This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=823dd9ceec68cf481ca2101ae73a3cc433adec84 commit 823dd9ceec68cf481ca2101ae73a3cc433adec84 Author: Guillem Jover <guil...@debian.org> AuthorDate: Wed Oct 26 10:41:56 2022 +0200 Dpkg::OpenPGP: Make it a class This will make implementing multiple backends easier. --- scripts/Dpkg/OpenPGP.pm | 56 ++++++++++++++++++++++++++++-------------- scripts/Dpkg/Source/Package.pm | 20 +++++++-------- scripts/t/Dpkg_OpenPGP.t | 10 +++++--- 3 files changed, 52 insertions(+), 34 deletions(-) diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm index 4a227a0ab..9db4bffea 100644 --- a/scripts/Dpkg/OpenPGP.pm +++ b/scripts/Dpkg/OpenPGP.pm @@ -30,8 +30,30 @@ use Dpkg::Path qw(find_command); our $VERSION = '0.01'; +sub new { + my ($this, %opts) = @_; + my $class = ref($this) || $this; + + my $self = { + cmd => $opts{cmd} // 'auto', + has_cmd => {}, + require_valid_signature => $opts{require_valid_signature} // 1, + }; + bless $self, $class; + + if ($self->{cmd} eq 'auto') { + foreach my $cmd (qw(gpg gpgv)) { + $self->{has_cmd}{$cmd} = 1 if find_command($cmd); + } + } else { + $self->{has_cmd}{$self->{cmd}} = 1 if find_command($self->{cmd}); + } + + return $self; +} + sub is_armored { - my $file = shift; + my ($self, $file) = @_; my $armored = 0; open my $fh, '<', $file or syserr(g_('cannot open %s'), $file); @@ -121,7 +143,7 @@ sub _pgp_armor_data { } sub armor { - my ($type, $bin, $asc) = @_; + my ($self, $type, $bin, $asc) = @_; my $data = file_slurp($bin); file_dump($asc, _pgp_armor_data($type, $data)); @@ -130,7 +152,7 @@ sub armor { } sub dearmor { - my ($type, $asc, $bin) = @_; + my ($self, $type, $asc, $bin) = @_; my $armor = file_slurp($asc); file_dump($bin, _pgp_dearmor_data($type, $armor)); @@ -140,7 +162,7 @@ sub dearmor { sub _gpg_exec { - my ($opts, $exec) = @_; + my ($self, $exec) = @_; my ($stdout, $stderr); spawn(exec => $exec, wait_child => 1, nocheck => 1, timeout => 10, @@ -163,7 +185,7 @@ sub _gpg_options_weak_digests { } sub _gpg_verify { - my ($opts, $data, $sig, @certs) = @_; + my ($self, $data, $sig, @certs) = @_; my $gpg_home = File::Temp->newdir('dpkg-gpg-verify.XXXXXXXX', TMPDIR => 1); @@ -183,8 +205,8 @@ sub _gpg_verify { push @exec, $sig if defined $sig; push @exec, $data; - my $status = _gpg_exec($opts, \@exec); - if ($status == 1 or ($status && $opts->{require_valid_signature})) { + my $status = $self->_gpg_exec(\@exec); + if ($status == 1 or ($status && $self->{require_valid_signature})) { error(g_('cannot verify signature for %s'), $data); } elsif ($status) { warning(g_('cannot verify signature for %s'), $data); @@ -194,13 +216,11 @@ sub _gpg_verify { } sub inline_verify { - my ($opts, $data, @certs) = @_; + my ($self, $data, @certs) = @_; - $opts->{require_valid_signature} //= 1; - - if (find_command('gpgv')) { - _gpg_verify($opts, $data, undef, @certs); - } elsif ($opts->{require_valid_signature}) { + if ($self->{has_cmd}{gpgv}) { + $self->_gpg_verify($data, undef, @certs); + } elsif ($self->{require_valid_signature}) { error(g_('cannot verify inline signature on %s since GnuPG is not installed'), $data); } else { @@ -212,13 +232,11 @@ sub inline_verify { } sub verify { - my ($opts, $data, $sig, @certs) = @_; - - $opts->{require_valid_signature} //= 1; + my ($self, $data, $sig, @certs) = @_; - if (find_command('gpgv')) { - _gpg_verify($opts, $data, $sig, @certs); - } elsif ($opts->{require_valid_signature}) { + if ($self->{has_cmd}{gpgv}) { + $self->_gpg_verify($data, $sig, @certs); + } elsif ($self->{require_valid_signature}) { error(g_('cannot verify signature on %s since GnuPG is not installed'), $sig); } else { diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm index 734ec985f..d017aded8 100644 --- a/scripts/Dpkg/Source/Package.pm +++ b/scripts/Dpkg/Source/Package.pm @@ -226,6 +226,11 @@ sub new { $self->upgrade_object_type(0); $self->init_options(); } + + $self->{openpgp} = Dpkg::OpenPGP->new( + require_valid_signature => $self->{options}{require_valid_signature}, + ); + return $self; } @@ -429,13 +434,13 @@ sub armor_original_tarball_signature { my ($self, $bin, $asc) = @_; if (-e $bin) { - if (Dpkg::OpenPGP::is_armored($bin)) { + if ($self->{openpgp}->is_armored($bin)) { notice(g_('signature file is already OpenPGP ASCII armor, copying')); copy($bin, $asc); return $asc; } - return Dpkg::OpenPGP::armor('SIGNATURE', $bin, $asc); + return $self->{openpgp}->armor('SIGNATURE', $bin, $asc); } return; @@ -459,15 +464,11 @@ sub check_original_tarball_signature { return; } - my $opts = { - require_valid_signature => $self->{options}{require_valid_signature}, - }; - foreach my $asc (@asc) { my $datafile = $asc =~ s/\.asc$//r; info(g_('verifying %s'), $asc); - Dpkg::OpenPGP::verify($opts, $datafile, $asc, $upstream_key); + $self->{openpgp}->verify($datafile, $asc, $upstream_key); } } @@ -507,10 +508,7 @@ sub check_signature { } } - my $opts = { - require_valid_signature => $self->{options}{require_valid_signature}, - }; - Dpkg::OpenPGP::inline_verify($opts, $dsc, @certs); + $self->{openpgp}->inline_verify($dsc, @certs); } sub describe_cmdline_options { diff --git a/scripts/t/Dpkg_OpenPGP.t b/scripts/t/Dpkg_OpenPGP.t index e8e727d3a..9b3a36656 100644 --- a/scripts/t/Dpkg_OpenPGP.t +++ b/scripts/t/Dpkg_OpenPGP.t @@ -34,24 +34,26 @@ report_options(quiet_warnings => 1); my $datadir = test_get_data_path(); my $tmpdir = test_get_temp_path(); +my $openpgp = Dpkg::OpenPGP->new(); + my ($reffile, $binfile, $ascfile); $binfile = "$datadir/data-file"; $reffile = "$datadir/data-file.asc"; -ok(!Dpkg::OpenPGP::is_armored($binfile), 'file not ASCII Armored'); -ok(Dpkg::OpenPGP::is_armored($reffile), 'file ASCII Armored'); +ok(!$openpgp->is_armored($binfile), 'file not ASCII Armored'); +ok($openpgp->is_armored($reffile), 'file ASCII Armored'); $ascfile = "$tmpdir/data-file.asc"; -Dpkg::OpenPGP::armor('ARMORED FILE', $binfile, $ascfile); +$openpgp->armor('ARMORED FILE', $binfile, $ascfile); ok(compare($ascfile, $reffile) == 0, 'armor binary file into OpenPGP ASCII Armor'); $reffile = "$datadir/data-file"; $ascfile = "$datadir/data-file.asc"; $binfile = "$tmpdir/data-file"; -Dpkg::OpenPGP::dearmor('ARMORED FILE', $ascfile, $binfile); +$openpgp->dearmor('ARMORED FILE', $ascfile, $binfile); ok(compare($binfile, $reffile) == 0, 'dearmor OpenPGP ASCII Armor into binary file'); # TODO: Add actual test cases. -- Dpkg.Org's dpkg