| File: | Dpkg/OpenPGP/Backend/Sequoia.pm |
| Coverage: | 81.2% |
| line | stmt | bran | cond | sub | pod | time | code |
|---|---|---|---|---|---|---|---|
| 1 | # Copyright © 2021-2022 Guillem Jover <guillem@debian.org> | ||||||
| 2 | # | ||||||
| 3 | # This program is free software; you can redistribute it and/or modify | ||||||
| 4 | # it under the terms of the GNU General Public License as published by | ||||||
| 5 | # the Free Software Foundation; either version 2 of the License, or | ||||||
| 6 | # (at your option) any later version. | ||||||
| 7 | # | ||||||
| 8 | # This program is distributed in the hope that it will be useful, | ||||||
| 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
| 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||||
| 11 | # GNU General Public License for more details. | ||||||
| 12 | # | ||||||
| 13 | # You should have received a copy of the GNU General Public License | ||||||
| 14 | # along with this program. If not, see <https://www.gnu.org/licenses/>. | ||||||
| 15 | |||||||
| 16 | =encoding utf8 | ||||||
| 17 | |||||||
| 18 - 29 | =head1 NAME Dpkg::OpenPGP::Backend::Sequoia - OpenPGP backend for Sequoia =head1 DESCRIPTION This module provides a class that implements the OpenPGP backend for Sequoia-PGP. B<Note>: This is a private module, its API can change at any time. =cut | ||||||
| 30 | |||||||
| 31 | package Dpkg::OpenPGP::Backend::Sequoia 0.01; | ||||||
| 32 | |||||||
| 33 | 69 69 69 | 368 161 2392 | use strict; | ||||
| 34 | 69 69 69 | 253 184 4393 | use warnings; | ||||
| 35 | |||||||
| 36 | 69 69 69 | 230 138 575 | use POSIX qw(:sys_wait_h); | ||||
| 37 | |||||||
| 38 | 69 69 69 | 13271 69 4876 | use Dpkg::ErrorHandling; | ||||
| 39 | 69 69 69 | 253 46 2369 | use Dpkg::IPC; | ||||
| 40 | 69 69 69 | 299 230 5428 | use Dpkg::OpenPGP::ErrorCodes; | ||||
| 41 | |||||||
| 42 | 69 69 69 | 299 138 621 | use parent qw(Dpkg::OpenPGP::Backend); | ||||
| 43 | |||||||
| 44 | sub DEFAULT_CMD { | ||||||
| 45 | 69 | 0 | 161 | return [ qw(sq) ]; | |||
| 46 | } | ||||||
| 47 | |||||||
| 48 | sub _sq_exec | ||||||
| 49 | { | ||||||
| 50 | 594 | 1559 | my ($self, @exec) = @_; | ||||
| 51 | |||||||
| 52 | 594 | 641 | my ($stdout, $stderr); | ||||
| 53 | 594 | 3312 | spawn(exec => [ $self->{cmd}, @exec ], | ||||
| 54 | wait_child => 1, nocheck => 1, timeout => 10, | ||||||
| 55 | to_string => \$stdout, error_to_string => \$stderr); | ||||||
| 56 | 561 | 6438 | if (WIFEXITED($?)) { | ||||
| 57 | 561 | 1092 | my $status = WEXITSTATUS($?); | ||||
| 58 | 561 0 | 1435 0 | print { *STDERR } "$stdout$stderr" if $status; | ||||
| 59 | 561 | 2959 | return $status; | ||||
| 60 | } else { | ||||||
| 61 | 0 | 0 | subprocerr("$self->{cmd} @exec"); | ||||
| 62 | } | ||||||
| 63 | } | ||||||
| 64 | |||||||
| 65 | sub armor | ||||||
| 66 | { | ||||||
| 67 | 189 | 0 | 424 | my ($self, $type, $in, $out) = @_; | |||
| 68 | |||||||
| 69 | 189 | 634 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 70 | |||||||
