summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorGreg Becker <becker33@llnl.gov>2019-11-14 16:22:01 -0800
committerPeter Scheibel <scheibel1@llnl.gov>2019-11-14 16:22:01 -0800
commitc587c76537e9569743fb1c3a828f0899ce715d90 (patch)
tree7c65cc757b9fe4be89aff6ef846e9d5559615e5a /lib
parent40c77bf158aad7d968e85ba15e1be65817112650 (diff)
downloadspack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.gz
spack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.bz2
spack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.xz
spack-c587c76537e9569743fb1c3a828f0899ce715d90.zip
Config option to allow gpg warning suppression (#13743)
Add a configuration option to suppress gpg warnings during binary package verification. This only suppresses warnings: a gpg failure will still fail the install. This allows users who have already explicitly trusted the gpg key they are using to avoid seeing repeated warnings that it is self-signed.
Diffstat (limited to 'lib')
-rw-r--r--lib/spack/spack/binary_distribution.py4
-rw-r--r--lib/spack/spack/schema/config.py1
-rw-r--r--lib/spack/spack/util/gpg.py7
3 files changed, 9 insertions, 3 deletions
diff --git a/lib/spack/spack/binary_distribution.py b/lib/spack/spack/binary_distribution.py
index 564903f333..3effc3c71f 100644
--- a/lib/spack/spack/binary_distribution.py
+++ b/lib/spack/spack/binary_distribution.py
@@ -21,6 +21,7 @@ import llnl.util.tty as tty
from llnl.util.filesystem import mkdirp, install_tree
import spack.cmd
+import spack.config as config
import spack.fetch_strategy as fs
import spack.util.gpg as gpg_util
import spack.relocate as relocate
@@ -594,7 +595,8 @@ def extract_tarball(spec, filename, allow_root=False, unsigned=False,
if not unsigned:
if os.path.exists('%s.asc' % specfile_path):
try:
- Gpg.verify('%s.asc' % specfile_path, specfile_path)
+ suppress = config.get('config:suppress_gpg_warnings', False)
+ Gpg.verify('%s.asc' % specfile_path, specfile_path, suppress)
except Exception as e:
shutil.rmtree(tmpdir)
tty.die(e)
diff --git a/lib/spack/spack/schema/config.py b/lib/spack/spack/schema/config.py
index 6eb127a359..7d170bbc91 100644
--- a/lib/spack/spack/schema/config.py
+++ b/lib/spack/spack/schema/config.py
@@ -56,6 +56,7 @@ properties = {
'source_cache': {'type': 'string'},
'misc_cache': {'type': 'string'},
'verify_ssl': {'type': 'boolean'},
+ 'suppress_gpg_warnings': {'type': 'boolean'},
'install_missing_compilers': {'type': 'boolean'},
'debug': {'type': 'boolean'},
'checksum': {'type': 'boolean'},
diff --git a/lib/spack/spack/util/gpg.py b/lib/spack/spack/util/gpg.py
index a5c10d2151..a7d1a3d8fa 100644
--- a/lib/spack/spack/util/gpg.py
+++ b/lib/spack/spack/util/gpg.py
@@ -100,8 +100,11 @@ class Gpg(object):
cls.gpg()(*args)
@classmethod
- def verify(cls, signature, file):
- cls.gpg()('--verify', signature, file)
+ def verify(cls, signature, file, suppress_warnings=False):
+ if suppress_warnings:
+ cls.gpg()('--verify', signature, file, error=str)
+ else:
+ cls.gpg()('--verify', signature, file)
@classmethod
def list(cls, trusted, signing):