repoman: validate PORTAGE_GPG_KEY

diff --git a/bin/repoman b/bin/repoman
index d1f0b861ad9d5795fb62efa33645ddb06da29e6e..c59791c76fadfd272e1709c31006a71fb8a10a32 100755 (executable)
--- a/bin/repoman
+++ b/bin/repoman
@@ -88,6 +88,7 @@ util.initialize_logger()
 max_desc_len = 100
 allowed_filename_chars="a-zA-Z0-9._-+:"
 pv_toolong_re = re.compile(r'[0-9]{19,}')
+GPG_KEY_ID_REGEX = r'(0x)?([0-9a-fA-F]{8}|[0-9a-fA-F]{16}|[0-9a-fA-F]{24}|[0-9a-fA-F]{32})!?'
 bad = create_color_func("BAD")
 
 # A sane umask is needed for files that portage creates.
@@ -605,6 +606,14 @@ if repo_config.sign_commit:
 sign_manifests = "sign" in repoman_settings.features and \
        repo_config.sign_manifest
 
+if sign_manifests and options.mode in ("commit",) and \
+       repoman_settings.get("PORTAGE_GPG_KEY") and \
+       re.match(r'^%s$' % GPG_KEY_ID_REGEX,
+       repoman_settings["PORTAGE_GPG_KEY"]) is None:
+       logging.error("PORTAGE_GPG_KEY value is invalid: %s" %
+               repoman_settings["PORTAGE_GPG_KEY"])
+       sys.exit(1)
+
 manifest_hashes = repo_config.manifest_hashes
 if manifest_hashes is None:
        manifest_hashes = portage.const.MANIFEST2_HASH_DEFAULTS