Allow installing unsigned binary packages (#11107)

This commit introduces a `--no-check-signature` option for `spack install` so that unsigned packages can be installed. It is off by default (signatures required).
author: Oliver Breitwieser <oliver.breitwieser@kip.uni-heidelberg.de> 2020-02-07 03:59:16 +0100
committer: GitHub <noreply@github.com> 2020-02-06 18:59:16 -0800
commit: 22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b (patch)
tree: 1ae90bebfb9661b080541fcb776dc43794f14b0c
parent: 458c9a22bf16e7e3f9d4475074bcf5ac64c6907e (diff)
download: spack-22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b.tar.gz
spack-22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b.tar.bz2
spack-22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b.tar.xz
spack-22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b.zip
3 files changed, 11 insertions, 5 deletions
diff --git a/lib/spack/spack/cmd/install.py b/lib/spack/spack/cmd/install.py
index 8f1eab0eb3..9e13643920 100644
--- a/lib/spack/spack/cmd/install.py
+++ b/lib/spack/spack/cmd/install.py
@@ -42,7 +42,8 @@ def update_kwargs_from_args(args, kwargs):
         'use_cache': args.use_cache,
         'cache_only': args.cache_only,
         'explicit': True,  # Always true for install command
-        'stop_at': args.until
+        'stop_at': args.until,
+        'unsigned': args.unsigned,
     })
 
     kwargs.update({
@@ -99,6 +100,10 @@ the dependencies"""
         help="only install package from binary mirrors")
 
     subparser.add_argument(
+        '--no-check-signature', action='store_true',
+        dest='unsigned', default=False,
+        help="do not check signatures of binary packages")
+    subparser.add_argument(
         '--show-log-on-error', action='store_true',
         help="print full build log to stderr if build fails")
     subparser.add_argument(
diff --git a/lib/spack/spack/package.py b/lib/spack/spack/package.py
index d146be9af9..d67c017a70 100644
--- a/lib/spack/spack/package.py
+++ b/lib/spack/spack/package.py
@@ -1508,7 +1508,7 @@ class PackageBase(with_metaclass(PackageMeta, PackageViewMixin, object)):
                 message = '{s.name}@{s.version} : marking the package explicit'
                 tty.msg(message.format(s=self))
 
-    def try_install_from_binary_cache(self, explicit):
+    def try_install_from_binary_cache(self, explicit, unsigned=False):
         tty.msg('Searching for binary cache of %s' % self.name)
         specs = binary_distribution.get_spec(spec=self.spec,
                                              force=False)
@@ -1525,7 +1525,7 @@ class PackageBase(with_metaclass(PackageMeta, PackageViewMixin, object)):
         tty.msg('Installing %s from binary cache' % self.name)
         binary_distribution.extract_tarball(
             binary_spec, tarball, allow_root=False,
-            unsigned=False, force=False)
+            unsigned=unsigned, force=False)
         self.installed_from_binary_cache = True
         spack.store.db.add(
             self.spec, spack.store.layout, explicit=explicit)
@@ -1666,7 +1666,8 @@ class PackageBase(with_metaclass(PackageMeta, PackageViewMixin, object)):
         tty.msg(colorize('@*{Installing} @*g{%s}' % self.name))
 
         if kwargs.get('use_cache', True):
-            if self.try_install_from_binary_cache(explicit):
+            if self.try_install_from_binary_cache(
+                    explicit, unsigned=kwargs.get('unsigned', False)):
                 tty.msg('Successfully installed %s from binary cache'
                         % self.name)
                 print_pkg(self.prefix)
diff --git a/share/spack/spack-completion.bash b/share/spack/spack-completion.bash
index 8a22e342e2..e6b7529452 100755
--- a/share/spack/spack-completion.bash
+++ b/share/spack/spack-completion.bash
@@ -945,7 +945,7 @@ _spack_info() {
 _spack_install() {
     if $list_options
     then
-        SPACK_COMPREPLY="-h --help --only -u --until -j --jobs --overwrite --keep-prefix --keep-stage --dont-restage --use-cache --no-cache --cache-only --show-log-on-error --source -n --no-checksum -v --verbose --fake --only-concrete -f --file --clean --dirty --test --run-tests --log-format --log-file --help-cdash --cdash-upload-url --cdash-build --cdash-site --cdash-track --cdash-buildstamp -y --yes-to-all"
+        SPACK_COMPREPLY="-h --help --only -u --until -j --jobs --overwrite --keep-prefix --keep-stage --dont-restage --use-cache --no-cache --cache-only --no-check-signature --show-log-on-error --source -n --no-checksum -v --verbose --fake --only-concrete -f --file --clean --dirty --test --run-tests --log-format --log-file --help-cdash --cdash-upload-url --cdash-build --cdash-site --cdash-track --cdash-buildstamp -y --yes-to-all"
     else
         _all_packages
     fi
author	Oliver Breitwieser <oliver.breitwieser@kip.uni-heidelberg.de>	2020-02-07 03:59:16 +0100
committer	GitHub <noreply@github.com>	2020-02-06 18:59:16 -0800
commit	22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b (patch)
tree	1ae90bebfb9661b080541fcb776dc43794f14b0c
parent	458c9a22bf16e7e3f9d4475074bcf5ac64c6907e (diff)
download	spack-22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b.tar.gz spack-22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b.tar.bz2 spack-22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b.tar.xz spack-22c9f5cbd8b807c6ff101a2af30c5fc4cab2d13b.zip