mirror of
https://github.com/openSUSE/osc.git
synced 2024-09-20 09:16:16 +02:00
stub for implementing trusted projects
This commit is contained in:
parent
8f1024eca1
commit
99d3147519
14
osc/build.py
14
osc/build.py
@ -99,6 +99,7 @@ class Buildinfo:
|
||||
self.deps = []
|
||||
self.projects = {}
|
||||
self.keys = []
|
||||
self.prjkeys = []
|
||||
for node in root.findall('bdep'):
|
||||
p = Pac(node, self.buildarch, self.pacsuffix,
|
||||
apiurl, localpkgs)
|
||||
@ -631,6 +632,19 @@ def main(opts, argv):
|
||||
print 'Skipping verification of package signatures'
|
||||
else:
|
||||
print 'Verifying integrity of cached packages'
|
||||
t = config['api_host_options'][apiurl]['trusted_prj']
|
||||
for prj in bi.prjkeys:
|
||||
if not prj in t:
|
||||
print "\nYou are trying to use packages from project '%s'." % prj
|
||||
print "Note that malicious packages can compromise your system."
|
||||
# saving back to config file is complicated
|
||||
# r = raw_input("Would you like to trust '%s' (a)lways, (t)emorarily or (N)ever? " % prj)
|
||||
# if r == 'a':
|
||||
# config['api_host_options'][apiurl]['trusted_prj'] += prj
|
||||
# elif r != 't':
|
||||
# print "Well, good good bye then :-)"
|
||||
# sys.exit(1)
|
||||
|
||||
verify_pacs([ i.fullfilename for i in bi.deps ], bi.keys)
|
||||
elif bi.pacsuffix == 'deb':
|
||||
if config['build-type'] == "xen" or config['build-type'] == "kvm":
|
||||
|
@ -627,6 +627,11 @@ def get_config(override_conffile = None,
|
||||
if not 'sslcertck' in api_host_options[apiurl]:
|
||||
api_host_options[apiurl]['sslcertck'] = True
|
||||
|
||||
if cp.has_option(url, 'trusted_prj'):
|
||||
api_host_options[apiurl]['trusted_prj'] = cp.get(url, key).split(' ')
|
||||
else:
|
||||
api_host_options[apiurl]['trusted_prj'] = []
|
||||
|
||||
# add the auth data we collected to the config dict
|
||||
config['api_host_options'] = api_host_options
|
||||
config['apiurl_aliases'] = aliases
|
||||
|
@ -210,11 +210,13 @@ class Fetcher:
|
||||
|
||||
if os.path.exists(dest):
|
||||
buildinfo.keys.append(dest)
|
||||
buildinfo.prjkeys.append(i)
|
||||
else:
|
||||
url = "%s/source/%s/_pubkey" % (buildinfo.apiurl, i)
|
||||
try:
|
||||
self.gr.urlgrab(url, dest, text="fetching key for %s" % i)
|
||||
buildinfo.keys.append(dest)
|
||||
buildinfo.prjkeys.append(i)
|
||||
except KeyboardInterrupt:
|
||||
print 'Cancelled by user (ctrl-c)'
|
||||
print 'Exiting.'
|
||||
|
Loading…
Reference in New Issue
Block a user