commit: daf2ac156d62c621a2050cf98dff3c31eccd8732 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Mon Feb 16 06:15:06 2026 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Feb 16 06:20:49 2026 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=daf2ac15
emaint: sync: implement `openpgp-key-package` for binrepos.conf Analogous to what was done earlier for `repos.conf`. This is most of use for users rolling their own binhost or perhaps if we change the signing setup for the official Gentoo binhost at some point. To do this, swap the order for the dict so that the package name is unique. We could make the values a list rather than the name of the repository that claimed it in its (local) config file but let's see if someone wants that first before bothering. Bug: https://bugs.gentoo.org/968578 Signed-off-by: Sam James <sam <AT> gentoo.org> NEWS | 4 +++ lib/portage/binrepo/config.py | 1 + lib/portage/emaint/modules/sync/sync.py | 52 ++++++++++++++++++++++++++++----- man/portage.5 | 4 +++ 4 files changed, 53 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index 6bcb95bd94..923c99a74a 100644 --- a/NEWS +++ b/NEWS @@ -54,6 +54,10 @@ Features: Portage will notify the user if a named package has an update available, like it does for itself, after a sync. +* binrepos.conf: Implement openpgp-key-package (bug #968578). + + Behaves the same way as the aforementioned repos.conf option. + * cnf: repos.conf: Set sync-openpgp-key-package for ::gentoo. Bug fixes: diff --git a/lib/portage/binrepo/config.py b/lib/portage/binrepo/config.py index 8402e78c95..d167a9b5ca 100644 --- a/lib/portage/binrepo/config.py +++ b/lib/portage/binrepo/config.py @@ -13,6 +13,7 @@ from portage.util.configparser import SafeConfigParser, ConfigParserError, read_ class BinRepoConfig: __slots__ = ( "frozen", + "openpgp_key_package", "name", "name_fallback", "fetchcommand", diff --git a/lib/portage/emaint/modules/sync/sync.py b/lib/portage/emaint/modules/sync/sync.py index 9311eee477..52f0a95d20 100644 --- a/lib/portage/emaint/modules/sync/sync.py +++ b/lib/portage/emaint/modules/sync/sync.py @@ -8,6 +8,8 @@ import portage portage._internal_caller = True portage._sync_mode = True +from portage.binrepo.config import BinRepoConfigLoader +from portage.const import PORTAGE_BASE_PATH, BINREPOS_CONF_FILE from portage.output import bold, red, create_color_func from portage._global_updates import _global_updates from portage.sync.controller import SyncManager @@ -298,9 +300,11 @@ class SyncRepos: """ from _emerge.chk_updated_cfg_files import chk_updated_cfg_files + target_config = self.emerge_config.target_config + chk_updated_cfg_files( - self.emerge_config.target_config.root, - self.emerge_config.target_config.settings.get("CONFIG_PROTECT", "").split(), + target_config.root, + target_config.settings.get("CONFIG_PROTECT", "").split(), ) msgs = [] @@ -308,23 +312,55 @@ class SyncRepos: return msgs early_update_packages = { - "Portage": portage.const.PORTAGE_PACKAGE_ATOM, + portage.const.PORTAGE_PACKAGE_ATOM: "Portage", } - repos = self.emerge_config.target_config.settings.repositories + # A special OpenPGP key package can be defined in either + # repos.conf (sync-openpgp-key-package) or in + # binrepos.conf (openpgp-key-package) + repos = target_config.settings.repositories for repo in repos: try: key_package = repo.sync_openpgp_key_package if not key_package: continue - early_update_packages[f"OpenPGP keys ({repo.name})"] = key_package + early_update_packages[key_package] = f"OpenPGP keys ({repo.name})" except AttributeError: continue + # + binrepos_config_paths = [] + if portage._not_installed: + binrepos_config_paths.append( + os.path.join(PORTAGE_BASE_PATH, "cnf", "binrepos.conf") + ) + else: + binrepos_config_paths.append( + os.path.join(target_config.settings.global_config_path, "binrepos.conf") + ) + binrepos_config_paths.append( + os.path.join( + target_config.settings["PORTAGE_CONFIGROOT"], BINREPOS_CONF_FILE + ) + ) + binrepos_conf = BinRepoConfigLoader( + binrepos_config_paths, target_config.settings + ) + if binrepos_conf: + for repo in binrepos_conf.values(): + try: + key_package = repo.openpgp_key_package + if not key_package: + continue + early_update_packages[key_package] = ( + f"OpenPGP binhost keys ({repo.name})" + ) + except AttributeError: + continue - porttree = self.emerge_config.target_config.trees["porttree"] - vartree = self.emerge_config.target_config.trees["vartree"] + porttree = target_config.trees["porttree"] + vartree = target_config.trees["vartree"] - for early_name, early_pkg in early_update_packages.items(): + for early_pkg, early_name in early_update_packages.items(): best_pv = porttree.dbapi.xmatch("bestmatch-visible", early_pkg) installed_pv = portage.best(vartree.dbapi.match(early_pkg)) diff --git a/man/portage.5 b/man/portage.5 index 51bd460423..6c1ec5e039 100644 --- a/man/portage.5 +++ b/man/portage.5 @@ -665,6 +665,10 @@ overriding the value from \fBmake.conf\fR(5). .I Attributes supported in sections of repositories: .RS .TP +.B openpgp\-key\-package +Portage will check if the named package has an update available after +syncing and notify the user to update it immediately if so. +.TP .B priority Specifies priority of given repository. When a package exists in multiple repositories, those with higher priority are preferred.
