aboutsummaryrefslogtreecommitdiff
path: root/misc
diff options
context:
space:
mode:
authorZac Medico <zmedico@gentoo.org>2019-07-08 22:57:33 -0700
committerZac Medico <zmedico@gentoo.org>2019-07-10 13:28:39 -0700
commit829623eadbeda97d37c0ea50dc5f08f19bf4561b (patch)
tree48be75ed708f5e40fcd35f22b151872c826cd59e /misc
parentImprovements for man 5 ebuild to reflect EAPI 7 changes. (diff)
downloadportage-829623eadbeda97d37c0ea50dc5f08f19bf4561b.tar.gz
portage-829623eadbeda97d37c0ea50dc5f08f19bf4561b.tar.bz2
portage-829623eadbeda97d37c0ea50dc5f08f19bf4561b.zip
repos.conf: default sync-webrsync-verify-signature
Enable sync-webrsync-verify-signature by default in repos.conf (due to dependencies the ebuild will make this conditional on USE=rsync-verify in the same way as the default sync-rsync-verify-metamanifest value). Use a new PORTAGE_TEMP_GPG_DIR variable to distinguish indirect emerge-webrsync calls that use gemato for secure key refresh, and disable direct emerge-webrsync calls. Deprecate FEATURES=webrsync-gpg and use it to trigger a backward-compatibility mode where direct emerge-webrsync calls are allowed (but trigger a warning message). Since direct emerge-webrsync calls do not use gemato for secure key refresh, this behavior will not be supported in a future release. Bug: https://bugs.gentoo.org/689506 Signed-off-by: Zac Medico <zmedico@gentoo.org>
Diffstat (limited to 'misc')
-rwxr-xr-xmisc/emerge-delta-webrsync19
1 files changed, 16 insertions, 3 deletions
diff --git a/misc/emerge-delta-webrsync b/misc/emerge-delta-webrsync
index 8419e01a9..c5f6fbbd3 100755
--- a/misc/emerge-delta-webrsync
+++ b/misc/emerge-delta-webrsync
@@ -48,7 +48,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \
FETCHCOMMAND GENTOO_MIRRORS \
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \
USERLAND http_proxy ftp_proxy)"
export http_proxy ftp_proxy
@@ -114,9 +114,21 @@ if [[ ! -d $STATE_DIR ]]; then
exit -2
fi
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0
+
+if [[ ${webrsync_gpg} -eq 1 ]]; then
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page."
+fi
+
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] ||
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync
+ # calls for backward compatibility (this triggers a deprecation warning
+ # above). Since direct emerge-webrsync calls do not use gemato for secure
+ # key refresh, this behavior will not be supported in a future release.
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) &&
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync."
exit 1
fi
@@ -126,6 +138,7 @@ elif has webrsync-gpg ${FEATURES}; then
else
WEBSYNC_VERIFY_SIGNATURE=0
fi
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then
eecho "please set PORTAGE_GPG_DIR in make.conf"
exit 1