Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/portage/repository/config.py10
-rw-r--r--lib/portage/sync/syncbase.py9
2 files changed, 17 insertions, 2 deletions
diff --git a/lib/portage/repository/config.py b/lib/portage/repository/config.py
index 50ab18026..6155c130a 100644
--- a/lib/portage/repository/config.py
+++ b/lib/portage/repository/config.py
@@ -1,4 +1,4 @@
-# Copyright 2010-2019 Gentoo Authors
+# Copyright 2010-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
from __future__ import unicode_literals
@@ -113,6 +113,7 @@ class RepoConfig(object):
'sync_hooks_only_on_change',
'sync_openpgp_keyserver',
'sync_openpgp_key_path',
+ 'sync_openpgp_key_refresh',
'sync_openpgp_key_refresh_retry_count',
'sync_openpgp_key_refresh_retry_delay_exp_base',
'sync_openpgp_key_refresh_retry_delay_max',
@@ -233,6 +234,9 @@ class RepoConfig(object):
self.sync_openpgp_key_path = repo_opts.get(
'sync-openpgp-key-path', None)
+ self.sync_openpgp_key_refresh = repo_opts.get(
+ 'sync-openpgp-key-refresh', 'true').lower() in ('true', 'yes')
+
for k in ('sync_openpgp_key_refresh_retry_count',
'sync_openpgp_key_refresh_retry_delay_exp_base',
'sync_openpgp_key_refresh_retry_delay_max',
@@ -497,6 +501,8 @@ class RepoConfig(object):
repo_msg.append(indent + "location: " + self.location)
if not self.strict_misc_digests:
repo_msg.append(indent + "strict-misc-digests: false")
+ if not self.sync_openpgp_key_refresh:
+ repo_msg.append(indent + "sync-openpgp-key-refresh: no")
if self.sync_type:
repo_msg.append(indent + "sync-type: " + self.sync_type)
if self.sync_umask:
@@ -609,6 +615,7 @@ class RepoConfigLoader(object):
'sync_hooks_only_on_change',
'sync_openpgp_keyserver',
'sync_openpgp_key_path',
+ 'sync_openpgp_key_refresh',
'sync_openpgp_key_refresh_retry_count',
'sync_openpgp_key_refresh_retry_delay_exp_base',
'sync_openpgp_key_refresh_retry_delay_max',
@@ -1047,6 +1054,7 @@ class RepoConfigLoader(object):
bool_keys = (
"strict_misc_digests",
"sync_allow_hardlinks",
+ "sync_openpgp_key_refresh",
"sync_rcu",
)
str_or_int_keys = (
diff --git a/lib/portage/sync/syncbase.py b/lib/portage/sync/syncbase.py
index 46644d68e..74818a420 100644
--- a/lib/portage/sync/syncbase.py
+++ b/lib/portage/sync/syncbase.py
@@ -1,4 +1,4 @@
-# Copyright 2014-2018 Gentoo Foundation
+# Copyright 2014-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
'''
@@ -252,6 +252,13 @@ class SyncBase(object):
@type openpgp_env: gemato.openpgp.OpenPGPEnvironment
"""
out = portage.output.EOutput(quiet=('--quiet' in self.options['emerge_config'].opts))
+
+ if not self.repo.sync_openpgp_key_refresh:
+ out.ewarn('Key refresh is disabled via a repos.conf sync-openpgp-key-refresh')
+ out.ewarn('setting, and this is a security vulnerability because it prevents')
+ out.ewarn('detection of revoked keys!')
+ return
+
out.ebegin('Refreshing keys via WKD')
if openpgp_env.refresh_keys_wkd():
out.eend(0)