Remove support for FEATURES=gpg since it's already disabled and broken
authorZac Medico <zmedico@gentoo.org>
Fri, 17 Oct 2008 18:52:27 +0000 (18:52 -0000)
committerZac Medico <zmedico@gentoo.org>
Fri, 17 Oct 2008 18:52:27 +0000 (18:52 -0000)
anyway. Thanks to DJ Anderson for the suggestion.

svn path=/main/trunk/; revision=11698

man/make.conf.5
pym/portage/__init__.py
pym/portage/dbapi/porttree.py

index 45ad93b0c0a32d735241d66b1c95ab366e29c64d..a8f93ca1cfc7e574b2b3078aaaaa313835297208 100644 (file)
@@ -204,9 +204,6 @@ can take a lot of time.
 Force emerges to always try to fetch files from the \fIPORTAGE_BINHOST\fR.  See 
 \fBmake.conf\fR(5) for more information.
 .TP
-.B gpg
-Check the signatures of Manifests and make sure they are correct.
-.TP
 .B installsources
 Install source code into /usr/src/debug/${CATEGORY}/${PF} (also see
 \fBsplitdebug\fR). This feature works only if debugedit is installed and CFLAGS
index f0df5b6881948b20d527d00c10c5d4e97b2a5089..d13c2f7fb112ec184dccc3dcf2ec5f11732daa45 100644 (file)
@@ -107,7 +107,6 @@ try:
                pickle_read, pickle_write, stack_dictlist, stack_dicts, stack_lists, \
                unique_array, varexpand, writedict, writemsg, writemsg_stdout, write_atomic
        import portage.exception
-       import portage.gpg
        import portage.locks
        import portage.process
        from portage.process import atexit_register, run_exitfuncs
@@ -1642,13 +1641,6 @@ class config(object):
                                # repoman will accept any license
                                self._accept_license = set(["*"])
 
-                       if "gpg" in self.features:
-                               if not os.path.exists(self["PORTAGE_GPG_DIR"]) or \
-                                       not os.path.isdir(self["PORTAGE_GPG_DIR"]):
-                                       writemsg(colorize("BAD", "PORTAGE_GPG_DIR is invalid." + \
-                                               " Removing gpg from FEATURES.\n"), noiselevel=-1)
-                                       self.features.remove("gpg")
-
                        if not portage.process.sandbox_capable and \
                                ("sandbox" in self.features or "usersandbox" in self.features):
                                if self.profile_path is not None and \
@@ -1665,9 +1657,6 @@ class config(object):
                                        self.features.remove("usersandbox")
 
                        self.features.sort()
-                       if "gpg" in self.features:
-                               writemsg(colorize("WARN", "!!! FEATURES=gpg is unmaintained, incomplete and broken. Disabling it."), noiselevel=-1)
-                               self.features.remove("gpg")
                        self["FEATURES"] = " ".join(self.features)
                        self.backup_changes("FEATURES")
 
index c6268a8ec022bd39091fd76aa4c6e0da10f17c53..19010bc6237752ef8d4b4c4dfe0c1b7df81ebdb1 100644 (file)
@@ -11,13 +11,12 @@ from portage.data import portage_gid, secpass
 from portage.dbapi import dbapi
 from portage.dep import use_reduce, paren_reduce, dep_getkey, match_from_list
 from portage.exception import PortageException, \
-       UntrustedSignature, SecurityViolation, InvalidSignature, MissingSignature, \
        FileNotFound, InvalidDependString, InvalidPackageName
 from portage.manifest import Manifest
 from portage.util import ensure_dirs, writemsg
 from portage.versions import pkgsplit, catpkgsplit, best, ver_regexp
 
-import portage.gpg, portage.checksum
+import portage.checksum
 
 from portage import eclass_cache, auxdbkeys, doebuild, flatten, \
        listdir, dep_expand, eapi_is_supported, key_expand, dep_check, \
@@ -102,22 +101,6 @@ class portdbapi(dbapi):
                # instance that is passed in.
                self.doebuild_settings = config(clone=self.mysettings)
 
-               self.manifestVerifyLevel = None
-               self.manifestVerifier = None
-               self.manifestCache = {}    # {location: [stat, md5]}
-               self.manifestMissingCache = []
-
-               if "gpg" in self.mysettings.features:
-                       self.manifestVerifyLevel = portage.gpg.EXISTS
-                       if "strict" in self.mysettings.features:
-                               self.manifestVerifyLevel = portage.gpg.MARGINAL
-                               self.manifestVerifier = portage.gpg.FileChecker(self.mysettings["PORTAGE_GPG_DIR"], "gentoo.gpg", minimumTrust=self.manifestVerifyLevel)
-                       elif "severe" in self.mysettings.features:
-                               self.manifestVerifyLevel = portage.gpg.TRUSTED
-                               self.manifestVerifier = portage.gpg.FileChecker(self.mysettings["PORTAGE_GPG_DIR"], "gentoo.gpg", requireSignedRing=True, minimumTrust=self.manifestVerifyLevel)
-                       else:
-                               self.manifestVerifier = portage.gpg.FileChecker(self.mysettings["PORTAGE_GPG_DIR"], "gentoo.gpg", minimumTrust=self.manifestVerifyLevel)
-
                #self.root=settings["PORTDIR"]
                self.porttree_root = porttree_root
                if porttree_root:
@@ -411,47 +394,6 @@ class portdbapi(dbapi):
                        writemsg("!!!            %s\n" % myebuild, noiselevel=1)
                        raise KeyError(mycpv)
 
-               myManifestPath = "/".join(myebuild.split("/")[:-1])+"/Manifest"
-               if "gpg" in self.mysettings.features:
-                       try:
-                               mys = portage.gpg.fileStats(myManifestPath)
-                               if (myManifestPath in self.manifestCache) and \
-                                  (self.manifestCache[myManifestPath] == mys):
-                                       pass
-                               elif self.manifestVerifier:
-                                       if not self.manifestVerifier.verify(myManifestPath):
-                                               # Verification failed the desired level.
-                                               raise UntrustedSignature(
-                                                       "Untrusted Manifest: %(manifest)s" % \
-                                                       {"manifest" : myManifestPath})
-
-                               if ("severe" in self.mysettings.features) and \
-                                  (mys != portage.gpg.fileStats(myManifestPath)):
-                                       raise SecurityViolation(
-                                               "Manifest changed: %(manifest)s" % \
-                                               {"manifest":myManifestPath})
-
-                       except InvalidSignature, e:
-                               if ("strict" in self.mysettings.features) or \
-                                  ("severe" in self.mysettings.features):
-                                       raise
-                               writemsg("!!! INVALID MANIFEST SIGNATURE DETECTED: %(manifest)s\n" % {"manifest":myManifestPath})
-                       except MissingSignature, e:
-                               if ("severe" in self.mysettings.features):
-                                       raise
-                               if ("strict" in self.mysettings.features):
-                                       if myManifestPath not in self.manifestMissingCache:
-                                               writemsg("!!! WARNING: Missing signature in: %(manifest)s\n" % {"manifest":myManifestPath})
-                                               self.manifestMissingCache.insert(0,myManifestPath)
-                       except (OSError, FileNotFound), e:
-                               if ("strict" in self.mysettings.features) or \
-                                  ("severe" in self.mysettings.features):
-                                       raise SecurityViolation(
-                                               "Error in verification of signatures: " + \
-                                               "%(errormsg)s" % {"errormsg" : str(e)})
-                               writemsg("!!! Manifest is missing or inaccessable: %(manifest)s\n" % {"manifest":myManifestPath},
-                                       noiselevel=-1)
-
                mydata, st, emtime = self._pull_valid_cache(mycpv, myebuild, mylocation)
                doregen = mydata is None