Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

package DebPool::GnuPG;

###
#
# DebPool::GnuPG - Module for all interactions with GNU Privacy Guard
#
# Copyright 2003-2004 Joel Aelwyn. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. Neither the name of the Author nor the names of any contributors
#    may be used to endorse or promote products derived from this software
#    without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Id: GnuPG.pm 46 2005-02-12 17:52:37Z joel $
#
###

# We use 'our', so we must have at least Perl 5.6

require 5.006_000;

# Always good ideas.

use strict;
use warnings;

use POSIX; # WEXITSTATUS
use File::Temp qw(tempfile);

# We need these for open2()

use Fcntl;
use IPC::Open2;

### Module setup

BEGIN {
    use Exporter ();
    our ($VERSION, @ISA, @EXPORT, @EXPORT_OK, %EXPORT_TAGS);

    # Version checking
    $VERSION = '0.1.5';

    @ISA = qw(Exporter);

    @EXPORT = qw(
    );

    @EXPORT_OK = qw(
        &Check_Signature
        &Sign_Release
        &Strip_GPG
    );

    %EXPORT_TAGS = (
        'functions' => [qw(&Check_Signature &Sign_Release &Strip_GPG)],
        'vars' => [qw()],
    );
}

### Exported package globals

### Non-exported package globals

# Thread-safe? What's that? Package global error value. We don't export
# this directly, because it would conflict with other modules.

our($Error);

### File lexicals

# None

### Constant functions

# None

### Meaningful functions

# Check_Signature($file, $signature)
#
# Checks the GPG signature of $file (using $signature as an external
# signature file, if it is defined; if it isn't, $file is assumed to have
# an internal signature). Returns 0 on failure, 1 on success.

sub Check_Signature {
    use DebPool::Config qw(:vars);
    use DebPool::Logging qw(:functions :facility :level);

    my($file, $signature) = @_;

    my(@args) = ("--homedir=$Options{'gpg_home'}");
    push (@args, '--no-default-keyring', '--logger-fd=1');

    my($keyring);

    foreach $keyring (@{$Options{'gpg_keyrings'}}) {
        push(@args, "--keyring=$keyring");
    }

    push(@args, '--verify');

    if (defined($signature)) {
        push(@args, $signature);
    }

    push(@args, $file);

    my($pid) = IPC::Open2::open2(*GPG_IN, *GPG_OUT, $Options{'gpg_bin'}, @args);
    close(GPG_IN); # No input
    close(GPG_OUT); # Don't care about output, really, either

    waitpid($pid,0); # No flags, just wait.
    my($sysret) = WEXITSTATUS($?);

    if (0 != $sysret) { # Failure
        my($msg) = "Failed signature check on '$file' ";
        if (defined($signature)) {
            $msg .= "(signature file '$signature')";
        } else {
            $msg .= "(internal signature)";
        }
        Log_Message($msg, LOG_GPG, LOG_WARNING);

        return 0;
    }

    return 1;
}

# Sign_Release($release_file)
#
# Generates a detached GPG signature file for $release_file, and returns
# the filename. Returns undef, if an error occurs (and sets $Error).

sub Sign_Release {
    use DebPool::Config;
    use DebPool::Logging qw(:functions :facility :level);

    my($release_file) = @_;

    # Check that we have everything we need

    if (!defined($Options{'gpg_sign_key'})) {
        $Error = "No GPG signature key enabled";
        return undef;
    }

    if (!defined($Options{'gpg_passfile'})) {
        $Error = "No GPG passphrase file enabled";
        return undef;
    }

    # Open a secure tempfile to write the signature to

    my($tmpfile_handle, $tmpfile_name) = tempfile();

    # Open the Release file and grab the data from it

    if (!open(RELEASE, '<', $release_file)) {
        $Error = "Couldn't open Release file '$release_file': $!";
        return undef;
    }
    my(@release_text) = <RELEASE>;
    close(RELEASE);

    # Open the passphrase file and grab the data from it

    if (!open(PASS, '<', $Options{'gpg_passfile'})) {
        $Error = "Couldn't open passphrase file '$Options{'gpg_passfile'}': $!";
        return undef;
    }
    my($passphrase) = <PASS>; # This is only safe because we don't care.
    close(PASS);

    # We are go for main engine start

    my(@args) = ("--homedir=$Options{'gpg_home'}");
    push(@args, "--default-key=$Options{'gpg_sign_key'}");
    push(@args, '--passphrase-fd=0', '--batch', '--no-tty', '--detach-sign');
    push(@args, '--armor', '--output=-');

    my($gnupg_pid) = IPC::Open2::open2(*GPG_IN, *GPG_OUT, $Options{'gpg_bin'}, @args);

    my($child_pid);
    my(@signature);
    if ($child_pid = fork) { # In the parent
        # Close filehandles used by the child.

        close(GPG_IN);
        close($tmpfile_handle);

        # Send all the data to GnuPG

        print GPG_OUT $passphrase;
        print GPG_OUT @release_text;
        close(GPG_OUT);

        waitpid($child_pid, 0);
    } else { # In the child - we hope
        if (!defined($child_pid)) {
            die "Couldn't fork: $!\n";
        }

        # Close filehandle used by the parent.

        close(GPG_OUT);

        # And read back the results

        @signature = <GPG_IN>;
        close(GPG_IN);

        # Finally, print the results to the tempfile

        print $tmpfile_handle @signature;
        close($tmpfile_handle);

        exit(0);
    }


    # And we're done

    return $tmpfile_name;
}

# Strip_GPG(@text)
#
# Goes through @text and determine if it has GnuPG headers; if so, strip
# out the headers, and undo GnuPG's header protection ('^-' -> '^-- -').

sub Strip_GPG {
    my(@text) = @_;

    my($count);
    my($header, $firstblank, $sigstart, $sigend);

    for $count (0..$#text) {
        if ($text[$count] =~ m/^-----BEGIN PGP SIGNED MESSAGE-----$/) {
            $header = $count;
        } elsif (!defined($firstblank) && $text[$count] =~ m/^$/) {
            $firstblank = $count;
        } elsif ($text[$count] =~ m/^-----BEGIN PGP SIGNATURE-----$/) {
            $sigstart = $count;
        } elsif ($text[$count] =~ m/^-----END PGP SIGNATURE-----$/) {
            $sigend = $count;
        }
    }

    # If we didn't find all three parts, it isn't a validly signed message
    # (or it's externally signed, but that might as well be the same
    # thing for our purposes - there's nothing to remove).

    if (!defined($header) || !defined($sigstart) || !defined($sigend)) {
        return @text;
    }

    # Okay. Back to front, so that we don't muck up reference numbers.
    # First, we rip out the signature data by splicing it with an empty
    # list.
   
    splice(@text, $sigstart, ($sigend - $sigstart) + 1);

    # We used to just rip off the first 3 lines (BEGIN line, hash header,
    # and a blank line). However, this was a cheap shortcut that broke as
    # of GnuPG 1.0.7, because it relied on there being exactly one GnuPG
    # header line.
    #
    # Now, we rip out everything from the header line to the first blank,
    # which should always be correct.

    splice(@text, $header, ($firstblank - $header) + 1);

    # All done. Fire it back.

    return @text;
}

END {}

1;

__END__

# vim:set tabstop=4 expandtab: