File Coverage

File:Dpkg/OpenPGP/Backend/SOP.pm
Coverage:83.8%

linestmtbrancondsubpodtimecode
1# Copyright © 2021-2022 Guillem Jover <guillem@debian.org>
2#
3# This program is free software; you can redistribute it and/or modify
4# it under the terms of the GNU General Public License as published by
5# the Free Software Foundation; either version 2 of the License, or
6# (at your option) any later version.
7#
8# This program is distributed in the hope that it will be useful,
9# but WITHOUT ANY WARRANTY; without even the implied warranty of
10# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11# GNU General Public License for more details.
12#
13# You should have received a copy of the GNU General Public License
14# along with this program.  If not, see <https://www.gnu.org/licenses/>.
15
16package Dpkg::OpenPGP::Backend::SOP;
17
18
44
44
44
44
91
41
528
use strict;
19
44
44
44
44
44
3
1147
use warnings;
20
21our $VERSION = '0.01';
22
23
44
44
44
44
88
3
91
use POSIX qw(:sys_wait_h);
24
25
44
44
44
44
3136
44
1188
use Dpkg::ErrorHandling;
26
44
44
44
44
85
3
792
use Dpkg::IPC;
27
44
44
44
44
85
44
1165
use Dpkg::OpenPGP::ErrorCodes;
28
29
44
44
44
44
88
41
47
use parent qw(Dpkg::OpenPGP::Backend);
30
31# - Once "sqop" fixes armor idempotency, add as alternative.
32#   Ref: https://gitlab.com/sequoia-pgp/sequoia-sop/-/issues/20
33# - Once "gosop" implements inline-verify and inline-sign, add as alternative.
34#   Ref: https://github.com/ProtonMail/gosop/issues/6
35# - Once "hop" implements the new SOP draft, add as alternative.
36#   Ref: https://salsa.debian.org/clint/hopenpgp-tools/-/issues/4
37# - Once the SOP MR !23 is finalized and merged, implement a way to select
38#   whether the SOP instance supports the expected draft.
39#   Ref: https://gitlab.com/dkg/openpgp-stateless-cli/-/merge_requests/23
40# - Once the SOP issue #42 is resolved we can perhaps remove the alternative
41#   dependencies and commands to check?
42#   Ref: https://gitlab.com/dkg/openpgp-stateless-cli/-/issues/42
43
44sub DEFAULT_CMD {
45
56
56
0
71
    return [ qw(pgpainless-cli) ];
46}
47
48sub _sop_exec
49{
50
478
478
2137
    my ($self, $io, @exec) = @_;
51
52
478
50
1659
    return OPENPGP_MISSING_CMD unless $self->{cmd};
53
54
478
100
3397
    $io->{out} //= '/dev/null';
55
478
723
    my $stderr;
56    spawn(exec => [ $self->{cmd}, @exec ],
57          wait_child => 1, nocheck => 1, timeout => 10,
58          from_file => $io->{in}, to_file => $io->{out},
59
478
4090
          error_to_string => \$stderr);
60
454
50
8529
    if (WIFEXITED($?)) {
61
454
2622
        my $status = WEXITSTATUS($?);
62
454
0
50
2388
0
        print { *STDERR } "$stderr" if $status;
63
454
28854
        return $status;
64    } else {
65
0
0
        subprocerr("$self->{cmd} @exec");
66    }
67}
68
69sub armor
70{
71
152
152
0
596
    my ($self, $type, $in, $out) = @_;
72
73    # We ignore the $type, and let "sop" handle this automatically.
74
152
1613
    return $self->_sop_exec({ in => $in, out => $out }, 'armor');
75}
76
77sub dearmor
78{
79
98
98
0
106
    my ($self, $type, $in, $out) = @_;
80
81    # We ignore the $type, and let "sop" handle this automatically.
82
98
362
    return $self->_sop_exec({ in => $in, out => $out }, 'dearmor');
83}
84
85sub inline_verify
86{
87
117
117
0
1087
    my ($self, $inlinesigned, $data, @certs) = @_;
88
89
117
877
    return $self->_sop_exec({ in => $inlinesigned, out => $data },
90                            'inline-verify', @certs);
91}
92
93sub verify
94{
95
76
76
0
233
    my ($self, $data, $sig, @certs) = @_;
96
97
76
175
    return $self->_sop_exec({ in => $data }, 'verify', $sig, @certs);
98}
99
100sub inline_sign
101{
102
35
35
0
70
    my ($self, $data, $inlinesigned, $key) = @_;
103
104
35
50
35
    return OPENPGP_NEEDS_KEYSTORE if $key->needs_keystore();
105
106
35
588
    return $self->_sop_exec({ in => $data, out => $inlinesigned },
107                            qw(inline-sign --as clearsigned --), $key->handle);
108}
109
1101;