Changeset 2410 in ProjectBuilder for devel

Timestamp:

Apr 6, 2019, 3:24:26 AM (6 years ago)

Author:

Bruno Cornec

Message:

2 fixes for debian repositories

• Fix #178 by changing key detection in a more simple and compatible way
• Fix #179 by adding a new pbgpgserver configuration parameter and its doc

Location:

devel/pb-modules

Files:

• etc/pb.yml (modified) (1 diff)
• etc/pb.yml.pod (modified) (1 diff)
• lib/ProjectBuilder/Distribution.pm (modified) (4 diffs)

devel/pb-modules/etc/pb.yml

@@ -840 +840 @@
   default: origin
 
+pbgpgserver:
+  default: ipv4.pool.sks-keyservers.net
+
 # Number of process in // for pb
 #pbparallel:

devel/pb-modules/etc/pb.yml.pod

@@ -610 +610 @@
  Example: pbgpgcheck:
             Lintel: 0
+
+=item B<pbgpgserver>
+
+ Nature: Mandatory
+ Key: project (as defined in the -p option or PBPROJ environment variable)
+ Value: The GPG server to use when looking for GPG keys.
+ Conffile: pb
+ Example: pbgpgserver:
+            default: ipv4.pool.sks-keyservers.net
 
 =item B<pbinstalltype>

devel/pb-modules/lib/ProjectBuilder/Distribution.pm

@@ -571 +571 @@
 }
 
-=item B<pb_distro_setuposrepo>
-
-This function sets up potential additional repository for the setup phase
-
-=cut
-
-sub pb_distro_setuposrepo {
-
-my $pbos = shift;
-
-return(pb_distro_setuprepo_gen_conf($pbos,pb_distro_conffile(),"osrepo"));
-}
-
-=item B<pb_distro_setuprepo>
-
-This function sets up potential additional repository to the build environment
-
-=cut
-
-sub pb_distro_setuprepo {
-
-my $pbos = shift;
-
-return(pb_distro_setuprepo_gen_conf($pbos,"$ENV{'PBDESTDIR'}/pbrc.yml","addrepo"));
-}
-
 # Internal
 sub pb_distro_compare_repo {
@@ -619 +593 @@
 }
 
+
+=item B<pb_distro_setuposrepo>
+
+This function sets up potential additional repository for the setup phase
+
+=cut
+
+sub pb_distro_setuposrepo {
+
+my $pbos = shift;
+
+pb_log(3, "INFO: Adding osrepo from config file\n");
+return(pb_distro_setuprepo_gen_conf($pbos,pb_distro_conffile(),"osrepo"));
+}
+
+=item B<pb_distro_setuprepo>
+
+This function sets up potential additional repository to the build environment
+
+=cut
+
+sub pb_distro_setuprepo {
+
+my $pbos = shift;
+
+pb_log(3, "INFO: Adding addrepo from config file\n");
+return(pb_distro_setuprepo_gen_conf($pbos,"$ENV{'PBDESTDIR'}/pbrc.yml","addrepo"));
+}
 =item B<pb_distro_setuprepo_gen_conf>
 
@@ -639 +641 @@
 return undef if ($param eq "");
 
+pb_log(1, "INFO: Adding repos $param\n");
 return(pb_distro_setuprepo_gen($pbos,$param));
 }
@@ -752 +755 @@
             pb_system("wget -O $ENV{'PBTMP'}/Release $debrepo/Release","Downloading $debrepo/Release");
             pb_system("wget -O $ENV{'PBTMP'}/Release.gpg $debrepo/Release.gpg","Downloading $debrepo/Release.gpg");
-            my $signature;
-            open(SIGN,"LANGUAGE=C LANG=C gpg --verify $ENV{'PBTMP'}/Release.gpg $ENV{'PBTMP'}/Release 2>&1 |") || cluck "Unable to verify GPG signature from Release.gpg\n" && next;
+            my $signature = undef;
+            my ($pbgpgserver) = pb_conf_get("pbgpgserver");
+            confess "Unable to find a GPG server in configuration, please define pbgpgserver" if (not defined $pbgpgserver);
+            my $keyserver = $pbgpgserver->{$ENV{'PBPROJ'}};
+            $keyserver = $pbgpgserver->{'default'} if (not defined $keyserver);
+            confess "Unable to find a GPG server in configuration, please define correctly pbgpgserver" if (not defined $keyserver);
+            open(SIGN,"LANGUAGE=C LANG=C gpg --verify --keyid-format=long $ENV{'PBTMP'}/Release.gpg $ENV{'PBTMP'}/Release 2>&1 |") || cluck "Unable to verify GPG signature from Release.gpg\n" && next;
             while(<SIGN>) {
                 chomp();
-                if (/^gpg: .*key ID/) {
+                if (/^gpg: .*key /) {
                     $signature = $_;
-                    $signature =~ s/^gpg: .*key ID ([A-Z0-9]+)/$1/;
-                    #TODO: create a pbkeyserver conf var for that
-                    pb_system("gpg --recv-keys --keyserver hkp://pgp.mit.edu $signature","Importing GPG signature for $signature");
-                    $signature = undef;
+                    $signature =~ s/^gpg: .*key [ID ]*([A-Z0-9]+)/$1/;
+                    pb_system("gpg --recv-keys --keyserver $keyserver $signature","Importing GPG signature for $signature");
                     last;
                 }
             }
             close(SIGN);
-            open(SIGN,"LANGUAGE=C LANG=C gpg --verify $ENV{'PBTMP'}/Release.gpg $ENV{'PBTMP'}/Release 2>&1 |") || cluck "Unable to verify GPG signature from $debrepo/Release.gpg\n" && next;
-            while(<SIGN>) {
-                chomp();
-                if (/^gpg: Good signature/) {
-                    $signature = $_;
-                    $signature =~ s/^gpg: Good signature from "([^\"]+)"/$1/;
-                }
-            }
-            close(SIGN);
-
             return if (not defined $signature);
+
             pb_log(3, "GnuPG repo verify returned: $signature\n");
-            unlink("$ENV{'PBTMP'}/apt.sig");
             pb_system("gpg -a --export -o $ENV{'PBTMP'}/apt.sig \'$signature\'","Exporting GnuPG signature of $signature");
             pb_system("sudo apt-key add $ENV{'PBTMP'}/apt.sig","Adding GnuPG signature of $signature to APT key ring");