From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-portage-dev@lists.gentoo.org
Cc: "Michał Górny" <mgorny@gentoo.org>
Subject: [gentoo-portage-dev] [PATCH v2 5/9] rsync: Load and update keys early
Date: Fri, 2 Feb 2018 21:42:19 +0100 [thread overview]
Message-ID: <20180202204223.9003-5-mgorny@gentoo.org> (raw)
In-Reply-To: <20180202204223.9003-1-mgorny@gentoo.org>
Load and update keys early to avoid delaying failures post rsync. Any
failure will prevent verification from happening, and presumably most of
the users will prefer fixing it and trying to sync again. For that case,
it is better to perform the task before actual rsync to avoid
unnecessarily rsyncing twice.
---
pym/portage/sync/modules/rsync/rsync.py | 103 ++++++++++++++++++--------------
1 file changed, 57 insertions(+), 46 deletions(-)
diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py
index 5c0b53f9e..dc4674548 100644
--- a/pym/portage/sync/modules/rsync/rsync.py
+++ b/pym/portage/sync/modules/rsync/rsync.py
@@ -110,7 +110,33 @@ class RsyncSync(NewBase):
level=logging.WARNING, noiselevel=-1)
self.verify_jobs = None
+ openpgp_env = None
+ if self.verify_metamanifest and gemato is not None:
+ # Use isolated environment if key is specified,
+ # system environment otherwise
+ if self.repo.sync_openpgp_key_path is not None:
+ openpgp_env = gemato.openpgp.OpenPGPEnvironment()
+ else:
+ openpgp_env = gemato.openpgp.OpenPGPSystemEnvironment()
+
try:
+ # Load and update the keyring early. If it fails, then verification
+ # will not be performed and the user will have to fix it and try again,
+ # so we may as well bail out before actual rsync happens.
+ if openpgp_env is not None and self.repo.sync_openpgp_key_path is not None:
+ try:
+ out.einfo('Using keys from %s' % (self.repo.sync_openpgp_key_path,))
+ with io.open(self.repo.sync_openpgp_key_path, 'rb') as f:
+ openpgp_env.import_key(f)
+ out.ebegin('Refreshing keys from keyserver')
+ openpgp_env.refresh_keys()
+ out.eend(0)
+ except GematoException as e:
+ writemsg_level("!!! Manifest verification impossible due to keyring problem:\n%s\n"
+ % (e,),
+ level=logging.ERROR, noiselevel=-1)
+ return (1, False)
+
# Real local timestamp file.
self.servertimestampfile = os.path.join(
self.repo.location, "metadata", "timestamp.chk")
@@ -299,52 +325,36 @@ class RsyncSync(NewBase):
level=logging.ERROR, noiselevel=-1)
exitcode = 127
else:
- # Use isolated environment if key is specified,
- # system environment otherwise
- if self.repo.sync_openpgp_key_path is not None:
- openpgp_env_cls = gemato.openpgp.OpenPGPEnvironment
- else:
- openpgp_env_cls = gemato.openpgp.OpenPGPSystemEnvironment
-
try:
- with openpgp_env_cls() as openpgp_env:
- if self.repo.sync_openpgp_key_path is not None:
- out.einfo('Using keys from %s' % (self.repo.sync_openpgp_key_path,))
- with io.open(self.repo.sync_openpgp_key_path, 'rb') as f:
- openpgp_env.import_key(f)
- out.ebegin('Refreshing keys from keyserver')
- openpgp_env.refresh_keys()
- out.eend(0)
-
- # we always verify the Manifest signature, in case
- # we had to deal with key revocation case
- m = gemato.recursiveloader.ManifestRecursiveLoader(
- os.path.join(self.repo.location, 'Manifest'),
- verify_openpgp=True,
- openpgp_env=openpgp_env,
- max_jobs=self.verify_jobs)
- if not m.openpgp_signed:
- raise RuntimeError('OpenPGP signature not found on Manifest')
-
- ts = m.find_timestamp()
- if ts is None:
- raise RuntimeError('Timestamp not found in Manifest')
-
- out.einfo('Manifest timestamp: %s UTC' % (ts.ts,))
- out.einfo('Valid OpenPGP signature found:')
- out.einfo('- primary key: %s' % (
- m.openpgp_signature.primary_key_fingerprint))
- out.einfo('- subkey: %s' % (
- m.openpgp_signature.fingerprint))
- out.einfo('- timestamp: %s UTC' % (
- m.openpgp_signature.timestamp))
-
- # if nothing has changed, skip the actual Manifest
- # verification
- if not local_state_unchanged:
- out.ebegin('Verifying %s' % (self.repo.location,))
- m.assert_directory_verifies()
- out.eend(0)
+ # we always verify the Manifest signature, in case
+ # we had to deal with key revocation case
+ m = gemato.recursiveloader.ManifestRecursiveLoader(
+ os.path.join(self.repo.location, 'Manifest'),
+ verify_openpgp=True,
+ openpgp_env=openpgp_env,
+ max_jobs=self.verify_jobs)
+ if not m.openpgp_signed:
+ raise RuntimeError('OpenPGP signature not found on Manifest')
+
+ ts = m.find_timestamp()
+ if ts is None:
+ raise RuntimeError('Timestamp not found in Manifest')
+
+ out.einfo('Manifest timestamp: %s UTC' % (ts.ts,))
+ out.einfo('Valid OpenPGP signature found:')
+ out.einfo('- primary key: %s' % (
+ m.openpgp_signature.primary_key_fingerprint))
+ out.einfo('- subkey: %s' % (
+ m.openpgp_signature.fingerprint))
+ out.einfo('- timestamp: %s UTC' % (
+ m.openpgp_signature.timestamp))
+
+ # if nothing has changed, skip the actual Manifest
+ # verification
+ if not local_state_unchanged:
+ out.ebegin('Verifying %s' % (self.repo.location,))
+ m.assert_directory_verifies()
+ out.eend(0)
except GematoException as e:
writemsg_level("!!! Manifest verification failed:\n%s\n"
% (e,),
@@ -353,7 +363,8 @@ class RsyncSync(NewBase):
return (exitcode, updatecache_flg)
finally:
- pass
+ if openpgp_env is not None:
+ openpgp_env.close()
def _process_exitcode(self, exitcode, syncuri, out, maxretries):
--
2.16.1
next prev parent reply other threads:[~2018-02-02 20:42 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-02 20:42 [gentoo-portage-dev] [PATCH v2 1/9] rsync: Verify the value of sync-rsync-verify-jobs Michał Górny
2018-02-02 20:42 ` [gentoo-portage-dev] [PATCH v2 2/9] rsync: Use gemato routines directly instead of calling the CLI tool Michał Górny
2018-02-02 20:42 ` [gentoo-portage-dev] [PATCH v2 3/9] rsync: Verify the Manifest signature even if tree is unchanged Michał Górny
2018-02-02 20:42 ` [gentoo-portage-dev] [PATCH v2 4/9] rsync: Pre-indent the try-finally block for gemato key scope Michał Górny
2018-02-02 20:42 ` Michał Górny [this message]
2018-02-02 20:42 ` [gentoo-portage-dev] [PATCH v2 6/9] rsync: Issue an explicit warning if Manifest timestamp is >24hr old Michał Górny
2018-02-04 13:48 ` M. J. Everitt
2018-02-05 18:44 ` Michał Górny
2018-02-02 20:42 ` [gentoo-portage-dev] [PATCH v2 7/9] git: Support verifying commit signature post-sync Michał Górny
2018-02-02 20:42 ` [gentoo-portage-dev] [PATCH v2 8/9] git: Support running the verification against sync-openpgp-key-path Michał Górny
2018-02-02 20:42 ` [gentoo-portage-dev] [PATCH v2 9/9] max-age fixup Michał Górny
2018-02-04 13:43 ` Michał Górny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180202204223.9003-5-mgorny@gentoo.org \
--to=mgorny@gentoo.org \
--cc=gentoo-portage-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox