zhangyiss/spack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Config option to allow gpg warning suppression (#13744)

Browse Source 
Add a configuration option to suppress gpg warnings during binary
package verification. This only suppresses warnings: a gpg failure
will still fail the install. This allows users who have already
explicitly trusted the gpg key they are using to avoid seeing
repeated warnings that it is self-signed.
This commit is contained in:
Greg Becker 2019-11-14 16:22:19 -08:00 committed by Peter Scheibel
parent 28163cb34f
commit 74e04b7e20
4 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/spack/defaults/config.yaml
View File

@ -80,6 +80,14 @@ config:
verify_ssl: true verify_ssl: true
# Suppress gpg warnings from binary package verification
# Only suppresses warnings, gpg failure will still fail the install
# Potential rationale to set True: users have already explicitly trusted the
# gpg key they are using, and may not want to see repeated warnings that it
# is self-signed or something of the sort.
suppress_gpg_warnings: false
# If set to true, Spack will attempt to build any compiler on the spec # If set to true, Spack will attempt to build any compiler on the spec
# that is not already available. If set to False, Spack will only use # that is not already available. If set to False, Spack will only use
# compilers already configured in compilers.yaml # compilers already configured in compilers.yaml

4
lib/spack/spack/binary_distribution.py
View File

@ -21,6 +21,7 @@
from llnl.util.filesystem import mkdirp, install_tree from llnl.util.filesystem import mkdirp, install_tree
import spack.cmd import spack.cmd
import spack.config as config
import spack.fetch_strategy as fs import spack.fetch_strategy as fs
import spack.util.gpg as gpg_util import spack.util.gpg as gpg_util
import spack.relocate as relocate import spack.relocate as relocate
@ -592,7 +593,8 @@ def extract_tarball(spec, filename, allow_root=False, unsigned=False,
if not unsigned: if not unsigned:
if os.path.exists('%s.asc' % specfile_path): if os.path.exists('%s.asc' % specfile_path):
try: try:
Gpg.verify('%s.asc' % specfile_path, specfile_path) suppress = config.get('config:suppress_gpg_warnings', False)
Gpg.verify('%s.asc' % specfile_path, specfile_path, suppress)
except Exception as e: except Exception as e:
shutil.rmtree(tmpdir) shutil.rmtree(tmpdir)
tty.die(e) tty.die(e)

1
lib/spack/spack/schema/config.py
View File

@ -56,6 +56,7 @@
'source_cache': {'type': 'string'}, 'source_cache': {'type': 'string'},
'misc_cache': {'type': 'string'}, 'misc_cache': {'type': 'string'},
'verify_ssl': {'type': 'boolean'}, 'verify_ssl': {'type': 'boolean'},
'suppress_gpg_warnings': {'type': 'boolean'},
'install_missing_compilers': {'type': 'boolean'}, 'install_missing_compilers': {'type': 'boolean'},
'debug': {'type': 'boolean'}, 'debug': {'type': 'boolean'},
'checksum': {'type': 'boolean'}, 'checksum': {'type': 'boolean'},

7
lib/spack/spack/util/gpg.py
View File

@ -100,8 +100,11 @@ def sign(cls, key, file, output, clearsign=False):
cls.gpg()(*args) cls.gpg()(*args)
@classmethod @classmethod
def verify(cls, signature, file): def verify(cls, signature, file, suppress_warnings=False):
cls.gpg()('--verify', signature, file) if suppress_warnings:
cls.gpg()('--verify', signature, file, error=str)
else:
cls.gpg()('--verify', signature, file)
@classmethod @classmethod
def list(cls, trusted, signing): def list(cls, trusted, signing):