This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=357ed2d614d4e8643c563805ebb359edb966e56e commit 357ed2d614d4e8643c563805ebb359edb966e56e (HEAD -> main) Author: Guillem Jover <[email protected]> AuthorDate: Mon Nov 2 09:55:30 2020 +0100 Dpkg::OpenPGP: Add Sequoia backend support Add support for sq, and prefer it if installed with the assumption that if a user has it, that probably means they prefer it over GnuPG. --- README | 1 + debian/control | 12 ++-- man/dpkg-buildpackage.pod | 3 + scripts/Dpkg/OpenPGP.pm | 2 + scripts/Dpkg/OpenPGP/Backend/Sequoia.pm | 123 ++++++++++++++++++++++++++++++++ scripts/Makefile.am | 1 + scripts/t/Dpkg_OpenPGP.t | 2 + 7 files changed, 140 insertions(+), 4 deletions(-) diff --git a/README b/README index 1d30279e6..4097cfcbb 100644 --- a/README +++ b/README @@ -106,6 +106,7 @@ software might be needed: codespell (optional, author) cppcheck (optional, author) fakeroot (optional) + sq (from Sequoia-PGP, optional) gpg (optional) i18nspector (optional, author) shellcheck (optional, author) diff --git a/debian/control b/debian/control index 161b48cfd..39df862d3 100644 --- a/debian/control +++ b/debian/control @@ -106,8 +106,8 @@ Recommends: build-essential, gcc | c-compiler, fakeroot, - gnupg, - gpgv, + gnupg | sq, + gpgv | sq, # Used by dpkg-mergechangelogs. libalgorithm-merge-perl, Suggests: @@ -115,6 +115,8 @@ Suggests: Breaks: # Force R³ support, w/o requiring debhelper users to depend on dpkg-dev. debhelper (<< 10.10.1~), +# Uses new sq features, w/o requiring a hard dependency on sq. + sq (<< 0.25.0~), Description: Debian package development tools This package provides the development tools (including dpkg-source) required to unpack, build and upload Debian source packages. @@ -141,8 +143,8 @@ Recommends: xz-utils, Suggests: debian-keyring, - gnupg, - gpgv, + gnupg | sq, + gpgv | sq, gcc | c-compiler, binutils, patch, @@ -159,6 +161,8 @@ Breaks: # Uses Dpkg::Compression::Process imported from Dpkg::Source::Package in # versions prior to 1.19.0. dgit (<< 3.13~), +# Uses new sq features, w/o requiring a hard dependency on sq. + sq (<< 0.25.0~), Description: Dpkg perl modules This package provides the perl modules used by the scripts in dpkg-dev. They cover a wide range of functionality. Among them diff --git a/man/dpkg-buildpackage.pod b/man/dpkg-buildpackage.pod index 6c8d06695..f6b7d109d 100644 --- a/man/dpkg-buildpackage.pod +++ b/man/dpkg-buildpackage.pod @@ -527,6 +527,8 @@ The specific OpenPGP backends supported in order of preference are: =over 2 +=item B<sq> (from Sequoia-PGP) + =item B<gpg> (from GnuPG) =back @@ -787,4 +789,5 @@ B<dpkg-genbuildinfo>(1), B<dpkg-genchanges>(1), B<fakeroot>(1), B<lintian>(1), +B<sq>(1), B<gpg>(1). diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm index f45c1ff7d..74b1674b2 100644 --- a/scripts/Dpkg/OpenPGP.pm +++ b/scripts/Dpkg/OpenPGP.pm @@ -28,9 +28,11 @@ use Dpkg::Path qw(find_command); our $VERSION = '0.01'; my @BACKENDS = qw( + sq gpg ); my %BACKEND = ( + sq => 'Sequoia', gpg => 'GnuPG', ); diff --git a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm new file mode 100644 index 000000000..531339340 --- /dev/null +++ b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm @@ -0,0 +1,123 @@ +# Copyright © 2021-2022 Guillem Jover <[email protected]> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +package Dpkg::OpenPGP::Backend::Sequoia; + +use strict; +use warnings; + +our $VERSION = '0.01'; + +use POSIX qw(:sys_wait_h); + +use Dpkg::ErrorHandling; +use Dpkg::IPC; +use Dpkg::OpenPGP::ErrorCodes; + +use parent qw(Dpkg::OpenPGP::Backend); + +sub DEFAULT_CMD { + return [ qw(sq) ]; +} + +sub _sq_exec +{ + my ($self, @exec) = @_; + + my ($stdout, $stderr); + spawn(exec => [ $self->{cmd}, @exec ], + wait_child => 1, nocheck => 1, timeout => 10, + to_string => \$stdout, error_to_string => \$stderr); + if (WIFEXITED($?)) { + my $status = WEXITSTATUS($?); + print { *STDERR } "$stdout$stderr" if $status; + return $status; + } else { + subprocerr("$self->{cmd} @exec"); + } +} + +sub armor +{ + my ($self, $type, $in, $out) = @_; + + return OPENPGP_MISSING_CMD unless $self->{cmd}; + + # We ignore the $type, and let "sq" handle this automatically. + my $rc = $self->_sq_exec(qw(armor --output), $out, $in); + return OPENPGP_BAD_DATA if $rc; + return OPENPGP_OK; +} + +sub dearmor +{ + my ($self, $type, $in, $out) = @_; + + return OPENPGP_MISSING_CMD unless $self->{cmd}; + + # We ignore the $type, and let "sq" handle this automatically. + my $rc = $self->_sq_exec(qw(dearmor --output), $out, $in); + return OPENPGP_BAD_DATA if $rc; + return OPENPGP_OK; +} + +sub inline_verify +{ + my ($self, $inlinesigned, $data, @certs) = @_; + + return OPENPGP_MISSING_CMD unless $self->{cmd}; + + my @opts; + push @opts, map { ('--signer-cert', $_) } @certs; + push @opts, '--output', $data if defined $data; + + my $rc = $self->_sq_exec(qw(verify), @opts, $inlinesigned); + return OPENPGP_NO_SIG if $rc; + return OPENPGP_OK; +} + +sub verify +{ + my ($self, $data, $sig, @certs) = @_; + + return OPENPGP_MISSING_CMD unless $self->{cmd}; + + my @opts; + push @opts, map { ('--signer-cert', $_) } @certs; + push @opts, '--detached', $sig; + + my $rc = $self->_sq_exec(qw(verify), @opts, $data); + return OPENPGP_NO_SIG if $rc; + return OPENPGP_OK; +} + +sub inline_sign +{ + my ($self, $data, $inlinesigned, $key) = @_; + + return OPENPGP_MISSING_CMD unless $self->{cmd}; + return OPENPGP_NEEDS_KEYSTORE if $key->needs_keystore(); + + my @opts; + push @opts, '--cleartext-signature'; + push @opts, '--signer-key', $key->handle; + push @opts, '--output', $inlinesigned; + + my $rc = $self->_sq_exec('sign', @opts, $data); + return OPENPGP_KEY_CANNOT_SIGN if $rc; + return OPENPGP_OK; +} + +1; diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 4375e23f7..b508219da 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -108,6 +108,7 @@ nobase_dist_perllib_DATA = \ Dpkg/OpenPGP.pm \ Dpkg/OpenPGP/Backend.pm \ Dpkg/OpenPGP/Backend/GnuPG.pm \ + Dpkg/OpenPGP/Backend/Sequoia.pm \ Dpkg/OpenPGP/ErrorCodes.pm \ Dpkg/OpenPGP/KeyHandle.pm \ Dpkg/Package.pm \ diff --git a/scripts/t/Dpkg_OpenPGP.t b/scripts/t/Dpkg_OpenPGP.t index 849014afc..c7d045d1d 100644 --- a/scripts/t/Dpkg_OpenPGP.t +++ b/scripts/t/Dpkg_OpenPGP.t @@ -27,10 +27,12 @@ use Dpkg::OpenPGP::KeyHandle; my @backend_cmds = qw( gpg + sq ); my %backend_cmd = ( auto => 'auto', gpg => 'gpg', + sq => 'sq', ); my @cmds = grep { find_command($_) } @backend_cmds; if (@cmds == 0) { -- Dpkg.Org's dpkg
