This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=9ab885d538ade4b161ed1f1467f3cac3d8941b80 commit 9ab885d538ade4b161ed1f1467f3cac3d8941b80 Author: Guillem Jover <[email protected]> AuthorDate: Sat Jul 30 20:10:36 2022 +0200 Dpkg::OpenPGP: Split verify_signature() into verify() and inline_verify() This maps more closely to the SOP API. --- scripts/Dpkg/OpenPGP.pm | 34 ++++++++++++++++++++++++++-------- scripts/Dpkg/Source/Package.pm | 11 ++++------- 2 files changed, 30 insertions(+), 15 deletions(-) diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm index 018793565..93fa2d6b0 100644 --- a/scripts/Dpkg/OpenPGP.pm +++ b/scripts/Dpkg/OpenPGP.pm @@ -162,30 +162,48 @@ sub import_key { } sub _gpg_verify { - my ($opts, $sig) = @_; + my ($opts, $data, $sig, @certs) = @_; my $gpghome = File::Temp->newdir('dpkg-gpg-verify.XXXXXXXX', TMPDIR => 1); my @exec = qw(gpgv); push @exec, _gpg_options_weak_digests(); push @exec, '--homedir', $gpghome; - foreach my $keyring (@{$opts->{keyrings}}) { + foreach my $keyring (@certs) { push @exec, '--keyring', $keyring; } - push @exec, $sig; - push @exec, $opts->{datafile} if exists $opts->{datafile}; + push @exec, $sig if defined $sig; + push @exec, $data; - my $errmsg = sprintf g_('cannot verify signature %s'), $sig; + my $errmsg = sprintf g_('cannot verify signature for %s'), $data; _exec_openpgp($opts, \@exec, $errmsg); } -sub verify_signature { - my ($opts, $sig) = @_; +sub inline_verify { + my ($opts, $data, @certs) = @_; $opts->{require_valid_signature} //= 1; if (find_command('gpgv')) { - _gpg_verify($opts, $sig); + _gpg_verify($opts, $data, undef, @certs); + } elsif ($opts->{require_valid_signature}) { + error(g_('cannot verify inline signature on %s since GnuPG is not installed'), + $data); + } else { + warning(g_('cannot verify inline signature on %s since GnuPG is not installed'), + $data); + } + + return; +} + +sub verify { + my ($opts, $data, $sig, @certs) = @_; + + $opts->{require_valid_signature} //= 1; + + if (find_command('gpgv')) { + _gpg_verify($opts, $data, $sig, @certs); } elsif ($opts->{require_valid_signature}) { error(g_('cannot verify signature on %s since GnuPG is not installed'), $sig); diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm index fdd05d6cf..e2540f8dd 100644 --- a/scripts/Dpkg/Source/Package.pm +++ b/scripts/Dpkg/Source/Package.pm @@ -445,12 +445,10 @@ sub check_original_tarball_signature { }, $upstream_key); foreach my $asc (@asc) { + my $datafile = $asc =~ s/\.asc$//r; + info(g_('verifying %s'), $asc); - Dpkg::OpenPGP::verify_signature({ - %{$opts}, - keyrings => [ $keyring ], - datafile => $asc =~ s/\.asc$//r, - }, $asc); + Dpkg::OpenPGP::verify($opts, $datafile, $asc, $keyring); } } @@ -491,10 +489,9 @@ sub check_signature { } my $opts = { - keyrings => \@keyrings, require_valid_signature => $self->{options}{require_valid_signature}, }; - Dpkg::OpenPGP::verify_signature($opts, $dsc); + Dpkg::OpenPGP::inline_verify($opts, $dsc, @keyrings); } sub describe_cmdline_options { -- Dpkg.Org's dpkg
