From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 031E5158128 for ; Wed, 18 Jun 2025 09:52:13 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id E1A3C341CDA for ; Wed, 18 Jun 2025 09:52:12 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id A98131104E2; Wed, 18 Jun 2025 09:52:04 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id A16F31104E2 for ; Wed, 18 Jun 2025 09:52:04 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 4E7E4340D02 for ; Wed, 18 Jun 2025 09:52:04 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C52D529F7 for ; Wed, 18 Jun 2025 09:52:02 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1750240318.f60e84241e16235f61bfd791492b4a80480e464b.sam@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: bin/ X-VCS-Repository: proj/portage X-VCS-Files: bin/emerge-webrsync X-VCS-Directories: bin/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: f60e84241e16235f61bfd791492b4a80480e464b X-VCS-Branch: master Date: Wed, 18 Jun 2025 09:52:02 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: c5e2b586-bff1-4ee8-8aad-c39513440b9f X-Archives-Hash: 212ef2ff605f2303d80d217fc1a46b7b commit: f60e84241e16235f61bfd791492b4a80480e464b Author: Kerin Millar plushkava net> AuthorDate: Wed Jun 18 04:07:05 2025 +0000 Commit: Sam James gentoo org> CommitDate: Wed Jun 18 09:51:58 2025 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=f60e8424 emerge-webrsync: don't check whether gpg(1) exists in check_file_signature_gpg_unwrapped() As concerns the check_file_signature_gpg_unwrapped() function, refrain from checking whether the gpg(1) utility can be found in PATH. This is what I would refer to as a pointless proxy check. One need not care whether gpg(1) can be found in PATH. For if it cannot be found then the first invocation of it shall fail, in which case, so be it. Let it fail! Having dispensed with the proxy check, it can be seen that the diagnostic message raised by the shell is sufficiently clear. * Checking digest ... * Checking signature ... * Falling back to gpg as gemato is not installed /usr/bin/emerge-webrsync: line 335: gpg: command not found I would add that proxy checks are loved by programmers who have a tendency to avoid thinking about the matter of error handling in general, exhibiting no diligence whatsover in this respect. Whensoever I encounter such checks, I am immediately inclined to regard them as a potential red flag. As a case in point, prior to my working on the emerge-webrsync utility, the very first invocation of gpg(1) in this function was bereft of an error check. For that matter, just because type -P indicates that a given utility exists in PATH, it is by no means guaranteed that it exists at the point of attempted execution. Now, testing for the existence of a required utility can be a reasonable thing to do before undergoing any substantive work and thus wasting the user's time. Yet, had that genuinely been the intent, the check in question would not have been situated within this particular function to begin with. Signed-off-by: Kerin Millar plushkava.net> Signed-off-by: Sam James gentoo.org> bin/emerge-webrsync | 56 +++++++++++++++++++++++++---------------------------- 1 file changed, 26 insertions(+), 30 deletions(-) diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync index 174df11aad..f6a1a0de24 100755 --- a/bin/emerge-webrsync +++ b/bin/emerge-webrsync @@ -291,40 +291,36 @@ check_file_signature_gpg_unwrapped() { local fingerprint key local -x GNUPGHOME - if ! type -P gpg > /dev/null; then - die "cannot check signature: gpg binary not found" + if [[ -n ${PORTAGE_GPG_KEY} ]] ; then + key="${PORTAGE_GPG_KEY}" else - if [[ -n ${PORTAGE_GPG_KEY} ]] ; then - key="${PORTAGE_GPG_KEY}" - else - key="${EPREFIX}/usr/share/openpgp-keys/gentoo-release.asc" - fi + key="${EPREFIX}/usr/share/openpgp-keys/gentoo-release.asc" + fi - if [[ ! -f "${key}" ]] ; then - eerror "${key} not available. Is sec-keys/openpgp-keys-gentoo-release installed?" - die "Needed keys unavailable! Install its package or set PORTAGE_GPG_KEY to the right path." - fi + if [[ ! -f "${key}" ]] ; then + eerror "${key} not available. Is sec-keys/openpgp-keys-gentoo-release installed?" + die "Needed keys unavailable! Install its package or set PORTAGE_GPG_KEY to the right path." + fi - if [[ ! ${GNUPGHOME=${PORTAGE_GPG_DIR}} ]]; then - # The PORTAGE_GPG_DIR variable is either unset or - # empty. Create a temporary directory to contain an - # ephemeral keyring into which Gentoo's distributed - # public key block shall be imported. - GNUPGHOME=$(mktemp -d -- "${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \ - && gpg --batch --import "${key}" \ - && fingerprint=$(gpg_fingerprint '') \ - && gpg --batch --import-ownertrust <<<"${fingerprint}:6:" \ - || exit - elif [[ ! -w ${GNUPGHOME} ]]; then - die "gpgdir is not writable: ${GNUPGHOME}" - fi + if [[ ! ${GNUPGHOME=${PORTAGE_GPG_DIR}} ]]; then + # The PORTAGE_GPG_DIR variable is either unset or + # empty. Create a temporary directory to contain an + # ephemeral keyring into which Gentoo's distributed + # public key block shall be imported. + GNUPGHOME=$(mktemp -d -- "${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \ + && gpg --batch --import "${key}" \ + && fingerprint=$(gpg_fingerprint '') \ + && gpg --batch --import-ownertrust <<<"${fingerprint}:6:" \ + || exit + elif [[ ! -w ${GNUPGHOME} ]]; then + die "gpgdir is not writable: ${GNUPGHOME}" + fi - if ! gpg_verify "${signature}" "${file}"; then - # Exit early since it's typically inappropriate to try - # other mirrors in this case (it may indicate a keyring - # problem). - die "signature verification failed" - fi + if ! gpg_verify "${signature}" "${file}"; then + # Exit early since it's typically inappropriate to try + # other mirrors in this case (it may indicate a keyring + # problem). + die "signature verification failed" fi }