diff options
author | Greg Becker <becker33@llnl.gov> | 2019-11-14 16:22:01 -0800 |
---|---|---|
committer | Peter Scheibel <scheibel1@llnl.gov> | 2019-11-14 16:22:01 -0800 |
commit | c587c76537e9569743fb1c3a828f0899ce715d90 (patch) | |
tree | 7c65cc757b9fe4be89aff6ef846e9d5559615e5a /lib | |
parent | 40c77bf158aad7d968e85ba15e1be65817112650 (diff) | |
download | spack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.gz spack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.bz2 spack-c587c76537e9569743fb1c3a828f0899ce715d90.tar.xz spack-c587c76537e9569743fb1c3a828f0899ce715d90.zip |
Config option to allow gpg warning suppression (#13743)
Add a configuration option to suppress gpg warnings during binary
package verification. This only suppresses warnings: a gpg failure
will still fail the install. This allows users who have already
explicitly trusted the gpg key they are using to avoid seeing
repeated warnings that it is self-signed.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/spack/spack/binary_distribution.py | 4 | ||||
-rw-r--r-- | lib/spack/spack/schema/config.py | 1 | ||||
-rw-r--r-- | lib/spack/spack/util/gpg.py | 7 |
3 files changed, 9 insertions, 3 deletions
diff --git a/lib/spack/spack/binary_distribution.py b/lib/spack/spack/binary_distribution.py index 564903f333..3effc3c71f 100644 --- a/lib/spack/spack/binary_distribution.py +++ b/lib/spack/spack/binary_distribution.py @@ -21,6 +21,7 @@ import llnl.util.tty as tty from llnl.util.filesystem import mkdirp, install_tree import spack.cmd +import spack.config as config import spack.fetch_strategy as fs import spack.util.gpg as gpg_util import spack.relocate as relocate @@ -594,7 +595,8 @@ def extract_tarball(spec, filename, allow_root=False, unsigned=False, if not unsigned: if os.path.exists('%s.asc' % specfile_path): try: - Gpg.verify('%s.asc' % specfile_path, specfile_path) + suppress = config.get('config:suppress_gpg_warnings', False) + Gpg.verify('%s.asc' % specfile_path, specfile_path, suppress) except Exception as e: shutil.rmtree(tmpdir) tty.die(e) diff --git a/lib/spack/spack/schema/config.py b/lib/spack/spack/schema/config.py index 6eb127a359..7d170bbc91 100644 --- a/lib/spack/spack/schema/config.py +++ b/lib/spack/spack/schema/config.py @@ -56,6 +56,7 @@ properties = { 'source_cache': {'type': 'string'}, 'misc_cache': {'type': 'string'}, 'verify_ssl': {'type': 'boolean'}, + 'suppress_gpg_warnings': {'type': 'boolean'}, 'install_missing_compilers': {'type': 'boolean'}, 'debug': {'type': 'boolean'}, 'checksum': {'type': 'boolean'}, diff --git a/lib/spack/spack/util/gpg.py b/lib/spack/spack/util/gpg.py index a5c10d2151..a7d1a3d8fa 100644 --- a/lib/spack/spack/util/gpg.py +++ b/lib/spack/spack/util/gpg.py @@ -100,8 +100,11 @@ class Gpg(object): cls.gpg()(*args) @classmethod - def verify(cls, signature, file): - cls.gpg()('--verify', signature, file) + def verify(cls, signature, file, suppress_warnings=False): + if suppress_warnings: + cls.gpg()('--verify', signature, file, error=str) + else: + cls.gpg()('--verify', signature, file) @classmethod def list(cls, trusted, signing): |