Bug 597800 was largely caused by our confusing mess over: - whether emerge-webrsync should be deprecated as a standalone tool; - the verification codepath in Portage's webrsync module; - the verification codepath (which didn't exist when called directly) in emerge-webrsync; - whether all the logic should be in Portage itself or if emerge-webrsync should continue to exist in some form to shell out to (as Portage does now) We should really just handle the PGP verification in Portage rather than it calling out and using emerge-webrsync's, because the logic in Portage is already far more sophisticated and it can also call gemato as a module properly.
There's two paths we can take: 1. Do the gpg verification in emerge-webrsync even when being called by Portage. Pros: - Quicker to implement if we're happy to ignore some "bonus" settings. Cons: - We either lose settings like sync-openpgp-key-refresh-retry (silently ignore them) or we have to reinvent the wheel extensively (both for passing them through - easy, and actually making them do something). 2. Have Portage pass --no-pgp-verify to emerge-webrsync and do the verification itself, either by instructing emerge-webrsync to output to a temporary quarantine directory, or by Portage fetching the tarball itself and verifying it then passing it to emerge-webrsync. Pros: - Feels cleaner in the end, once it's done. - No duplication of logic or ignoring options. Cons: - Takes more time to implement. - Need to add a bunch of functionality into emerge-webrsync which in theory we'd end up getting rid of at some point (see next point). - If implemented, sort of a foregone conclusion that emerge-webrsync itself should be deprecated and become a wrapper around the Portage side to avoid maintaining 2 implementations of the same thing.
I think I'm going to do #1 because it's more important that things are consistent and we just take the loss on it being a bit ugly. None of the settings in question are really that important. If we really want, later on, we can just turn emerge-webrsync into a proper wrapper anyway.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=07d61c5f7e86d9bc7b70739e3c775342c34a15cc commit 07d61c5f7e86d9bc7b70739e3c775342c34a15cc Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-01 07:10:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:21:55 +0000 NEWS: update for further emerge-webrsync changes Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> Closes: https://github.com/gentoo/portage/pull/1029 Signed-off-by: Sam James <sam@gentoo.org> NEWS | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/proj/portage.git/commit/?id=e2b94e25a1a8c0aad8c9c2a15ff8ef46d112e59f commit e2b94e25a1a8c0aad8c9c2a15ff8ef46d112e59f Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-01 07:02:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:21:54 +0000 emerge-webrsync, sync: webrsync: drop no-op refresh Now that we use gemato even for portage->emerge-webrsync calls, this refresh doesn't do anything as gemato handles it by itself. This effectively reverts 197799592b34c2c8e31dee25c61f0ca6dc7b2f11. Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> bin/emerge-webrsync | 4 ---- lib/portage/sync/modules/webrsync/webrsync.py | 32 ++++++--------------------- 2 files changed, 7 insertions(+), 29 deletions(-) https://gitweb.gentoo.org/proj/portage.git/commit/?id=df797d3dd66cdacf58eb672f40f877f3870b9ae9 commit df797d3dd66cdacf58eb672f40f877f3870b9ae9 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-01 06:50:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:20:58 +0000 emerge-webrsync: respect PORTAGE_GPG_KEY_SERVER This will allow us to switch the Portage-caller cases to the gemato path because we now respect 'sync-openpgp-keyserver'. Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> bin/emerge-webrsync | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/proj/portage.git/commit/?id=e1f8478c666de6c2310381457e846b4fe8fa8b39 commit e1f8478c666de6c2310381457e846b4fe8fa8b39 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-01 06:49:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:20:57 +0000 sync: webrsync: export PORTAGE_GPG_KEY_SERVER Set PORTAGE_GPG_KEY_SERVER to sync-openpgp-keyserver configured by the user for use by emerge-webrsync to pass to gemato. Similar to previous commit for PORTAGE_GPG_KEY. Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> lib/portage/sync/modules/webrsync/webrsync.py | 3 +++ 1 file changed, 3 insertions(+) https://gitweb.gentoo.org/proj/portage.git/commit/?id=526bda2cd1ed30465c15b86658f9ecbdf8e6cdeb commit 526bda2cd1ed30465c15b86658f9ecbdf8e6cdeb Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-30 05:20:00 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:20:57 +0000 emerge-webrsync: switch Portage-caller case to gemato This changes the common case where Portage calls emerge-webrsync for repos configured w/ sync-type='webrsync' to use gemato rather than legacy manual gpg invocations. Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> NEWS | 6 ++---- bin/emerge-webrsync | 11 ++++++----- 2 files changed, 8 insertions(+), 9 deletions(-) https://gitweb.gentoo.org/proj/portage.git/commit/?id=197799592b34c2c8e31dee25c61f0ca6dc7b2f11 commit 197799592b34c2c8e31dee25c61f0ca6dc7b2f11 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-30 05:36:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:20:57 +0000 emerge-webrsync: don't refresh keys again if Portage-caller Portage has configuration options for this and its own logic, it doesn't make sense for us to repeat it (and ignore user configuration). Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> bin/emerge-webrsync | 4 ++++ 1 file changed, 4 insertions(+) https://gitweb.gentoo.org/proj/portage.git/commit/?id=47abd292da1f2b0bded9f7d4ad21130d18d4a719 commit 47abd292da1f2b0bded9f7d4ad21130d18d4a719 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-30 05:30:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:20:57 +0000 emerge-webrsync: respect PORTAGE_GPG_KEY This will allow us to switch the Portage-caller cases to the gemato path because we now respect 'sync-openpgp-key-path'. Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> bin/emerge-webrsync | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/proj/portage.git/commit/?id=865860503c1279a1b5880aa180ecf67206640e45 commit 865860503c1279a1b5880aa180ecf67206640e45 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-30 05:28:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:20:57 +0000 sync: webrsync: export PORTAGE_GPG_KEY for emerge-webrsync Set PORTAGE_GPG_KEY to sync-openpgp-key-path configured by the user for use by emerge-webrsync to pass to gemato. Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> lib/portage/sync/modules/webrsync/webrsync.py | 3 +++ 1 file changed, 3 insertions(+) https://gitweb.gentoo.org/proj/portage.git/commit/?id=1af922156c439fff5e9ebb1eb296ad66d857f5e7 commit 1af922156c439fff5e9ebb1eb296ad66d857f5e7 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-30 05:18:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:20:57 +0000 emerge-webrsync: use EPREFIX for gemato keyring path Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> bin/emerge-webrsync | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/proj/portage.git/commit/?id=b5cd549e07f3d835cbe04e5b718cdd47d7ee69f5 commit b5cd549e07f3d835cbe04e5b718cdd47d7ee69f5 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-30 05:08:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-01 07:20:56 +0000 emerge-webrsync: tidy up 'webrsync-gpg' case webrsync-gpg is actually two distinct cases: 1. A user has FEATURES="webrsync-gpg" in make.conf and is calling 'emerge-webrsync'. This is deprecated. 2. A user has 'sync-type=webrsync', is using emaint/emerge to sync, and Portage is shelling out to emerge-webrsync. This is what users are encouraged to do, but it currently uses the legacy webrsync-gpg path. For the benefit of case #2 and to clarify things, don't mention FEATURES="webrsync-gpg" if the user hasn't set it - this is to avoid users *starting to set it* because it sounds like something they may want. We also silence the (new) 'gpg legacy path' phrasing for now with --quiet given this is expected with case #2. Consolidate some logic while at it. The next step is, of course, to shift everything to the gemato path. Bug: https://bugs.gentoo.org/905358 Signed-off-by: Sam James <sam@gentoo.org> NEWS | 5 +++++ bin/emerge-webrsync | 26 +++++++++++++++----------- 2 files changed, 20 insertions(+), 11 deletions(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08be91eebdbff0de0e033efe30c633219a9859ca commit 08be91eebdbff0de0e033efe30c633219a9859ca Author: Sam James <sam@gentoo.org> AuthorDate: 2023-06-01 01:22:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-01 01:23:18 +0000 sys-apps/portage: add 3.0.48 Closes: https://bugs.gentoo.org/722270 Closes: https://bugs.gentoo.org/879687 Closes: https://bugs.gentoo.org/898232 Closes: https://bugs.gentoo.org/898366 Closes: https://bugs.gentoo.org/905355 Closes: https://bugs.gentoo.org/905358 Closes: https://bugs.gentoo.org/905868 Closes: https://bugs.gentoo.org/906129 Closes: https://bugs.gentoo.org/906156 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-3.0.48.ebuild | 296 +++++++++++++++++++++++++++++++++ 2 files changed, 297 insertions(+)
