summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-02-08recursiveloader: Control storing Manifest device explicitlyMichał Górny
Add an explicit keyword argument to control when st_dev of Manifest is stored as Manifest device. It does not make any real difference at the moment (since st_dev of sub-Manifests is forced to match that of top Manifest) but it will be useful in the future.
2018-02-08find_top_level: Support crossing filesystem boundariesMichał Górny
Default to allow crossing filesystem boundaries when looking for top-level Manifest. There is no real reason to prevent that, and it breaks the verification for overlayfs users.
2018-02-08find_top_level: Remove broken cross-device testMichał Górny
Remove the cross-device test that wrongly assumed we will be traversing logical parent directories rather than physical. In other words, '..' in the symlinked filesystem will never contain the Manifest file.
2018-02-08find_top_level: Remove duplicate m_path declarationMichał Górny
2018-02-08openpgp: Do not wipe the environment in isolated modeMichał Górny
Do not wipe the complete environment when running in isolated mode as this had unintended side effect of wiping PATH. Since there is no real reasons to pursue a proper whitelist for this, just preserve the environment while overriding GNUPGHOME and TZ appropriately.
2018-02-08openpgp: Fix duplicate message in key import/refresh exceptionsMichał Górny
2018-02-03tox: Fix collecting coverage for multiprocessingMichał Górny
2018-02-02Bump to v11.0Michał Górny
2018-02-02recursiveloader: Detect symlink loops explicitlyMichał Górny
2018-02-02recursiveloader: Check for cross-device directories earlier in loopMichał Górny
Check for cross-device directory when starting to process the directory rather than for each subdirectory to be processed. This will avoid double stat() call in the future. It also means that cross-device exceptions are raised a little later, when recurring into the directory rather than before doing that. However, the starting directory is now also tested.
2018-02-02recursiveloader: Do not recur into directories when file was expectedMichał Górny
When verifying, do not let os.walk() recur into a directory for which we have an entry requesting it to be a file. The verification is going to fail on the directory entry anyway, so there is no point in seeking matches further and this could have currently resulted in crossing filesystem boundaries (since the cross-fs test is deferred to verifying thread).
2018-02-02openpgp: Fix handling OpenPGPNoImplementation in testsMichał Górny
2018-02-01cli: Unify exception handling and fix it to catch all gemato exceptionsMichał Górny
2018-02-01openpgp: Use assertion for home-after-close()Michał Górny
2018-02-01openpgp: Replace RuntimeError with dedicated for import/refresh errorsMichał Górny
2018-02-01exceptions: Add a base OpenPGPRuntimeError classMichał Górny
2018-02-01exceptions: Add a GematoException base class for all custom exceptionsMichał Górny
2018-02-01openpgp: Add tests for expired signatureMichał Górny
2018-02-01manifest: Remove unused openpgp module importMichał Górny
2018-02-01cli: Fix missing explicit importsMichał Górny
2018-01-30openpgp: Set trust-model via config fileMichał Górny
2018-01-25Bump to 10.3Michał Górny
2018-01-25openpgp: Fix reading time_t timestamps as UTCMichał Górny
2018-01-24Bump to 10.2Michał Górny
2018-01-24openpgp: Fix GnuPG use to report UTC timestampsMichał Górny
2018-01-24Bump to 10.1Michał Górny
2018-01-24cli: Print Manifest timestamp as wellMichał Górny
2018-01-24cli: Print OpenPGP signature info when verifyingMichał Górny
2018-01-24Expose Manifest signature data in Manifest classesMichał Górny
2018-01-24openpgp: Return basic signature data when verifying signaturesMichał Górny
2018-01-24openpgp: Refactor status processing not to stop on GOODSIGMichał Górny
2018-01-23Bump to v10.0Michał Górny
2018-01-19Refresh OpenPGP keys before verificationMichał Górny
Always refresh OpenPGP keys before starting the verification process. This ensures that the key has not been revoked, and also reduces the risk of using an expired key.
2018-01-16openpgp: Combine common code more, and remove redundant classMichał Górny
2018-01-16openpgp: Reject signatures made with expired & revoked keysMichał Górny
2018-01-16openpgp: Pass "--trust-model always" when using isolated envMichał Górny
Always trust keys in isolated env since we are explicitly importing them. This does not make any real difference but it skips unnecessary trust management.
2018-01-16openpgp: Do not call gpgconf, more trouble than benefitMichał Górny
It turns out that 'gpgconf --kill' is not supported by gpg-2.0. Given that removing the homedir will cause the agent to quit, and that we need to explicitly handle race conditions between the cleanup and agent quitting anyway, let's just go straight for removal.
2018-01-16openpgp: Move _spawn_gpg() helper into the classMichał Górny
2018-01-16openpgp: Refactor to use class for system environment as wellMichał Górny
2018-01-16Bump version to 9.3Michał Górny
2018-01-04Fix overwriting exception messagesMichał Górny
2018-01-04tox: backports.lzma 0.0.9 is broken on pypyMichał Górny
2018-01-03compression: Prevent using incompatible 'lzma' module from pyliblzmaMichał Górny
Try importing the 'lzma' module only in Python 3.3+, that is versions known to have it built-in. This way, we can prevent accidentally importing incompatible module using the same name, e.g. pyliblzma. Bug: https://bugs.gentoo.org/643254
2017-12-18openpgp: Disable scdaemon when running GnuPGMichał Górny
2017-12-12Add tests for dealing with symlink loopsMichał Górny
2017-12-10Bump to 9.2Michał Górny
2017-12-10Include a repo.postsync.d hook for PortageMichał Górny
2017-12-10Package bash utilities as wellMichał Górny
2017-12-03Bump to 9.1Michał Górny
2017-12-03Explicitly include missing files into sdistMichał Górny
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-21 14:49:44 +0000