diff options
author | Sam James <sam@gentoo.org> | 2024-10-02 06:08:52 +0100 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2024-10-02 06:09:56 +0100 |
commit | 86f421c9b96a893d9ddf9c8c4065906475c3dcae (patch) | |
tree | 45018ff5eb1ab71d8efd0665947cec5089722461 /sys-apps | |
parent | app-admin/linode-cli: add 5.52.0 (diff) | |
download | gentoo-86f421c9b96a893d9ddf9c8c4065906475c3dcae.tar.gz gentoo-86f421c9b96a893d9ddf9c8c4065906475c3dcae.tar.bz2 gentoo-86f421c9b96a893d9ddf9c8c4065906475c3dcae.zip |
sys-apps/portage: backport emerge-webrsync fix
As I said in the revert commit message, just pick the safe option for now
until I can be sure about the proper fix, as emerge-webrsync has been
brittle in the past.
Note that the important thing is that verification works and is on still,
i.e. the commit being reverted doesn't disable that.
Bug: https://bugs.gentoo.org/940120
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'sys-apps')
-rw-r--r-- | sys-apps/portage/files/portage-3.0.66.1-webrsync.patch | 76 | ||||
-rw-r--r-- | sys-apps/portage/portage-3.0.66.1-r1.ebuild | 231 |
2 files changed, 307 insertions, 0 deletions
diff --git a/sys-apps/portage/files/portage-3.0.66.1-webrsync.patch b/sys-apps/portage/files/portage-3.0.66.1-webrsync.patch new file mode 100644 index 000000000000..7586c8a9ff98 --- /dev/null +++ b/sys-apps/portage/files/portage-3.0.66.1-webrsync.patch @@ -0,0 +1,76 @@ +https://bugs.gentoo.org/940120 +https://gitweb.gentoo.org/proj/portage.git/commit/?id=123a7be533161b14cacc4aa98708fbf1027ecce1 + +From 123a7be533161b14cacc4aa98708fbf1027ecce1 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Wed, 2 Oct 2024 06:02:24 +0100 +Subject: Revert "emerge-webrsync: actually honour the + sync-webrsync-verify-signature attribute" + +This reverts commit f99eb91227918d5bf0cc531e78bd597c73b7ce1f. + +Revert for now as we understand the status quo better, and this +breaks syncing w/ emerge-webrsync. I'll come back to this but I'd +rather work with a known quantity for now than rush a fix. + +Bug: https://bugs.gentoo.org/940120 +Signed-off-by: Sam James <sam@gentoo.org> +--- + bin/emerge-webrsync | 9 ++++----- + misc/emerge-delta-webrsync | 9 ++++----- + 2 files changed, 8 insertions(+), 10 deletions(-) + +diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync +index 124bcaddc..caa4986da 100755 +--- a/bin/emerge-webrsync ++++ b/bin/emerge-webrsync +@@ -105,17 +105,16 @@ do_debug=0 + keep=false + + handle_pgp_setup() { +- local attr repo_has_webrsync_verify webrsync_gpg +- + # WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification + # WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg + # WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg" + WEBRSYNC_VERIFY_SIGNATURE=1 + +- has webrsync-gpg ${FEATURES} && webrsync_gpg=1 ++ has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0 + +- attr=$(__repo_attr "${repo_name}" sync-webrsync-verify-signature) +- [[ ${attr,,} == @(true|yes) ]] && repo_has_webrsync_verify=1 ++ repo_has_webrsync_verify=$( ++ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | LC_ALL=C tr '[:upper:]' '[:lower:]') true yes ++ ) + + if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || [[ ${repo_has_webrsync_verify} -eq 1 ]]; then + # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync +diff --git a/misc/emerge-delta-webrsync b/misc/emerge-delta-webrsync +index 8550c15fe..a788cdb0e 100755 +--- a/misc/emerge-delta-webrsync ++++ b/misc/emerge-delta-webrsync +@@ -165,17 +165,16 @@ if [[ ! -d $STATE_DIR ]]; then + fi + + handle_pgp_setup() { +- local attr repo_has_webrsync_verify webrsync_gpg +- + # WEBRSYNC_VERIFY_SIGNATURE=0: disable PGP verification + # WEBRSYNC_VERIFY_SIGNATURE=1: use gemato for verification, fallback to regular gpg + # WEBRSYNC_VERIFY_SIGNATURE=2: use legacy FEATURES="webrsync-gpg" + WEBRSYNC_VERIFY_SIGNATURE=1 + +- has webrsync-gpg ${FEATURES} && webrsync_gpg=1 ++ has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0 + +- attr=$(__repo_attr "${repo_name}" sync-webrsync-verify-signature) +- [[ ${attr,,} == @(true|yes) ]] && repo_has_webrsync_verify=1 ++ repo_has_webrsync_verify=$( ++ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | LC_ALL=C tr '[:upper:]' '[:lower:]') true yes ++ ) + + if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || [[ ${repo_has_webrsync_verify} -eq 1 ]]; then + # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync +-- +cgit v1.2.3-65-gdbad diff --git a/sys-apps/portage/portage-3.0.66.1-r1.ebuild b/sys-apps/portage/portage-3.0.66.1-r1.ebuild new file mode 100644 index 000000000000..9cedc14fc954 --- /dev/null +++ b/sys-apps/portage/portage-3.0.66.1-r1.ebuild @@ -0,0 +1,231 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( pypy3 python3_{10..13} ) +PYTHON_REQ_USE='bzip2(+),threads(+)' +TMPFILES_OPTIONAL=1 + +inherit meson linux-info python-r1 tmpfiles + +DESCRIPTION="The package management and distribution system for Gentoo" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Portage" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI=" + https://anongit.gentoo.org/git/proj/portage.git + https://github.com/gentoo/portage.git + " + inherit git-r3 +else + SRC_URI="https://gitweb.gentoo.org/proj/portage.git/snapshot/${P}.tar.bz2" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="apidoc build doc gentoo-dev +ipc +native-extensions +rsync-verify selinux test xattr" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" +RESTRICT="!test? ( test )" + +BDEPEND=" + ${PYTHON_DEPS} + >=app-arch/tar-1.27 + >=dev-build/meson-1.3.0-r1 + >=sys-apps/sed-4.0.5 + sys-devel/patch + !build? ( $(python_gen_impl_dep 'ssl(+)') ) + apidoc? ( + dev-python/sphinx[${PYTHON_USEDEP}] + dev-python/sphinx-epytext[${PYTHON_USEDEP}] + ) + doc? ( + ~app-text/docbook-xml-dtd-4.4 + app-text/xmlto + ) + test? ( + dev-python/pytest-xdist[${PYTHON_USEDEP}] + dev-vcs/git + ) +" +# Require sandbox-2.2 for bug #288863. +# For whirlpool hash, require python[ssl] (bug #425046). +RDEPEND=" + ${PYTHON_DEPS} + acct-user/portage + >=app-arch/tar-1.27 + app-arch/zstd + >=app-misc/pax-utils-0.1.17 + dev-lang/python-exec:2 + >=sys-apps/baselayout-2.9 + >=sys-apps/findutils-4.9 + !build? ( + >=app-admin/eselect-1.2 + app-portage/getuto + >=app-shells/bash-5.0:0 + >=sec-keys/openpgp-keys-gentoo-release-20240703 + >=sys-apps/sed-4.0.5 + rsync-verify? ( + >=app-crypt/gnupg-2.2.4-r2[ssl(-)] + >=app-portage/gemato-14.5[${PYTHON_USEDEP}] + ) + ) + elibc_glibc? ( >=sys-apps/sandbox-2.2 ) + elibc_musl? ( >=sys-apps/sandbox-2.2 ) + kernel_linux? ( sys-apps/util-linux ) + selinux? ( >=sys-libs/libselinux-2.0.94[python,${PYTHON_USEDEP}] ) + xattr? ( kernel_linux? ( + >=sys-apps/install-xattr-0.3 + ) ) +" +# coreutils-6.4 rdep is for date format in emerge-webrsync #164532 +# NOTE: FEATURES=installsources requires debugedit and rsync +PDEPEND=" + !build? ( + >=net-misc/rsync-2.6.4 + >=sys-apps/coreutils-6.4 + >=sys-apps/file-5.44-r3 + ) +" + +PATCHES=( + "${FILESDIR}"/${P}-webrsync.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~IPC_NS ~PID_NS ~NET_NS ~UTS_NS" + + check_extra_config +} + +src_prepare() { + default + + if use prefix-guest; then + sed -e "s|^\(main-repo = \).*|\\1gentoo_prefix|" \ + -e "s|^\\[gentoo\\]|[gentoo_prefix]|" \ + -e "s|^\(sync-uri = \).