Bug 689506

Summary:	sys-apps/portage: repos.conf default sync-webrsync-verify-signature = true
Product:	Portage Development	Reporter:	Zac Medico <zmedico>
Component:	Core - Configuration	Assignee:	Portage team <dev-portage>
Status:	RESOLVED FIXED
Severity:	normal	Keywords:	InVCS
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=689072 https://bugs.gentoo.org/show_bug.cgi?id=671816 https://bugs.gentoo.org/show_bug.cgi?id=597918 https://bugs.gentoo.org/show_bug.cgi?id=598276 https://bugs.gentoo.org/show_bug.cgi?id=597800
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	690952
Bug Blocks:	725398, 686768

Description Zac Medico gentoo-dev

2019-07-08 17:44:59 UTC

If the user sets sync-type = webrsync in repos.conf, then its desirable to enable signature verification via a default sync-webrsync-verify-signature = true setting which enables key refresh using gemato. In order to trigger key refresh via gemato, the user must use emerge --sync or emaint sync rather than invoke emerge-webrsync directly, and this constraint is currently not enforced when PORTAGE_GPG_DIR is set in make.conf.

Comment 1 Zac Medico gentoo-dev

2019-07-09 08:41:03 UTC

Patch posted for review:

https://archives.gentoo.org/gentoo-portage-dev/message/6f0532611d0096723702838ed430a351
https://github.com/gentoo/portage/pull/436

Comment 2 Larry the Git Cow gentoo-dev

2019-07-11 03:07:28 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=829623eadbeda97d37c0ea50dc5f08f19bf4561b

commit 829623eadbeda97d37c0ea50dc5f08f19bf4561b
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2019-07-09 05:57:33 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2019-07-10 20:28:39 +0000

    repos.conf: default sync-webrsync-verify-signature
    
    Enable sync-webrsync-verify-signature by default in repos.conf (due to
    dependencies the ebuild will make this conditional on USE=rsync-verify
    in the same way as the default sync-rsync-verify-metamanifest value).
    Use a new PORTAGE_TEMP_GPG_DIR variable to distinguish indirect
    emerge-webrsync calls that use gemato for secure key refresh, and
    disable direct emerge-webrsync calls.
    
    Deprecate FEATURES=webrsync-gpg and use it to trigger a
    backward-compatibility mode where direct emerge-webrsync calls are
    allowed (but trigger a warning message). Since direct emerge-webrsync
    calls do not use gemato for secure key refresh, this behavior will
    not be supported in a future release.
    
    Bug: https://bugs.gentoo.org/689506
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 bin/emerge-webrsync                           | 19 ++++++++++++++++---
 cnf/repos.conf                                |  1 +
 lib/portage/package/ebuild/config.py          |  4 ++++
 lib/portage/sync/modules/webrsync/webrsync.py |  1 +
 man/make.conf.5                               |  6 ++++--
 misc/emerge-delta-webrsync                    | 19 ++++++++++++++++---
 6 files changed, 42 insertions(+), 8 deletions(-)

Comment 3 Larry the Git Cow gentoo-dev

2019-07-11 04:07:01 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=909c967e7480e2477e40172bab5817b31ea200f0

commit 909c967e7480e2477e40172bab5817b31ea200f0
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2019-07-11 03:45:08 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2019-07-11 04:03:07 +0000

    sys-apps/portage: Bump to version 2.3.69
    
     #642604 handle empty EPREFIX, ROOT, SYSROOT, etc settings
     #689072 default repo.conf sync-openpgp-keyserver to
             hkps://keys.gentoo.org in order to prevent key poisoning
     #689506 default repos.conf sync-webrsync-verify-signature for
             USE=rsync-verify
    
    Bug: https://bugs.gentoo.org/642604
    Bug: https://bugs.gentoo.org/683434
    Bug: https://bugs.gentoo.org/689072
    Bug: https://bugs.gentoo.org/689506
    Package-Manager: Portage-2.3.69, Repoman-2.3.16
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 sys-apps/portage/Manifest              |   1 +
 sys-apps/portage/portage-2.3.69.ebuild | 260 +++++++++++++++++++++++++++++++++
 2 files changed, 261 insertions(+)

Comment 4 Larry the Git Cow gentoo-dev

2019-07-11 04:19:26 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97c3ce41a76a1e214d6d341b8f8d4c7e94785423

commit 97c3ce41a76a1e214d6d341b8f8d4c7e94785423
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2019-07-11 04:13:33 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2019-07-11 04:14:49 +0000

    app-portage/emerge-delta-webrsync: Bump to version 3.7.6
    
     #689072 default repo.conf sync-openpgp-keyserver to
             hkps://keys.gentoo.org in order to prevent key poisoning
             for sys-apps/portage[rsync-verify]
     #689506 default repos.conf sync-webrsync-verify-signature for
             sys-apps/portage[rsync-verify]
    
    Bug: https://bugs.gentoo.org/689072
    Bug: https://bugs.gentoo.org/689506
    Package-Manager: Portage-2.3.69, Repoman-2.3.16
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-portage/emerge-delta-webrsync/Manifest         |  1 +
 .../emerge-delta-webrsync-3.7.6.ebuild             | 43 ++++++++++++++++++++++
 2 files changed, 44 insertions(+)

Comment 5 Zac Medico gentoo-dev

2020-05-25 19:47:09 UTC

Updated https://wiki.gentoo.org/wiki/Portage_Security#webrsync:

https://wiki.gentoo.org/index.php?title=Portage_Security&type=revision&diff=873749&oldid=819337