* [gentoo-commits] portage r11700 - in main/branches/prefix: bin man pym/portage pym/portage/dbapi
@ 2008-10-18 19:55 Fabian Groffen (grobian)
0 siblings, 0 replies; only message in thread
From: Fabian Groffen (grobian) @ 2008-10-18 19:55 UTC (permalink / raw
To: gentoo-commits
Author: grobian
Date: 2008-10-18 19:55:47 +0000 (Sat, 18 Oct 2008)
New Revision: 11700
Removed:
main/branches/prefix/bin/portage_gpg_update.sh
main/branches/prefix/pym/portage/gpg.py
Modified:
main/branches/prefix/man/make.conf.5
main/branches/prefix/pym/portage/__init__.py
main/branches/prefix/pym/portage/dbapi/porttree.py
Log:
Merged from trunk -r11694:11699
| 11695 | Bug #242304 - When a zero-byte distfile is detected inside |
| zmedico | fetch(), discard the digests and attempt to fetch the file |
| | if possible. This code is triggered via digestgen() when |
| | appropriate, so it fixes all digestgen() callers, including |
| | repoman. |
| 11696 | In fetch(), don't spawn pkg_nofetch unless PORTAGE_BUILDDIR |
| zmedico | exists since it will die anyway due to the code for bug |
| | #239560 that's in ebuild.sh. |
| 11697 | In fetch(), make sure all references to digests for |
| zmedico | zero-byte distfile are always discarded. |
| 11698 | Remove support for FEATURES=gpg since it's already disabled |
| zmedico | and broken anyway. Thanks to DJ Anderson for the suggestion. |
| 11699 | Remove the unused portage.gpg module and |
| zmedico | portage_gpg_update.sh script. |
Deleted: main/branches/prefix/bin/portage_gpg_update.sh
===================================================================
--- main/branches/prefix/bin/portage_gpg_update.sh 2008-10-17 19:56:43 UTC (rev 11699)
+++ main/branches/prefix/bin/portage_gpg_update.sh 2008-10-18 19:55:47 UTC (rev 11700)
@@ -1,6 +0,0 @@
-#!@PORTAGE_BASH@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-wget -O - http://www.gentoo.org/proj/en/devrel/roll-call/userinfo.xml | sed 's:.*\(0x[0-9a-fA-F]\+\)[^0-9a-fA-F].*:\1:gp;d' | xargs gpg -vvv --no-default-keyring --no-permission-warning --homedir "${EPREFIX}"/usr/portage/metadata --keyring "gentoo.gpg" --keyserver subkeys.pgp.net --recv-keys &> gpg.log
Modified: main/branches/prefix/man/make.conf.5
===================================================================
--- main/branches/prefix/man/make.conf.5 2008-10-17 19:56:43 UTC (rev 11699)
+++ main/branches/prefix/man/make.conf.5 2008-10-18 19:55:47 UTC (rev 11700)
@@ -204,9 +204,6 @@
Force emerges to always try to fetch files from the \fIPORTAGE_BINHOST\fR. See
\fBmake.conf\fR(5) for more information.
.TP
-.B gpg
-Check the signatures of Manifests and make sure they are correct.
-.TP
.B installsources
Install source code into /usr/src/debug/${CATEGORY}/${PF} (also see
\fBsplitdebug\fR). This feature works only if debugedit is installed and CFLAGS
Modified: main/branches/prefix/pym/portage/__init__.py
===================================================================
--- main/branches/prefix/pym/portage/__init__.py 2008-10-17 19:56:43 UTC (rev 11699)
+++ main/branches/prefix/pym/portage/__init__.py 2008-10-18 19:55:47 UTC (rev 11700)
@@ -108,7 +108,6 @@
pickle_read, pickle_write, stack_dictlist, stack_dicts, stack_lists, \
unique_array, varexpand, writedict, writemsg, writemsg_stdout, write_atomic
import portage.exception
- import portage.gpg
import portage.locks
import portage.process
from portage.process import atexit_register, run_exitfuncs
@@ -1654,13 +1653,6 @@
# repoman will accept any license
self._accept_license = set(["*"])
- if "gpg" in self.features:
- if not os.path.exists(self["PORTAGE_GPG_DIR"]) or \
- not os.path.isdir(self["PORTAGE_GPG_DIR"]):
- writemsg(colorize("BAD", "PORTAGE_GPG_DIR is invalid." + \
- " Removing gpg from FEATURES.\n"), noiselevel=-1)
- self.features.remove("gpg")
-
if not portage.process.sandbox_capable and \
("sandbox" in self.features or "usersandbox" in self.features):
if self.profile_path is not None and \
@@ -1677,9 +1669,6 @@
self.features.remove("usersandbox")
self.features.sort()
- if "gpg" in self.features:
- writemsg(colorize("WARN", "!!! FEATURES=gpg is unmaintained, incomplete and broken. Disabling it."), noiselevel=-1)
- self.features.remove("gpg")
self["FEATURES"] = " ".join(self.features)
self.backup_changes("FEATURES")
@@ -3339,6 +3328,9 @@
if size is not None:
eout.ebegin("%s %s ;-)" % (os.path.basename(filename), "size"))
eout.eend(0)
+ elif st.st_size == 0:
+ # Zero-byte distfiles are always invalid.
+ return (False, st)
else:
if _check_digests(filename, digests, show_errors=show_errors):
eout.ebegin("%s %s ;-)" % (os.path.basename(filename),
@@ -3656,6 +3648,11 @@
orig_digests = mydigests.get(myfile, {})
size = orig_digests.get("size")
+ if size == 0:
+ # Zero-byte distfiles are always invalid, so discard their digests.
+ del mydigests[myfile]
+ orig_digests.clear()
+ size = None
pruned_digests = orig_digests
if parallel_fetchonly:
pruned_digests = {}
@@ -3670,7 +3667,7 @@
else:
# check if there is enough space in DISTDIR to completely store myfile
# overestimate the filesize so we aren't bitten by FS overhead
- if hasattr(os, "statvfs"):
+ if size is not None and hasattr(os, "statvfs"):
vfs_stat = os.statvfs(mysettings["DISTDIR"])
try:
mysize = os.stat(myfile_path).st_size
@@ -3679,8 +3676,7 @@
raise
del e
mysize = 0
- if myfile in mydigests \
- and (mydigests[myfile]["size"] - mysize + vfs_stat.f_bsize) >= \
+ if (size - mysize + vfs_stat.f_bsize) >= \
(vfs_stat.f_bsize * vfs_stat.f_bavail):
writemsg("!!! Insufficient space to store %s in %s\n" % (myfile, mysettings["DISTDIR"]), noiselevel=-1)
has_space = False
@@ -4092,7 +4088,9 @@
(mysettings["CATEGORY"], mysettings["PF"])
portage.util.writemsg_level(msg,
level=logging.ERROR, noiselevel=-1)
- if not parallel_fetchonly:
+ have_builddir = "PORTAGE_BUILDDIR" in mysettings and \
+ os.path.isdir(mysettings["PORTAGE_BUILDDIR"])
+ if not parallel_fetchonly and have_builddir:
# To spawn pkg_nofetch requires PORTAGE_BUILDDIR for
# ensuring sane $PWD (bug #239560) and storing elog
# messages. Therefore, calling code needs to ensure that
Modified: main/branches/prefix/pym/portage/dbapi/porttree.py
===================================================================
--- main/branches/prefix/pym/portage/dbapi/porttree.py 2008-10-17 19:56:43 UTC (rev 11699)
+++ main/branches/prefix/pym/portage/dbapi/porttree.py 2008-10-18 19:55:47 UTC (rev 11700)
@@ -11,13 +11,12 @@
from portage.dbapi import dbapi
from portage.dep import use_reduce, paren_reduce, dep_getkey, match_from_list
from portage.exception import PortageException, \
- UntrustedSignature, SecurityViolation, InvalidSignature, MissingSignature, \
FileNotFound, InvalidDependString, InvalidPackageName
from portage.manifest import Manifest
from portage.util import ensure_dirs, writemsg
from portage.versions import pkgsplit, catpkgsplit, best, ver_regexp
-import portage.gpg, portage.checksum
+import portage.checksum
from portage import eclass_cache, auxdbkeys, doebuild, flatten, \
listdir, dep_expand, eapi_is_supported, key_expand, dep_check, \
@@ -102,22 +101,6 @@
# instance that is passed in.
self.doebuild_settings = config(clone=self.mysettings)
- self.manifestVerifyLevel = None
- self.manifestVerifier = None
- self.manifestCache = {} # {location: [stat, md5]}
- self.manifestMissingCache = []
-
- if "gpg" in self.mysettings.features:
- self.manifestVerifyLevel = portage.gpg.EXISTS
- if "strict" in self.mysettings.features:
- self.manifestVerifyLevel = portage.gpg.MARGINAL
- self.manifestVerifier = portage.gpg.FileChecker(self.mysettings["PORTAGE_GPG_DIR"], "gentoo.gpg", minimumTrust=self.manifestVerifyLevel)
- elif "severe" in self.mysettings.features:
- self.manifestVerifyLevel = portage.gpg.TRUSTED
- self.manifestVerifier = portage.gpg.FileChecker(self.mysettings["PORTAGE_GPG_DIR"], "gentoo.gpg", requireSignedRing=True, minimumTrust=self.manifestVerifyLevel)
- else:
- self.manifestVerifier = portage.gpg.FileChecker(self.mysettings["PORTAGE_GPG_DIR"], "gentoo.gpg", minimumTrust=self.manifestVerifyLevel)
-
#self.root=settings["PORTDIR"]
self.porttree_root = porttree_root
if porttree_root:
@@ -411,47 +394,6 @@
writemsg("!!! %s\n" % myebuild, noiselevel=1)
raise KeyError(mycpv)
- myManifestPath = "/".join(myebuild.split("/")[:-1])+"/Manifest"
- if "gpg" in self.mysettings.features:
- try:
- mys = portage.gpg.fileStats(myManifestPath)
- if (myManifestPath in self.manifestCache) and \
- (self.manifestCache[myManifestPath] == mys):
- pass
- elif self.manifestVerifier:
- if not self.manifestVerifier.verify(myManifestPath):
- # Verification failed the desired level.
- raise UntrustedSignature(
- "Untrusted Manifest: %(manifest)s" % \
- {"manifest" : myManifestPath})
-
- if ("severe" in self.mysettings.features) and \
- (mys != portage.gpg.fileStats(myManifestPath)):
- raise SecurityViolation(
- "Manifest changed: %(manifest)s" % \
- {"manifest":myManifestPath})
-
- except InvalidSignature, e:
- if ("strict" in self.mysettings.features) or \
- ("severe" in self.mysettings.features):
- raise
- writemsg("!!! INVALID MANIFEST SIGNATURE DETECTED: %(manifest)s\n" % {"manifest":myManifestPath})
- except MissingSignature, e:
- if ("severe" in self.mysettings.features):
- raise
- if ("strict" in self.mysettings.features):
- if myManifestPath not in self.manifestMissingCache:
- writemsg("!!! WARNING: Missing signature in: %(manifest)s\n" % {"manifest":myManifestPath})
- self.manifestMissingCache.insert(0,myManifestPath)
- except (OSError, FileNotFound), e:
- if ("strict" in self.mysettings.features) or \
- ("severe" in self.mysettings.features):
- raise SecurityViolation(
- "Error in verification of signatures: " + \
- "%(errormsg)s" % {"errormsg" : str(e)})
- writemsg("!!! Manifest is missing or inaccessable: %(manifest)s\n" % {"manifest":myManifestPath},
- noiselevel=-1)
-
mydata, st, emtime = self._pull_valid_cache(mycpv, myebuild, mylocation)
doregen = mydata is None
Deleted: main/branches/prefix/pym/portage/gpg.py
===================================================================
--- main/branches/prefix/pym/portage/gpg.py 2008-10-17 19:56:43 UTC (rev 11699)
+++ main/branches/prefix/pym/portage/gpg.py 2008-10-18 19:55:47 UTC (rev 11700)
@@ -1,157 +0,0 @@
-# gpg.py -- core Portage functionality
-# Copyright 2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-
-import os
-import copy
-import types
-import commands
-import portage.exception
-import portage.checksum
-from portage.exception import CommandNotFound, \
- DirectoryNotFound, FileNotFound, \
- InvalidData, InvalidDataType, InvalidSignature, MissingParameter, \
- MissingSignature, PortageException, SecurityViolation
-
-GPG_BINARY = "/usr/bin/gpg"
-GPG_OPTIONS = " --lock-never --no-random-seed-file --no-greeting --no-sig-cache "
-GPG_VERIFY_FLAGS = " --verify "
-GPG_KEYDIR = " --homedir '%s' "
-GPG_KEYRING = " --keyring '%s' "
-
-UNTRUSTED = 0
-EXISTS = UNTRUSTED + 1
-MARGINAL = EXISTS + 1
-TRUSTED = MARGINAL + 1
-
-def fileStats(filepath):
- mya = []
- for x in os.stat(filepath):
- mya.append(x)
- mya.append(portage.checksum.perform_checksum(filepath))
- return mya
-
-
-class FileChecker(object):
- def __init__(self,keydir=None,keyring=None,requireSignedRing=False,minimumTrust=EXISTS):
- self.minimumTrust = TRUSTED # Default we require trust. For rings.
