[opensuse-buildservice] RFC: [PATCH] --offline skips the GPG verification too
Hi, now as we are in funny times with BuildService and iChain, I use a --offline option a lot. But without --no-verify it does not make a sense, because GPG verification needs API. The --offline implies me API won't be queried, so I've made this small patch, which skips the GPG verification as well. Any comments? Regards Michal Vyskocil The --offline arguments implies API will not be touched, so this will skip the GPG verification as well. --- osc/build.py | 2 +- osc/commandline.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/osc/build.py b/osc/build.py index 66d74ef..635d102 100644 --- a/osc/build.py +++ b/osc/build.py @@ -761,7 +761,7 @@ def main(apiurl, opts, argv): os.symlink(sffn, tffn) if bi.pacsuffix == 'rpm': - if opts.no_verify: + if opts.no_verify or opts.offline: print 'Skipping verification of package signatures' else: print 'Verifying integrity of cached packages' diff --git a/osc/commandline.py b/osc/commandline.py index ff85f72..50666db 100644 --- a/osc/commandline.py +++ b/osc/commandline.py @@ -4471,7 +4471,7 @@ Please submit there instead, or use --nodevelproject to force direct submission. @cmdln.option('--clean', action='store_true', help='Delete old build root before initializing it') @cmdln.option('-o', '--offline', action='store_true', - help='Start with cached prjconf and packages without contacting the api server') + help='Start with cached prjconf and packages without contacting the api server and skip GPG verification') @cmdln.option('-l', '--preload', action='store_true', help='Preload all files into the chache for offline operation') @cmdln.option('--no-changelog', action='store_true', -- 1.7.4.1
Am Donnerstag, 7. April 2011, 10:10:24 schrieb Michal Vyskocil:
Hi,
now as we are in funny times with BuildService and iChain, I use a --offline option a lot. But without --no-verify it does not make a sense, because GPG verification needs API. The --offline implies me API won't be queried, so I've made this small patch, which skips the GPG verification as well.
Hm, I am unsure if --offline should automatic imply --no-verify, since you may have evil/unwanted rpms in your local cache from a former build attempt. It may be okay, if you did accept that in a former build, so if you remove the buildconfig, if the user did not accept these rpms in former online build. In that way the offline build would not be possible anyway.
Any comments?
Regards Michal Vyskocil
The --offline arguments implies API will not be touched, so this will skip the GPG verification as well. --- osc/build.py | 2 +- osc/commandline.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/osc/build.py b/osc/build.py index 66d74ef..635d102 100644 --- a/osc/build.py +++ b/osc/build.py @@ -761,7 +761,7 @@ def main(apiurl, opts, argv): os.symlink(sffn, tffn)
if bi.pacsuffix == 'rpm': - if opts.no_verify: + if opts.no_verify or opts.offline: print 'Skipping verification of package signatures' else: print 'Verifying integrity of cached packages' diff --git a/osc/commandline.py b/osc/commandline.py index ff85f72..50666db 100644 --- a/osc/commandline.py +++ b/osc/commandline.py @@ -4471,7 +4471,7 @@ Please submit there instead, or use --nodevelproject to force direct submission. @cmdln.option('--clean', action='store_true', help='Delete old build root before initializing it') @cmdln.option('-o', '--offline', action='store_true', - help='Start with cached prjconf and packages without contacting the api server') + help='Start with cached prjconf and packages without contacting the api server and skip
GPG verification')
@cmdln.option('-l', '--preload', action='store_true', help='Preload all files into the chache for offline operation') @cmdln.option('--no-changelog', action='store_true',
-- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Thu, Apr 07, 2011 at 10:14:35AM +0200, Adrian Schröter wrote:
Am Donnerstag, 7. April 2011, 10:10:24 schrieb Michal Vyskocil:
Hi,
now as we are in funny times with BuildService and iChain, I use a --offline option a lot. But without --no-verify it does not make a sense, because GPG verification needs API. The --offline implies me API won't be queried, so I've made this small patch, which skips the GPG verification as well.
Hm, I am unsure if --offline should automatic imply --no-verify, since you may have evil/unwanted rpms in your local cache from a former build attempt.
It may be okay, if you did accept that in a former build, so if you remove the buildconfig, if the user did not accept these rpms in former online build. In that way the offline build would not be possible anyway.
Good point - but afaik there's no way how to accept rpms, isn't it? I would prevent add something like this, so maybe the --offline and --no-verify is the best solution. Regards Michal Vyskocil
Any comments?
Regards Michal Vyskocil
The --offline arguments implies API will not be touched, so this will skip the GPG verification as well. --- osc/build.py | 2 +- osc/commandline.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/osc/build.py b/osc/build.py index 66d74ef..635d102 100644 --- a/osc/build.py +++ b/osc/build.py @@ -761,7 +761,7 @@ def main(apiurl, opts, argv): os.symlink(sffn, tffn)
if bi.pacsuffix == 'rpm': - if opts.no_verify: + if opts.no_verify or opts.offline: print 'Skipping verification of package signatures' else: print 'Verifying integrity of cached packages' diff --git a/osc/commandline.py b/osc/commandline.py index ff85f72..50666db 100644 --- a/osc/commandline.py +++ b/osc/commandline.py @@ -4471,7 +4471,7 @@ Please submit there instead, or use --nodevelproject to force direct submission. @cmdln.option('--clean', action='store_true', help='Delete old build root before initializing it') @cmdln.option('-o', '--offline', action='store_true', - help='Start with cached prjconf and packages without contacting the api server') + help='Start with cached prjconf and packages without contacting the api server and skip
GPG verification')
@cmdln.option('-l', '--preload', action='store_true', help='Preload all files into the chache for offline operation') @cmdln.option('--no-changelog', action='store_true',
-- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Michal Vyskocil wrote:
now as we are in funny times with BuildService and iChain, I use a --offline option a lot. But without --no-verify it does not make a sense, because GPG verification needs API. The --offline implies me API won't be queried, so I've made this small patch, which skips the GPG verification as well.
This should actually be fixed already: https://bugzilla.novell.com/show_bug.cgi?id=665784 http://gitorious.org/opensuse/osc/commit/ef06aa26cfed7c8afaf4fd0ea7ec1540d01... cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (3)
-
Adrian Schröter -
Ludwig Nussel -
Michal Vyskocil