| Summary: | sys-apps/portage: git sync could abort checkout if signature verification fails | ||
|---|---|---|---|
| Product: | Portage Development | Reporter: | Zac Medico <zmedico> |
| Component: | Enhancement/Feature Requests | Assignee: | Portage team <dev-portage> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | esigra, mgorny, rich0 |
| Priority: | Normal | Keywords: | PATCH |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=660410 https://bugs.gentoo.org/show_bug.cgi?id=668202 https://bugs.gentoo.org/show_bug.cgi?id=886452 |
||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 240187, 659322 | ||
|
Description
Zac Medico
2018-07-04 18:23:41 UTC
Was thinking of that too but never really had the time to look into implementing it. One thing that worries me is whether we won't end up breaking some corner case we didn't predict. If the git verify fails, wouldn't the safest approach be to fail safe? What corner case would have a git verification failure but we'd want to proceed? It seems like webrsync already does something similar as well... (In reply to Michał Górny from comment #1) > Was thinking of that too but never really had the time to look into > implementing it. One thing that worries me is whether we won't end up > breaking some corner case we didn't predict. We can add a way to toggle behavior via a repos.conf setting. (In reply to Richard Freeman from comment #2) > If the git verify fails, wouldn't the safest approach be to fail safe? Yes, for safety we really want it to abort by default. Patch sent for review: https://github.com/gentoo/portage/pull/332 https://archives.gentoo.org/gentoo-portage-dev/message/d1e24ab091170047a4b1dfa1a9a48df9 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=3cd8cf93abb6410cc877381531bb662a704dffa7 commit 3cd8cf93abb6410cc877381531bb662a704dffa7 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2018-07-05 10:10:36 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2018-07-08 21:16:31 +0000 GitSync: abort checkout for signature problem (bug 660372) Fetch the upstream remote and use git merge to update the checkout only after successful verification of the upstream head. Suggested-by: Richard Freeman <rich0@gentoo.org> Reviewed-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Bug: https://bugs.gentoo.org/660372 pym/portage/sync/modules/git/git.py | 39 ++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) |
