diff options
| author |   Andreas K. Hüttel <dilfridge@gentoo.org> | 2023-08-30 19:57:19 +0200 |
|---|---|---|
| committer |   Mike Gilbert <floppym@gentoo.org> | 2023-09-03 14:07:28 -0400 |
| commit | 3e56f8a6498cd90a7d5fe472febf586455c3bad7 (patch) | |
| tree | 6c61c1d3b07831a7c6544e23f5373ffabb3d6da3 | |
| parent | emerge: ensure paths are UTF-8 encoded in _needs_move() (diff) | |
| download | portage-3e56f8a6.tar.gz portage-3e56f8a6.tar.bz2 portage-3e56f8a6.zip | |
Run PORTAGE_TRUST_HELPER before remote binary package operations
Right now this is somewhat suboptimal because the helper is only
called if FEATURES="binpkg-request-signature" is set, but existing
signatures are also verified otherwise.
Closes: https://github.com/gentoo/portage/pull/1085
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
| -rw-r--r-- | .github/workflows/ci.yml | 3 | ||||
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | cnf/make.globals | 3 | ||||
| -rw-r--r-- | lib/portage/dbapi/bintree.py | 12 | ||||
| -rw-r--r-- | lib/portage/package/ebuild/_config/special_env_vars.py | 1 | ||||
| -rw-r--r-- | man/make.conf.5 | 9 |
6 files changed, 30 insertions, 0 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bf36ad19d..fc7ab93a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,6 +38,9 @@ jobs: python -m pip install --upgrade pip # setuptools needed for 3.12+ because of https://github.com/mesonbuild/meson/issues/7702. python -m pip install pytest setuptools + + # symlink /bin/true to /usr/bin/getuto (or do we want to grab the script from github?) + sudo ln -s /bin/true /usr/bin/getuto - name: Test meson install --destdir /tmp/install-root run: | echo -e "[binaries]\npython = '$(command -v python)'" > /tmp/native.ini @@ -5,6 +5,8 @@ Features: * bintree: Add new API member (invalid_paths) to allow gentoolkit to later clean up invalid binpkgs (bug #900224). +* Run PORTAGE_TRUST_HELPER before remote binary package operations. + Bug fixes: * Prevent gpg from removing /dev/null when unlocking signing key (bug #912808). diff --git a/cnf/make.globals b/cnf/make.globals index f951bb317..bfefcc523 100644 --- a/cnf/make.globals +++ b/cnf/make.globals @@ -150,6 +150,9 @@ PORTAGE_ELOG_MAILFROM="portage@localhost" # Signing command used by egencache PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key \"\${PORTAGE_GPG_KEY}\" --homedir \"\${PORTAGE_GPG_DIR}\" \"\${FILE}\"" +# Trust helper executable for installing and updating package verification keys +PORTAGE_TRUST_HELPER="/usr/bin/getuto" + # btrfs.* attributes are irrelevant, see bug #527636. # security.* attributes may be special (see bug 461868), but # security.capability is specifically not excluded (bug 548516). diff --git a/lib/portage/dbapi/bintree.py b/lib/portage/dbapi/bintree.py index af2113bd8..ec31b52d0 100644 --- a/lib/portage/dbapi/bintree.py +++ b/lib/portage/dbapi/bintree.py @@ -1234,11 +1234,23 @@ class binarytree: return pkgindex if update_pkgindex else None + def _run_trust_helper(self): + portage_trust_helper = self.settings.get("PORTAGE_TRUST_HELPER", "") + if portage_trust_helper == "": + return + ret = subprocess.run(portage_trust_helper) + ret.check_returncode() + def _populate_remote(self, getbinpkg_refresh=True): self._remote_has_index = False self._remotepkgs = {} if "binpkg-request-signature" in self.settings.features: + # This is somewhat broken, we *should* run the trust helper always + # when binpackages are involved, not only when we refuse unsigned + # ones. (If the keys have expired we end up refusing signed but + # technically invalid packages...) + self._run_trust_helper() gpkg_only = True else: gpkg_only = False diff --git a/lib/portage/package/ebuild/_config/special_env_vars.py b/lib/portage/package/ebuild/_config/special_env_vars.py index ef8f06abe..6020029e3 100644 --- a/lib/portage/package/ebuild/_config/special_env_vars.py +++ b/lib/portage/package/ebuild/_config/special_env_vars.py @@ -315,6 +315,7 @@ environ_filter = frozenset( "PORTAGE_RSYNC_RETRIES", "PORTAGE_SSH_OPTS", "PORTAGE_SYNC_STALE", + "PORTAGE_TRUST_HELPER", "PORTAGE_USE", "PORTAGE_LOG_FILTER_FILE_CMD", "PORTAGE_LOGDIR", diff --git a/man/make.conf.5 b/man/make.conf.5 index a1a433b10..2a28d2b6f 100644 --- a/man/make.conf.5 +++ b/man/make.conf.5 @@ -1208,6 +1208,15 @@ Defaults to /var/tmp. This should not be set to point anywhere under location of any repository. .TP +\fBPORTAGE_TRUST_HELPER\fR = \fI[path]\fR +Defines an executable file which initializes and maintains +/etc/portage/gnupg, installing keys that are trusted for binary package +signing, and refreshing these keys from a key server. This helper is called +before all operations involving remote binary packages if and only if +binpkg-request-signature is in \fBFEATURES\fR. +.br +Defaults to "/usr/bin/getuto" (provided by app-portage/getuto). +.TP \fBPORTAGE_USERNAME\fR = \fI[user]\fR Defines the username to use when executing in userpriv/etc... modes (i.e. non-root). |