- self.keydir = None
- self.keyring = None
- self.keyringPath = None
- self.keyringStats = None
- self.keyringIsTrusted = False
-
- if (keydir != None):
- # Verify that the keydir is valid.
- if type(keydir) != types.StringType:
- raise InvalidDataType(
- "keydir argument: %s" % keydir)
- if not os.path.isdir(keydir):
- raise DirectoryNotFound("keydir: %s" % keydir)
- self.keydir = copy.deepcopy(keydir)
-
- if (keyring != None):
- # Verify that the keyring is a valid filename and exists.
- if type(keyring) != types.StringType:
- raise InvalidDataType("keyring argument: %s" % keyring)
- if keyring.find("/") != -1:
- raise InvalidData("keyring: %s" % keyring)
- pathname = ""
- if keydir:
- pathname = keydir + "/" + keyring
- if not os.path.isfile(pathname):
- raise FileNotFound(
- "keyring missing: %s (dev.gentoo.org/~carpaski/gpg/)" % \
- pathname)
-
- keyringPath = keydir+"/"+keyring
-
- if not keyring or not keyringPath and requireSignedRing:
- raise MissingParameter((keyring, keyringPath))
-
- self.keyringStats = fileStats(keyringPath)
- self.minimumTrust = TRUSTED
- if not self.verify(keyringPath, keyringPath+".asc"):
- self.keyringIsTrusted = False
- if requireSignedRing:
- raise InvalidSignature(
- "Required keyring verification: " + keyringPath)
- else:
- self.keyringIsTrusted = True
-
- self.keyring = copy.deepcopy(keyring)
- self.keyringPath = self.keydir+"/"+self.keyring
- self.minimumTrust = minimumTrust
-
- def _verifyKeyring(self):
- if self.keyringStats and self.keyringPath:
- new_stats = fileStats(self.keyringPath)
- if new_stats != self.keyringStats:
- raise SecurityViolation("GPG keyring changed!")
-
- def verify(self, filename, sigfile=None):
- """Uses minimumTrust to determine if it is Valid/True or Invalid/False"""
- self._verifyKeyring()
-
- if not os.path.isfile(filename):
- raise FileNotFound, filename
-
- if sigfile and not os.path.isfile(sigfile):
- raise FileNotFound, sigfile
-
- if self.keydir and not os.path.isdir(self.keydir):
- raise DirectoryNotFound, filename
-
- if self.keyringPath:
- if not os.path.isfile(self.keyringPath):
- raise FileNotFound, self.keyringPath
-
- if not os.path.isfile(filename):
- raise CommandNotFound(filename)
-
- command = GPG_BINARY + GPG_VERIFY_FLAGS + GPG_OPTIONS
- if self.keydir:
- command += GPG_KEYDIR % (self.keydir)
- if self.keyring:
- command += GPG_KEYRING % (self.keyring)
-
- if sigfile:
- command += " '"+sigfile+"'"
- command += " '"+filename+"'"
-
- result,output = commands.getstatusoutput(command)
-
- signal = result & 0xff
- result = (result >> 8)
-
- if signal:
- raise PortageException("Signal: %d" % (signal))
-
- trustLevel = UNTRUSTED
- if result == 0:
- trustLevel = TRUSTED
- #if portage.output.find("WARNING") != -1:
- # trustLevel = MARGINAL
- if portage.output.find("BAD") != -1:
- raise InvalidSignature(filename)
- elif result == 1:
- trustLevel = EXISTS
- if portage.output.find("BAD") != -1:
- raise InvalidSignature(filename)
- elif result == 2:
- trustLevel = UNTRUSTED
- if portage.output.find("could not be verified") != -1:
- raise MissingSignature(filename)
- if portage.output.find("public key not found") != -1:
- if self.keyringIsTrusted: # We trust the ring, but not the key specifically.
- trustLevel = MARGINAL
- else:
- raise InvalidSignature(filename+"(Unknown Signature)")
- else:
- raise PortageException("GPG returned unknown result: %d" % (result))
-
- if trustLevel >= self.minimumTrust:
- return True
- return False
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-10-18 19:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-18 19:55 [gentoo-commits] portage r11700 - in main/branches/prefix: bin man pym/portage pym/portage/dbapi Fabian Groffen (grobian)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox