* [gentoo-portage-dev] [PATCH] repos.conf: default sync-webrsync-verify-signature
@ 2019-07-09 8:19 Zac Medico
2019-07-09 8:41 ` Ulrich Mueller
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Zac Medico @ 2019-07-09 8:19 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Enable sync-webrsync-verify-signature by default. Use a new
PORTAGE_TEMP_GPG_DIR variable to distinguish indirect emerge-webrsync
calls that use gemato for secure key refresh, and disable direct
emerge-webrsync calls.
Deprecate FEATURES=webrsync-gpg and use it to trigger a
backward-compatibility mode where direct emerge-webrsync calls are
allowed (but trigger a warning message). Since direct emerge-webrsync
calls do not use gemato for secure key refresh, this behavior will
not be supported in a future release.
Bug: https://bugs.gentoo.org/689506
---
bin/emerge-webrsync | 19 ++++++++++++++++---
lib/portage/package/ebuild/config.py | 4 ++++
lib/portage/sync/modules/webrsync/webrsync.py | 3 ++-
man/make.conf.5 | 6 ++++--
man/portage.5 | 2 +-
misc/emerge-delta-webrsync | 19 ++++++++++++++++---
6 files changed, 43 insertions(+), 10 deletions(-)
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index f622dde3e..25daaf8eb 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -50,7 +50,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
FETCHCOMMAND GENTOO_MIRRORS \
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \
USERLAND http_proxy ftp_proxy)"
export http_proxy ftp_proxy
@@ -74,9 +74,21 @@ do_verbose=0
do_debug=0
keep=false
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+
+if [[ ${webrsync_gpg} -eq 1 ]]; then
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
+fi
+
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] ||
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
+ # calls for backward compatibility (this triggers a deprecation warning
+ # above). Since direct emerge-webrsync calls do not use gemato for secure
+ # key refresh, this behavior will not be supported in a future release.
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) &&
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
exit 1
fi
@@ -86,6 +98,7 @@ elif has webrsync-gpg ${FEATURES}; then
else
WEBSYNC_VERIFY_SIGNATURE=0
fi
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then
eecho "please set PORTAGE_GPG_DIR in make.conf"
exit 1
diff --git a/lib/portage/package/ebuild/config.py b/lib/portage/package/ebuild/config.py
index 780013bca..83a15b370 100644
--- a/lib/portage/package/ebuild/config.py
+++ b/lib/portage/package/ebuild/config.py
@@ -1205,6 +1205,10 @@ class config(object):
writemsg(_("!!! FEATURES=fakeroot is enabled, but the "
"fakeroot binary is not installed.\n"), noiselevel=-1)
+ if "webrsync-gpg" in self.features:
+ writemsg(_("!!! FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page.\n"),
+ noiselevel=-1)
+
if os.getuid() == 0 and not hasattr(os, "setgroups"):
warning_shown = False
diff --git a/lib/portage/sync/modules/webrsync/webrsync.py b/lib/portage/sync/modules/webrsync/webrsync.py
index 609ba0be2..6228cb93c 100644
--- a/lib/portage/sync/modules/webrsync/webrsync.py
+++ b/lib/portage/sync/modules/webrsync/webrsync.py
@@ -62,7 +62,7 @@ class WebRsync(SyncBase):
openpgp_env = None
try:
if self.repo.module_specific_options.get(
- 'sync-webrsync-verify-signature', 'false').lower() in ('true', 'yes'):
+ 'sync-webrsync-verify-signature', 'true').lower() in ('true', 'yes'):
if not self.repo.sync_openpgp_key_path:
writemsg_level("!!! sync-openpgp-key-path is not set\n",
@@ -88,6 +88,7 @@ class WebRsync(SyncBase):
openpgp_env.import_key(f)
self._refresh_keys(openpgp_env)
self.spawn_kwargs["env"]["PORTAGE_GPG_DIR"] = openpgp_env.home
+ self.spawn_kwargs["env"]["PORTAGE_TEMP_GPG_DIR"] = openpgp_env.home
except (GematoException, asyncio.TimeoutError) as e:
writemsg_level("!!! Verification impossible due to keyring problem:\n%s\n"
% (e,),
diff --git a/man/make.conf.5 b/man/make.conf.5
index d73bb9bac..ede92de7a 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -1,4 +1,4 @@
-.TH "MAKE.CONF" "5" "Jun 2019" "Portage VERSION" "Portage"
+.TH "MAKE.CONF" "5" "Ju. 2019" "Portage VERSION" "Portage"
.SH "NAME"
make.conf \- custom settings for Portage
.SH "SYNOPSIS"
@@ -716,7 +716,9 @@ Portage would have to waste time validating ownership for each and every sync
operation.
