From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8FD54158013 for ; Thu, 14 Dec 2023 04:31:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D2FD02BC029; Thu, 14 Dec 2023 04:31:00 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 69E5D2BC029 for ; Thu, 14 Dec 2023 04:31:00 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8C848335D1C for ; Thu, 14 Dec 2023 04:30:59 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D14D4ACA for ; Thu, 14 Dec 2023 04:30:57 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1702528253.1339a02103f57c456851d69d427bc130bcb671bc.sam@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: lib/portage/sync/modules/git/ X-VCS-Repository: proj/portage X-VCS-Files: lib/portage/sync/modules/git/git.py X-VCS-Directories: lib/portage/sync/modules/git/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 1339a02103f57c456851d69d427bc130bcb671bc X-VCS-Branch: master Date: Thu, 14 Dec 2023 04:30:57 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 275209fb-8850-47ad-bc83-9f3e4e4c4c7e X-Archives-Hash: 4517ebed90843de469ff77d76618a8ba commit: 1339a02103f57c456851d69d427bc130bcb671bc Author: Florian Schmaus gentoo org> AuthorDate: Mon Dec 11 09:07:45 2023 +0000 Commit: Sam James gentoo org> CommitDate: Thu Dec 14 04:30:53 2023 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=1339a021 sync: git: include signing key and git revision in log output Include the signing key and the git revision on verficiation if verbose output is requested or on verification error. Before * Trusted signature found on top commit After: * Trusted signature found on top commit (git revision: refs/remotes/origin/master, signing key: F748E9B3C47E393CC24C8FAF7C2AC09CD98F2EDF) Signed-off-by: Florian Schmaus gentoo.org> Closes: https://github.com/gentoo/portage/pull/1206 Signed-off-by: Sam James gentoo.org> lib/portage/sync/modules/git/git.py | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/lib/portage/sync/modules/git/git.py b/lib/portage/sync/modules/git/git.py index 44d739ce6b..8fdbf97de0 100644 --- a/lib/portage/sync/modules/git/git.py +++ b/lib/portage/sync/modules/git/git.py @@ -500,6 +500,7 @@ class GitSync(NewBase): opts = self.options.get("emerge_config").opts debug = "--debug" in opts quiet = self.settings.get("PORTAGE_QUIET") == "1" + verbose = "--verbose" in opts openpgp_env = self._get_openpgp_env(self.repo.sync_openpgp_key_path, debug) @@ -534,35 +535,48 @@ class GitSync(NewBase): "log.showsignature=0", "log", "-n1", - "--pretty=format:%G?", + "--pretty=format:%G?%n%GF", revision, ] try: - status = portage._unicode_decode( + lines = portage._unicode_decode( subprocess.check_output( rev_cmd, cwd=portage._unicode_encode(self.repo.location), env=env, ) - ).strip() + ).splitlines() except subprocess.CalledProcessError: return False + status = lines[0].strip() + if len(lines) > 1: + signing_key = lines[1].strip() + if status == "G": # good signature is good if not quiet: - out.einfo("Trusted signature found on top commit") + message = "Trusted signature found on top commit" + if verbose: + message += ( + f" (git revision: {revision}, signing key: {signing_key})" + ) + out.einfo(message) return True if status == "U": # untrusted - out.ewarn("Top commit signature is valid but not trusted") + out.ewarn( + f"Top commit signature is valid but not trusted (git revision: {revision}, signing key: {signing_key})" + ) return True if status == "B": - expl = "bad signature" + expl = ( + f"bad signature using key {signing_key} on git revision {revision}" + ) elif status == "X": - expl = "expired signature" + expl = f"expired signature using key {signing_key} on git revision {revision}" elif status == "Y": - expl = "expired key" + expl = f"expired key using key {signing_key} on git revision {revision}" elif status == "R": - expl = "revoked key" + expl = f"revoked key using key {signing_key} on git revision {revision}" elif status == "E": expl = "unable to verify signature (missing key?)" elif status == "N":