File: | Dpkg/OpenPGP/Backend/SOP.pm |
Coverage: | 83.8% |
line | stmt | bran | cond | sub | pod | time | code |
---|---|---|---|---|---|---|---|
1 | # Copyright © 2021-2022 Guillem Jover <guillem@debian.org> | ||||||
2 | # | ||||||
3 | # This program is free software; you can redistribute it and/or modify | ||||||
4 | # it under the terms of the GNU General Public License as published by | ||||||
5 | # the Free Software Foundation; either version 2 of the License, or | ||||||
6 | # (at your option) any later version. | ||||||
7 | # | ||||||
8 | # This program is distributed in the hope that it will be useful, | ||||||
9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||||
11 | # GNU General Public License for more details. | ||||||
12 | # | ||||||
13 | # You should have received a copy of the GNU General Public License | ||||||
14 | # along with this program. If not, see <https://www.gnu.org/licenses/>. | ||||||
15 | |||||||
16 | package Dpkg::OpenPGP::Backend::SOP; | ||||||
17 | |||||||
18 | 44 44 44 | 91 41 528 | use strict; | ||||
19 | 44 44 44 | 44 3 1147 | use warnings; | ||||
20 | |||||||
21 | our $VERSION = '0.01'; | ||||||
22 | |||||||
23 | 44 44 44 | 88 3 91 | use POSIX qw(:sys_wait_h); | ||||
24 | |||||||
25 | 44 44 44 | 3136 44 1188 | use Dpkg::ErrorHandling; | ||||
26 | 44 44 44 | 85 3 792 | use Dpkg::IPC; | ||||
27 | 44 44 44 | 85 44 1165 | use Dpkg::OpenPGP::ErrorCodes; | ||||
28 | |||||||
29 | 44 44 44 | 88 41 47 | use parent qw(Dpkg::OpenPGP::Backend); | ||||
30 | |||||||
31 | # - Once "sqop" fixes armor idempotency, add as alternative. | ||||||
32 | # Ref: https://gitlab.com/sequoia-pgp/sequoia-sop/-/issues/20 | ||||||
33 | # - Once "gosop" implements inline-verify and inline-sign, add as alternative. | ||||||
34 | # Ref: https://github.com/ProtonMail/gosop/issues/6 | ||||||
35 | # - Once "hop" implements the new SOP draft, add as alternative. | ||||||
36 | # Ref: https://salsa.debian.org/clint/hopenpgp-tools/-/issues/4 | ||||||
37 | # - Once the SOP MR !23 is finalized and merged, implement a way to select | ||||||
38 | # whether the SOP instance supports the expected draft. | ||||||
39 | # Ref: https://gitlab.com/dkg/openpgp-stateless-cli/-/merge_requests/23 | ||||||
40 | # - Once the SOP issue #42 is resolved we can perhaps remove the alternative | ||||||
41 | # dependencies and commands to check? | ||||||
42 | # Ref: https://gitlab.com/dkg/openpgp-stateless-cli/-/issues/42 | ||||||
43 | |||||||
44 | sub DEFAULT_CMD { | ||||||
45 | 56 | 0 | 71 | return [ qw(pgpainless-cli) ]; | |||
46 | } | ||||||
47 | |||||||
48 | sub _sop_exec | ||||||
49 | { | ||||||
50 | 478 | 2137 | my ($self, $io, @exec) = @_; | ||||
51 | |||||||
52 | 478 | 1659 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
53 | |||||||
54 | 478 | 3397 | $io->{out} //= '/dev/null'; | ||||
55 | 478 | 723 | my $stderr; | ||||
56 | spawn(exec => [ $self->{cmd}, @exec ], | ||||||
57 | wait_child => 1, nocheck => 1, timeout => 10, | ||||||
58 | from_file => $io->{in}, to_file => $io->{out}, | ||||||
59 | 478 | 4090 | error_to_string => \$stderr); | ||||
60 | 454 | 8529 | if (WIFEXITED($?)) { | ||||
61 | 454 | 2622 | my $status = WEXITSTATUS($?); | ||||
62 | 454 0 | 2388 0 | print { *STDERR } "$stderr" if $status; | ||||
63 | 454 | 28854 | return $status; | ||||
64 | } else { | ||||||
65 | 0 | 0 | subprocerr("$self->{cmd} @exec"); | ||||
66 | } | ||||||
67 | } | ||||||
68 | |||||||
69 | sub armor | ||||||
70 | { | ||||||
71 | 152 | 0 | 596 | my ($self, $type, $in, $out) = @_; | |||
72 | |||||||
73 | # We ignore the $type, and let "sop" handle this automatically. | ||||||
74 | 152 | 1613 | return $self->_sop_exec({ in => $in, out => $out }, 'armor'); | ||||
75 | } | ||||||
76 | |||||||
77 | sub dearmor | ||||||
78 | { | ||||||
79 | 98 | 0 | 106 | my ($self, $type, $in, $out) = @_; | |||
80 | |||||||
81 | # We ignore the $type, and let "sop" handle this automatically. | ||||||
82 | 98 | 362 | return $self->_sop_exec({ in => $in, out => $out }, 'dearmor'); | ||||
83 | } | ||||||
84 | |||||||
85 | sub inline_verify | ||||||
86 | { | ||||||
87 | 117 | 0 | 1087 | my ($self, $inlinesigned, $data, @certs) = @_; | |||
88 | |||||||
89 | 117 | 877 | return $self->_sop_exec({ in => $inlinesigned, out => $data }, | ||||
90 | 'inline-verify', @certs); | ||||||
91 | } | ||||||
92 | |||||||
93 | sub verify | ||||||
94 | { | ||||||
95 | 76 | 0 | 233 | my ($self, $data, $sig, @certs) = @_; | |||
96 | |||||||
97 | 76 | 175 | return $self->_sop_exec({ in => $data }, 'verify', $sig, @certs); | ||||
98 | } | ||||||
99 | |||||||
100 | sub inline_sign | ||||||
101 | { | ||||||
102 | 35 | 0 | 70 | my ($self, $data, $inlinesigned, $key) = @_; | |||
103 | |||||||
104 | 35 | 35 | return OPENPGP_NEEDS_KEYSTORE if $key->needs_keystore(); | ||||
105 | |||||||
106 | 35 | 588 | return $self->_sop_exec({ in => $data, out => $inlinesigned }, | ||||
107 | qw(inline-sign --as clearsigned --), $key->handle); | ||||||
108 | } | ||||||
109 | |||||||
110 | 1; |