*|\\1rsync://rsync.prefix.bitzolder.nl/gentoo-portage-prefix|" \ + -i cnf/repos.conf || die "sed failed" + fi +} + +src_configure() { + local code_only=false + python_foreach_impl my_src_configure +} + +my_src_configure() { + local emesonargs=( + -Dcode-only=${code_only} + -Deprefix="${EPREFIX}" + -Dportage-bindir="${EPREFIX}/usr/lib/portage/${EPYTHON}" + -Ddocdir="${EPREFIX}/usr/share/doc/${PF}" + $(meson_use doc) + $(meson_use apidoc) + $(meson_use gentoo-dev) + $(meson_use ipc) + $(meson_use xattr) + ) + + if use native-extensions && [[ "${EPYTHON}" != "pypy3" ]] ; then + emesonargs+=( -Dnative-extensions=true ) + else + emesonargs+=( -Dnative-extensions=false ) + fi + + if use build; then + emesonargs+=( -Drsync-verify=false ) + else + emesonargs+=( $(meson_use rsync-verify) ) + fi + + meson_src_configure + code_only=true +} + +src_compile() { + python_foreach_impl meson_src_compile +} + +src_test() { + local EPYTEST_XDIST=1 + local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 + python_foreach_impl epytest +} + +src_install() { + python_foreach_impl my_src_install + dotmpfiles "${FILESDIR}"/portage-{ccache,tmpdir}.conf + + local scripts + mapfile -t scripts < <(awk '/^#!.*python/ {print FILENAME} {nextfile}' "${ED}"/usr/{bin,sbin}/* || die) + python_replicate_script "${scripts[@]}" +} + +my_src_install() { + local pydirs=( + "${D}$(python_get_sitedir)" + "${ED}/usr/lib/portage/${EPYTHON}" + ) + + meson_src_install + python_fix_shebang "${pydirs[@]}" + python_optimize "${pydirs[@]}" +} + +pkg_preinst() { + if ! use build && [[ -z ${ROOT} ]]; then + python_setup + local sitedir=$(python_get_sitedir) + [[ -d ${D}${sitedir} ]] || die "${D}${sitedir}: No such directory" + env -u DISTDIR \ + -u PORTAGE_OVERRIDE_EPREFIX \ + -u PORTAGE_REPOSITORIES \ + -u PORTDIR \ + -u PORTDIR_OVERLAY \ + PYTHONPATH="${D}${sitedir}${PYTHONPATH:+:${PYTHONPATH}}" \ + "${PYTHON}" -m portage._compat_upgrade.default_locations || die + + env -u BINPKG_COMPRESS -u PORTAGE_REPOSITORIES \ + PYTHONPATH="${D}${sitedir}${PYTHONPATH:+:${PYTHONPATH}}" \ + "${PYTHON}" -m portage._compat_upgrade.binpkg_compression || die + + env -u FEATURES -u PORTAGE_REPOSITORIES \ + PYTHONPATH="${D}${sitedir}${PYTHONPATH:+:${PYTHONPATH}}" \ + "${PYTHON}" -m portage._compat_upgrade.binpkg_multi_instance || die + + env -u BINPKG_FORMAT \ + PYTHONPATH="${D}${sitedir}${PYTHONPATH:+:${PYTHONPATH}}" \ + "${PYTHON}" -m portage._compat_upgrade.binpkg_format || die + fi + + # elog dir must exist to avoid logrotate error for bug #415911. + # This code runs in preinst in order to bypass the mapping of + # portage:portage to root:root which happens after src_install. + keepdir /var/log/portage/elog + # This is allowed to fail if the user/group are invalid for prefix users. + if chown portage:portage "${ED}"/var/log/portage{,/elog} 2>/dev/null ; then + chmod g+s,ug+rwx "${ED}"/var/log/portage{,/elog} + fi + + if has_version "<${CATEGORY}/${PN}-2.3.77"; then + elog "The emerge --autounmask option is now disabled by default, except for" + elog "portions of behavior which are controlled by the --autounmask-use and" + elog "--autounmask-license options. For backward compatibility, previous" + elog "behavior of --autounmask=y and --autounmask=n is entirely preserved." + elog "Users can get the old behavior simply by adding --autounmask to the" + elog "make.conf EMERGE_DEFAULT_OPTS variable. For the rationale for this" + elog "change, see https://bugs.gentoo.org/658648." + fi +} + +pkg_postinst() { + # Warn about obsolete "enotice" script, bug #867010 + local bashrc=${EROOT}/etc/portage/profile/profile.bashrc + if [[ -e ${bashrc} ]] && grep -q enotice "${bashrc}"; then + eerror "Obsolete 'enotice' script detected!" + eerror "Please remove this from ${bashrc} to avoid problems." + eerror "See bug 867010 for more details." + fi +} |