New upstream version 1.5.0+ds1

This commit is contained in:
Roland Mas
2023-01-02 14:19:29 +01:00
parent 29e4ea6ec0
commit 5c4f97f88e
324 changed files with 15360 additions and 6668 deletions
+1183 -1693
View File
File diff suppressed because it is too large Load Diff
+1269 -1791
View File
File diff suppressed because it is too large Load Diff
+3 -3
View File
@@ -44,7 +44,7 @@ func (g *GpgSigner) SetKeyRing(keyring, secretKeyring string) {
g.keyring, g.secretKeyring = keyring, secretKeyring
}
// SetPassphrase sets passhprase params
// SetPassphrase sets passphrase params
func (g *GpgSigner) SetPassphrase(passphrase, passphraseFile string) {
g.passphrase, g.passphraseFile = passphrase, passphraseFile
}
@@ -78,7 +78,7 @@ func (g *GpgSigner) gpgArgs() []string {
if g.batch {
args = append(args, "--no-tty", "--batch")
if g.version == GPG21xPlus {
if g.version >= GPG21x {
args = append(args, "--pinentry-mode", "loopback")
}
}
@@ -263,7 +263,7 @@ func (g *GpgVerifier) runGpgv(args []string, context string, showKeyTip bool) (*
keys[i] = string(result.MissingKeys[i])
}
fmt.Printf("gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver pool.sks-keyservers.net --recv-keys %s\n\n",
fmt.Printf("gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver keyserver.ubuntu.com --recv-keys %s\n\n",
strings.Join(keys, " "))
fmt.Printf("Sometimes keys are stored in repository root in file named Release.key, to import such key:\n\n")
+10 -9
View File
@@ -4,7 +4,6 @@ import (
"errors"
"os/exec"
"regexp"
"strings"
)
// GPGVersion stores discovered GPG version
@@ -14,11 +13,10 @@ type GPGVersion int
const (
GPG1x GPGVersion = 1
GPG20x GPGVersion = 2
GPG21xPlus GPGVersion = 3
GPG21x GPGVersion = 3
GPG22xPlus GPGVersion = 4
)
var gpgVersionRegex = regexp.MustCompile(`\(GnuPG\) (\d)\.(\d)`)
// GPGFinder implement search for gpg executables and returns version of discovered executables
type GPGFinder interface {
FindGPG() (gpg string, version GPGVersion, err error)
@@ -51,7 +49,7 @@ func GPG1Finder() GPGFinder {
return &pathGPGFinder{
gpgNames: []string{"gpg", "gpg1"},
gpgvNames: []string{"gpgv", "gpgv1"},
expectedVersionSubstring: "(GnuPG) 1.",
expectedVersionSubstring: `\(GnuPG.*\) (1).(\d)`,
errorMessage: "Couldn't find a suitable gpg executable. Make sure gnupg1 is available as either gpg(v) or gpg(v)1 in $PATH",
}
}
@@ -61,7 +59,7 @@ func GPG2Finder() GPGFinder {
return &pathGPGFinder{
gpgNames: []string{"gpg", "gpg2"},
gpgvNames: []string{"gpgv", "gpgv2"},
expectedVersionSubstring: "(GnuPG) 2.",
expectedVersionSubstring: `\(GnuPG.*\) (2).(\d)`,
errorMessage: "Couldn't find a suitable gpg executable. Make sure gnupg2 is available as either gpg(v) or gpg(v)2 in $PATH",
}
}
@@ -133,15 +131,18 @@ func cliVersionCheck(cmd string, marker string) (result bool, version GPGVersion
}
strOutput := string(output)
result = strings.Contains(strOutput, marker)
regex := regexp.MustCompile(marker)
version = GPG21xPlus
matches := gpgVersionRegex.FindStringSubmatch(strOutput)
version = GPG22xPlus
matches := regex.FindStringSubmatch(strOutput)
result = (matches != nil)
if matches != nil {
if matches[1] == "1" {
version = GPG1x
} else if matches[1] == "2" && matches[2] == "0" {
version = GPG20x
} else if matches[1] == "2" && matches[2] == "1" {
version = GPG21x
}
}
+7 -4
View File
@@ -158,6 +158,9 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
if err != nil {
c.Skip(err.Error())
}
if ver == GPG21x {
c.Skip("skipping sign test on GnuPG 2.1.x, due to loopback pinentry mode troubles")
}
// import private keys into gpg2, they're stored outside of keyring files
for _, item := range []struct {
@@ -172,11 +175,11 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
continue
}
args := []string{"--import", "--no-default-keyring"}
args := []string{"--import", "--no-default-keyring", "--batch"}
if item.suffix == "_passprhase" {
args = append(args, "--passphrase", "verysecret", "--no-tty", "--batch")
if ver == GPG21xPlus {
args = append(args, "--passphrase", "verysecret", "--no-tty")
if ver >= GPG21x {
args = append(args, "--pinentry-mode", "loopback")
}
}
@@ -190,7 +193,7 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
// import public keys into gpg2
// we can't use pre-built keyrings as gpg 2.0.x and 2.1+ have different keyring formats
for _, suffix := range []string{"", "_passphrase"} {
output, err := exec.Command(gpg, "--no-default-keyring", "--keyring", "./keyrings/aptly2"+suffix+".gpg",
output, err := exec.Command(gpg, "--no-default-keyring", "--batch", "--keyring", "./keyrings/aptly2"+suffix+".gpg",
"--import", "keyrings/aptly2"+suffix+".pub.armor").CombinedOutput()
c.Log(string(output))
c.Check(err, IsNil)
+20 -11
View File
@@ -7,17 +7,20 @@ import (
"io/ioutil"
"os"
"path/filepath"
"sort"
"strings"
"syscall"
"time"
"github.com/pkg/errors"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/clearsign"
openpgp_errors "golang.org/x/crypto/openpgp/errors"
"golang.org/x/crypto/openpgp/packet"
"golang.org/x/crypto/ssh/terminal"
// TODO: replace crypto/openpgp since it is deprecated
// https://github.com/golang/go/issues/44226
"golang.org/x/crypto/openpgp" //nolint:staticcheck
"golang.org/x/crypto/openpgp/clearsign" //nolint:staticcheck
openpgp_errors "golang.org/x/crypto/openpgp/errors" //nolint:staticcheck
"golang.org/x/crypto/openpgp/packet" //nolint:staticcheck
"golang.org/x/term"
)
// Test interface
@@ -28,7 +31,7 @@ var (
// Internal errors
var (
errWrongPasshprase = errors.New("unable to decrypt the key, passphrase is wrong")
errWrongPassphrase = errors.New("unable to decrypt the key, passphrase is wrong")
)
// GoSigner is implementation of Signer interface using Go internal OpenPGP library
@@ -59,7 +62,7 @@ func (g *GoSigner) SetKeyRing(keyring, secretKeyring string) {
g.keyringFile, g.secretKeyringFile = keyring, secretKeyring
}
// SetPassphrase sets passhprase params
// SetPassphrase sets passphrase params
func (g *GoSigner) SetPassphrase(passphrase, passphraseFile string) {
g.passphrase, g.passphraseFile = passphrase, passphraseFile
}
@@ -173,7 +176,7 @@ func (g *GoSigner) Init() error {
for attempt := 0; attempt < 3; attempt++ {
fmt.Print("\nEnter passphrase: ")
var bytePassphrase []byte
bytePassphrase, err = terminal.ReadPassword(int(syscall.Stdin))
bytePassphrase, err = term.ReadPassword(int(syscall.Stdin))
if err != nil {
return errors.Wrap(err, "error reading passphare")
}
@@ -181,7 +184,7 @@ func (g *GoSigner) Init() error {
g.passphrase = string(bytePassphrase)
err = g.decryptKey()
if err == nil || err != errWrongPasshprase {
if err == nil || err != errWrongPassphrase {
break
}
@@ -208,7 +211,7 @@ func (g *GoSigner) decryptKey() error {
if e, ok := err.(openpgp_errors.StructuralError); ok {
if string(e) == "private key checksum failure" {
return errWrongPasshprase
return errWrongPassphrase
}
}
@@ -334,7 +337,7 @@ func (g *GoVerifier) showImportKeyTip(signers []signatureResult) {
keys = append(keys, string(KeyFromUint64(signer.IssuerKeyID)))
}
fmt.Printf("gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver pool.sks-keyservers.net --recv-keys %s\n\n",
fmt.Printf("gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver keyserver.ubuntu.com --recv-keys %s\n\n",
strings.Join(keys, " "))
fmt.Printf("Sometimes keys are stored in repository root in file named Release.key, to import such key:\n\n")
@@ -351,7 +354,13 @@ func (g *GoVerifier) printLog(signers []signatureResult) {
if signer.Entity != nil {
i := 0
names := make([]string, 0, len(signer.Entity.Identities))
for name := range signer.Entity.Identities {
names = append(names, name)
}
sort.Strings(names)
for _, name := range names {
if i == 0 {
fmt.Printf("openpgp: Good signature from \"%s\"\n", name)
} else {
+7 -5
View File
@@ -3,7 +3,7 @@ package pgp
import (
"bytes"
"crypto"
"crypto/dsa"
"crypto/dsa" //nolint:staticcheck
"crypto/ecdsa"
"crypto/rsa"
"hash"
@@ -11,10 +11,12 @@ import (
"strconv"
"time"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/armor"
"golang.org/x/crypto/openpgp/errors"
"golang.org/x/crypto/openpgp/packet"
// TODO: replace crypto/openpgp since it is deprecated
// https://github.com/golang/go/issues/44226
"golang.org/x/crypto/openpgp" //nolint:staticcheck
"golang.org/x/crypto/openpgp/armor" //nolint:staticcheck
"golang.org/x/crypto/openpgp/errors" //nolint:staticcheck
"golang.org/x/crypto/openpgp/packet" //nolint:staticcheck
)
// hashForSignature returns a pair of hashes that can be used to verify a
BIN
View File
Binary file not shown.
+1 -1
View File
@@ -47,7 +47,7 @@ func (s *VerifierSuite) TestVerifyClearsigned(c *C) {
keyInfo, err := s.verifier.VerifyClearsigned(clearsigned, false)
c.Assert(err, IsNil)
c.Check(keyInfo.GoodKeys, DeepEquals, []Key{"8B48AD6246925553", "7638D0442B90D010"})
c.Check(keyInfo.GoodKeys, DeepEquals, []Key{"04EE7237B7D453EC", "648ACFD622F3D138", "DCC9EFBF77E11517"})
c.Check(keyInfo.MissingKeys, DeepEquals, []Key(nil))
clearsigned.Close()