https://github.com/gentoo/portage/pull/936
Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS                 | 4 ++++
 bin/phase-helpers.sh | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 57d9c92ee..923b95a43 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,10 @@ Bug fixes:
 * env-update: Also generate PATH definition in systemd user environment file
   /etc/environment.d/10-gentoo-env.conf
 
+* --disable-static is only passed for libtool-enabled configure scripts in EAPI 8.
+  This avoids annoying warnings when a configure script has a flag such as
+  --disable-static_link that would then trigger a QA warning (bug #814380).
+
 portage-3.0.39 (2022-11-20)
 --------------
 

diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh
index 2217e5a0b..a0fe599fd 100644
--- a/bin/phase-helpers.sh
+++ b/bin/phase-helpers.sh
@@ -655,8 +655,8 @@ econf() {
 			fi
 
 			if ___eapi_econf_passes_--disable-static; then
-				if [[ ${conf_help} == *--disable-static* || \
-						${conf_help} == *--enable-static* ]]; then
+				if [[ ${conf_help} == *--enable-shared[^A-Za-z0-9+_.-]* &&
+						${conf_help} == *--enable-static[^A-Za-z0-9+_.-]* ]]; then
 					conf_args+=( --disable-static )
 				fi
 			fi

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     28cd240fb23d880b8641a058831c6762db71c3e2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 29 22:34:37 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Apr  9 06:51:35 2023 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=28cd240f

emerge-webrsync: support PGP verification via gemato

Introduce PGP verification of the webrsync snapshot tarballs
using app-portage/gemato - which is already a dependency of Portage
for verifying normal rsync.

This is the same method Portage uses (see below).

Technical changes before we dive into the rationale:
- Use gemato for PGP verification just like Portage does for
  sync-type=webrsync, sync-type=rsync (although that uses a metamanifest),
  and sync-type=git (although that uses gemato for gpg-wrap, so works differently).

- Use gentoo-functions automagically if available for better output
  functions.

- Be more verbose about verification and various other operations,
  while also respecting --quiet if passed for misc. existing & new
  messages.

- Make --verbose a no-op. There weren't enough output messages
  to justify three states (--quiet, normal, --verbose).

- Bail out more aggressively in the event of errors or "warnings".

- Use modern terminology for repository, etc (avoid overloading the
  "portage" term.)

- Allow disabling PGP verification with --no-pgp-verify.

Technically, the fix is very straightforward, but getting to
the fix was the slightly painful bit. What I've concluded
happened is:
- Portage starts getting reworked to gain proper sync module support;

- Someone gets the idea of implementing emerge-webrsync fully in Python
  as a Portage sync module (which is a not-unreasonable idea);

  [This ultimately hasn't gone anywhere, and in fact, while working on this
  bug, I ended up finding a bunch of typos that meant you couldn't even test it.
  But it's a stub anyway.]

- The idea of deprecating emerge-webrsync is floated around. The idea
  being Portage should call it via its new sync module with sync-type=webrsync.

  This is presumably with the ultimate goal of it transparently one day
  using the aforementioned (yet-non-existent) Python implementation as its
  backend, and not the shell script.

  [To this day, Portage's webrsync implementation shells out to the emerge-webrsync
  shell script, but it has the abstraction to switch that out, in theory.]

- At the time, PGP verification in general of the Gentoo
  repository is an active topic, especially now we'd migrated to git which makes
  it way easier, unlike CVS.

- A bug is filed for PGP verification in emerge-webrsync.

  People decide it doesn't matter too much, because Portage is going to
  Real Soon Now (TM) have its own backend (replacing the shell script) and/or
  Portage's sync module support obsoletes emerge-webrsync entirely.

  The idea here, I think, being that nobody should call emerge-webrsync and
  everyone should just call emerge (or emaint) to sync as appropriate.

  [This isn't a terrible idea in a sense, but it needs a better basis:
  we should probably make emerge-webrsync a wrapper which creates a temporary
  repo config to forcefully webrsync a repository if the user asks us to. This
  is what people expect from emerge-webrsync with the default sync-type=rsync
  in repos.conf for ::gentoo.

  I actually started implementing this before I realised that emerge was
  shelling out to emerge-webrsync, so have postponed it.]

- Then nothing happens with the "replacement" ideas and the good
  ol' trusty emerge-webrsync ends up with the same problems sitting
  there because nobody saw the point in working on it if it was to
  be replaced soon. But that didn't happen.

The fix overall for this is pretty small, but the commit is larger
than I'd like because I had to rework a few things to sensibly allow
disabling PGP verification as well as follow the flow.

(I did start splitting up this commit but ultimately it needs -w
for best review even without the output tweaks in this commit and
deconstructing this for atomic commits would end up being more brittle
as I couldn't be as confident in the result.)

Bug: https://bugs.gentoo.org/597800
Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS                |   5 +
 bin/emerge-webrsync | 363 ++++++++++++++++++++++++++++++++++------------------
 2 files changed, 240 insertions(+), 128 deletions(-)

diff --git a/NEWS b/NEWS
index 3dfaf2a09..4a41fc0c6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
 portage-3.0.47 (UNRELEASED)
 ---------------
 
+Security:
+* emerge-webrsync (the standalone tool) now verifies PGP signatures, see
+  bug #597800. Note that 'sync-type = webrsync' in repos.conf already
+  handled PGP verification when configured to do so (and it is by default).
+
 Features:
 * install-qa-check.d: 90gcc-warnings: Add additional code quality warnings:
   - -Wrestrict

diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index 4b982a1c1..43ac18f46 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -24,14 +24,49 @@
 # gpg --homedir /etc/portage/gnupg --edit-key ${KEY_ID} trust
 #
 
