This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=5a6f12663d04d5b688ff23088eecbd5767c74438 commit 5a6f12663d04d5b688ff23088eecbd5767c74438 (HEAD -> main) Author: Guillem Jover <[email protected]> AuthorDate: Wed Jan 15 00:40:28 2025 +0100 Dpkg::OpenPGP::Backend::SOP: Add sopv support This is the verification-only stable subset from SOP, where the commands only implement the minimum required for verification, which is one of the most common operations when dealing with packaging artifacts. --- debian/control | 4 ++-- scripts/Dpkg/OpenPGP/Backend/SOP.pm | 22 +++++++++++++++++----- scripts/Test/Dpkg.pm | 11 +++++++---- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/debian/control b/debian/control index 4b8fdb7c1..647bac2dc 100644 --- a/debian/control +++ b/debian/control @@ -123,7 +123,7 @@ Recommends: gcc | c-compiler, fakeroot, gnupg | sq | sqop | rsop | gosop | pgpainless-cli | gpg-sq, - gpgv | sq | sqop | rsop | gosop | pgpainless-cli | gpgv-sq, + gpgv | sq | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq, # Used by dpkg-mergechangelogs. libalgorithm-merge-perl, Suggests: @@ -173,7 +173,7 @@ Recommends: Suggests: debian-keyring, gnupg | sq | sqop | rsop | gosop | pgpainless-cli | gpg-sq, - gpgv | sq | sqop | rsop | gosop | pgpainless-cli | gpgv-sq, + gpgv | sq | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq, gcc | c-compiler, binutils, patch, diff --git a/scripts/Dpkg/OpenPGP/Backend/SOP.pm b/scripts/Dpkg/OpenPGP/Backend/SOP.pm index b75f082db..de08647a4 100644 --- a/scripts/Dpkg/OpenPGP/Backend/SOP.pm +++ b/scripts/Dpkg/OpenPGP/Backend/SOP.pm @@ -51,6 +51,10 @@ use parent qw(Dpkg::OpenPGP::Backend); # dependencies and commands to check? # Ref: https://gitlab.com/dkg/openpgp-stateless-cli/-/issues/42 +sub DEFAULT_CMDV { + return [ qw(sqopv rsopv sopv) ]; +} + sub DEFAULT_CMD { return [ qw(sqop rsop gosop pgpainless-cli) ]; } @@ -59,11 +63,18 @@ sub _sop_exec { my ($self, $io, @exec) = @_; - return OPENPGP_MISSING_CMD unless $self->{cmd}; + my $cmd; + if ($io->{verify}) { + $cmd = $self->{cmdv} || $self->{cmd}; + } else { + $cmd = $self->{cmd}; + } + + return OPENPGP_MISSING_CMD unless $cmd; $io->{out} //= '/dev/null'; my $stderr; - spawn(exec => [ $self->{cmd}, @exec ], + spawn(exec => [ $cmd, @exec ], wait_child => 1, nocheck => 1, timeout => 10, from_file => $io->{in}, to_file => $io->{out}, error_to_string => \$stderr); @@ -72,7 +83,7 @@ sub _sop_exec print { *STDERR } "$stderr" if $status; return $status; } else { - subprocerr("$self->{cmd} @exec"); + subprocerr("$cmd @exec"); } } @@ -88,7 +99,7 @@ sub inline_verify { my ($self, $inlinesigned, $data, @certs) = @_; - return $self->_sop_exec({ in => $inlinesigned, out => $data }, + return $self->_sop_exec({ verify => 1, in => $inlinesigned, out => $data }, 'inline-verify', @certs); } @@ -96,7 +107,8 @@ sub verify { my ($self, $data, $sig, @certs) = @_; - return $self->_sop_exec({ in => $data }, 'verify', $sig, @certs); + return $self->_sop_exec({ verify => 1, in => $data }, + 'verify', $sig, @certs); } sub inline_sign diff --git a/scripts/Test/Dpkg.pm b/scripts/Test/Dpkg.pm index 07fee4d94..d5c783a7d 100644 --- a/scripts/Test/Dpkg.pm +++ b/scripts/Test/Dpkg.pm @@ -213,25 +213,28 @@ my @openpgp_backends = ( cmd => 'sq', cmdv => 'none', }, + { + backend => 'sop', + cmd => 'sop', + cmdv => 'sopv', + }, { backend => 'sop', cmd => 'sqop', - cmdv => 'none', + cmdv => 'sqopv', }, { backend => 'sop', cmd => 'rsop', - cmdv => 'none', + cmdv => 'rsopv', }, { backend => 'sop', cmd => 'gosop', - cmdv => 'none', }, { backend => 'sop', cmd => 'pgpainless-cli', - cmdv => 'none', }, ); -- Dpkg.Org's dpkg
