diff options
Diffstat (limited to 'lib/portage/sync/syncbase.py')
-rw-r--r-- | lib/portage/sync/syncbase.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/portage/sync/syncbase.py b/lib/portage/sync/syncbase.py index 46644d68e..74818a420 100644 --- a/lib/portage/sync/syncbase.py +++ b/lib/portage/sync/syncbase.py @@ -1,4 +1,4 @@ -# Copyright 2014-2018 Gentoo Foundation +# Copyright 2014-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 ''' @@ -252,6 +252,13 @@ class SyncBase(object): @type openpgp_env: gemato.openpgp.OpenPGPEnvironment """ out = portage.output.EOutput(quiet=('--quiet' in self.options['emerge_config'].opts)) + + if not self.repo.sync_openpgp_key_refresh: + out.ewarn('Key refresh is disabled via a repos.conf sync-openpgp-key-refresh') + out.ewarn('setting, and this is a security vulnerability because it prevents') + out.ewarn('detection of revoked keys!') + return + out.ebegin('Refreshing keys via WKD') if openpgp_env.refresh_keys_wkd(): out.eend(0) |