-# Only echo if in verbose mode
-vvecho() { [[ ${do_verbose} -eq 1 ]] && echo "$@" ; }
-# Only echo if not in verbose mode
-nvecho() { [[ ${do_verbose} -eq 0 ]] && echo "$@" ; }
-# warning echos
-wecho() { echo "${argv0##*/}: warning: $*" 1>&2 ; }
-# error echos
-eecho() { echo "${argv0##*/}: error: $*" 1>&2 ; }
+# Opportunistically use gentoo-functions for nicer output
+functions_script="${EPREFIX:-/}/lib/gentoo/functions.sh"
+source "${functions_script}" || {
+	echo "${argv0}: Could not source ${functions_script}!" 1>&2
+
+	ebegin() {
+		printf '%s*%s %s ... ' "${GOOD}" "${NORMAL}" "$*"
+	}
+
+	eend() {
+		local r=${1:-0}
+		shift
+		if [[ $r -eq 0 ]] ; then
+			printf '[ %sok%s ]\n' "${GOOD}" "${NORMAL}"
+		else
+			printf '%s [ %s!!%s ]\n' "$*" "${BAD}" "${NORMAL}"
+		fi
+		return "${r}"
+	}
+
+	einfo() {
+		echo "${argv0##*/}: $*"
+	}
+
+	ewarn() {
+		echo "${argv0##*/}: warning: $*" 1>&2
+	}
+
+	eerror() {
+		echo "${argv0##*/}: error: $*" 1>&2
+	}
+
+}
+
+# Only echo if in normal mode
+vvecho() { [[ ${PORTAGE_QUIET} != 1 ]] && echo "$@" ; }
+# Only echo if in quiet mode
+nvecho() { [[ ${PORTAGE_QUIET} == 1 ]] && echo "$@" ; }
+
+# Unfortunately, gentoo-functions doesn't yet have a die() (bug #878505)
+die() {
+	eerror "$@" && exit 1
+}
 
 argv0=$0
 
@@ -43,8 +78,7 @@ if [[ -x "${scriptpath%/*}/portageq" ]]; then
 elif type -P portageq > /dev/null ; then
 	portageq=portageq
 else
-	eecho "could not find 'portageq'; aborting"
-	exit 1
+	die "could not find 'portageq'; aborting"
 fi
 
 eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
@@ -60,54 +94,74 @@ source "${PORTAGE_BIN_PATH}"/isolated-functions.sh || exit 1
 repo_name=gentoo
 repo_location=$(__repo_attr "${repo_name}" location)
 if [[ -z ${repo_location} ]]; then
-	eecho "Repository '${repo_name}' not found"
-	exit 1
+	die "Repository '${repo_name}' not found"
 fi
 repo_sync_type=$(__repo_attr "${repo_name}" sync-type)
 
 # If PORTAGE_NICENESS is overriden via the env then it will
 # still pass through the portageq call and override properly.
 if [[ -n "${PORTAGE_NICENESS}" ]]; then
-	renice ${PORTAGE_NICENESS} $$ > /dev/null
+	renice "${PORTAGE_NICENESS}" $$ > /dev/null
 fi
 
-do_verbose=0
 do_debug=0
 keep=false
 
-has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+handle_pgp_setup() {
+	has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
 
-if [[ ${webrsync_gpg} -eq 1 ]]; then
-	wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
-fi
+	if [[ ${webrsync_gpg} -eq 1 ]]; then
+		ewarn "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
+	fi
 
-repo_has_webrsync_verify=$(
-	has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature	| LC_ALL=C tr '[:upper:]' '[:lower:]') true yes
-)
-
-if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || [[ ${repo_has_webrsync_verify} -eq 1 ]]; then
-	# If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
-	# calls for backward compatibility (this triggers a deprecation warning
-	# above). Since direct emerge-webrsync calls do not use gemato for secure
-	# key refresh, this behavior will not be supported in a future release.
-	if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) &&
-		-z ${PORTAGE_TEMP_GPG_DIR} ]]; then
-		eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
-		exit 1
+	repo_has_webrsync_verify=$(
+		has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature	| LC_ALL=C tr '[:upper:]' '[:lower:]') true yes
+	)
+
+	# WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification
+	# WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg
+	# WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg"
+	WEBRSYNC_VERIFY_SIGNATURE=1
+
+	if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || [[ ${repo_has_webrsync_verify} -eq 1 ]]; then
+		# If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
+		# calls for backward compatibility (this triggers a deprecation warning
+		# above). Since direct emerge-webrsync calls do not use gemato for secure
+		# key refresh, this behavior will not be supported in a future release.
+		if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) && -z ${PORTAGE_TEMP_GPG_DIR} ]]; then
+			die "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
+		fi
+
+		WEBRSYNC_VERIFY_SIGNATURE=2
+	elif has webrsync-gpg ${FEATURES}; then
+		WEBRSYNC_VERIFY_SIGNATURE=2
+	elif [[ -n ${no_pgp_verify} ]]; then
+		WEBRSYNC_VERIFY_SIGNATURE=0
 	fi
 
-	WEBSYNC_VERIFY_SIGNATURE=1
-elif has webrsync-gpg ${FEATURES}; then
-	WEBSYNC_VERIFY_SIGNATURE=1
-else
-	WEBSYNC_VERIFY_SIGNATURE=0
-fi
+	case "${WEBRSYNC_VERIFY_SIGNATURE}" in
+		0)
+			[[ ${PORTAGE_QUIET} -eq 1 ]] || ewarn "PGP verification method: disabled"
+			;;
+		1)
+			[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "PGP verification method: gemato"
+			;;
+		2)
+			ewarn "PGP verification method: legacy FEATURES=webrsync-gpg"
+			;;
+		*)
+			die "Unknown WEBRSYNC_VERIFY_SIGNATURE state: \${WEBRSYNC_VERIFY_SIGNATURE}=${WEBRSYNC_VERIFY_SIGNATURE}"
+			;;
+	esac
 
-[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
-if [[ ${WEBSYNC_VERIFY_SIGNATURE} != 0 && -z "${PORTAGE_GPG_DIR}" ]]; then
-	eecho "Please set PORTAGE_GPG_DIR in make.conf!"
-	exit 1
-fi
+	if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]]; then
+		PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
+	fi
+
+	if [[ ${WEBRSYNC_VERIFY_SIGNATURE} == 2 && -z "${PORTAGE_GPG_DIR}" ]]; then
+		die "Please set PORTAGE_GPG_DIR in make.conf!"
+	fi
+}
 
 do_tar() {
 	local file=$1
@@ -134,9 +188,9 @@ get_date_part() {
 	local part="$2"
 
 	if [[ ${USERLAND} == BSD ]] ; then
-		date -r ${utc_time_in_secs} -u +"${part}"
+		date -r "${utc_time_in_secs}" -u +"${part}"
 	else
-		date -d @${utc_time_in_secs} -u +"${part}"
+		date -d "@${utc_time_in_secs}" -u +"${part}"
 	fi
 }
 
@@ -152,7 +206,7 @@ get_utc_second_from_string() {
 	fi
 }
 
-get_portage_timestamp() {
+get_repository_timestamp() {
 	local portage_current_timestamp=0
 
 	if [[ -f "${repo_location}/metadata/timestamp.x" ]]; then
@@ -175,7 +229,7 @@ fetch_file() {
 		rm -f "${DISTDIR}/${FILE}"
 	fi
 
-	__vecho "Fetching file ${FILE} ..."
+	[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "Fetching file ${FILE} ..."
 	# Already set DISTDIR=
 	eval "${FETCHCOMMAND} ${opts}"
 
@@ -192,7 +246,7 @@ check_file_digest() {
 	local file="$2"
 	local r=1
 
-	__vecho "Checking digest ..."
+	[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "Checking digest ..."
 
 	if type -P md5sum > /dev/null; then
 		local md5sum_output=$(md5sum "${file}")
@@ -201,43 +255,85 @@ check_file_digest() {
 	elif type -P md5 > /dev/null; then
 		[[ "$(md5 -q "${file}")" == "$(cut -d ' ' -f 1 "${digest}")" ]] && r=0
 	else
-		eecho "cannot check digest: no suitable md5/md5sum binaries found"
+		die "cannot check digest: no suitable md5/md5sum binaries found"
 	fi
 
 	return "${r}"
 }
 
-check_file_signature() {
+check_file_signature_gemato() {
 	local signature="$1"
 	local file="$2"
 	local r=1
-	local gnupg_status line
 
-	if [[ ${WEBSYNC_VERIFY_SIGNATURE} != 0 ]]; then
-		__vecho "Checking signature ..."
+	if type -P gemato > /dev/null; then
+		local gemato_args=(
+			openpgp-verify-detached
+			-K /usr/share/openpgp-keys/gentoo-release.asc
+		)
 
-		if type -P gpg > /dev/null; then
-			if gnupg_status=$(gpg --homedir "${PORTAGE_GPG_DIR}" --batch \
-				--status-fd 1 --verify "${signature}" "${file}"); then
-				while read -r line; do
-					if [[ ${line} == "[GNUPG:] GOODSIG"* ]]; then
-						r=0
-						break
-					fi
-				done <<< "${gnupg_status}"
-			fi
+		[[ ${PORTAGE_QUIET} == 1 ]] && gemato_args+=( --quiet )
+		[[ ${do_debug} == 1 ]] && gemato_args+=( --debug )
 
-			if [[ ${r} -ne 0 ]]; then
-				# Exit early since it's typically inappropriate to
-				# try other mirrors in this case (it may indicate
-				# a keyring problem).
-				eecho "signature verification failed"
-				exit 1
-			fi
-		else
-			eecho "cannot check signature: gpg binary not found"
-			exit 1
+		gemato "${gemato_args[@]}" "${signature}" "${file}"
+		r=$?
+
+		if [[ ${r} -ne 0 ]]; then
+			# Exit early since it's typically inappropriate to
+			# try other mirrors in this case (it may indicate
+			# a keyring problem).
+			die "signature verification failed"
+		fi
+	fi
+
+	return "${r}"
+}
+
+check_file_signature_gpg_unwrapped() {
+	local signature="$1"
+	local file="$2"
+
+	if type -P gpg > /dev/null; then
+		if gnupg_status=$(gpg --homedir "${PORTAGE_GPG_DIR}" --batch \
+			--status-fd 1 --verify "${signature}" "${file}"); then
+			while read -r line; do
+				if [[ ${line} == "[GNUPG:] GOODSIG"* ]]; then
+					r=0
+					break
+				fi
+			done <<< "${gnupg_status}"
 		fi
+
+		if [[ ${r} -ne 0 ]]; then
+			# Exit early since it's typically inappropriate to
+			# try other mirrors in this case (it may indicate
+			# a keyring problem).
+			die "signature verification failed"
+		fi
+	else
+		die "cannot check signature: gpg binary not found"
+	fi
+}
+
+check_file_signature() {
+	local signature="$1"
+	local file="$2"
+	local r=1
+	local gnupg_status line
+
+	if [[ ${WEBRSYNC_VERIFY_SIGNATURE} != 0 ]]; then
+		[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "Checking signature ..."
+
+		case ${WEBRSYNC_VERIFY_SIGNATURE} in
+			1)
+				check_file_signature_gemato "${signature}" "${file}"
+				r=$?
+				;;
+			2)
+				check_file_signature_gpg_unwrapped "${signature}" "${file}"
+				r=$?
+				;;
+		esac
 	else
 		r=0
 	fi
@@ -254,7 +350,7 @@ get_snapshot_timestamp() {
 sync_local() {
 	local file="$1"
 
-	__vecho "Syncing local tree ..."
+	[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "Syncing local repository ..."
 
 	local ownership="portage:portage"
 	if has usersync ${FEATURES} ; then
@@ -275,36 +371,39 @@ sync_local() {
 		if ! tarsync $(vvecho -v) -s 1 ${chown_opts} \
 			-e /distfiles -e /packages -e /local "${file}" "${repo_location}"; then
 
-			eecho "tarsync failed; tarball is corrupt? (${file})"
+			eerror "tarsync failed; tarball is corrupt? (${file})"
 			return 1
 		fi
 	else
 		if ! do_tar "${file}" -x --strip-components=1 -f -; then
-			eecho "tar failed to extract the image. tarball is corrupt? (${file})"
+			eerror "tar failed to extract the image. tarball is corrupt? (${file})"
 			return 1
 		fi
 
 		# Free disk space
 		${keep} || rm -f "${file}"
 
-		local rsync_opts="${PORTAGE_RSYNC_OPTS} ${PORTAGE_RSYNC_EXTRA_OPTS}"
+		local rsync_opts="${PORTAGE_RSYNC_OPTS} ${PORTAGE_RSYNC_EXTRA_OPTS} $(nvecho -q)"
 		if chown ${ownership} . > /dev/null 2>&1; then
 			chown -R ${ownership} .
 			rsync_opts+=" --owner --group"
 		fi
 
 		chmod 755 .
-		rsync ${rsync_opts} . "${repo_location%%/}"
+		rsync ${rsync_opts} . "${repo_location%%/}" || {
+			eerror "rsync failed: $?"
+			die "Aborting because of rsync failure"
+		}
 
-		__vecho "Cleaning up ..."
+		[[ ${PORTAGE_QUIET} == 1 ]] || einfo "Cleaning up ..."
 	fi
 
 	if has metadata-transfer ${FEATURES} ; then
-		__vecho "Updating cache ..."
+		einfo "Updating cache ..."
 		emerge --metadata
 	fi
 
-	local post_sync=${PORTAGE_CONFIGROOT}etc/portage/bin/post_sync
+	local post_sync=${PORTAGE_CONFIGROOT%/}/etc/portage/bin/post_sync
 	[[ -x "${post_sync}" ]] && "${post_sync}"
 
 	# --quiet suppresses output if there are no relevant news items
@@ -327,20 +426,20 @@ do_snapshot() {
 
 	type -P xzcat > /dev/null && compressions="${compressions} ${repo_name}:xz portage:xz"
 	type -P bzcat > /dev/null && compressions="${compressions} ${repo_name}:bz2 portage:bz2"
-	type -P  zcat > /dev/null && compressions="${compressions} ${repo_name}:gz portage:gz"
-
+	type -P zcat > /dev/null && compressions="${compressions} ${repo_name}:gz portage:gz"
 	if [[ -z ${compressions} ]] ; then
-		eecho "unable to locate any decompressors (xzcat or bzcat or zcat)"
-		exit 1
+		die "unable to locate any decompressors (xzcat or bzcat or zcat)"
 	fi
 
 	for mirror in ${GENTOO_MIRRORS} ; do
 		mirror=${mirror%/}
-		__vecho "Trying to retrieve ${date} snapshot from ${mirror} ..."
+		[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "Trying to retrieve ${date} snapshot from ${mirror} ..."
 
 		for compression in ${compressions} ; do
 			local name=${compression%%:*}
+
 			compression=${compression#*:}
+
 			local file="${name}-${date}.tar.${compression}"
 			local digest="${file}.md5sum"
 			local signature="${file}.gpgsig"
@@ -353,10 +452,11 @@ do_snapshot() {
 
 			if [[ ${have_files} -eq 0 ]] ; then
 				fetch_file "${mirror}/snapshots/${digest}" "${digest}" && \
-				fetch_file "${mirror}/snapshots/${signature}" "${signature}" && \
-				fetch_file "${mirror}/snapshots/${file}" "${file}" && \
-				check_file_digest "${DISTDIR}/${digest}" "${DISTDIR}/${file}" && \
-				check_file_signature "${DISTDIR}/${signature}" "${DISTDIR}/${file}" && \
+					fetch_file "${mirror}/snapshots/${signature}" "${signature}" && \
+					fetch_file "${mirror}/snapshots/${file}" "${file}" && \
+					check_file_digest "${DISTDIR}/${digest}" "${DISTDIR}/${file}" && \
+					check_file_signature "${DISTDIR}/${signature}" "${DISTDIR}/${file}" && \
+
 				have_files=1
 			fi
 
@@ -366,25 +466,25 @@ do_snapshot() {
 			# from a different mirror
 			#
 			if [[ ${have_files} -eq 1 ]]; then
-				__vecho "Getting snapshot timestamp ..."
-				local snapshot_timestamp=$(get_snapshot_timestamp "${DISTDIR}/${file}")
+				[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "Getting snapshot timestamp ..."
+
+				local snapshot_timestamp
+				snapshot_timestamp=$(get_snapshot_timestamp "${DISTDIR}/${file}")
 
 				if [[ ${ignore_timestamp} == 0 ]]; then
-					if [[ ${snapshot_timestamp} -lt $(get_portage_timestamp) ]]; then
-						wecho "portage is newer than snapshot"
+					if [[ ${snapshot_timestamp} -lt $(get_repository_timestamp) ]]; then
+						ewarn "Repository (age) is newer than fetched snapshot"
 						have_files=0
 					fi
 				else
-					local utc_seconds=$(get_utc_second_from_string "${date}")
+					local utc_seconds
+					utc_seconds=$(get_utc_second_from_string "${date}")
 
-					#
-					# Check that this snapshot
-					# is what it claims to be ...
-					#
+					# Check that this snapshot is what the age it claims to be
 					if [[ ${snapshot_timestamp} -lt ${utc_seconds} || \
 						${snapshot_timestamp} -gt $((${utc_seconds}+ 2*86400)) ]]; then
 
-						wecho "snapshot timestamp is not in acceptable period"
+						ewarn "Snapshot timestamp is not within acceptable period!"
 						have_files=0
 					fi
 				fi
@@ -393,9 +493,7 @@ do_snapshot() {
 			if [[ ${have_files} -eq 1 ]]; then
 				break
 			else
-				#
 				# Remove files and use a different mirror
-				#
 				rm -f "${DISTDIR}/${file}" "${DISTDIR}/${digest}" "${DISTDIR}/${signature}"
 			fi
 		done
@@ -406,7 +504,7 @@ do_snapshot() {
 	if [[ ${have_files} -eq 1 ]]; then
 		sync_local "${DISTDIR}/${file}" && r=0
 	else
-		__vecho "${date} snapshot was not found"
+		ewarn "${date} snapshot was not found"
 	fi
 
 	${keep} || rm -f "${DISTDIR}/${file}" "${DISTDIR}/${digest}" "${DISTDIR}/${signature}"
@@ -417,7 +515,7 @@ do_latest_snapshot() {
 	local attempts=0
 	local r=1
 
-	__vecho "Fetching most recent snapshot ..."
+	[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "Fetching most recent snapshot ..."
 
