From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 381BD158074 for ; Wed, 18 Jun 2025 20:01:20 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 0B3C1341E82 for ; Wed, 18 Jun 2025 20:01:20 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 91DF81104DC; Wed, 18 Jun 2025 20:01:16 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 8206C1104D9 for ; Wed, 18 Jun 2025 20:01:16 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 33A52341E81 for ; Wed, 18 Jun 2025 20:01:16 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 6F07E2935 for ; Wed, 18 Jun 2025 20:01:14 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1750276858.1c27f4e482690f605e852f5e2b5312254b6c619f.sam@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: bin/ X-VCS-Repository: proj/portage X-VCS-Files: bin/emerge-webrsync X-VCS-Directories: bin/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 1c27f4e482690f605e852f5e2b5312254b6c619f X-VCS-Branch: master Date: Wed, 18 Jun 2025 20:01:14 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: d49b96c8-51e5-476d-b2b6-0b330826b313 X-Archives-Hash: 50545fe3d67470e251a68eb02486891e commit: 1c27f4e482690f605e852f5e2b5312254b6c619f Author: Kerin Millar plushkava net> AuthorDate: Wed Jun 18 10:15:23 2025 +0000 Commit: Sam James gentoo org> CommitDate: Wed Jun 18 20:00:58 2025 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=1c27f4e4 emerge-webrsync: let check_file_signature() be responsible for dying The check_file_signature() function acts as an adapter that invokes check_file_signature_gemato() and/or check_file_signature_unwrapped() in turn. As such, it contains code to check their return values and invoke die() if necessary. However, this code is never reached because both of the wrapped functions invoke die() of their own volition. Address this issue by removing the redundant error-handling code from both of the wrapped functions and allowing for check_file_signature() to perform the error handling, as was originally intended. Additionally, improve the diagnostic message by incorporating the basename of the file for which validation has failed. The following sample output depicts this change. gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250 emerge-webrsync: signature verification failed for 'gentoo-20250617.tar.xz' Signed-off-by: Kerin Millar plushkava.net> Signed-off-by: Sam James gentoo.org> bin/emerge-webrsync | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync index 90ee167a8e..ed4825ef95 100755 --- a/bin/emerge-webrsync +++ b/bin/emerge-webrsync @@ -274,12 +274,7 @@ check_file_signature_gemato() { (( opt[quiet] )) && gemato_args+=( --quiet ) (( opt[debug] )) && gemato_args+=( --debug ) - if ! gemato "${gemato_args[@]}" -- "${signature}" "${file}"; then - # Exit early since it's typically inappropriate to try - # other mirrors in this case (it may indicate a keyring - # problem). - die "signature verification failed" - fi + gemato "${gemato_args[@]}" -- "${signature}" "${file}" fi } @@ -313,12 +308,7 @@ check_file_signature_gpg_unwrapped() { die "gpgdir is not writable: ${GNUPGHOME}" fi - if ! gpg_verify "${signature}" "${file}"; then - # Exit early since it's typically inappropriate to try - # other mirrors in this case (it may indicate a keyring - # problem). - die "signature verification failed" - fi + gpg_verify "${signature}" "${file}" } gpg_fingerprint() { @@ -364,8 +354,10 @@ check_file_signature() { esac if (( ${r=$?} != 0 )); then - eerror "Error occurred in check_file_signature: ${r}. Aborting." - die "Verification error occured." + # Exit early since it's typically inappropriate to try other + # mirrors in this case (it may indicate a keyring problem). + file=${file##*/} + die "signature verification failed for ${file@Q}" fi }