diff options
| author | Zac Medico <zmedico@gentoo.org> | 2006-12-02 04:42:33 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2006-12-02 04:42:33 +0000 |
| commit | eabd4140a9a273a0ac99dec2f19b808b8379736c (patch) | |
| tree | df7e07bc31fee3dc73162735768d8db93728ed5b | |
| parent | 81f6fdf9e08d3b2e1ce681732647b4459e09377d (diff) | |
| download | portage-eabd4140a9a273a0ac99dec2f19b808b8379736c.tar.gz portage-eabd4140a9a273a0ac99dec2f19b808b8379736c.tar.bz2 portage-eabd4140a9a273a0ac99dec2f19b808b8379736c.zip | |
Always verify the ebuild checksums before executing it. Thanks to solar for the suggestion and antarus for the initial patch.
svn path=/main/trunk/; revision=5150
| -rw-r--r-- | pym/portage.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/pym/portage.py b/pym/portage.py index 7513beb2b..e04fafebf 100644 --- a/pym/portage.py +++ b/pym/portage.py @@ -3007,6 +3007,29 @@ def doebuild(myebuild, mydo, myroot, mysettings, debug=0, listonly=0, noiselevel=-1) return 1 + if "strict" in features and mydo not in ("digest", "manifest", "help"): + # Always verify the ebuild checksums before executing it. + pkgdir = os.path.dirname(myebuild) + manifest_path = os.path.join(pkgdir, "Manifest") + if not os.path.exists(manifest_path): + writemsg("!!! Manifest file not found: '%s'\n" % manifest_path, + noiselevel=-1) + return 1 + mf = Manifest(pkgdir, mysettings["DISTDIR"]) + try: + mf.checkTypeHashes("EBUILD") + except portage_exception.FileNotFound, e: + writemsg("!!! A file listed in the Manifest " + \ + "could not be found: %s\n" % str(e), noiselevel=-1) + return 1 + except portage_exception.DigestException, e: + writemsg("!!! Digest verification failed:\n", noiselevel=-1) + writemsg("!!! %s\n" % e.value[0], noiselevel=-1) + writemsg("!!! Reason: %s\n" % e.value[1], noiselevel=-1) + writemsg("!!! Got: %s\n" % e.value[2], noiselevel=-1) + writemsg("!!! Expected: %s\n" % e.value[3], noiselevel=-1) + return 1 + doebuild_environment(myebuild, mydo, myroot, mysettings, debug, use_cache, mydbapi) |