 	# The snapshot for a given day is generated at 00:45 UTC on the following
 	# day, so the current day's snapshot (going by UTC time) hasn't been
@@ -428,12 +526,18 @@ do_latest_snapshot() {
 	# are considered to be approximately equal.
 	local min_time_diff=$(( 2 * 60 * 60 ))
 
-	local existing_timestamp=$(get_portage_timestamp)
+	local existing_timestamp
 	local timestamp_difference
 	local timestamp_problem
 	local approx_snapshot_time
-	local start_time=$(get_utc_date_in_seconds)
-	local start_hour=$(get_date_part ${start_time} "%H")
+	local start_time
+	local start_hour
+	local snapshot_date
+	local snapshot_date_seconds
+
+	existing_timestamp=$(get_repository_timestamp)
+	start_time=$(get_utc_date_in_seconds)
+	start_hour=$(get_date_part "${start_time}" "%H")
 
 	# Daily snapshots are created at 00:45 and are not
 	# available until after 01:00. Don't waste time trying
@@ -441,17 +545,19 @@ do_latest_snapshot() {
 	if [[ ${start_hour} -lt 1 ]] ; then
 		(( start_time -= 86400 ))
 	fi
-	local snapshot_date=$(get_date_part ${start_time} "%Y%m%d")
-	local snapshot_date_seconds=$(get_utc_second_from_string ${snapshot_date})
 
-	while (( ${attempts} <  40 )) ; do
+	snapshot_date=$(get_date_part "${start_time}" "%Y%m%d")
+	snapshot_date_seconds=$(get_utc_second_from_string "${snapshot_date}")
+
+	while (( ${attempts} < 40 )) ; do
 		(( attempts++ ))
 		(( snapshot_date_seconds -= 86400 ))
 		# snapshots are created at 00:45
 		(( approx_snapshot_time = snapshot_date_seconds + 86400 + 2700 ))
 		(( timestamp_difference = existing_timestamp - approx_snapshot_time ))
-		[ ${timestamp_difference} -lt 0 ] && (( timestamp_difference = -1 * timestamp_difference ))
-		snapshot_date=$(get_date_part ${snapshot_date_seconds} "%Y%m%d")
+
+		[[ ${timestamp_difference} -lt 0 ]] && (( timestamp_difference = -1 * timestamp_difference ))
+		snapshot_date=$(get_date_part "${snapshot_date_seconds}" "%Y%m%d")
 
 		timestamp_problem=""
 		if [[ ${timestamp_difference} -eq 0 ]]; then
@@ -497,9 +603,10 @@ usage() {
 
 	Options:
 	  --revert=yyyymmdd   Revert to snapshot
+	  --no-pgp-verify     Disable PGP verification of snapshot
 	  -k, --keep          Keep snapshots in DISTDIR (don't delete)
 	  -q, --quiet         Only output errors
-	  -v, --verbose       Enable verbose output
+	  -v, --verbose       Enable verbose output (no-op)
 	  -x, --debug         Enable debug output
 	  -h, --help          This help screen (duh!)
 	EOF
@@ -521,24 +628,25 @@ main() {
 			-h|--help)    usage ;;
 			-k|--keep)    keep=true ;;
 			-q|--quiet)   PORTAGE_QUIET=1 ;;
-			-v|--verbose) do_verbose=1 ;;
+			-v|--verbose) unset PORTAGE_QUIET ;;
 			-x|--debug)   do_debug=1 ;;
 			--revert=*)   revert_date=${v} ;;
+			--no-pgp-verify) no_pgp_verify=1 ;;
 			*)            usage "Invalid option '${arg}'" ;;
 		esac
 	done
 
+	handle_pgp_setup
+
 	[[ -d ${repo_location} ]] || mkdir -p "${repo_location}"
 	if [[ ! -w ${repo_location} ]] ; then
-		eecho "Repository '${repo_name}' is not writable: ${repo_location}"
-		exit 1
+		die "Repository '${repo_name}' is not writable: ${repo_location}"
 	fi
 
 	[[ -d ${PORTAGE_TMPDIR}/portage ]] || mkdir -p "${PORTAGE_TMPDIR}/portage"
 	TMPDIR=$(mktemp -d "${PORTAGE_TMPDIR}/portage/webrsync-XXXXXX")
 	if [[ ! -w ${TMPDIR} ]] ; then
-		eecho "TMPDIR is not writable: ${TMPDIR}"
-		exit 1
+		die "TMPDIR is not writable: ${TMPDIR}"
 	fi
 	trap 'cd / ; rm -rf "${TMPDIR}"' EXIT
 	cd "${TMPDIR}" || exit 1
@@ -547,21 +655,20 @@ main() {
 	[[ ! -d "${DISTDIR}" ]] && mkdir -p "${DISTDIR}"
 
 	if ${keep} && [[ ! -w ${DISTDIR} ]] ; then
-		eecho "DISTDIR is not writable: ${DISTDIR}"
-		exit 1
+		die "DISTDIR is not writable: ${DISTDIR}"
 	fi
 
 	# This is a sanity check to help prevent people like funtoo users
 	# from accidentally wiping out their git tree.
-	if [[ -n ${repo_sync_type} &&  ${repo_sync_type} != rsync && ${repo_sync_type} != webrsync ]] ; then
-		echo "The current sync-type attribute of repository 'gentoo' is not set to 'rsync' or 'webrsync':" >&2
-		echo >&2
-		echo "  sync-type=${repo_sync_type}" >&2
-		echo >&2
-		echo "If you intend to use emerge-webrsync then please" >&2
-		echo "adjust sync-type and sync-uri attributes to refer to rsync." >&2
-		echo "emerge-webrsync exiting due to abnormal sync-type setting." >&2
-		exit 1
+	if [[ -n ${repo_sync_type} && ${repo_sync_type} != rsync && ${repo_sync_type} != webrsync ]] ; then
+		eerror "The current sync-type attribute of repository 'gentoo' is not set to 'rsync' or 'webrsync':"
+		eerror
+		eerror "  sync-type=${repo_sync_type}"
+		eerror
+		eerror "If you intend to use emerge-webrsync then please"
+		eerror "adjust sync-type and sync-uri attributes to refer to rsync."
+		eerror "emerge-webrsync exiting due to abnormal sync-type setting."
+		die
 	fi
 
 	[[ ${do_debug} -eq 1 ]] && set -x

[gentoo-commits] proj/portage:master commit in: bin/, /

[Ulrich Müller]

commit:     bea9ef3e0947bfdaaba2c5e5d4abb72292ee048e
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  1 08:09:28 2023 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Tue Apr 18 11:17:50 2023 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=bea9ef3e

econf: Match configure --help output better

Check for proper end of string for all option names beginning with
"with", "disable" or "enable".

Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 NEWS                 |  5 +++++
 bin/phase-helpers.sh | 10 ++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 4a41fc0c6..e60262509 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,11 @@ Features:
   - -Wimplicit-int
   - -Wstring-compare
 
+Bug fixes:
+* econf now checks for proper end of string in "configure --help" output for
+  all options starting with "--with-", "--disable-" or "--enable-", in order
+  to pass them to configure. This follows a change in PMS (bug #815169).
+
 portage-3.0.46 (2023-04-07)
 ---------------
 

diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh
index a0fe599fd..cc3f85faa 100644
--- a/bin/phase-helpers.sh
+++ b/bin/phase-helpers.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 if ___eapi_has_DESTTREE_INSDESTTREE; then
@@ -643,13 +643,15 @@ econf() {
 			fi
 
 			if ___eapi_econf_passes_--disable-dependency-tracking; then
-				if [[ ${conf_help} == *--disable-dependency-tracking* ]]; then
+				if [[ ${conf_help} == \
+						*--disable-dependency-tracking[^A-Za-z0-9+_.-]* ]]; then
 					conf_args+=( --disable-dependency-tracking )
 				fi
 			fi
 
 			if ___eapi_econf_passes_--disable-silent-rules; then
-				if [[ ${conf_help} == *--disable-silent-rules* ]]; then
+				if [[ ${conf_help} == \
+						*--disable-silent-rules[^A-Za-z0-9+_.-]* ]]; then
 					conf_args+=( --disable-silent-rules )
 				fi
 			fi
@@ -672,7 +674,7 @@ econf() {
 			fi
 
 			if ___eapi_econf_passes_--with-sysroot; then
-				if [[ ${conf_help} == *--with-sysroot* ]]; then
+				if [[ ${conf_help} == *--with-sysroot[^A-Za-z0-9+_.-]* ]]; then
 					conf_args+=( --with-sysroot="${ESYSROOT:-/}" )
 				fi
 			fi

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     b5cd549e07f3d835cbe04e5b718cdd47d7ee69f5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 30 05:08:06 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon May  1 07:20:56 2023 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=b5cd549e

emerge-webrsync: tidy up 'webrsync-gpg' case

webrsync-gpg is actually two distinct cases:
1. A user has FEATURES="webrsync-gpg" in make.conf and is calling
   'emerge-webrsync'. This is deprecated.

2. A user has 'sync-type=webrsync', is using emaint/emerge to sync,
   and Portage is shelling out to emerge-webrsync. This is what
   users are encouraged to do, but it currently uses the legacy
   webrsync-gpg path.

For the benefit of case #2 and to clarify things, don't mention
FEATURES="webrsync-gpg" if the user hasn't set it - this is to avoid
users *starting to set it* because it sounds like something they may
want.

We also silence the (new) 'gpg legacy path' phrasing for now with
--quiet given this is expected with case #2.

Consolidate some logic while at it.

The next step is, of course, to shift everything to the gemato path.

Bug: https://bugs.gentoo.org/905358
Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS                |  5 +++++
 bin/emerge-webrsync | 26 +++++++++++++++-----------
 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/NEWS b/NEWS
index 8932289ba..f0b500471 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,11 @@ portage-3.0.48 (UNRELEASED)
 Bug fixes:
 * fowners, fperms: Fix handling of relative pathnames (bug #905223).
 
+* emerge-webrsync: Be less alarmist when a user is syncing with Portage
+  (not calling emerge-webrsync directly) with sync-type='webrsync'. We
+  were emitting a misleading warning about the validation method in use
+  which might in fact encourage people to use the older method.
+
 Cleanups:
 * Convert printf-style %-formats into fstrings.
 

diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index 8ef22cbe9..faf7bb752 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -109,21 +109,17 @@ do_debug=0
 keep=false
 
 handle_pgp_setup() {
-	has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+	# WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification
+	# WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg
+	# WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg"
+	WEBRSYNC_VERIFY_SIGNATURE=1
 
-	if [[ ${webrsync_gpg} -eq 1 ]]; then
-		ewarn "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
-	fi
+	has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
 
 	repo_has_webrsync_verify=$(
 		has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature	| LC_ALL=C tr '[:upper:]' '[:lower:]') true yes
 	)
 
-	# WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification
-	# WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg
-	# WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg"
-	WEBRSYNC_VERIFY_SIGNATURE=1
-
 	if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || [[ ${repo_has_webrsync_verify} -eq 1 ]]; then
 		# If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
 		# calls for backward compatibility (this triggers a deprecation warning
@@ -134,10 +130,18 @@ handle_pgp_setup() {
 		fi
 