.TP
.B webrsync-gpg
-Enable GPG verification when using \fIemerge\-webrsync\fR.
+Enable GPG verification when using \fIemerge\-webrsync\fR. This feature is
+deprecated and has been replaced by the \fBrepos.conf\fR
+\fIsync\-webrsync\-verify\-signature\fR setting, see \fBportage\fR(5)
.TP
.B xattr
Preserve extended attributes (filesystem-stored metadata) when installing
diff --git a/man/portage.5 b/man/portage.5
index 36c871123..bcb4d3f58 100644
--- a/man/portage.5
+++ b/man/portage.5
@@ -1178,7 +1178,7 @@ Keep snapshots in \fBDISTDIR\fR (do not delete). Defaults to false.
.B sync\-webrsync\-verify\-signature = true|false
Require the detached tarball signature to contain a good OpenPGP
signature. This uses the OpenPGP key(ring) specified by the
-sync\-openpgp\-key\-path setting. Defaults to false.
+sync\-openpgp\-key\-path setting. Defaults to true.
.RE
diff --git a/misc/emerge-delta-webrsync b/misc/emerge-delta-webrsync
index 8419e01a9..c5f6fbbd3 100755
--- a/misc/emerge-delta-webrsync
+++ b/misc/emerge-delta-webrsync
@@ -48,7 +48,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
FETCHCOMMAND GENTOO_MIRRORS \
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \
USERLAND http_proxy ftp_proxy)"
export http_proxy ftp_proxy
@@ -114,9 +114,21 @@ if [[ ! -d $STATE_DIR ]]; then
exit -2
fi
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+
+if [[ ${webrsync_gpg} -eq 1 ]]; then
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
+fi
+
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] ||
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
+ # calls for backward compatibility (this triggers a deprecation warning
+ # above). Since direct emerge-webrsync calls do not use gemato for secure
+ # key refresh, this behavior will not be supported in a future release.
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) &&
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
exit 1
fi
@@ -126,6 +138,7 @@ elif has webrsync-gpg ${FEATURES}; then
else
WEBSYNC_VERIFY_SIGNATURE=0
fi
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then
eecho "please set PORTAGE_GPG_DIR in make.conf"
exit 1
--
2.21.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [gentoo-portage-dev] [PATCH] repos.conf: default sync-webrsync-verify-signature
2019-07-09 8:19 [gentoo-portage-dev] [PATCH] repos.conf: default sync-webrsync-verify-signature Zac Medico
@ 2019-07-09 8:41 ` Ulrich Mueller
2019-07-09 16:30 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
2019-07-10 20:18 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
2 siblings, 0 replies; 4+ messages in thread
From: Ulrich Mueller @ 2019-07-09 8:41 UTC (permalink / raw
To: Zac Medico; +Cc: gentoo-portage-dev
[-- Attachment #1: Type: text/plain, Size: 253 bytes --]
>>>>> On Tue, 09 Jul 2019, Zac Medico wrote:
> --- a/man/make.conf.5
> +++ b/man/make.conf.5
> @@ -1,4 +1,4 @@
> -.TH "MAKE.CONF" "5" "Jun 2019" "Portage VERSION" "Portage"
> +.TH "MAKE.CONF" "5" "Ju. 2019" "Portage VERSION" "Portage"
Typo.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-portage-dev] [PATCH v2] repos.conf: default sync-webrsync-verify-signature
2019-07-09 8:19 [gentoo-portage-dev] [PATCH] repos.conf: default sync-webrsync-verify-signature Zac Medico
2019-07-09 8:41 ` Ulrich Mueller
@ 2019-07-09 16:30 ` Zac Medico
2019-07-10 20:18 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
2 siblings, 0 replies; 4+ messages in thread
From: Zac Medico @ 2019-07-09 16:30 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Enable sync-webrsync-verify-signature by default. Use a new
PORTAGE_TEMP_GPG_DIR variable to distinguish indirect emerge-webrsync
calls that use gemato for secure key refresh, and disable direct
emerge-webrsync calls.
Deprecate FEATURES=webrsync-gpg and use it to trigger a
backward-compatibility mode where direct emerge-webrsync calls are
allowed (but trigger a warning message). Since direct emerge-webrsync
calls do not use gemato for secure key refresh, this behavior will
not be supported in a future release.
Bug: https://bugs.gentoo.org/689506
---
[PATCH v2]
* Fix typo in man page date reported by Ulrich Mueller.
* Automatically enable sync-webrsync-verify-signature only
if gemato is available and sync-openpgp-key-path exists
(dependencies conditional on USE=rsync-verify).
bin/emerge-webrsync | 19 ++++++++++++++++---
lib/portage/package/ebuild/config.py | 4 ++++
lib/portage/sync/modules/webrsync/webrsync.py | 8 +++++++-
man/make.conf.5 | 6 ++++--
man/portage.5 | 4 ++--
misc/emerge-delta-webrsync | 19 ++++++++++++++++---
6 files changed, 49 insertions(+), 11 deletions(-)
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index f622dde3e..25daaf8eb 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -50,7 +50,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
FETCHCOMMAND GENTOO_MIRRORS \
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \
USERLAND http_proxy ftp_proxy)"
export http_proxy ftp_proxy
@@ -74,9 +74,21 @@ do_verbose=0
do_debug=0
keep=false
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+
+if [[ ${webrsync_gpg} -eq 1 ]]; then
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
+fi
+
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] ||
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
+ # calls for backward compatibility (this triggers a deprecation warning
+ # above). Since direct emerge-webrsync calls do not use gemato for secure
+ # key refresh, this behavior will not be supported in a future release.
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) &&
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
exit 1
fi
@@ -86,6 +98,7 @@ elif has webrsync-gpg ${FEATURES}; then
else
WEBSYNC_VERIFY_SIGNATURE=0
fi
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then
eecho "please set PORTAGE_GPG_DIR in make.conf"
exit 1
diff --git a/lib/portage/package/ebuild/config.py b/lib/portage/package/ebuild/config.py
index 780013bca..83a15b370 100644
--- a/lib/portage/package/ebuild/config.py
+++ b/lib/portage/package/ebuild/config.py
@@ -1205,6 +1205,10 @@ class config(object):
writemsg(_("!!! FEATURES=fakeroot is enabled, but the "
"fakeroot binary is not installed.\n"), noiselevel=-1)
+ if "webrsync-gpg" in self.features:
+ writemsg(_("!!! FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page.\n"),
+ noiselevel=-1)
+
if os.getuid() == 0 and not hasattr(os, "setgroups"):
warning_shown = False
diff --git a/lib/portage/sync/modules/webrsync/webrsync.py b/lib/portage/sync/modules/webrsync/webrsync.py
index 609ba0be2..4232ca972 100644
--- a/lib/portage/sync/modules/webrsync/webrsync.py
+++ b/lib/portage/sync/modules/webrsync/webrsync.py
@@ -59,9 +59,14 @@ class WebRsync(SyncBase):
verbose = '--verbose' in self.options['emerge_config'].opts
quiet = '--quiet' in self.options['emerge_config'].opts
+ auto_verify_sig = (self.repo.module_specific_options.get(
+ 'sync-webrsync-verify-signature', 'true').lower() not in ('false', 'no') and
+ gemato is not None and
+ self.repo.sync_openpgp_key_path and
+ os.path.isfile(self.repo.sync_openpgp_key_path))
openpgp_env = None
try:
- if self.repo.module_specific_options.get(
+ if auto_verify_sig or self.repo.module_specific_options.get(
'sync-webrsync-verify-signature', 'false').lower() in ('true', 'yes'):
if not self.repo.sync_openpgp_key_path:
@@ -88,6 +93,7 @@ class WebRsync(SyncBase):
openpgp_env.import_key(f)
self._refresh_keys(openpgp_env)
self.spawn_kwargs["env"]["PORTAGE_GPG_DIR"] = openpgp_env.home
+ self.spawn_kwargs["env"]["PORTAGE_TEMP_GPG_DIR"] = openpgp_env.home
except (GematoException, asyncio.TimeoutError) as e:
writemsg_level("!!! Verification impossible due to keyring problem:\n%s\n"
% (e,),
diff --git a/man/make.conf.5 b/man/make.conf.5
index d73bb9bac..cc4e1eba8 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -1,4 +1,4 @@
-.TH "MAKE.CONF" "5" "Jun 2019" "Portage VERSION" "Portage"
+.TH "MAKE.CONF" "5" "Jul 2019" "Portage VERSION" "Portage"
.SH "NAME"
make.conf \- custom settings for Portage
.SH "SYNOPSIS"
@@ -716,7 +716,9 @@ Portage would have to waste time validating ownership for each and every sync
operation.
.TP
.B webrsync-gpg
-Enable GPG verification when using \fIemerge\-webrsync\fR.
+Enable GPG verification when using \fIemerge\-webrsync\fR. This feature is
+deprecated and has been replaced by the \fBrepos.conf\fR
+\fIsync\-webrsync\-verify\-signature\fR setting, see \fBportage\fR(5).
.TP
.B xattr
Preserve extended attributes (filesystem-stored metadata) when installing
diff --git a/man/portage.5 b/man/portage.5
index 36c871123..10e3155f3 100644
--- a/man/portage.5
+++ b/man/portage.5
@@ -1,4 +1,4 @@
-.TH "PORTAGE" "5" "Apr 2019" "Portage VERSION" "Portage"
+.TH "PORTAGE" "5" "Jul 2019" "Portage VERSION" "Portage"
.SH NAME
portage \- the heart of Gentoo
.SH "DESCRIPTION"
@@ -1178,7 +1178,7 @@ Keep snapshots in \fBDISTDIR\fR (do not delete). Defaults to false.
.B sync\-webrsync\-verify\-signature = true|false
Require the detached tarball signature to contain a good OpenPGP
signature. This uses the OpenPGP key(ring) specified by the
-sync\-openpgp\-key\-path setting. Defaults to false.
+sync\-openpgp\-key\-path setting. Defaults to true.
.RE
diff --git a/misc/emerge-delta-webrsync b/misc/emerge-delta-webrsync
index 8419e01a9..c5f6fbbd3 100755
--- a/misc/emerge-delta-webrsync
+++ b/misc/emerge-delta-webrsync
@@ -48,7 +48,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
FETCHCOMMAND GENTOO_MIRRORS \
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \
USERLAND http_proxy ftp_proxy)"
export http_proxy ftp_proxy
@@ -114,9 +114,21 @@ if [[ ! -d $STATE_DIR ]]; then
exit -2
fi
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+
+if [[ ${webrsync_gpg} -eq 1 ]]; then
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
+fi
+
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] ||
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
+ # calls for backward compatibility (this triggers a deprecation warning
+ # above). Since direct emerge-webrsync calls do not use gemato for secure
+ # key refresh, this behavior will not be supported in a future release.
