?revision_form?Rev ?revision_input??revision_submit??revision_endform?
Blame |
Last modification |
View Log
| RSS feed
package DebPool
::GnuPG;
###
#
# DebPool::GnuPG - Module for all interactions with GNU Privacy Guard
#
# Copyright 2003-2004 Joel Aelwyn. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of the Author nor the names of any contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Id: GnuPG.pm 46 2005-02-12 17:52:37Z joel $
#
###
# We use 'our', so we must have at least Perl 5.6
require 5.006_000
;
# Always good ideas.
use strict
;
use warnings
;
use POSIX
; # WEXITSTATUS
use File
::Temp qw(tempfile
);
# We need these for open2()
use Fcntl
;
use IPC
::Open2;
### Module setup
BEGIN {
use Exporter
();
our ($VERSION, @ISA, @EXPORT, @EXPORT_OK, %EXPORT_TAGS);
# Version checking
$VERSION = '0.1.5';
@ISA = qw(Exporter
);
@EXPORT = qw(
);
@EXPORT_OK = qw(
&Check_Signature
&Sign_Release
&Strip_GPG
);
%EXPORT_TAGS = (
'functions' => [qw(&Check_Signature &Sign_Release &Strip_GPG)],
'vars' => [qw()],
);
}
### Exported package globals
### Non-exported package globals
# Thread-safe? What's that? Package global error value. We don't export
# this directly, because it would conflict with other modules.
our($Error);
### File lexicals
# None
### Constant functions
# None
### Meaningful functions
# Check_Signature($file, $signature)
#
# Checks the GPG signature of $file (using $signature as an external
# signature file, if it is defined; if it isn't, $file is assumed to have
# an internal signature). Returns 0 on failure, 1 on success.
sub Check_Signature
{
use DebPool
::Config qw(:vars
);
use DebPool
::Logging qw(:functions
:facility
:level
);
my($file, $signature) = @_;
my(@args) = ("--homedir=$Options{'gpg_home'}");
push (@args, '--no-default-keyring', '--logger-fd=1');
my($keyring);
foreach $keyring (@{$Options{'gpg_keyrings'}}) {
push(@args, "--keyring=$keyring");
}
push(@args, '--verify');
if (defined($signature)) {
push(@args, $signature);
}
push(@args, $file);
my($pid) = IPC
::Open2::open2(*GPG_IN, *GPG_OUT, $Options{'gpg_bin'}, @args);
close(GPG_IN
); # No input
close(GPG_OUT
); # Don't care about output, really, either
waitpid($pid,0); # No flags, just wait.
my($sysret) = WEXITSTATUS
($?);
if (0 != $sysret) { # Failure
my($msg) = "Failed signature check on '$file' ";
if (defined($signature)) {
$msg .= "(signature file '$signature')";
} else {
$msg .= "(internal signature)";
}
Log_Message
($msg, LOG_GPG
, LOG_WARNING
);
return 0;
}
return 1;
}
# Sign_Release($release_file)
#
# Generates a detached GPG signature file for $release_file, and returns
# the filename. Returns undef, if an error occurs (and sets $Error).
sub Sign_Release
{
use DebPool
::Config;
use DebPool
::Logging qw(:functions
:facility
:level
);
my($release_file) = @_;
# Check that we have everything we need
if (!defined($Options{'gpg_sign_key'})) {
$Error = "No GPG signature key enabled";
return undef;
}
if (!defined($Options{'gpg_passfile'})) {
$Error = "No GPG passphrase file enabled";
return undef;
}
# Open a secure tempfile to write the signature to
my($tmpfile_handle, $tmpfile_name) = tempfile
();
# Open the Release file and grab the data from it
if (!open(RELEASE
, '<', $release_file)) {
$Error = "Couldn't open Release file '$release_file': $!";
return undef;
}
my(@release_text) = <RELEASE>;
close(RELEASE
);
# Open the passphrase file and grab the data from it
if (!open(PASS
, '<', $Options{'gpg_passfile'})) {
$Error = "Couldn't open passphrase file '$Options{'gpg_passfile'}': $!";
return undef;
}
my($passphrase) = <PASS>; # This is only safe because we don't care.
close(PASS
);
# We are go for main engine start
my(@args) = ("--homedir=$Options{'gpg_home'}");
push(@args, "--default-key=$Options{'gpg_sign_key'}");
push(@args, '--passphrase-fd=0', '--batch', '--no-tty', '--detach-sign');
push(@args, '--armor', '--output=-');
my($gnupg_pid) = IPC
::Open2::open2(*GPG_IN, *GPG_OUT, $Options{'gpg_bin'}, @args);
my($child_pid);
my(@signature);
if ($child_pid = fork) { # In the parent
# Close filehandles used by the child.
close(GPG_IN
);
close($tmpfile_handle);
# Send all the data to GnuPG
print GPG_OUT
$passphrase;
print GPG_OUT
@release_text;
close(GPG_OUT
);
waitpid($child_pid, 0);
} else { # In the child - we hope
if (!defined($child_pid)) {
die "Couldn't fork: $!\n";
}
# Close filehandle used by the parent.
close(GPG_OUT
);
# And read back the results
@signature = <GPG_IN>;
close(GPG_IN
);
# Finally, print the results to the tempfile
print $tmpfile_handle @signature;
close($tmpfile_handle);
exit(0);
}
# And we're done
return $tmpfile_name;
}
# Strip_GPG(@text)
#
# Goes through @text and determine if it has GnuPG headers; if so, strip
# out the headers, and undo GnuPG's header protection ('^-' -> '^-- -').
sub Strip_GPG
{
my(@text) = @_;
my($count);
my($header, $firstblank, $sigstart, $sigend);
for $count (0..$#text) {
if ($text[$count] =~ m/^-----BEGIN PGP SIGNED MESSAGE-----$/) {
$header = $count;
} elsif (!defined($firstblank) && $text[$count] =~ m/^$/) {
$firstblank = $count;
} elsif ($text[$count] =~ m/^-----BEGIN PGP SIGNATURE-----$/) {
$sigstart = $count;
} elsif ($text[$count] =~ m/^-----END PGP SIGNATURE-----$/) {
$sigend = $count;
}
}
# If we didn't find all three parts, it isn't a validly signed message
# (or it's externally signed, but that might as well be the same
# thing for our purposes - there's nothing to remove).
if (!defined($header) || !defined($sigstart) || !defined($sigend)) {
return @text;
}
# Okay. Back to front, so that we don't muck up reference numbers.
# First, we rip out the signature data by splicing it with an empty
# list.
splice(@text, $sigstart, ($sigend - $sigstart) + 1);
# We used to just rip off the first 3 lines (BEGIN line, hash header,
# and a blank line). However, this was a cheap shortcut that broke as
# of GnuPG 1.0.7, because it relied on there being exactly one GnuPG
# header line.
#
# Now, we rip out everything from the header line to the first blank,
# which should always be correct.
splice(@text, $header, ($firstblank - $header) + 1);
# All done. Fire it back.
return @text;
}
END
{}
1;
__END__
# vim:set tabstop=4 expandtab: