Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 661906 - sys-apps/portage-2.3.43: emaint did not fail on gpg error (failed keyring refresh)
Summary: sys-apps/portage-2.3.43: emaint did not fail on gpg error (failed keyring ref...
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Portage team
URL:
Whiteboard:
Keywords: InVCS
Depends on:
Blocks: 659322
  Show dependency tree
 
Reported: 2018-07-23 17:23 UTC by Andrew Savchenko
Modified: 2018-10-12 19:32 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Savchenko gentoo-dev 2018-07-23 17:23:25 UTC
Hi!

I have repositories configured for git-based gpg verification, e.g.:

[bircoph]
priority = 50
location = /var/lib/overlays/bircoph
sync-type = git
sync-uri = git://anongit.gentoo.org/dev/bircoph.git
sync-hooks-only-on-change = true
sync-depth = 1
sync-git-verify-commit-signature = true
sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/overlays/bircoph.asc

And I observe the following behaviour if key refresh fails:

# emaint sync -r bircoph
>>> Syncing repository 'bircoph' into '/var/lib/overlays/bircoph'...
/usr/bin/git fetch origin --depth 1
remote: Total 0 (delta 0), reused 0 (delta 0)
 * Using keys from /var/lib/gentoo/gkeys/keyrings/overlays/bircoph.asc
 * Refreshing keys from keyserver ...!!! Verification impossible due to keyring problem:
OpenPGP keyring refresh failed:
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No data

=== Sync completed for bircoph

Action: sync for repo: bircoph, returned code = 0

So:
1. No gpg check is performed even with available version of the key.
2. Sync result is OK! Return code 0.

This should not happen, either fail sync or at least check with non-updated key (and warn user approiately). The latter is worse than former, as key may be revoked, but in case of frequent keyserver failures it is still better than no check at all or failing each sync.

I use portage-2.3.43, gemato-13.1, gnupg-2.2.9.
Comment 1 Larry the Git Cow gentoo-dev 2018-07-23 18:52:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=dc1ba7729c42cbe738ae7ec34e2f13f79c48d41c

commit dc1ba7729c42cbe738ae7ec34e2f13f79c48d41c
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2018-07-23 18:46:08 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2018-07-23 18:51:02 +0000

    git: fix key refresh failure to trigger abort (bug 661906)
    
    Fix the verify_head method to appropriately return a bool
    value instead of a tuple.
    
    Fixes: d30191b887bb ("git: Support running the verification against sync-openpgp-key-path")
    Bug: https://bugs.gentoo.org/661906

 lib/portage/sync/modules/git/git.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Larry the Git Cow gentoo-dev 2018-07-23 19:58:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=de9801740fcbdb80c582308d7a4f2fef6b2b6aed

commit de9801740fcbdb80c582308d7a4f2fef6b2b6aed
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2018-07-23 19:58:03 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2018-07-23 19:58:03 +0000

    git: add missing return statement in fix for bug 661906
    
    Fixes: dc1ba7729c42 ("git: fix key refresh failure to trigger abort (bug 661906)")
    Bug: https://bugs.gentoo.org/661906

 lib/portage/sync/modules/git/git.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2018-07-23 20:09:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a11e6079130d61d8d8297215ffea32e2743cbd0

commit 2a11e6079130d61d8d8297215ffea32e2743cbd0
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2018-07-23 20:02:42 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2018-07-23 20:09:18 +0000

    sys-apps/portage: revbump to 2.3.43-r1
    
      #661834 - synced files owned by root
      #661906 - git sync continues despite key refresh failure
    
    Bug: https://bugs.gentoo.org/661834
    Bug: https://bugs.gentoo.org/661906
    Package-Manager: Portage-2.3.43, Repoman-2.3.10

 .../portage/{portage-2.3.43.ebuild => portage-2.3.43-r1.ebuild}   | 8 ++++++++
 1 file changed, 8 insertions(+)
Comment 4 Andrew Savchenko gentoo-dev 2018-07-23 21:41:06 UTC
Thanks! That was fast :)