#1 Add gpgverify for source file verification.
Closed a year ago by rombobeorn. Opened a year ago by rombobeorn.
rpms/ rombobeorn/fedora-rpm-macros master  into  master

Added gpgverify.
Björn Persson • a year ago  
file modified
+5 -1

@@ -3,10 +3,12 @@ 

  Release:        5%{?dist}

  Summary:        Miscellaneous Fedora RPM macros


- License:        GPLv2+

+ License:        MIT

  Source0:        macros.fedora

+ Source1:        gpgverify


  BuildArch:      noarch

+ Requires:       gnupg2



  This package contains the miscellaneous Fedora-related RPM macros.

@@ -19,10 +21,12 @@ 


  # Can't use %%rpmmacrodir or %%install_src yet.

  install -D -m 644 %{SOURCE0} %{buildroot}/%{_rpmconfigdir}/macros.d/macros.fedora

+ install -D -m 755 %{SOURCE1} %{buildroot}%{_rpmconfigdir}/gpgverify





+ %{_rpmconfigdir}/gpgverify




file added

@@ -0,0 +1,111 @@ 

+ #!/bin/bash


+ # Copyright 2018 B. Persson, Bjorn@Rombobeorn.se

+ #

+ # This material is provided as is, with absolutely no warranty expressed

+ # or implied. Any use is at your own risk.

+ #

+ # Permission is hereby granted to use or copy this shellscript

+ # for any purpose, provided the above notices are retained on all copies.

+ # Permission to modify the code and to distribute modified code is granted,

+ # provided the above notices are retained, and a notice that the code was

+ # modified is included with the above copyright notice.



+ function print_help {

+     cat <<'EOF'

+ Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>


+ gpgverify is a wrapper around gpgv designed for easy and safe scripting. It

+ verifies a file against a detached OpenPGP signature and a keyring. The keyring

+ shall contain all the keys that are trusted to certify the authenticity of the

+ file, and must not contain any untrusted keys.


+ The differences, compared to invoking gpgv directly, are that gpgverify accepts

+ the keyring in either ASCII-armored or unarmored form, and that it will not

+ accidentally use a default keyring in addition to the specified one.


+ Parameters:

+   --keyring=<pathname>    keyring with all the trusted keys and no others

+   --signature=<pathname>  detached signature to verify

+   --data=<pathname>       file to verify against the signature


+ }



+ fatal_error() {

+     message="$1"  # an error message

+     status=$2     # a number to use as the exit code

+     echo "gpgverify: $message" >&2

+     exit $status

+ }



+ require_parameter() {

+     term="$1"   # a term for a required parameter

+     value="$2"  # Complain and terminate if this value is empty.

+     if test -z "${value}" ; then

+         fatal_error "No ${term} was provided." 2

+     fi

+ }



+ check_status() {

+     action="$1"  # a string that describes the action that was attempted

+     status=$2    # the exit code of the command

+     if test $status != 0 ; then

+         fatal_error "$action failed." $status

+     fi

+ }



+ # Parse the command line.

+ keyring=

+ signature=

+ data=

+ for parameter in "$@" ; do

+     case "${parameter}" in

+         (--help)

+             print_help

+             exit

+             ;;

+         (--keyring=*)

+             keyring="${parameter#*=}"

+             ;;

+         (--signature=*)

+             signature="${parameter#*=}"

+             ;;

+         (--data=*)

+             data="${parameter#*=}"

+             ;;

+         (*)

+             fatal_error "Unknown parameter: \"${parameter}\"" 2

+             ;;

+     esac

+ done

+ require_parameter 'keyring' "${keyring}"

+ require_parameter 'signature' "${signature}"

+ require_parameter 'data file' "${data}"


+ # Make a temporary working directory.

+ workdir="$(mktemp --directory)"

+ check_status 'Making a temporary directory' $?

+ workring="${workdir}/keyring.gpg"


+ # Decode any ASCII armor on the keyring. This is harmless if the keyring isn't

+ # ASCII-armored.

+ gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"

+ check_status 'Decoding the keyring' $?


+ # Verify the signature using the decoded keyring.

+ gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"

+ check_status 'Signature verification' $?


+ # (--homedir isn't actually necessary. --dearmor processes only the input file,

+ # and if --keyring is used and contains a slash, then gpgv2 uses only that

+ # keyring. Thus neither command will look for a default keyring, but --homedir

+ # makes extra double sure that no default keyring will be touched in case

+ # another version of GPG works differently.)


+ # Clean up. (This is not done in case of an error that may need inspection.)

+ rm --recursive --force ${workdir}

file modified
+1 -1

@@ -1,3 +1,3 @@ 

  # Miscellaneous Fedora-related RPM macros.


- # Currently there is nothing here.

+ %gpgverify %{_rpmconfigdir}/gpgverify

This adds a shellscript named gpgverify, and an RPM macro with the same name. The script is easier for packagers to use than invoking gpgv directly, in that it handles ASCII-armored keyrings transparently, and it needs no special parameters to prevent it from using a default keyring.

The macro abstracts away the pathname of the script. It also provides a point where the verification can be conditionalized on some other RPM macro, should that become necessary.

I'm flexible about the license. I usually put a simple permissive license on small programs like this, but GPL would also be fine if anyone wants that.

I would prefer if we put this into redhat-rpm-config

redhat-rpm-config is a bootstrap package, we don't want a gnupg(2) dependency there.

redhat-rpm-config is a bootstrap package, we don't want a gnupg(2) dependency there.

Then I suppose a GnuPG dependency in fedora-rpm-macros is also problematic, as redhat-rpm-config depends on it? Can you suggest a suitable package that is always present in ordinary buildroots and on packagers' workstations, but is less critical during bootstrapping?

I think pulling gpg into the default buildroot just isn't a good idea. Personally I'd treat this the same way as %autosetup -S: you must manually add the appropriate dependency if you need it. Make the script fail intelligently when gpg isn't available. This (and the %autosetup case as well) could be solved by the automatic build dependency generation thing that's under discussion elsewhere.

Additionally, this PR is kind of pointless as the idea of a fedora-specific macro package separate from redhat-rpm-config was vetoed, and the dependency from redhat-rpm-config to fedora-rpm-macros was removed. So adding the things here simply wouldn't do much of anything. Maybe it's reasonable to reconsider that given the growing number of macro bits we're acquiring, but maybe not.

Thank you all for your feedback. I'm replacing this pull request with one for redhat-rpm-config that won't pull in GnuPG.

Pull-Request has been closed by rombobeorn

a year ago