diff options
| author | Greg Becker <becker33@llnl.gov> | 2019-11-14 16:22:01 -0800 |
|---|---|---|
| committer | Peter Scheibel <scheibel1@llnl.gov> | 2019-11-14 16:22:01 -0800 |
| commit | c587c76537e9569743fb1c3a828f0899ce715d90 (patch) | |
| tree | 7c65cc757b9fe4be89aff6ef846e9d5559615e5a | |
| parent | 40c77bf158aad7d968e85ba15e1be65817112650 (diff) | |
| download | spack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.gz spack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.bz2 spack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.xz spack-c587c76537e9569743fb1c3a828f0899ce715d90.zip | |
Config option to allow gpg warning suppression (#13743)
Add a configuration option to suppress gpg warnings during binary
package verification. This only suppresses warnings: a gpg failure
will still fail the install. This allows users who have already
explicitly trusted the gpg key they are using to avoid seeing
repeated warnings that it is self-signed.
| -rw-r--r-- | etc/spack/defaults/config.yaml | 8 | ||||
| -rw-r--r-- | lib/spack/spack/binary_distribution.py | 4 | ||||
| -rw-r--r-- | lib/spack/spack/schema/config.py | 1 | ||||
| -rw-r--r-- | lib/spack/spack/util/gpg.py | 7 |
4 files changed, 17 insertions, 3 deletions
diff --git a/etc/spack/defaults/config.yaml b/etc/spack/defaults/config.yaml index 6be1d9770b..3aadccfda1 100644 --- a/etc/spack/defaults/config.yaml +++ b/etc/spack/defaults/config.yaml @@ -80,6 +80,14 @@ config: verify_ssl: true + # Suppress gpg warnings from binary package verification + # Only suppresses warnings, gpg failure will still fail the install + # Potential rationale to set True: users have already explicitly trusted the + # gpg key they are using, and may not want to see repeated warnings that it + # is self-signed or something of the sort. + suppress_gpg_warnings: false + + # If set to true, Spack will attempt to build any compiler on the spec # that is not already available. If set to False, Spack will only use # compilers already configured in compilers.yaml diff --git a/lib/spack/spack/binary_distribution.py b/lib/spack/spack/binary_distribution.py index 564903f333..3effc3c71f 100644 --- a/lib/spack/spack/binary_distribution.py +++ b/lib/spack/spack/binary_distribution.py @@ -21,6 +21,7 @@ import llnl.util.tty as tty from llnl.util.filesystem import mkdirp, install_tree import spack.cmd +import spack.config as config import spack.fetch_strategy as fs import spack.util.gpg as gpg_util import spack.relocate as relocate @@ -594,7 +595,8 @@ def extract_tarball(spec, filename, allow_root=False, unsigned=False, if not unsigned: if os.path.exists('%s.asc' % specfile_path): try: - Gpg.verify('%s.asc' % specfile_path, specfile_path) + suppress = config.get('config:suppress_gpg_warnings', False) + Gpg.verify('%s.asc' % specfile_path, specfile_path, suppress) except Exception as e: shutil.rmtree(tmpdir) tty.die(e) diff --git a/lib/spack/spack/schema/config.py b/lib/spack/spack/schema/config.py index 6eb127a359..7d170bbc91 100644 --- a/lib/spack/spack/schema/config.py +++ b/lib/spack/spack/schema/config.py @@ -56,6 +56,7 @@ properties = { 'source_cache': {'type': 'string'}, 'misc_cache': {'type': 'string'}, 'verify_ssl': {'type': 'boolean'}, + 'suppress_gpg_warnings': {'type': 'boolean'}, 'install_missing_compilers': {'type': 'boolean'}, 'debug': {'type': 'boolean'}, 'checksum': {'type': 'boolean'}, diff --git a/lib/spack/spack/util/gpg.py b/lib/spack/spack/util/gpg.py index a5c10d2151..a7d1a3d8fa 100644 --- a/lib/spack/spack/util/gpg.py +++ b/lib/spack/spack/util/gpg.py @@ -100,8 +100,11 @@ class Gpg(object): cls.gpg()(*args) @classmethod - def verify(cls, signature, file): - cls.gpg()('--verify', signature, file) + def verify(cls, signature, file, suppress_warnings=False): + if suppress_warnings: + cls.gpg()('--verify', signature, file, error=str) + else: + cls.gpg()('--verify', signature, file) @classmethod def list(cls, trusted, signing): |