Rename the 'sync-rsync-openpgp-key-path' to a more generic 'sync-openpgp-key-path'. OpenPGP is the basis of at least three different verification schemes (git, rsync, snapshots) and at least two of them use the same keys. --- cnf/repos.conf | 2 +- man/portage.5 | 9 +++++---- pym/portage/repository/config.py | 4 ++++ pym/portage/sync/modules/rsync/__init__.py | 1 - pym/portage/sync/modules/rsync/rsync.py | 8 ++------ 5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/cnf/repos.conf b/cnf/repos.conf index 0d2b1f4be..4a40ff4fc 100644 --- a/cnf/repos.conf +++ b/cnf/repos.conf @@ -7,7 +7,7 @@ sync-type = rsync sync-uri = rsync://rsync.gentoo.org/gentoo-portage auto-sync = yes sync-rsync-verify-metamanifest = yes -sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg +sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg # for daily squashfs snapshots #sync-type = squashdelta diff --git a/man/portage.5 b/man/portage.5 index 84999bd2f..1f6259715 100644 --- a/man/portage.5 +++ b/man/portage.5 @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes precedence over a declaration in [DEFAULT] section, that takes precedence over PORTAGE_RSYNC_EXTRA_OPTS. .TP -.B sync\-rsync\-openpgp\-key\-path -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset, -the user's keyring is used. +.B sync\-openpgp\-key\-path +Path to the OpenPGP key(ring) used to verify received repository. Used +only for protocols supporting cryptographic verification, provided +that the respective verification option is enabled. If unset, the user's +keyring is used. .TP .B sync-rsync-vcs-ignore = true|false Ignore vcs directories that may be present in the repository. It is the diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py index be31ed3b1..d3a622f7c 100644 --- a/pym/portage/repository/config.py +++ b/pym/portage/repository/config.py @@ -86,6 +86,7 @@ class RepoConfig(object): 'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest', 'update_changelog', '_eapis_banned', '_eapis_deprecated', '_masters_orig', 'module_specific_options', 'manifest_required_hashes', + 'openpgp_key_path', ) def __init__(self, name, repo_opts, local_config=True): @@ -182,6 +183,9 @@ class RepoConfig(object): self.strict_misc_digests = repo_opts.get( 'strict-misc-digests', 'true').lower() == 'true' + self.openpgp_key_path = repo_opts.get( + 'sync-openpgp-key-path', None) + self.module_specific_options = {} # Not implemented. diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py index 14af2120c..27a2548c0 100644 --- a/pym/portage/sync/modules/rsync/__init__.py +++ b/pym/portage/sync/modules/rsync/__init__.py @@ -27,7 +27,6 @@ module_spec = { 'validate_config': CheckSyncConfig, 'module_specific_options': ( 'sync-rsync-extra-opts', - 'sync-rsync-openpgp-key-path', 'sync-rsync-vcs-ignore', 'sync-rsync-verify-jobs', 'sync-rsync-verify-metamanifest', diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py index 552ac6f6b..d9d7d56f2 100644 --- a/pym/portage/sync/modules/rsync/rsync.py +++ b/pym/portage/sync/modules/rsync/rsync.py @@ -87,10 +87,6 @@ class RsyncSync(NewBase): self.verify_metamanifest = ( self.repo.module_specific_options.get( 'sync-rsync-verify-metamanifest', False)) - # Default to gentoo-keys keyring. - self.openpgp_key_path = ( - self.repo.module_specific_options.get( - 'sync-rsync-openpgp-key-path', None)) # Support overriding job count. self.verify_jobs = self.repo.module_specific_options.get( 'sync-rsync-verify-jobs', None) @@ -276,8 +272,8 @@ class RsyncSync(NewBase): # if synced successfully, verify now if exitcode == 0 and self.verify_metamanifest: command = ['gemato', 'verify', '-s', self.repo.location] - if self.openpgp_key_path is not None: - command += ['-K', self.openpgp_key_path] + if self.repo.openpgp_key_path is not None: + command += ['-K', self.repo.openpgp_key_path] if self.verify_jobs is not None: command += ['-j', self.verify_jobs] exitcode = portage.process.spawn(command, **self.spawn_kwargs) -- 2.16.1