commit: b5cd549e07f3d835cbe04e5b718cdd47d7ee69f5 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sun Apr 30 05:08:06 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon May 1 07:20:56 2023 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=b5cd549e
emerge-webrsync: tidy up 'webrsync-gpg' case webrsync-gpg is actually two distinct cases: 1. A user has FEATURES="webrsync-gpg" in make.conf and is calling 'emerge-webrsync'. This is deprecated. 2. A user has 'sync-type=webrsync', is using emaint/emerge to sync, and Portage is shelling out to emerge-webrsync. This is what users are encouraged to do, but it currently uses the legacy webrsync-gpg path. For the benefit of case #2 and to clarify things, don't mention FEATURES="webrsync-gpg" if the user hasn't set it - this is to avoid users *starting to set it* because it sounds like something they may want. We also silence the (new) 'gpg legacy path' phrasing for now with --quiet given this is expected with case #2. Consolidate some logic while at it. The next step is, of course, to shift everything to the gemato path. Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam <AT> gentoo.org> NEWS | 5 +++++ bin/emerge-webrsync | 26 +++++++++++++++----------- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/NEWS b/NEWS index 8932289ba..f0b500471 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,11 @@ portage-3.0.48 (UNRELEASED) Bug fixes: * fowners, fperms: Fix handling of relative pathnames (bug #905223). +* emerge-webrsync: Be less alarmist when a user is syncing with Portage + (not calling emerge-webrsync directly) with sync-type='webrsync'. We + were emitting a misleading warning about the validation method in use + which might in fact encourage people to use the older method. + Cleanups: * Convert printf-style %-formats into fstrings. diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync index 8ef22cbe9..faf7bb752 100755 --- a/bin/emerge-webrsync +++ b/bin/emerge-webrsync @@ -109,21 +109,17 @@ do_debug=0 keep=false handle_pgp_setup() { - has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0 + # WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification + # WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg + # WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg" + WEBRSYNC_VERIFY_SIGNATURE=1 - if [[ ${webrsync_gpg} -eq 1 ]]; then - ewarn "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page." - fi + has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0 repo_has_webrsync_verify=$( has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | LC_ALL=C tr '[:upper:]' '[:lower:]') true yes ) - # WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification - # WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg - # WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg" - WEBRSYNC_VERIFY_SIGNATURE=1 - if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || [[ ${repo_has_webrsync_verify} -eq 1 ]]; then # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync # calls for backward compatibility (this triggers a deprecation warning @@ -134,10 +130,18 @@ handle_pgp_setup() { fi WEBRSYNC_VERIFY_SIGNATURE=2 - elif has webrsync-gpg ${FEATURES}; then + elif [[ ${webrsync_gpg} -eq 1 ]] then + # We only warn if FEATURES="webrsync-gpg" is in make.conf, not if + # Portage is calling us for 'type=webrsync' with verification. + # TODO: Change the Portage path to fully use gemato and unify the lot. + ewarn "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page." WEBRSYNC_VERIFY_SIGNATURE=2 elif [[ -n ${no_pgp_verify} ]]; then WEBRSYNC_VERIFY_SIGNATURE=0 + else + # The default at the beginning of handle_pgp_setup is WEBRSYNC_VERIFY_SIGNATURE=1 + # i.e. gemato. + :; fi case "${WEBRSYNC_VERIFY_SIGNATURE}" in @@ -148,7 +152,7 @@ handle_pgp_setup() { [[ ${PORTAGE_QUIET} -eq 1 ]] || einfo "PGP verification method: gemato" ;; 2) - ewarn "PGP verification method: legacy FEATURES=webrsync-gpg" + [[ ${PORTAGE_QUIET} -eq 1 ]] || ewarn "PGP verification method: legacy gpg path" ;; *) die "Unknown WEBRSYNC_VERIFY_SIGNATURE state: \${WEBRSYNC_VERIFY_SIGNATURE}=${WEBRSYNC_VERIFY_SIGNATURE}"