mirror of
https://github.com/aptly-dev/aptly.git
synced 2026-07-15 11:57:59 +00:00
New upstream version 1.5.0+ds1
This commit is contained in:
+1183
-1693
File diff suppressed because it is too large
Load Diff
+1269
-1791
File diff suppressed because it is too large
Load Diff
+3
-3
@@ -44,7 +44,7 @@ func (g *GpgSigner) SetKeyRing(keyring, secretKeyring string) {
|
||||
g.keyring, g.secretKeyring = keyring, secretKeyring
|
||||
}
|
||||
|
||||
// SetPassphrase sets passhprase params
|
||||
// SetPassphrase sets passphrase params
|
||||
func (g *GpgSigner) SetPassphrase(passphrase, passphraseFile string) {
|
||||
g.passphrase, g.passphraseFile = passphrase, passphraseFile
|
||||
}
|
||||
@@ -78,7 +78,7 @@ func (g *GpgSigner) gpgArgs() []string {
|
||||
|
||||
if g.batch {
|
||||
args = append(args, "--no-tty", "--batch")
|
||||
if g.version == GPG21xPlus {
|
||||
if g.version >= GPG21x {
|
||||
args = append(args, "--pinentry-mode", "loopback")
|
||||
}
|
||||
}
|
||||
@@ -263,7 +263,7 @@ func (g *GpgVerifier) runGpgv(args []string, context string, showKeyTip bool) (*
|
||||
keys[i] = string(result.MissingKeys[i])
|
||||
}
|
||||
|
||||
fmt.Printf("gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver pool.sks-keyservers.net --recv-keys %s\n\n",
|
||||
fmt.Printf("gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver keyserver.ubuntu.com --recv-keys %s\n\n",
|
||||
strings.Join(keys, " "))
|
||||
|
||||
fmt.Printf("Sometimes keys are stored in repository root in file named Release.key, to import such key:\n\n")
|
||||
|
||||
+10
-9
@@ -4,7 +4,6 @@ import (
|
||||
"errors"
|
||||
"os/exec"
|
||||
"regexp"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// GPGVersion stores discovered GPG version
|
||||
@@ -14,11 +13,10 @@ type GPGVersion int
|
||||
const (
|
||||
GPG1x GPGVersion = 1
|
||||
GPG20x GPGVersion = 2
|
||||
GPG21xPlus GPGVersion = 3
|
||||
GPG21x GPGVersion = 3
|
||||
GPG22xPlus GPGVersion = 4
|
||||
)
|
||||
|
||||
var gpgVersionRegex = regexp.MustCompile(`\(GnuPG\) (\d)\.(\d)`)
|
||||
|
||||
// GPGFinder implement search for gpg executables and returns version of discovered executables
|
||||
type GPGFinder interface {
|
||||
FindGPG() (gpg string, version GPGVersion, err error)
|
||||
@@ -51,7 +49,7 @@ func GPG1Finder() GPGFinder {
|
||||
return &pathGPGFinder{
|
||||
gpgNames: []string{"gpg", "gpg1"},
|
||||
gpgvNames: []string{"gpgv", "gpgv1"},
|
||||
expectedVersionSubstring: "(GnuPG) 1.",
|
||||
expectedVersionSubstring: `\(GnuPG.*\) (1).(\d)`,
|
||||
errorMessage: "Couldn't find a suitable gpg executable. Make sure gnupg1 is available as either gpg(v) or gpg(v)1 in $PATH",
|
||||
}
|
||||
}
|
||||
@@ -61,7 +59,7 @@ func GPG2Finder() GPGFinder {
|
||||
return &pathGPGFinder{
|
||||
gpgNames: []string{"gpg", "gpg2"},
|
||||
gpgvNames: []string{"gpgv", "gpgv2"},
|
||||
expectedVersionSubstring: "(GnuPG) 2.",
|
||||
expectedVersionSubstring: `\(GnuPG.*\) (2).(\d)`,
|
||||
errorMessage: "Couldn't find a suitable gpg executable. Make sure gnupg2 is available as either gpg(v) or gpg(v)2 in $PATH",
|
||||
}
|
||||
}
|
||||
@@ -133,15 +131,18 @@ func cliVersionCheck(cmd string, marker string) (result bool, version GPGVersion
|
||||
}
|
||||
|
||||
strOutput := string(output)
|
||||
result = strings.Contains(strOutput, marker)
|
||||
regex := regexp.MustCompile(marker)
|
||||
|
||||
version = GPG21xPlus
|
||||
matches := gpgVersionRegex.FindStringSubmatch(strOutput)
|
||||
version = GPG22xPlus
|
||||
matches := regex.FindStringSubmatch(strOutput)
|
||||
result = (matches != nil)
|
||||
if matches != nil {
|
||||
if matches[1] == "1" {
|
||||
version = GPG1x
|
||||
} else if matches[1] == "2" && matches[2] == "0" {
|
||||
version = GPG20x
|
||||
} else if matches[1] == "2" && matches[2] == "1" {
|
||||
version = GPG21x
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+7
-4
@@ -158,6 +158,9 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
|
||||
if err != nil {
|
||||
c.Skip(err.Error())
|
||||
}
|
||||
if ver == GPG21x {
|
||||
c.Skip("skipping sign test on GnuPG 2.1.x, due to loopback pinentry mode troubles")
|
||||
}
|
||||
|
||||
// import private keys into gpg2, they're stored outside of keyring files
|
||||
for _, item := range []struct {
|
||||
@@ -172,11 +175,11 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
|
||||
continue
|
||||
}
|
||||
|
||||
args := []string{"--import", "--no-default-keyring"}
|
||||
args := []string{"--import", "--no-default-keyring", "--batch"}
|
||||
|
||||
if item.suffix == "_passprhase" {
|
||||
args = append(args, "--passphrase", "verysecret", "--no-tty", "--batch")
|
||||
if ver == GPG21xPlus {
|
||||
args = append(args, "--passphrase", "verysecret", "--no-tty")
|
||||
if ver >= GPG21x {
|
||||
args = append(args, "--pinentry-mode", "loopback")
|
||||
}
|
||||
}
|
||||
@@ -190,7 +193,7 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
|
||||
// import public keys into gpg2
|
||||
// we can't use pre-built keyrings as gpg 2.0.x and 2.1+ have different keyring formats
|
||||
for _, suffix := range []string{"", "_passphrase"} {
|
||||
output, err := exec.Command(gpg, "--no-default-keyring", "--keyring", "./keyrings/aptly2"+suffix+".gpg",
|
||||
output, err := exec.Command(gpg, "--no-default-keyring", "--batch", "--keyring", "./keyrings/aptly2"+suffix+".gpg",
|
||||
"--import", "keyrings/aptly2"+suffix+".pub.armor").CombinedOutput()
|
||||
c.Log(string(output))
|
||||
c.Check(err, IsNil)
|
||||
|
||||
+20
-11
@@ -7,17 +7,20 @@ import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"sort"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp/clearsign"
|
||||
openpgp_errors "golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
"golang.org/x/crypto/ssh/terminal"
|
||||
// TODO: replace crypto/openpgp since it is deprecated
|
||||
// https://github.com/golang/go/issues/44226
|
||||
"golang.org/x/crypto/openpgp" //nolint:staticcheck
|
||||
"golang.org/x/crypto/openpgp/clearsign" //nolint:staticcheck
|
||||
openpgp_errors "golang.org/x/crypto/openpgp/errors" //nolint:staticcheck
|
||||
"golang.org/x/crypto/openpgp/packet" //nolint:staticcheck
|
||||
"golang.org/x/term"
|
||||
)
|
||||
|
||||
// Test interface
|
||||
@@ -28,7 +31,7 @@ var (
|
||||
|
||||
// Internal errors
|
||||
var (
|
||||
errWrongPasshprase = errors.New("unable to decrypt the key, passphrase is wrong")
|
||||
errWrongPassphrase = errors.New("unable to decrypt the key, passphrase is wrong")
|
||||
)
|
||||
|
||||
// GoSigner is implementation of Signer interface using Go internal OpenPGP library
|
||||
@@ -59,7 +62,7 @@ func (g *GoSigner) SetKeyRing(keyring, secretKeyring string) {
|
||||
g.keyringFile, g.secretKeyringFile = keyring, secretKeyring
|
||||
}
|
||||
|
||||
// SetPassphrase sets passhprase params
|
||||
// SetPassphrase sets passphrase params
|
||||
func (g *GoSigner) SetPassphrase(passphrase, passphraseFile string) {