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) &&
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
exit 1
fi
@@ -126,6 +138,7 @@ elif has webrsync-gpg ${FEATURES}; then
else
WEBSYNC_VERIFY_SIGNATURE=0
fi
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then
eecho "please set PORTAGE_GPG_DIR in make.conf"
exit 1
--
2.21.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-portage-dev] [PATCH v3] repos.conf: default sync-webrsync-verify-signature
2019-07-09 8:19 [gentoo-portage-dev] [PATCH] repos.conf: default sync-webrsync-verify-signature Zac Medico
2019-07-09 8:41 ` Ulrich Mueller
2019-07-09 16:30 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
@ 2019-07-10 20:18 ` Zac Medico
2 siblings, 0 replies; 4+ messages in thread
From: Zac Medico @ 2019-07-10 20:18 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Enable sync-webrsync-verify-signature by default in repos.conf (due to
dependencies the ebuild will make this conditional on USE=rsync-verify
in the same way as the default sync-rsync-verify-metamanifest value).
Use a new PORTAGE_TEMP_GPG_DIR variable to distinguish indirect
emerge-webrsync calls that use gemato for secure key refresh, and
disable direct emerge-webrsync calls.
Deprecate FEATURES=webrsync-gpg and use it to trigger a
backward-compatibility mode where direct emerge-webrsync calls are
allowed (but trigger a warning message). Since direct emerge-webrsync
calls do not use gemato for secure key refresh, this behavior will
not be supported in a future release.
Bug: https://bugs.gentoo.org/689506
Signed-off-by: Zac Medico <zmedico@gentoo.org>
---
[PATCH v3]
* Set sync-webrsync-verify-signature = yes in the default repos.conf
(due to dependencies the ebuild will make this conditional on
USE=rsync-verify in the same way as the default
sync-rsync-verify-metamanifest value). The man page still says the
default is false in order to avoid providing a false sense of
security.
bin/emerge-webrsync | 19 ++++++++++++++++---
cnf/repos.conf | 1 +
lib/portage/package/ebuild/config.py | 4 ++++
lib/portage/sync/modules/webrsync/webrsync.py | 1 +
man/make.conf.5 | 6 ++++--
misc/emerge-delta-webrsync | 19 ++++++++++++++++---
6 files changed, 42 insertions(+), 8 deletions(-)
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index f622dde3e..25daaf8eb 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -50,7 +50,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
FETCHCOMMAND GENTOO_MIRRORS \
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \
USERLAND http_proxy ftp_proxy)"
export http_proxy ftp_proxy
@@ -74,9 +74,21 @@ do_verbose=0
do_debug=0
keep=false
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+
+if [[ ${webrsync_gpg} -eq 1 ]]; then
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
+fi
+
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] ||
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
+ # calls for backward compatibility (this triggers a deprecation warning
+ # above). Since direct emerge-webrsync calls do not use gemato for secure
+ # key refresh, this behavior will not be supported in a future release.
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) &&
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
exit 1
fi
@@ -86,6 +98,7 @@ elif has webrsync-gpg ${FEATURES}; then
else
WEBSYNC_VERIFY_SIGNATURE=0
fi
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then
eecho "please set PORTAGE_GPG_DIR in make.conf"
exit 1
diff --git a/cnf/repos.conf b/cnf/repos.conf
index 2d73b3e35..e71b704db 100644
--- a/cnf/repos.conf
+++ b/cnf/repos.conf
@@ -16,6 +16,7 @@ sync-openpgp-key-refresh-retry-overall-timeout = 1200
sync-openpgp-key-refresh-retry-delay-exp-base = 2
sync-openpgp-key-refresh-retry-delay-max = 60
sync-openpgp-key-refresh-retry-delay-mult = 4
+sync-webrsync-verify-signature = yes
# for daily squashfs snapshots
#sync-type = squashdelta
diff --git a/lib/portage/package/ebuild/config.py b/lib/portage/package/ebuild/config.py
index 780013bca..83a15b370 100644
--- a/lib/portage/package/ebuild/config.py
+++ b/lib/portage/package/ebuild/config.py
@@ -1205,6 +1205,10 @@ class config(object):
writemsg(_("!!! FEATURES=fakeroot is enabled, but the "
"fakeroot binary is not installed.\n"), noiselevel=-1)
+ if "webrsync-gpg" in self.features:
+ writemsg(_("!!! FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page.\n"),
+ noiselevel=-1)
+
if os.getuid() == 0 and not hasattr(os, "setgroups"):
warning_shown = False
diff --git a/lib/portage/sync/modules/webrsync/webrsync.py b/lib/portage/sync/modules/webrsync/webrsync.py
index 609ba0be2..70f65cfcd 100644
--- a/lib/portage/sync/modules/webrsync/webrsync.py
+++ b/lib/portage/sync/modules/webrsync/webrsync.py
@@ -88,6 +88,7 @@ class WebRsync(SyncBase):
openpgp_env.import_key(f)
self._refresh_keys(openpgp_env)
self.spawn_kwargs["env"]["PORTAGE_GPG_DIR"] = openpgp_env.home
+ self.spawn_kwargs["env"]["PORTAGE_TEMP_GPG_DIR"] = openpgp_env.home
except (GematoException, asyncio.TimeoutError) as e:
writemsg_level("!!! Verification impossible due to keyring problem:\n%s\n"
% (e,),
diff --git a/man/make.conf.5 b/man/make.conf.5
index d73bb9bac..cc4e1eba8 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -1,4 +1,4 @@
-.TH "MAKE.CONF" "5" "Jun 2019" "Portage VERSION" "Portage"
+.TH "MAKE.CONF" "5" "Jul 2019" "Portage VERSION" "Portage"
.SH "NAME"
make.conf \- custom settings for Portage
.SH "SYNOPSIS"
@@ -716,7 +716,9 @@ Portage would have to waste time validating ownership for each and every sync
operation.
.TP
.B webrsync-gpg
-Enable GPG verification when using \fIemerge\-webrsync\fR.
+Enable GPG verification when using \fIemerge\-webrsync\fR. This feature is
+deprecated and has been replaced by the \fBrepos.conf\fR
+\fIsync\-webrsync\-verify\-signature\fR setting, see \fBportage\fR(5).
.TP
.B xattr
Preserve extended attributes (filesystem-stored metadata) when installing
diff --git a/misc/emerge-delta-webrsync b/misc/emerge-delta-webrsync
index 8419e01a9..c5f6fbbd3 100755
--- a/misc/emerge-delta-webrsync
+++ b/misc/emerge-delta-webrsync
@@ -48,7 +48,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
FETCHCOMMAND GENTOO_MIRRORS \
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \
USERLAND http_proxy ftp_proxy)"
export http_proxy ftp_proxy
@@ -114,9 +114,21 @@ if [[ ! -d $STATE_DIR ]]; then
exit -2
fi
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+
+if [[ ${webrsync_gpg} -eq 1 ]]; then
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
+fi
+
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] ||
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
+ # calls for backward compatibility (this triggers a deprecation warning
+ # above). Since direct emerge-webrsync calls do not use gemato for secure
+ # key refresh, this behavior will not be supported in a future release.
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) &&
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
exit 1
fi
@@ -126,6 +138,7 @@ elif has webrsync-gpg ${FEATURES}; then
else
WEBSYNC_VERIFY_SIGNATURE=0
fi
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then
eecho "please set PORTAGE_GPG_DIR in make.conf"
exit 1
--
2.21.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-07-10 20:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-09 8:19 [gentoo-portage-dev] [PATCH] repos.conf: default sync-webrsync-verify-signature Zac Medico
2019-07-09 8:41 ` Ulrich Mueller
2019-07-09 16:30 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
2019-07-10 20:18 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox