[Debpool-commits] [SCM] Debpool Project Repository branch, master, updated. 0.2.3-63-g38a32aa

ceros-guest ceros-guest at alioth.debian.org
Tue Jun 3 07:07:09 UTC 2008 

The following commit has been merged in the master branch:
commit 17f5080b22c2b75dbbbb13c291c375e4fdba0d21
Author: ceros-guest <ceros-guest>
Date:   Thu Jan 10 21:26:50 2008 +0000

    Applied GnuPG.pm from Magnus Holmgren

diff --git a/debian/changelog b/debian/changelog
index 03bf4aa..fbbcf84 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -71,6 +71,10 @@ debpool (0.2.4~unreleased0) experimental; urgency=low
     + Changed require_sigs to require_sigs_meta.
     + Thanks Andreas Pakulat.
   * State in manpage the require_sigs_debs does nothing. Closes: #368555
+  * Applied patch to allow debpool to use gpg-agent. Closes: #307895
+    + Also makes gpg_home and gpg_sign_key options optional.
+    + Temp::File used to automatically unlink in case of any errors.
+    + Thanks Magnus Holmgren.
 
  -- Andres Mejia <mcitadel at gmail.com>  Thu, 10 Jan 2008 01:26:13 -0500
 
diff --git a/share/DebPool/GnuPG.pm b/share/DebPool/GnuPG.pm
index 25a6328..7bb67d1 100644
--- a/share/DebPool/GnuPG.pm
+++ b/share/DebPool/GnuPG.pm
@@ -44,12 +44,12 @@ use strict;
 use warnings;
 
 use POSIX; # WEXITSTATUS
-use File::Temp qw(tempfile);
+use File::Temp ();
 
-# We need these for open2()
+# We need these for open3()
 
 use Fcntl;
-use IPC::Open2;
+use IPC::Open3;
 
 ### Module setup
 
@@ -108,16 +108,15 @@ sub Check_Signature {
 
     my($file, $signature) = @_;
 
-    my(@args) = ("--homedir=$Options{'gpg_home'}");
-    push (@args, '--no-default-keyring', '--logger-fd=1');
+    my(@args) = ('--verify', '--no-default-keyring');
+    push(@args, '--homedir', $Options{'gpg_home'}) if defined $Options{'gpg_home'};
 
-    my($keyring);
-
-    foreach $keyring (@{$Options{'gpg_keyrings'}}) {
-        push(@args, "--keyring=$keyring");
+    foreach my $keyring (@{$Options{'gpg_keyrings'}}) {
+        push(@args, '--keyring', $keyring);
     }
-
-    push(@args, '--verify');
+    
+    push(@args, '--');  # Always a good idea, even if we're pretty sure we won't
+                        # get any file names starting with "--" in this program.
 
     if (defined($signature)) {
         push(@args, $signature);
@@ -125,25 +124,33 @@ sub Check_Signature {
 
     push(@args, $file);
 
-    my($pid) = IPC::Open2::open2(*GPG_IN, *GPG_OUT, $Options{'gpg_bin'}, @args);
+    my($pid) = open3(*GPG_IN, *GPG_OUT, *GPG_OUT, $Options{'gpg_bin'}, @args);
     close(GPG_IN); # No input
-    close(GPG_OUT); # Don't care about output, really, either
+    my @loglines = <GPG_OUT>;
 
     waitpid($pid,0); # No flags, just wait.
-    my($sysret) = WEXITSTATUS($?);
 
-    if (0 != $sysret) { # Failure
+    if ($?) { # Failure
+	foreach (@loglines) {
+	    Log_Message($_, LOG_GPG, LOG_DEBUG);
+	}
         my($msg) = "Failed signature check on '$file' ";
         if (defined($signature)) {
-            $msg .= "(signature file '$signature')";
+            $msg .= "(signature file '$signature'): ";
         } else {
-            $msg .= "(internal signature)";
+            $msg .= "(internal signature): ";
         }
+	if (WIFEXITED($?)) {
+	    $msg .= "gpg returned non-zero status " . WEXITSTATUS($?);
+	}
+	elsif (WIFSIGNALED($?)) {
+	    $msg .= "gpg died from signal " . WTERMSIG($?);
+	}
+	else {
+	    $msg .= "gpg terminated in an unknown way.";
+	}
         Log_Message($msg, LOG_GPG, LOG_WARNING);
-
-        return 0;
     }
-
     return 1;
 }
 
@@ -158,90 +165,43 @@ sub Sign_Release {
 
     my($release_file) = @_;
 
-    # Check that we have everything we need
-
-    if (!defined($Options{'gpg_sign_key'})) {
-        $Error = "No GPG signature key enabled";
-        return undef;
-    }
-
-    if (!defined($Options{'gpg_passfile'})) {
-        $Error = "No GPG passphrase file enabled";
-        return undef;
-    }
-
     # Open a secure tempfile to write the signature to
 
-    my($tmpfile_handle, $tmpfile_name) = tempfile();
-
-    # Open the Release file and grab the data from it
-
-    if (!open(RELEASE, '<', $release_file)) {
-        $Error = "Couldn't open Release file '$release_file': $!";
-        return undef;
-    }
-    my(@release_text) = <RELEASE>;
-    close(RELEASE);
-
-    # Open the passphrase file and grab the data from it
-
-    if (!open(PASS, '<', $Options{'gpg_passfile'})) {
-        $Error = "Couldn't open passphrase file '$Options{'gpg_passfile'}': $!";
-        return undef;
-    }
-    my($passphrase) = <PASS>; # This is only safe because we don't care.
-    close(PASS);
+    my($tmpfile) = new File::Temp;
 
     # We are go for main engine start
 
-    my(@args) = ("--homedir=$Options{'gpg_home'}");
-    push(@args, "--default-key=$Options{'gpg_sign_key'}");
-    push(@args, '--passphrase-fd=0', '--batch', '--no-tty', '--detach-sign');
-    push(@args, '--armor', '--output=-');
-
-    my($gnupg_pid) = IPC::Open2::open2(*GPG_IN, *GPG_OUT, $Options{'gpg_bin'}, @args);
-
-    my($child_pid);
-    my(@signature);
-    if ($child_pid = fork) { # In the parent
-        # Close filehandles used by the child.
-
-        close(GPG_IN);
-        close($tmpfile_handle);
-
-        # Send all the data to GnuPG
-
-        print GPG_OUT $passphrase;
-        print GPG_OUT @release_text;
-        close(GPG_OUT);
-
-        waitpid($child_pid, 0);
-    } else { # In the child - we hope
-        if (!defined($child_pid)) {
-            die "Couldn't fork: $!\n";
-        }
+    my(@args) = ('--batch', '--no-tty', '--detach-sign', '--armor', '--output=-');
+    push(@args, '--homedir', $Options{'gpg_home'}) if defined $Options{'gpg_home'};
+    push(@args, '--default-key', $Options{'gpg_sign_key'}) if defined $Options{'gpg_sign_key'};
+    push(@args, '--passphrase-file', $Options{'gpg_passfile'}) if defined $Options{'gpg_passfile'};
+    push(@args, '--', $release_file);
 
-        # Close filehandle used by the parent.
+    my($gnupg_pid) = open3(*DUMMY, ">&".fileno $tmpfile, *GPG_ERR, $Options{'gpg_bin'}, @args);
+    close DUMMY;
+    my @loglines = <GPG_ERR>;
+    waitpid($gnupg_pid, 0);
 
-        close(GPG_OUT);
-
-        # And read back the results
-
-        @signature = <GPG_IN>;
-        close(GPG_IN);
-
-        # Finally, print the results to the tempfile
-
-        print $tmpfile_handle @signature;
-        close($tmpfile_handle);
-
-        exit(0);
+    foreach (@loglines) {
+	Log_Message($_, LOG_GPG, $? ? LOG_ERROR : LOG_WARNING);
     }
 
+    if ($?) {
+	if (WIFEXITED($?)) {
+	    $Error = "gpg returned non-zero status " . WEXITSTATUS($?);
+	}
+	elsif (WIFSIGNALED($?)) {
+	    $Error = "gpg died from signal " . WTERMSIG($?);
+	}
+	else {
+	    $Error = "gpg terminated in an unknown way.";
+	}
+	return undef;
+    }
 
     # And we're done
-
-    return $tmpfile_name;
+    $tmpfile->unlink_on_destroy(0);
+    return $tmpfile->filename;
 }
 
 # Strip_GPG(@text)

-- 
Debpool Project Repository

More information about the Debpool-commits mailing list