Re: [OE-core] [PATCH v7 2/5] gpg_sign: detach_sign: fix gpg > 2.1 STDIN file descriptor

2016-03-03 Thread Markus Lehtonen 





On 02/03/16 16:47, "Ioan-Adrian Ratiu"  wrote:

>Starting from v2.1 passing passwords directly to gpg does not work
>anymore [1], instead a loopback interface must be used otherwise
>gpg >2.1 will error out with:
>"gpg: signing failed: Inappropriate ioctl for device"
>
>gpg <2.1 does not work with the new --pinentry-mode arg and gives an
>invalid option error, so we detect what is the running version of gpg
>and pass it accordingly.
>
>[1] https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase
>
>Signed-off-by: Ioan-Adrian Ratiu 
>---
> meta/lib/oe/gpg_sign.py | 16 
> 1 file changed, 16 insertions(+)
>
>diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
>index 1406f17..5d9ad49 100644
>--- a/meta/lib/oe/gpg_sign.py
>+++ b/meta/lib/oe/gpg_sign.py
>@@ -67,6 +67,13 @@ class LocalSigner(object):
> if armor:
> cmd += ['--armor']
> 
>+#gpg > 2.1 supports password pipes only through the loopback interface
>+#gpg < 2.1 errors out if given unknown parameters
>+dots = self.get_gpg_version().split('.')
>+assert len(dots) >= 2
>+if int(dots[0]) >= 2 and int(dots[1]) >= 1:
>+cmd += ['--pinentry-mode', 'loopback']
>+
> cmd += [input_file]
> 
> try:
>@@ -92,6 +99,15 @@ class LocalSigner(object):
> raise Exception("Failed to sign '%s'" % input_file)

Another nitpick: missing a line feed here(?)

Thanks,
  Markus


> 
> 
>+def get_gpg_version(self):
>+"""Return the gpg version"""
>+import subprocess
>+try:
>+return subprocess.check_output((self.gpg_bin, 
>"--version")).split()[2]
>+except subprocess.CalledProcessError as e:
>+raise bb.build.FuncFailed("Could not get gpg version: %s" % e)
>+
>+
> def verify(self, sig_file):
> """Verify signature"""
> cmd = self.gpg_bin + " --verify "
>-- 
>2.7.1
>

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v7 2/5] gpg_sign: detach_sign: fix gpg > 2.1 STDIN file descriptor

2016-03-02 Thread Ioan-Adrian Ratiu 
Starting from v2.1 passing passwords directly to gpg does not work
anymore [1], instead a loopback interface must be used otherwise
gpg >2.1 will error out with:
"gpg: signing failed: Inappropriate ioctl for device"

gpg <2.1 does not work with the new --pinentry-mode arg and gives an
invalid option error, so we detect what is the running version of gpg
and pass it accordingly.

[1] https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase

Signed-off-by: Ioan-Adrian Ratiu 
---
 meta/lib/oe/gpg_sign.py | 16 
 1 file changed, 16 insertions(+)

diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index 1406f17..5d9ad49 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -67,6 +67,13 @@ class LocalSigner(object):
 if armor:
 cmd += ['--armor']
 
+#gpg > 2.1 supports password pipes only through the loopback interface
+#gpg < 2.1 errors out if given unknown parameters
+dots = self.get_gpg_version().split('.')
+assert len(dots) >= 2
+if int(dots[0]) >= 2 and int(dots[1]) >= 1:
+cmd += ['--pinentry-mode', 'loopback']
+
 cmd += [input_file]
 
 try:
@@ -92,6 +99,15 @@ class LocalSigner(object):
 raise Exception("Failed to sign '%s'" % input_file)
 
 
+def get_gpg_version(self):
+"""Return the gpg version"""
+import subprocess
+try:
+return subprocess.check_output((self.gpg_bin, 
"--version")).split()[2]
+except subprocess.CalledProcessError as e:
+raise bb.build.FuncFailed("Could not get gpg version: %s" % e)
+
+
 def verify(self, sig_file):
 """Verify signature"""
 cmd = self.gpg_bin + " --verify "
-- 
2.7.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core