|
||||
g.passphrase, g.passphraseFile = passphrase, passphraseFile
|
||||
}
|
||||
@@ -173,7 +176,7 @@ func (g *GoSigner) Init() error {
|
||||
for attempt := 0; attempt < 3; attempt++ {
|
||||
fmt.Print("\nEnter passphrase: ")
|
||||
var bytePassphrase []byte
|
||||
bytePassphrase, err = terminal.ReadPassword(int(syscall.Stdin))
|
||||
bytePassphrase, err = term.ReadPassword(int(syscall.Stdin))
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "error reading passphare")
|
||||
}
|
||||
@@ -181,7 +184,7 @@ func (g *GoSigner) Init() error {
|
||||
g.passphrase = string(bytePassphrase)
|
||||
|
||||
err = g.decryptKey()
|
||||
if err == nil || err != errWrongPasshprase {
|
||||
if err == nil || err != errWrongPassphrase {
|
||||
break
|
||||
}
|
||||
|
||||
@@ -208,7 +211,7 @@ func (g *GoSigner) decryptKey() error {
|
||||
|
||||
if e, ok := err.(openpgp_errors.StructuralError); ok {
|
||||
if string(e) == "private key checksum failure" {
|
||||
return errWrongPasshprase
|
||||
return errWrongPassphrase
|
||||
}
|
||||
}
|
||||
|
||||
@@ -334,7 +337,7 @@ func (g *GoVerifier) showImportKeyTip(signers []signatureResult) {
|
||||
keys = append(keys, string(KeyFromUint64(signer.IssuerKeyID)))
|
||||
}
|
||||
|
||||
fmt.Printf("gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver pool.sks-keyservers.net --recv-keys %s\n\n",
|
||||
fmt.Printf("gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver keyserver.ubuntu.com --recv-keys %s\n\n",
|
||||
strings.Join(keys, " "))
|
||||
|
||||
fmt.Printf("Sometimes keys are stored in repository root in file named Release.key, to import such key:\n\n")
|
||||
@@ -351,7 +354,13 @@ func (g *GoVerifier) printLog(signers []signatureResult) {
|
||||
|
||||
if signer.Entity != nil {
|
||||
i := 0
|
||||
names := make([]string, 0, len(signer.Entity.Identities))
|
||||
for name := range signer.Entity.Identities {
|
||||
names = append(names, name)
|
||||
}
|
||||
sort.Strings(names)
|
||||
|
||||
for _, name := range names {
|
||||
if i == 0 {
|
||||
fmt.Printf("openpgp: Good signature from \"%s\"\n", name)
|
||||
} else {
|
||||
|
||||
+7
-5
@@ -3,7 +3,7 @@ package pgp
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/dsa"
|
||||
"crypto/dsa" //nolint:staticcheck
|
||||
"crypto/ecdsa"
|
||||
"crypto/rsa"
|
||||
"hash"
|
||||
@@ -11,10 +11,12 @@ import (
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
// TODO: replace crypto/openpgp since it is deprecated
|
||||
// https://github.com/golang/go/issues/44226
|
||||
"golang.org/x/crypto/openpgp" //nolint:staticcheck
|
||||
"golang.org/x/crypto/openpgp/armor" //nolint:staticcheck
|
||||
"golang.org/x/crypto/openpgp/errors" //nolint:staticcheck
|
||||
"golang.org/x/crypto/openpgp/packet" //nolint:staticcheck
|
||||
)
|
||||
|
||||
// hashForSignature returns a pair of hashes that can be used to verify a
|
||||
|
||||
Binary file not shown.
+1
-1
@@ -47,7 +47,7 @@ func (s *VerifierSuite) TestVerifyClearsigned(c *C) {
|
||||
|
||||
keyInfo, err := s.verifier.VerifyClearsigned(clearsigned, false)
|
||||
c.Assert(err, IsNil)
|
||||
c.Check(keyInfo.GoodKeys, DeepEquals, []Key{"8B48AD6246925553", "7638D0442B90D010"})
|
||||
c.Check(keyInfo.GoodKeys, DeepEquals, []Key{"04EE7237B7D453EC", "648ACFD622F3D138", "DCC9EFBF77E11517"})
|
||||
c.Check(keyInfo.MissingKeys, DeepEquals, []Key(nil))
|
||||
|
||||
clearsigned.Close()
|
||||
|
||||
Reference in New Issue
Block a user