commit: a33ebb12913282a3ddb579d2b7ac1c9fadbe97e5
Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 1 11:41:22 2018 +0000
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Mon Feb 5 18:41:33 2018 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=a33ebb12
rsync: Use gemato routines directly instead of calling the CLI tool
Reviewed-by: Zac Medico <zmedico <AT> gentoo.org>
pym/portage/sync/modules/rsync/rsync.py | 66 ++++++++++++++++++++++++++++-----
1 file changed, 57 insertions(+), 9 deletions(-)
diff --git a/pym/portage/sync/modules/rsync/rsync.py
b/pym/portage/sync/modules/rsync/rsync.py
index ec28af366..39c4066d8 100644
--- a/pym/portage/sync/modules/rsync/rsync.py
+++ b/pym/portage/sync/modules/rsync/rsync.py
@@ -6,6 +6,7 @@ import logging
import time
import signal
import socket
+import io
import re
import random
import tempfile
@@ -25,6 +26,13 @@ from portage.sync.getaddrinfo_validate import
getaddrinfo_validate
from _emerge.UserQuery import UserQuery
from portage.sync.syncbase import NewBase
+try:
+ from gemato.exceptions import GematoException
+ import gemato.openpgp
+ import gemato.recursiveloader
+except ImportError:
+ gemato = None
+
if sys.hexversion >= 0x3000000:
# pylint: disable=W0622
_unicode = str
@@ -285,17 +293,57 @@ class RsyncSync(NewBase):
# if synced successfully, verify now
if exitcode == 0 and not local_state_unchanged and
self.verify_metamanifest:
- command = ['gemato', 'verify', '-s', self.repo.location]
- if self.repo.sync_openpgp_key_path is not None:
- command += ['-K',
self.repo.sync_openpgp_key_path]
- if self.verify_jobs is not None:
- command += ['-j', str(self.verify_jobs)]
- try:
- exitcode = portage.process.spawn(command,
**self.spawn_kwargs)
- except CommandNotFound as e:
- writemsg_level("!!! Command not found: %s\n" %
(command[0],),
+ if gemato is None:
+ writemsg_level("!!! Unable to verify:
gemato-11.0+ is required\n",
level=logging.ERROR, noiselevel=-1)
exitcode = 127
+ else:
+ # Use isolated environment if key is specified,
+ # system environment otherwise
+ if self.repo.sync_openpgp_key_path is not None:
+ openpgp_env_cls =
gemato.openpgp.OpenPGPEnvironment
+ else:
+ openpgp_env_cls =
gemato.openpgp.OpenPGPSystemEnvironment
+
+ try:
+ with openpgp_env_cls() as openpgp_env:
+ if
self.repo.sync_openpgp_key_path is not None:
+ out.einfo('Using keys
from %s' % (self.repo.sync_openpgp_key_path,))
+ with
io.open(self.repo.sync_openpgp_key_path, 'rb') as f:
+
openpgp_env.import_key(f)
+ out.ebegin('Refreshing
keys from keyserver')
+
openpgp_env.refresh_keys()
+ out.eend(0)
+
+ m =
gemato.recursiveloader.ManifestRecursiveLoader(
+
os.path.join(self.repo.location, 'Manifest'),
+
verify_openpgp=True,
+
openpgp_env=openpgp_env,
+
max_jobs=self.verify_jobs)
+ if not m.openpgp_signed:
+ raise
RuntimeError('OpenPGP signature not found on Manifest')
+
+ ts = m.find_timestamp()
+ if ts is None:
+ raise
RuntimeError('Timestamp not found in Manifest')
+
+ out.einfo('Manifest timestamp:
%s UTC' % (ts.ts,))
+ out.einfo('Valid OpenPGP
signature found:')
+ out.einfo('- primary key: %s' %
(
+
m.openpgp_signature.primary_key_fingerprint))
+ out.einfo('- subkey: %s' % (
+
m.openpgp_signature.fingerprint))
+ out.einfo('- timestamp: %s UTC'
% (
+
m.openpgp_signature.timestamp))
+
+ out.ebegin('Verifying %s' %
(self.repo.location,))
+ m.assert_directory_verifies()
+ out.eend(0)
+ except GematoException as e:
+ writemsg_level("!!! Manifest
verification failed:\n%s\n"
+ % (e,),
+ level=logging.ERROR,
noiselevel=-1)
+ exitcode = 1
return (exitcode, updatecache_flg)
