| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
squashdelta was removed in 090c8c91dad9 ("portage/sync/modules: Remove
the squashdelta module")
Bug: https://bugs.gentoo.org/614422
Closes: https://github.com/gentoo/portage/pull/461
Signed-off-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable sync-webrsync-verify-signature by default in repos.conf (due to
dependencies the ebuild will make this conditional on USE=rsync-verify
in the same way as the default sync-rsync-verify-metamanifest value).
Use a new PORTAGE_TEMP_GPG_DIR variable to distinguish indirect
emerge-webrsync calls that use gemato for secure key refresh, and
disable direct emerge-webrsync calls.
Deprecate FEATURES=webrsync-gpg and use it to trigger a
backward-compatibility mode where direct emerge-webrsync calls are
allowed (but trigger a warning message). Since direct emerge-webrsync
calls do not use gemato for secure key refresh, this behavior will
not be supported in a future release.
Bug: https://bugs.gentoo.org/689506
Signed-off-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Default to using hkps://keys.gentoo.org which are guaranteed to hold
the newest copies of Gentoo keys, are secured against key poisoning
and are more reliable than SKS.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes a _compat_upgrade.default_locations script that the
ebuild can call in pkg_preinst in order to maintain backward-compatible
defaults when appropriate. The new defaults are specified in the
summary of the 20180729 council meeting:
Vote: Default locations for the Gentoo repository, distfiles, and
binary packages will be, respectively:
/var/db/repos/gentoo
/var/cache/distfiles
/var/cache/binpkgs
Accepted with 6 yes votes and 1 no vote.
See: https://projects.gentoo.org/council/meeting-logs/20180729-summary.txt
Bug: https://bugs.gentoo.org/378603
Signed-off-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
If we have a local sync-allow-hardlinks setting in [gentoo],
it overrides the DEFAULT section. The default setting for
sync-allow-hardlinks is already done in the RepoConfig
class.
Fixes: 84822ef7a214 ("rsync: quarantine data prior to verification (bug 660410)")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync into a quarantine subdirectory, using the rsync --link-dest option
to create hardlinks to identical files in the previous snapshot of the
repository. If hardlinks are not supported, then show a warning message
and sync directly to the normal repository location.
If verification succeeds, then the quarantine subdirectory is synced
to the normal repository location, and the quarantine subdirectory
is deleted. If verification fails, then the quarantine directory is
preserved for purposes of analysis.
Even if verification happens to be disabled, the quarantine directory
is still useful for making the repository update more atomic, so that
it is less likely that normal repository location will be observed in
a partially synced state.
The new behavior may conflict with configurations that restrict the
use of hardlinks, such as overlay filesystems. Therefore, users will
have to set "sync-allow-hardlinks = no" in repos.conf if they have
a configuration that prevents the use of hardlinks, but this should
not be very common.
Bug: https://bugs.gentoo.org/660410
|
|
|
|
|
|
|
|
|
| |
Switch the key provider from unmaintained app-crypt/gentoo-keys
to app-crypt/openpgp-keys-gentoo-release. The latter has the advantage
of supplying current, working keys in the more portable OpenPGP format
(rather than GnuPG binary keyring).
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some users have reported that using all processors to verify
manifests results in overloading, therefore default to using
a single processor. On modern hardware, verification of the
gentoo repository completes in less than 20 seconds, so using
multiple processors is not really necessary. Also, gemato-13.0
disables parallel verification due to the unresolved deadlock
issue reported in bug 647964, so this brings the default
portage configuration into alignment with current gemato
behavior.
Bug: https://bugs.gentoo.org/650696
Bug: https://bugs.gentoo.org/647964
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since key refresh is prone to failure, retry using exponential
backoff with random jitter. This adds the following sync-openpgp-*
configuration settings:
sync-openpgp-key-refresh-retry-count = 40
Maximum number of times to retry key refresh if it fails. Between
each key refresh attempt, there is an exponential delay with a
constant multiplier and a uniform random multiplier between 0 and 1.
sync-openpgp-key-refresh-retry-delay-exp-base = 2
The base of the exponential expression. The exponent is the number
of previous refresh attempts.
sync-openpgp-key-refresh-retry-delay-max = 60
Maximum delay between each retry attempt, in units of seconds. This
places a limit on the length of the exponential delay.
sync-openpgp-key-refresh-retry-delay-mult = 4
Multiplier for the exponential delay.
sync-openpgp-key-refresh-retry-overall-timeout = 1200
Combined time limit for all refresh attempts, in units of seconds.
Bug: https://bugs.gentoo.org/649276
|
|
|
|
|
|
|
|
| |
Issue an explicit warning if the Manifest timestamp for Gentoo
repository is 24 hours behind the system clock. This is meant to detect
attacks based on preventing the user from upgrading.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Rename the 'sync-rsync-openpgp-key-path' to a more generic
'sync-openpgp-key-path'. OpenPGP is the basis of at least three
different verification schemes (git, rsync, snapshots) and at least
two of them use the same keys.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add two new configuration options to rsync repositories:
sync-rsync-verify-metamanifest and sync-rsync-openpgp-key-path.
The first controls whether gemato verification is run for
the repository (defaults to true for ::gentoo, false otherwise),
the second makes it possible to override the key path for custom
repositories.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The squashdelta module provides syncing via SquashFS snapshots. For the
initial sync, a complete snapshot is fetched and placed in
/var/cache/portage/squashfs. On subsequent sync operations, deltas are
fetched from the mirror and used to reconstruct the newest snapshot.
The distfile fetching logic is reused to fetch the remote files
and verify their checksums. Additionally, the sha512sum.txt file should
be OpenPGP-verified after fetching but this is currently unimplemented.
After fetching, Portage tries to (re-)mount the SquashFS in repository
location.
|
|
|
|
|
| |
Make the auto_sync variable lowercase
cnf/repos.conf: Add new auto-sync variable
|
|
|
|
|
|
|
|
|
| |
Configuration of synchronization is specified by new attributes
supported in repos.conf: sync-cvs-repo, sync-type, sync-uri.
SYNC variable is no longer supported, since it could not override
gentoo.sync-uri attribute now set in default configuration of
repositories (/usr/share/portage/config/repos.conf).
|
|
/usr/share/portage/config/make.globals
to /usr/share/portage/config/repos.conf.
|