Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 84746 Details for
Bug 130039
check gpg signature when using emerge-webrsync
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
emerge-webrsync.diff - gpg + timestamp
emerge-webrsync.diff (text/plain), 4.83 KB, created by
Alon Bar-Lev (RETIRED)
on 2006-04-15 16:46:28 UTC
(
hide
)
Description:
emerge-webrsync.diff - gpg + timestamp
Filename:
MIME Type:
Creator:
Alon Bar-Lev (RETIRED)
Created:
2006-04-15 16:46:28 UTC
Size:
4.83 KB
patch
obsolete
>--- emerge-webrsync 2006-04-15 22:09:54.000000000 +0300 >+++ emerge-webrsync 2006-04-16 02:23:43.000000000 +0300 >@@ -5,6 +5,12 @@ > # Author: Karl Trygve Kalleberg <karltk@gentoo.org> > # Rewritten from the old, Perl-based emerge-webrsync script > >+# >+# gpg key import >+# KEY_ID=0x7DDAD20D >+# gpg --homedir /etc/portage/gnupg --keyserver subkeys.pgp.net --recv-keys $KEY_ID >+# gpg --homedir /etc/portage/gnupg --edit-key $KEY_ID trust >+ > # If PORTAGE_NICENESS is overriden via the env then it will > # still pass through the portageq call and override properly. > PORTAGE_NICENESS="$(/usr/lib/portage/bin/portageq envvar PORTAGE_NICENESS)" >@@ -21,6 +27,13 @@ USERLAND="$(/usr/lib/portage/bin/portage > DISTDIR="$(/usr/lib/portage/bin/portageq envvar PORTAGE_TMPDIR)/emerge-webrsync" > PORTAGE_INST_UID="$(/usr/lib/portage/bin/portageq envvar PORTAGE_INST_UID)" > PORTAGE_INST_GID="$(/usr/lib/portage/bin/portageq envvar PORTAGE_INST_GID)" >+WEBSYNC_VERIFY_SIGNATURE="$(/usr/lib/portage/bin/portageq envvar WEBSYNC_VERIFY_SIGNATURE)" >+PORTAGE_GPG_HOME="$(/usr/lib/portage/bin/portageq envvar PORTAGE_GPG_HOME)" >+ >+if [ -z "$WEBSYNC_VERIFY_SIGNATURE" ]; then >+ WEBSYNC_VERIFY_SIGNATURE=0 >+fi >+ > if [ ! -d $DISTDIR ] ; then > mkdir -p $DISTDIR > fi >@@ -50,6 +63,33 @@ else > md5_com='true' > fi > >+if [ $WEBSYNC_VERIFY_SIGNATURE != 0 ]; then >+ if type -p gpg > /dev/null; then >+ gpg_com='gpg --homedir "${PORTAGE_GPG_HOME}" --verify "${FILE}.gpgsig" "${FILE}"' >+ else >+ echo "Cannot find gpg" >+ exit 1 >+ fi >+else >+ gpg_com='true' >+fi >+ >+if [ -f /usr/portage/metadata/timestamp.x ]; then >+ portage_current_timestamp=$(cut -f 1 -d " " /usr/portage/metadata/timestamp.x) >+else >+ portage_current_timestamp=0 >+fi >+ >+check_snapshot_timestamp() { >+ local snapshot_timestamp=$(tar --to-stdout -xf "${FILE}" portage/metadata/timestamp.x | cut -f 1 -d " ") >+ >+ if [ $portage_current_timestamp -lt $snapshot_timestamp ]; then >+ return 0 >+ else >+ return 1 >+ fi >+} >+ > sync_local() { > echo Syncing local tree... > if type -p tarsync &> /dev/null; then >@@ -57,14 +97,13 @@ sync_local() { > echo "tarsync failed; tarball is corrupt?" > exit 1; > fi >- rm "${FILE}" > else >- if ! tar jxf $FILE; then >+ if ! tar jxf "${FILE}"; then > echo "Tar failed to extract the image. Please review the output." >- echo "Executed command: tar jxf $FILE" >+ echo "Executed command: tar jxf ${FILE}" > exit 1 > fi >- rm -f $FILE >+ rm -f "${FILE}" > # Make sure user and group file ownership is ${PORTAGE_INST_UID}:${PORTAGE_INST_GID} > chown -R ${PORTAGE_INST_UID:-0}:${PORTAGE_INST_GID:-0} portage > cd portage >@@ -72,9 +111,11 @@ sync_local() { > --exclude='/distfiles' --exclude='/packages' \ > --exclude='/local' . ${PORTDIR%%/} > cd .. >- echo "cleaning up" >- rm -rf portage > fi >+ >+ echo "cleaning up" >+ rm -fr portage "${FILE}*" >+ > if hasq metadata-transfer ${FEATURES} ; then > echo "transferring metadata/cache" > emerge --metadata >@@ -93,10 +134,19 @@ while (( $attempts < 40 )) ; do > day=$(date -r $daysbefore +"%d") > month=$(date -r $daysbefore +"%m") > year=$(date -r $daysbefore +"%Y") >+ >+ seconds=$daysbefore > else > day=$(date -d "-$attempts day" +"%d") > month=$(date -d "-$attempts day" +"%m") > year=$(date -d "-$attempts day" +"%Y") >+ >+ seconds=$(date -d "$year-$month-$day" +"%s") >+ fi >+ >+ if [ $seconds -lt $portage_current_timestamp ]; then >+ echo " --- Portage content is newer than available snapshots" >+ exit 1 > fi > > FILE_ORIG="portage-${year}${month}${day}.tar.bz2" >@@ -123,25 +173,43 @@ while (( $attempts < 40 )) ; do > echo " --- No md5sum present on the mirror. (Not yet available.)" > continue > elif [ -s "${FILE}" ]; then >- if eval "$md5_com"; then >- echo " === snapshot $FILE is correct, using it" >+ if eval "$md5_com" && eval "$gpg_com" && check_snapshot_timestamp; then >+ echo " === snapshot ${FILE} is correct, using it" > sync_local > echo > echo " === Snapshot has been sync'd" > echo > exit 0 > else >- rm $FILE >+ rm "${FILE}" > fi > fi > > for i in $GENTOO_MIRRORS ; do >- URI="${i}/snapshots/$FILE" >- rm -f "$FILE" >- if (eval "$FETCHCOMMAND $wgetops") && [ -s "$FILE" ]; then >+ URI="${i}/snapshots/${FILE}" >+ rm -f "${FILE}" >+ if (eval "$FETCHCOMMAND $wgetops") && [ -s "${FILE}" ]; then >+ URI="${i}/snapshots/${FILE}.gpgsig" >+ rm -f "${FILE}.gpgsig" >+ >+ if [ $WEBSYNC_VERIFY_SIGNATURE != 0 ]; then >+ if ! (eval "$FETCHCOMMAND $wgetops") || ! [ -s "${FILE}.gpgsig" ]; then >+ echo "Cannot download signature for ${FILE}" >+ continue >+ fi >+ fi >+ > if ! eval "$md5_com"; then >- echo "md5 failed on $FILE" >- rm ${FILE} >+ echo "md5 failed on ${FILE}" >+ rm "${FILE}" >+ continue >+ elif ! eval "$gpg_com"; then >+ echo "Signature validation failed on ${FILE}" >+ rm "${FILE}" >+ continue >+ elif ! check_snapshot_timestamp; then >+ echo "Timestamp is invalid on ${FILE}" >+ rm "${FILE}" > continue > else > sync_local
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=84746">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 130039
:
84701
|
84746
|
84790
|
100677
|
101532
|
115656
|
122073
|
122289
|
122290
|
127051
