Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 661906

Summary: sys-apps/portage-2.3.43: emaint did not fail on gpg error (failed keyring refresh)
Product: Portage Development Reporter: Andrew Savchenko <bircoph>
Component: CoreAssignee: Portage team <dev-portage>
Status: RESOLVED FIXED    
Severity: normal CC: email200202
Priority: Normal Keywords: InVCS
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 659322    

Description Andrew Savchenko gentoo-dev 2018-07-23 17:23:25 UTC
Hi!

I have repositories configured for git-based gpg verification, e.g.:

[bircoph]
priority = 50
location = /var/lib/overlays/bircoph
sync-type = git
sync-uri = git://anongit.gentoo.org/dev/bircoph.git
sync-hooks-only-on-change = true
sync-depth = 1
sync-git-verify-commit-signature = true
sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/overlays/bircoph.asc

And I observe the following behaviour if key refresh fails:

# emaint sync -r bircoph
>>> Syncing repository 'bircoph' into '/var/lib/overlays/bircoph'...
/usr/bin/git fetch origin --depth 1
remote: Total 0 (delta 0), reused 0 (delta 0)
 * Using keys from /var/lib/gentoo/gkeys/keyrings/overlays/bircoph.asc
 * Refreshing keys from keyserver ...!!! Verification impossible due to keyring problem:
OpenPGP keyring refresh failed:
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No data

=== Sync completed for bircoph

Action: sync for repo: bircoph, returned code = 0

So:
1. No gpg check is performed even with available version of the key.
2. Sync result is OK! Return code 0.

This should not happen, either fail sync or at least check with non-updated key (and warn user approiately). The latter is worse than former, as key may be revoked, but in case of frequent keyserver failures it is still better than no check at all or failing each sync.

I use portage-2.3.43, gemato-13.1, gnupg-2.2.9.
Comment 1 Larry the Git Cow gentoo-dev 2018-07-23 18:52:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=dc1ba7729c42cbe738ae7ec34e2f13f79c48d41c

commit dc1ba7729c42cbe738ae7ec34e2f13f79c48d41c
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2018-07-23 18:46:08 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2018-07-23 18:51:02 +0000

    git: fix key refresh failure to trigger abort (bug 661906)
    
    Fix the verify_head method to appropriately return a bool
    value instead of a tuple.
    
    Fixes: d30191b887bb ("git: Support running the verification against sync-openpgp-key-path")
    Bug: https://bugs.gentoo.org/661906

 lib/portage/sync/modules/git/git.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Larry the Git Cow gentoo-dev 2018-07-23 19:58:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=de9801740fcbdb80c582308d7a4f2fef6b2b6aed

commit de9801740fcbdb80c582308d7a4f2fef6b2b6aed
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2018-07-23 19:58:03 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2018-07-23 19:58:03 +0000

    git: add missing return statement in fix for bug 661906
    
    Fixes: dc1ba7729c42 ("git: fix key refresh failure to trigger abort (bug 661906)")
    Bug: https://bugs.gentoo.org/661906

 lib/portage/sync/modules/git/git.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2018-07-23 20:09:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a11e6079130d61d8d8297215ffea32e2743cbd0

commit 2a11e6079130d61d8d8297215ffea32e2743cbd0
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2018-07-23 20:02:42 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2018-07-23 20:09:18 +0000

    sys-apps/portage: revbump to 2.3.43-r1
    
      #661834 - synced files owned by root
      #661906 - git sync continues despite key refresh failure
    
    Bug: https://bugs.gentoo.org/661834
    Bug: https://bugs.gentoo.org/661906
    Package-Manager: Portage-2.3.43, Repoman-2.3.10

 .../portage/{portage-2.3.43.ebuild => portage-2.3.43-r1.ebuild}   | 8 ++++++++
 1 file changed, 8 insertions(+)
Comment 4 Andrew Savchenko gentoo-dev 2018-07-23 21:41:06 UTC
Thanks! That was fast :)