commit: fdfcf3549506f2903d26e0c78ecd8f2c9093376b
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Fri Jun 20 04:52:09 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jun 20 05:45:38 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=fdfcf354
emerge-webrsync: simplify the handling of verification_method
Presently, the handle_pgp_setup() function assigns to the
'verification_method' variable a digit between 0 and 2. Instead, assign
a string that describes the verification tool to be used, or the null
string if verification is to be disabled. The following table shows the
distinction between the old and new values.
┌─────┬──────────┬────────────────────┐
│ Old │ New │ Verification Mode │
├─────┼──────────┼────────────────────┤
│ "0" │ "" │ Disabled │
│ "1" │ "gemato" │ Verify with gemato │
│ "2" │ "gpg" │ Verify with gpg │
└─────┴──────────┴────────────────────┘
Accompanying this change are a few appreciable code cleanups, which are
described herewith.
As concerns the handle_pgp_setup() function, jettison the unwieldy case
statement that is responsible for printing an informational message
regarding the chosen PGP verification method. Instead, call einfo() just
once while expanding the value of the 'verification_method' variable.
As concerns the check_file_signature() function, jettison the case
statement. Instead, execute a simple command whose name is dynamically
composed, thereby ensuring that the appropriate function is called
without needing to test the value of the 'verification_method' variable
beyond determining that it is non-empty. Further, incorporate the
effective verification method into the message displayed by einfo().
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/emerge-webrsync | 36 +++++++++---------------------------
1 file changed, 9 insertions(+), 27 deletions(-)
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index 88b26d4b90..8ec4d888c0 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -126,7 +126,7 @@ handle_pgp_setup() {
# Disable PGP verification. The webrsync module specifies this
# option if the "sync-webrsync-verify-signature" repo attribute
# is explicitly defined with a value of "false".
- verification_method=0
+ verification_method=
elif contains_word webrsync-gpg "${FEATURES}"; then
# Discourage the use of the deprecated "webrsync-gpg" feature
# because it prevents the use of gemato for verification.
@@ -134,31 +134,19 @@ handle_pgp_setup() {
if [[ ! ${PORTAGE_GPG_DIR} ]]; then
die "PORTAGE_GPG_DIR is unset or empty (the
webrsync-gpg feature requires that it be set)"
fi
- verification_method=2
+ verification_method="gpg"
elif ! hash gemato 2>/dev/null; then
# Fall back to conventional verification with gpg(1).
ewarn "app-portage/gemato does not appear to be installed.
Falling back to gpg."
- verification_method=2
+ verification_method="gpg"
else
# Use gemato for PGP verification. It is the preferred method
# because it handles key refresh and revocation, and guarantees
# a clean operating environment.
- verification_method=1
+ verification_method="gemato"
fi
- case ${verification_method} in
- 0)
- if (( ! opt[quiet] )); then
- ewarn "PGP verification method: disabled"
- fi
- ;;
- 1)
- einfo "PGP verification method: gemato"
- ;;
- 2)
- ewarn "PGP verification method: legacy gpg"
- ;;
- esac
+ einfo "PGP verification method: ${verification_method:-disabled}"
if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]]; then
PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR}
@@ -357,16 +345,10 @@ gpg_verify() {
check_file_signature() {
local signature=$1 file=$2
- case ${verification_method} in
- [12])
- einfo "Checking signature ..."
- ;;&
- 1)
- check_file_signature_gemato "${signature}" "${file}"
- ;;
- 2)
- check_file_signature_gpg "${signature}" "${file}"
- esac || {
+ if [[ ${verification_method} ]]; then
+ einfo "Checking signature with ${verification_method} ..."
+ "check_file_signature_${verification_method}" "${signature}"
"${file}"
+ fi || {
# Exit early since it's typically inappropriate to try other
# mirrors in this case (it may indicate a keyring problem).
file=${file##*/}