 		WEBRSYNC_VERIFY_SIGNATURE=2
-	elif has webrsync-gpg ${FEATURES}; then
+	elif [[ ${webrsync_gpg} -eq 1 ]] then
+		# We only warn if FEATURES="webrsync-gpg" is in make.conf, not if
+		# Portage is calling us for 'type=webrsync' with verification.
+		# TODO: Change the Portage path to fully use gemato and unify the lot.
+		ewarn "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
 		WEBRSYNC_VERIFY_SIGNATURE=2
 	elif [[ -n ${no_pgp_verify} ]]; then
 		WEBRSYNC_VERIFY_SIGNATURE=0
+	else
+		# The default at the beginning of handle_pgp_setup is WEBRSYNC_VERIFY_SIGNATURE=1
+		# i.e. gemato.
+		:;
 	fi
 
 	case "${WEBRSYNC_VERIFY_SIGNATURE}" in
@@ -148,7 +152,7 @@ handle_pgp_setup() {
 			[[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "PGP verification method: gemato"
 			;;
 		2)
-			ewarn "PGP verification method: legacy FEATURES=webrsync-gpg"
+			[[ ${PORTAGE_QUIET} -eq 1 ]] || ewarn "PGP verification method: legacy gpg path"
 			;;
 		*)
 			die "Unknown WEBRSYNC_VERIFY_SIGNATURE state: \${WEBRSYNC_VERIFY_SIGNATURE}=${WEBRSYNC_VERIFY_SIGNATURE}"

[gentoo-commits] proj/portage:master commit in: bin/, /

[Ulrich Müller]

commit:     861141ff3335d8096a6bc869a59ebc346af65820
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 20:34:40 2023 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Sun May 14 05:01:55 2023 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=861141ff

deprecated-path: Drop unused script

Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 NEWS                |  2 ++
 bin/deprecated-path | 28 ----------------------------
 setup.py            |  4 +---
 3 files changed, 3 insertions(+), 31 deletions(-)

diff --git a/NEWS b/NEWS
index 564e00cfb..505fde7c6 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,8 @@ Cleanups:
 * Move the internal portageq wrapper script out of the ebuild-helpers
   directory.
 
+* Drop unused deprecated-path script.
+
 portage-3.0.47 (2023-04-30)
 --------------
 

diff --git a/bin/deprecated-path b/bin/deprecated-path
deleted file mode 100755
index dba39125f..000000000
--- a/bin/deprecated-path
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# Author:
-#
-
-source /lib/gentoo/functions.sh
-
-scriptpath=${BASH_SOURCE[0]}
-scriptname=${scriptpath##*/}
-
-IFS=':'
-
-for path in ${PATH}; do
-	[[ -x ${path}/${scriptname} ]] || continue
-	[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
-
-	unset IFS
-	eerror "Deprecation warning: Calling ${scriptname} from wrong path: '${scriptpath}'"
-	eerror "Correct path should be '${path}/${scriptname}', Please correct your scripts or file a bug with the maintainer..."
-	exec "${path}/${scriptname}" "$@"
-done
-
-unset IFS
-
-eerror "ERROR: portage file: deprecated-path: Failed to locate ${scriptname} in PATH"
-eerror "PATH: ${PATH}"
-exit 1

diff --git a/setup.py b/setup.py
index d4c572f3a..066365af0 100755
--- a/setup.py
+++ b/setup.py
@@ -731,8 +731,7 @@ def find_packages():
 def find_scripts():
     for dirpath, _dirnames, filenames in os.walk("bin"):
         for f in filenames:
-            if f not in ["deprecated-path"]:
-                yield os.path.join(dirpath, f)
+            yield os.path.join(dirpath, f)
 
 
 def get_manpages():
@@ -844,7 +843,6 @@ setup(
             ],
             ["$portage_setsdir", ["cnf/sets/portage.conf"]],
             ["$docdir", ["NEWS", "RELEASE-NOTES"]],
-            ["$portage_base/bin", ["bin/deprecated-path"]],
             ["$portage_confdir/repo.postsync.d", ["cnf/repo.postsync.d/example"]],
         ],
         [

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     12164035655e5cea4f83f9955bdb4db3369af7e3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jun  9 13:03:44 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jun  9 13:03:44 2023 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=12164035

emerge-webrsync: improve error message when key is missing

Bug: https://bugs.gentoo.org/905868
Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS                |  3 +++
 bin/emerge-webrsync | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/NEWS b/NEWS
index 09dd0675d..2c49b857e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 Bug fixes:
 * dosym: Prevent globbing of argument in dosym_canonicalize().
 
+* emerge-webrsync: Give a nicer error message if the requested key isn't
+  on the filesystem (bug #905868).
+
 portage-3.0.48.1 (2023-06-06)
 ----------------
 

diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index 956e00e1f..3835977fc 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -279,6 +279,11 @@ check_file_signature_gemato() {
 			local key="${EPREFIX:-/}"/usr/share/openpgp-keys/gentoo-release.asc
 		fi
 
+		if [[ ! -f "${key}" ]] ; then
+			eerror "${key} not available. Is sec-keys/openpgp-keys-gentoo-release installed?"
+			die "Needed keys unavailable! Install its package or set PORTAGE_GPG_KEY to the right path."
+		fi
+
 		local keyserver
 		if [[ -n ${PORTAGE_GPG_KEY_SERVER} ]] ; then
 			keyserver="--keyserver ${PORTAGE_GPG_KEY_SERVER}"
@@ -320,6 +325,11 @@ check_file_signature_gpg_unwrapped() {
 			local key="${EPREFIX:-/}"/usr/share/openpgp-keys/gentoo-release.asc
 		fi
 
+		if [[ ! -f "${key}" ]] ; then
+			eerror "${key} not available. Is sec-keys/openpgp-keys-gentoo-release installed?"
+			die "Needed keys unavailable! Install its package or set PORTAGE_GPG_KEY to the right path."
+		fi
+
 		local gpgdir="${PORTAGE_GPG_DIR}"
 		if [[ -z ${gpgdir} ]] ; then
 			gpgdir=$(mktemp -d "${PORTAGE_TMPDIR}/portage/webrsync-XXXXXX")

[gentoo-commits] proj/portage:master commit in: bin/, /

[Sam James]

commit:     d42384c6fd91056eab8f0450d210d9876d3efcc1
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 30 20:45:55 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug  2 06:31:20 2023 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=d42384c6

Make non-Python (s)bin scripts use other scripts from the same directory

This is particularly important when Portage is installed in a venv to
ensure that other scripts are launched using the same environment.

Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS                |  3 +++
 bin/emerge-webrsync | 20 ++++++++------------
 bin/etc-update      | 10 +++++++---
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/NEWS b/NEWS
index 1f34bdd90..0e3541af4 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,9 @@ Bug fixes:
 
 * gpkg: Fix timestamp for binary packages (bug #909067).
 
+* Ensure non-Python (s)bin scripts launch other Python-based Portage scripts
+  using the same environment.
+
 portage-3.0.49 (2023-06-21)
 --------------
 

diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index 3835977fc..7b3163b81 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -71,16 +71,12 @@ die() {
 
 argv0=$0
 
-# Use portageq from the same directory/prefix as the current script, so
-# that we don't have to rely on PATH including the current EPREFIX.
-scriptpath=${BASH_SOURCE[0]}
-if [[ -x "${scriptpath%/*}/portageq" ]]; then
-	portageq=${scriptpath%/*}/portageq
-elif type -P portageq > /dev/null ; then
-	portageq=portageq
-else
-	die "could not find 'portageq'; aborting"
-fi
+# Use emerge and portageq from the same directory/prefix as the current script,
+# so that we don't have to rely on PATH including the current EPREFIX.
+emerge=$(PATH="${BASH_SOURCE[0]%/*}:${PATH}" type -P emerge)
+[[ -n ${emerge} ]] || die "could not find 'emerge'; aborting"
+portageq=$(PATH="${BASH_SOURCE[0]%/*}:${PATH}" type -P portageq)
+[[ -n ${portageq} ]] || die "could not find 'portageq'; aborting"
 
 eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
 	FETCHCOMMAND GENTOO_MIRRORS \
@@ -461,14 +457,14 @@ sync_local() {
 
 	if has metadata-transfer ${FEATURES} ; then
 		einfo "Updating cache ..."
-		emerge --metadata
+		"${emerge}" --metadata
 	fi
 
 	local post_sync=${PORTAGE_CONFIGROOT%/}/etc/portage/bin/post_sync
 	[[ -x "${post_sync}" ]] && "${post_sync}"
 
 	# --quiet suppresses output if there are no relevant news items
-	has news ${FEATURES} && emerge --check-news --quiet
+	has news ${FEATURES} && "${emerge}" --check-news --quiet
 	return 0
 }
 

diff --git a/bin/etc-update b/bin/etc-update
index 14bd80b84..97c163420 100755
--- a/bin/etc-update
+++ b/bin/etc-update
@@ -10,6 +10,8 @@
 # Leo Lipelis <aeoo@gentoo.org>
 # Karl Trygve Kalleberg <karltk@gentoo.org>
 
+cd "${BASH_SOURCE[0]%/*}"
+BINDIR=${PWD}
 cd /
 
 type -P gsed >/dev/null && sed() { gsed "$@"; }
@@ -767,7 +769,7 @@ while [[ -n $1 ]] ; do
 		-p|--preen)   PREEN=true;;
 		-q|--quiet)   QUIET=true;;
 		-v|--verbose) VERBOSE=true;;
-		-V|--version) emerge --version; exit 0;;
+		-V|--version) "$(PATH="${BINDIR}:${PATH}" type -P emerge)" --version; exit 0;;
 		--automode)   parse_automode_flag $2 && shift || usage 1 "Invalid mode '$2'";;
 		-*)           usage 1 "Invalid option '$1'";;
 		*)            break;;
@@ -801,8 +803,10 @@ portage_vars=(
 	NO_COLOR
 )
 
-if type -P portageq > /dev/null; then
-	eval $(${PORTAGE_PYTHON:+"${PORTAGE_PYTHON}"} "$(type -P portageq)" envvar -v "${portage_vars[@]}")
+portageq=$(PATH="${BINDIR}:${PATH}" type -P portageq)
+
+if [[ -n ${portageq} ]]; then
+	eval $(${PORTAGE_PYTHON:+"${PORTAGE_PYTHON}"} "${portageq}" envvar -v "${portage_vars[@]}")
 else
 	[[ ${OS_FAMILY} == 'gentoo' ]] && die "missing portageq"
 fi

[gentoo-commits] proj/portage:master commit in: bin/, /

[Zac Medico]

commit:     6648a0d37131534767f15542f1d2efc3d7201f55
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  4 20:50:54 2024 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Mon Nov  4 20:50:54 2024 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=6648a0d3

install_qa_check: Fix noclean interaction with merge-wait

Fixes: 8ac72ee300c1 ("install_qa_check: prematurely delete WORKDIR if FEATURES=merge-wait")
Bug: https://bugs.gentoo.org/942760
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>

 NEWS                  | 2 ++
 bin/misc-functions.sh | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 8847f02098..ac0741d953 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,8 @@ Bug fixes:
 
 * gpkg: do not consider symlinks targets for size estimation (bug #942512).
 
+* install_qa_check: Fix noclean interaction with merge-wait (bug #942760).
+
 portage-3.0.66.1 (2024-09-18)
 --------------
 

diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh
index e7ca2a8a92..386e50cc8d 100755
--- a/bin/misc-functions.sh
+++ b/bin/misc-functions.sh
@@ -259,7 +259,9 @@ install_qa_check() {
 	# Prematurely delete WORKDIR in case merge-wait is enabled to
 	# decrease the space used by portage build directories until the
 	# packages are merged and cleaned.
-	if has merge-wait ${FEATURES} && ! has keepwork ${FEATURES}; then
+	if has merge-wait ${FEATURES} &&
+		! has keepwork ${FEATURES} &&
+		! has noclean ${FEATURES} ; then
 		rm -rf "${WORKDIR}"
 	fi
 }