W dniu wto, 30.01.2018 o godzinie 11∶37 -0800, użytkownik Zac Medico napisał: > On 01/30/2018 10:56 AM, Michał Górny wrote: > > W dniu wto, 30.01.2018 o godzinie 09∶32 -0800, użytkownik Zac Medico > > napisał: > > > On 01/30/2018 08:59 AM, Michał Górny wrote: > > > > Rename the 'sync-rsync-openpgp-key-path' to a more generic > > > > 'sync-openpgp-key-path'. OpenPGP is the basis of at least three > > > > different verification schemes (git, rsync, snapshots) and at least > > > > two of them use the same keys. > > > > --- > > > > cnf/repos.conf | 2 +- > > > > man/portage.5 | 9 +++++---- > > > > pym/portage/repository/config.py | 4 ++++ > > > > pym/portage/sync/modules/rsync/__init__.py | 1 - > > > > pym/portage/sync/modules/rsync/rsync.py | 8 ++------ > > > > 5 files changed, 12 insertions(+), 12 deletions(-) > > > > > > > > diff --git a/cnf/repos.conf b/cnf/repos.conf > > > > index 0d2b1f4be..4a40ff4fc 100644 > > > > --- a/cnf/repos.conf > > > > +++ b/cnf/repos.conf > > > > @@ -7,7 +7,7 @@ sync-type = rsync > > > > sync-uri = rsync://rsync.gentoo.org/gentoo-portage > > > > auto-sync = yes > > > > sync-rsync-verify-metamanifest = yes > > > > -sync-rsync-openpgp-key-path = > > > > /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg > > > > +sync-openpgp-key-path = > > > > /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg > > > > > > > > # for daily squashfs snapshots > > > > #sync-type = squashdelta > > > > diff --git a/man/portage.5 b/man/portage.5 > > > > index 84999bd2f..1f6259715 100644 > > > > --- a/man/portage.5 > > > > +++ b/man/portage.5 > > > > @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository > > > > synchronization. It takes > > > > precedence over a declaration in [DEFAULT] section, that takes > > > > precedence over PORTAGE_RSYNC_EXTRA_OPTS. > > > > .TP > > > > -.B sync\-rsync\-openpgp\-key\-path > > > > -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only > > > > -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset, > > > > -the user's keyring is used. > > > > +.B sync\-openpgp\-key\-path > > > > +Path to the OpenPGP key(ring) used to verify received repository. Used > > > > +only for protocols supporting cryptographic verification, provided > > > > +that the respective verification option is enabled. If unset, the > > > > user's > > > > +keyring is used. > > > > .TP > > > > .B sync-rsync-vcs-ignore = true|false > > > > Ignore vcs directories that may be present in the repository. It is the > > > > diff --git a/pym/portage/repository/config.py > > > > b/pym/portage/repository/config.py > > > > index be31ed3b1..d3a622f7c 100644 > > > > --- a/pym/portage/repository/config.py > > > > +++ b/pym/portage/repository/config.py > > > > @@ -86,6 +86,7 @@ class RepoConfig(object): > > > > 'sync_type', 'sync_umask', 'sync_uri', 'sync_user', > > > > 'thin_manifest', > > > > 'update_changelog', '_eapis_banned', > > > > '_eapis_deprecated', > > > > '_masters_orig', 'module_specific_options', > > > > 'manifest_required_hashes', > > > > + 'openpgp_key_path', > > > > ) > > > > > > > > def __init__(self, name, repo_opts, local_config=True): > > > > @@ -182,6 +183,9 @@ class RepoConfig(object): > > > > self.strict_misc_digests = repo_opts.get( > > > > 'strict-misc-digests', 'true').lower() == 'true' > > > > > > > > + self.openpgp_key_path = repo_opts.get( > > > > + 'sync-openpgp-key-path', None) > > > > + > > > > self.module_specific_options = {} > > > > > > > > # Not implemented. > > > > diff --git a/pym/portage/sync/modules/rsync/__init__.py > > > > b/pym/portage/sync/modules/rsync/__init__.py > > > > index 14af2120c..27a2548c0 100644 > > > > --- a/pym/portage/sync/modules/rsync/__init__.py > > > > +++ b/pym/portage/sync/modules/rsync/__init__.py > > > > @@ -27,7 +27,6 @@ module_spec = { > > > > 'validate_config': CheckSyncConfig, > > > > 'module_specific_options': ( > > > > 'sync-rsync-extra-opts', > > > > - 'sync-rsync-openpgp-key-path', > > > > 'sync-rsync-vcs-ignore', > > > > 'sync-rsync-verify-jobs', > > > > 'sync-rsync-verify-metamanifest', > > > > diff --git a/pym/portage/sync/modules/rsync/rsync.py > > > > b/pym/portage/sync/modules/rsync/rsync.py > > > > index 552ac6f6b..d9d7d56f2 100644 > > > > --- a/pym/portage/sync/modules/rsync/rsync.py > > > > +++ b/pym/portage/sync/modules/rsync/rsync.py > > > > @@ -87,10 +87,6 @@ class RsyncSync(NewBase): > > > > self.verify_metamanifest = ( > > > > self.repo.module_specific_options.get( > > > > > > > > 'sync-rsync-verify-metamanifest', False)) > > > > - # Default to gentoo-keys keyring. > > > > - self.openpgp_key_path = ( > > > > - self.repo.module_specific_options.get( > > > > - 'sync-rsync-openpgp-key-path', > > > > None)) > > > > # Support overriding job count. > > > > self.verify_jobs = > > > > self.repo.module_specific_options.get( > > > > 'sync-rsync-verify-jobs', None) > > > > @@ -276,8 +272,8 @@ class RsyncSync(NewBase): > > > > # if synced successfully, verify now > > > > if exitcode == 0 and self.verify_metamanifest: > > > > command = ['gemato', 'verify', '-s', > > > > self.repo.location] > > > > - if self.openpgp_key_path is not None: > > > > - command += ['-K', self.openpgp_key_path] > > > > + if self.repo.openpgp_key_path is not None: > > > > + command += ['-K', > > > > self.repo.openpgp_key_path] > > > > if self.verify_jobs is not None: > > > > command += ['-j', self.verify_jobs] > > > > exitcode = portage.process.spawn(command, > > > > **self.spawn_kwargs) > > > > > > > > > > Unless we update this patch to retain backward compatibility with > > > sync-rsync-openpgp-key-path in portage-2.3.21, we'll need a to have a > > > portage-2.3.22 release soon. > > > > Yes. We need it anyway because the boolean parsing in sync-rsync-verify- > > metamanifest is broken ;-F. > > Okay, the patch looks good. Please merge.
All three merged, thanks! Please let me know if directory check also looks good, or if you prefer to do it post-release. -- Best regards, Michał Górny