diff options
author | Michał Górny <mgorny@gentoo.org> | 2018-02-01 13:06:26 +0100 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2018-02-05 19:43:21 +0100 |
commit | 8d99acdb3f4fba258dfcdf3b659e400a8066d296 (patch) | |
tree | 84a670bcf008935873228097b40843afb4b9fe5a | |
parent | rsync: Load and update keys early (diff) | |
download | portage-8d99acdb.tar.gz portage-8d99acdb.tar.bz2 portage-8d99acdb.zip |
rsync: Issue an explicit warning if Manifest timestamp is >24hr old
Issue an explicit warning if the Manifest timestamp for Gentoo
repository is 24 hours behind the system clock. This is meant to detect
attacks based on preventing the user from upgrading.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
-rw-r--r-- | cnf/repos.conf | 1 | ||||
-rw-r--r-- | man/portage.5 | 4 | ||||
-rw-r--r-- | pym/portage/sync/modules/rsync/__init__.py | 1 | ||||
-rw-r--r-- | pym/portage/sync/modules/rsync/rsync.py | 21 |
4 files changed, 27 insertions, 0 deletions
diff --git a/cnf/repos.conf b/cnf/repos.conf index 4a40ff4fc..984ecd220 100644 --- a/cnf/repos.conf +++ b/cnf/repos.conf @@ -7,6 +7,7 @@ sync-type = rsync sync-uri = rsync://rsync.gentoo.org/gentoo-portage auto-sync = yes sync-rsync-verify-metamanifest = yes +sync-rsync-verify-max-age = 24 sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg # for daily squashfs snapshots diff --git a/man/portage.5 b/man/portage.5 index d4f755f51..54ce7eec9 100644 --- a/man/portage.5 +++ b/man/portage.5 @@ -1086,6 +1086,10 @@ directories if appropriate. Number of parallel jobs to use when verifying nested Manifests. Defaults to the apparent number of processors. .TP +.B sync\-rsync\-verify\-max\-age +Warn if repository is older than the specified number of days. Disabled +when 0. Defaults to disabled. +.TP .B sync\-rsync\-verify\-metamanifest = yes|no Require the repository to contain a signed MetaManifest and verify it using \fBapp\-portage/gemato\fR. Defaults to no. diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py index 27a2548c0..cb80f6d66 100644 --- a/pym/portage/sync/modules/rsync/__init__.py +++ b/pym/portage/sync/modules/rsync/__init__.py @@ -29,6 +29,7 @@ module_spec = { 'sync-rsync-extra-opts', 'sync-rsync-vcs-ignore', 'sync-rsync-verify-jobs', + 'sync-rsync-verify-max-age', 'sync-rsync-verify-metamanifest', ), } diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py index dc4674548..ac841545d 100644 --- a/pym/portage/sync/modules/rsync/rsync.py +++ b/pym/portage/sync/modules/rsync/rsync.py @@ -6,6 +6,7 @@ import logging import time import signal import socket +import datetime import io import re import random @@ -109,6 +110,20 @@ class RsyncSync(NewBase): writemsg_level("!!! sync-rsync-verify-jobs not a positive integer: %s\n" % (self.verify_jobs,), level=logging.WARNING, noiselevel=-1) self.verify_jobs = None + # Support overriding max age. + self.max_age = self.repo.module_specific_options.get( + 'sync-rsync-verify-max-age', '') + if self.max_age: + try: + self.max_age = int(self.max_age) + if self.max_age < 0: + raise ValueError(self.max_age) + except ValueError: + writemsg_level("!!! sync-rsync-max-age must be a non-negative integer: %s\n" % (self.max_age,), + level=logging.WARNING, noiselevel=-1) + self.max_age = 0 + else: + self.max_age = 0 openpgp_env = None if self.verify_metamanifest and gemato is not None: @@ -339,6 +354,12 @@ class RsyncSync(NewBase): ts = m.find_timestamp() if ts is None: raise RuntimeError('Timestamp not found in Manifest') + if (self.max_age != 0 and + (datetime.datetime.utcnow() - ts.ts).days > self.max_age): + out.ewarn('Manifest is over %d days old, this is suspicious!' % (self.max_age,)) + out.ewarn('You may want to try using another mirror and/or reporting this one:') + out.ewarn(' %s' % (dosyncuri,)) + out.ewarn('') out.einfo('Manifest timestamp: %s UTC' % (ts.ts,)) out.einfo('Valid OpenPGP signature found:') |