| 71 | # We ignore the $type, and let "sq" handle this automatically. | ||||||
| 72 | 189 | 637 | my $rc = $self->_sq_exec(qw(toolbox armor --output), $out, $in); | ||||
| 73 | 180 | 554 | return OPENPGP_BAD_DATA if $rc; | ||||
| 74 | 180 | 3148 | return OPENPGP_OK; | ||||
| 75 | } | ||||||
| 76 | |||||||
| 77 | sub dearmor | ||||||
| 78 | { | ||||||
| 79 | 126 | 0 | 225 | my ($self, $type, $in, $out) = @_; | |||
| 80 | |||||||
| 81 | 126 | 523 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 82 | |||||||
| 83 | # We ignore the $type, and let "sq" handle this automatically. | ||||||
| 84 | 126 | 366 | my $rc = $self->_sq_exec(qw(toolbox dearmor --output), $out, $in); | ||||
| 85 | 120 | 288 | return OPENPGP_BAD_DATA if $rc; | ||||
| 86 | 120 | 2592 | return OPENPGP_OK; | ||||
| 87 | } | ||||||
| 88 | |||||||
| 89 | sub inline_verify | ||||||
| 90 | { | ||||||
| 91 | 144 | 0 | 415 | my ($self, $inlinesigned, $data, @certs) = @_; | |||
| 92 | |||||||
| 93 | 144 | 547 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 94 | |||||||
| 95 | 144 | 247 | my @opts; | ||||
| 96 | 144 144 | 361 761 | push @opts, map { ('--signer-file', $_) } @certs; | ||||
| 97 | 144 | 276 | push @opts, '--output', $data if defined $data; | ||||
| 98 | |||||||
| 99 | 144 | 524 | my $rc = $self->_sq_exec(qw(verify), @opts, $inlinesigned); | ||||
| 100 | 135 | 578 | return OPENPGP_NO_SIG if $rc; | ||||
| 101 | 135 | 2809 | return OPENPGP_OK; | ||||
| 102 | } | ||||||
| 103 | |||||||
| 104 | sub verify | ||||||
| 105 | { | ||||||
| 106 | 93 | 0 | 267 | my ($self, $data, $sig, @certs) = @_; | |||
| 107 | |||||||
| 108 | 93 | 361 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 109 | |||||||
| 110 | 93 | 189 | my @opts; | ||||
| 111 | 93 93 | 235 328 | push @opts, map { ('--signer-file', $_) } @certs; | ||||
| 112 | 93 | 142 | push @opts, '--detached', $sig; | ||||
| 113 | |||||||
| 114 | 93 | 329 | my $rc = $self->_sq_exec(qw(verify), @opts, $data); | ||||
| 115 | 87 | 325 | return OPENPGP_NO_SIG if $rc; | ||||
| 116 | 87 | 1469 | return OPENPGP_OK; | ||||
| 117 | } | ||||||
| 118 | |||||||
| 119 | sub inline_sign | ||||||
| 120 | { | ||||||
| 121 | 42 | 0 | 140 | my ($self, $data, $inlinesigned, $key) = @_; | |||
| 122 | |||||||
| 123 | 42 | 140 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 124 | 42 | 112 | return OPENPGP_NEEDS_KEYSTORE if $key->needs_keystore(); | ||||
| 125 | |||||||
| 126 | 42 | 126 | my @opts; | ||||
| 127 | 42 | 84 | push @opts, '--cleartext-signature'; | ||||
| 128 | 42 | 70 | push @opts, '--signer-file', $key->handle; | ||||
| 129 | 42 | 42 | push @opts, '--output', $inlinesigned; | ||||
| 130 | |||||||
| 131 | 42 | 98 | my $rc = $self->_sq_exec('sign', @opts, $data); | ||||
| 132 | 39 | 273 | return OPENPGP_KEY_CANNOT_SIGN if $rc; | ||||
| 133 | 39 | 754 | return OPENPGP_OK; | ||||
| 134 | } | ||||||
| 135 | |||||||
| 136 - 142 | =head1 CHANGES =head2 Version 0.xx This is a private module. =cut | ||||||
| 143 | |||||||
| 144 | 1; | ||||||