Always verify the ebuild checksums before executing it. Thanks to solar for the...

svn path=/main/trunk/; revision=5150

diff --git a/pym/portage.py b/pym/portage.py
index 7513beb2b0a5104a9374a95740fb6d2b918a12ee..e04fafebf53ffabe4d4f0579273198ecd878e934 100644 (file)
--- a/pym/portage.py
+++ b/pym/portage.py
@@ -3007,6 +3007,29 @@ def doebuild(myebuild, mydo, myroot, mysettings, debug=0, listonly=0,
                        noiselevel=-1)
                return 1
 
+       if "strict" in features and mydo not in ("digest", "manifest", "help"):
+               # Always verify the ebuild checksums before executing it.
+               pkgdir = os.path.dirname(myebuild)
+               manifest_path = os.path.join(pkgdir, "Manifest")
+               if not os.path.exists(manifest_path):
+                       writemsg("!!! Manifest file not found: '%s'\n" % manifest_path,
+                               noiselevel=-1)
+                       return 1
+               mf = Manifest(pkgdir, mysettings["DISTDIR"])
+               try:
+                       mf.checkTypeHashes("EBUILD")
+               except portage_exception.FileNotFound, e:
+                       writemsg("!!! A file listed in the Manifest " + \
+                               "could not be found: %s\n" % str(e), noiselevel=-1)
+                       return 1
+               except portage_exception.DigestException, e:
+                       writemsg("!!! Digest verification failed:\n", noiselevel=-1)
+                       writemsg("!!! %s\n" % e.value[0], noiselevel=-1)
+                       writemsg("!!! Reason: %s\n" % e.value[1], noiselevel=-1)
+                       writemsg("!!! Got: %s\n" % e.value[2], noiselevel=-1)
+                       writemsg("!!! Expected: %s\n" % e.value[3], noiselevel=-1)
+                       return 1
+
        doebuild_environment(myebuild, mydo, myroot, mysettings, debug,
                use_cache, mydbapi)