| File: | Dpkg/OpenPGP/Backend/Sequoia.pm |
| Coverage: | 81.2% |
| line | stmt | bran | cond | sub | pod | time | code |
|---|---|---|---|---|---|---|---|
| 1 | # Copyright © 2021-2022 Guillem Jover <guillem@debian.org> | ||||||
| 2 | # | ||||||
| 3 | # This program is free software; you can redistribute it and/or modify | ||||||
| 4 | # it under the terms of the GNU General Public License as published by | ||||||
| 5 | # the Free Software Foundation; either version 2 of the License, or | ||||||
| 6 | # (at your option) any later version. | ||||||
| 7 | # | ||||||
| 8 | # This program is distributed in the hope that it will be useful, | ||||||
| 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
| 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||||
| 11 | # GNU General Public License for more details. | ||||||
| 12 | # | ||||||
| 13 | # You should have received a copy of the GNU General Public License | ||||||
| 14 | # along with this program. If not, see <https://www.gnu.org/licenses/>. | ||||||
| 15 | |||||||
| 16 | package Dpkg::OpenPGP::Backend::Sequoia; | ||||||
| 17 | |||||||
| 18 | 23 23 23 | 69 69 460 | use strict; | ||||
| 19 | 23 23 23 | 46 0 1219 | use warnings; | ||||
| 20 | |||||||
| 21 | our $VERSION = '0.01'; | ||||||
| 22 | |||||||
| 23 | 23 23 23 | 69 0 207 | use POSIX qw(:sys_wait_h); | ||||
| 24 | |||||||
| 25 | 23 23 23 | 4209 0 1242 | use Dpkg::ErrorHandling; | ||||
| 26 | 23 23 23 | 92 23 552 | use Dpkg::IPC; | ||||
| 27 | 23 23 23 | 92 23 1012 | use Dpkg::OpenPGP::ErrorCodes; | ||||
| 28 | |||||||
| 29 | 23 23 23 | 46 0 184 | use parent qw(Dpkg::OpenPGP::Backend); | ||||
| 30 | |||||||
| 31 | sub DEFAULT_CMD { | ||||||
| 32 | 23 | 0 | 23 | return [ qw(sq) ]; | |||
| 33 | } | ||||||
| 34 | |||||||
| 35 | sub _sq_exec | ||||||
| 36 | { | ||||||
| 37 | 198 | 662 | my ($self, @exec) = @_; | ||||
| 38 | |||||||
| 39 | 198 | 227 | my ($stdout, $stderr); | ||||
| 40 | 198 | 1205 | spawn(exec => [ $self->{cmd}, @exec ], | ||||
| 41 | wait_child => 1, nocheck => 1, timeout => 10, | ||||||
| 42 | to_string => \$stdout, error_to_string => \$stderr); | ||||||
| 43 | 187 | 3547 | if (WIFEXITED($?)) { | ||||
| 44 | 187 | 603 | my $status = WEXITSTATUS($?); | ||||
| 45 | 187 0 | 712 0 | print { *STDERR } "$stdout$stderr" if $status; | ||||
| 46 | 187 | 1114 | return $status; | ||||
| 47 | } else { | ||||||
| 48 | 0 | 0 | subprocerr("$self->{cmd} @exec"); | ||||
| 49 | } | ||||||
| 50 | } | ||||||
| 51 | |||||||
| 52 | sub armor | ||||||
| 53 | { | ||||||
| 54 | 63 | 0 | 432 | my ($self, $type, $in, $out) = @_; | |||
| 55 | |||||||
| 56 | 63 | 236 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 57 | |||||||
| 58 | # We ignore the $type, and let "sq" handle this automatically. | ||||||
| 59 | 63 | 712 | my $rc = $self->_sq_exec(qw(armor --output), $out, $in); | ||||
| 60 | 60 | 584 | return OPENPGP_BAD_DATA if $rc; | ||||
| 61 | 60 | 2001 | return OPENPGP_OK; | ||||
| 62 | } | ||||||
| 63 | |||||||
| 64 | sub dearmor | ||||||
| 65 | { | ||||||
| 66 | 42 | 0 | 80 | my ($self, $type, $in, $out) = @_; | |||
| 67 | |||||||
| 68 | 42 | 99 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 69 | |||||||
| 70 | # We ignore the $type, and let "sq" handle this automatically. | ||||||
| 71 | 42 | 99 | my $rc = $self->_sq_exec(qw(dearmor --output), $out, $in); | ||||
| 72 | 40 | 124 | return OPENPGP_BAD_DATA if $rc; | ||||
| 73 | 40 | 1946 | return OPENPGP_OK; | ||||
| 74 | } | ||||||
| 75 | |||||||
| 76 | sub inline_verify | ||||||
| 77 | { | ||||||
| 78 | 48 | 0 | 168 | my ($self, $inlinesigned, $data, @certs) = @_; | |||
| 79 | |||||||
| 80 | 48 | 146 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 81 | |||||||
| 82 | 48 | 101 | my @opts; | ||||
| 83 | 48 48 | 66 225 | push @opts, map { ('--signer-cert', $_) } @certs; | ||||
| 84 | 48 | 84 | push @opts, '--output', $data if defined $data; | ||||
| 85 | |||||||
| 86 | 48 | 166 | my $rc = $self->_sq_exec(qw(verify), @opts, $inlinesigned); | ||||
| 87 | 45 | 220 | return OPENPGP_NO_SIG if $rc; | ||||
| 88 | 45 | 1070 | return OPENPGP_OK; | ||||
| 89 | } | ||||||
| 90 | |||||||
| 91 | sub verify | ||||||
| 92 | { | ||||||
| 93 | 31 | 0 | 142 | my ($self, $data, $sig, @certs) = @_; | |||
| 94 | |||||||
| 95 | 31 | 110 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 96 | |||||||
| 97 | 31 | 94 | my @opts; | ||||
| 98 | 31 31 | 62 78 | push @opts, map { ('--signer-cert', $_) } @certs; | ||||
| 99 | 31 | 31 | push @opts, '--detached', $sig; | ||||
| 100 | |||||||
| 101 | 31 | 94 | my $rc = $self->_sq_exec(qw(verify), @opts, $data); | ||||
| 102 | 29 | 119 | return OPENPGP_NO_SIG if $rc; | ||||
| 103 | 29 | 624 | return OPENPGP_OK; | ||||
| 104 | } | ||||||
| 105 | |||||||
| 106 | sub inline_sign | ||||||
| 107 | { | ||||||
| 108 | 14 | 0 | 84 | my ($self, $data, $inlinesigned, $key) = @_; | |||
| 109 | |||||||
| 110 | 14 | 56 | return OPENPGP_MISSING_CMD unless $self->{cmd}; | ||||
| 111 | 14 | 42 | return OPENPGP_NEEDS_KEYSTORE if $key->needs_keystore(); | ||||
| 112 | |||||||
| 113 | 14 | 42 | my @opts; | ||||
| 114 | 14 | 56 | push @opts, '--cleartext-signature'; | ||||
| 115 | 14 | 28 | push @opts, '--signer-key', $key->handle; | ||||
| 116 | 14 | 28 | push @opts, '--output', $inlinesigned; | ||||
| 117 | |||||||
| 118 | 14 | 56 | my $rc = $self->_sq_exec('sign', @opts, $data); | ||||
| 119 | 13 | 104 | return OPENPGP_KEY_CANNOT_SIGN if $rc; | ||||
| 120 | 13 | 299 | return OPENPGP_OK; | ||||
| 121 | } | ||||||
| 122 | |||||||
| 123 | 1; | ||||||