diff options
author | Michał Górny <mgorny@gentoo.org> | 2018-02-01 12:44:49 +0100 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2018-02-05 19:41:35 +0100 |
commit | a02b5f9f0ae428eeb6cdc30bb3bcb7ac647358de (patch) | |
tree | f2b897254fea3b658c8b3c498225ca88663d5cfc | |
parent | rsync: Use gemato routines directly instead of calling the CLI tool (diff) | |
download | portage-a02b5f9f0ae428eeb6cdc30bb3bcb7ac647358de.tar.gz portage-a02b5f9f0ae428eeb6cdc30bb3bcb7ac647358de.tar.bz2 portage-a02b5f9f0ae428eeb6cdc30bb3bcb7ac647358de.zip |
rsync: Verify the Manifest signature even if tree is unchanged
Always verify the Manifest signature if verification is enabled.
Skipping the deep tree verification for unchanged case is reasonable
but we need to make sure the Manifest signature stays valid to catch
the case of the signing key being revoked.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
-rw-r--r-- | pym/portage/sync/modules/rsync/rsync.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py index 39c4066d8..e6e218868 100644 --- a/pym/portage/sync/modules/rsync/rsync.py +++ b/pym/portage/sync/modules/rsync/rsync.py @@ -292,7 +292,7 @@ class RsyncSync(NewBase): self._process_exitcode(exitcode, dosyncuri, out, maxretries) # if synced successfully, verify now - if exitcode == 0 and not local_state_unchanged and self.verify_metamanifest: + if exitcode == 0 and self.verify_metamanifest: if gemato is None: writemsg_level("!!! Unable to verify: gemato-11.0+ is required\n", level=logging.ERROR, noiselevel=-1) @@ -315,6 +315,8 @@ class RsyncSync(NewBase): openpgp_env.refresh_keys() out.eend(0) + # we always verify the Manifest signature, in case + # we had to deal with key revocation case m = gemato.recursiveloader.ManifestRecursiveLoader( os.path.join(self.repo.location, 'Manifest'), verify_openpgp=True, @@ -336,9 +338,12 @@ class RsyncSync(NewBase): out.einfo('- timestamp: %s UTC' % ( m.openpgp_signature.timestamp)) - out.ebegin('Verifying %s' % (self.repo.location,)) - m.assert_directory_verifies() - out.eend(0) + # if nothing has changed, skip the actual Manifest + # verification + if not local_state_unchanged: + out.ebegin('Verifying %s' % (self.repo.location,)) + m.assert_directory_verifies() + out.eend(0) except GematoException as e: writemsg_level("!!! Manifest verification failed:\n%s\n" % (e,), |