Skip to content

Commit

Permalink
Make the signing macros parametric
Browse files Browse the repository at this point in the history
It's not any less code, but gives us much better control over how they're
called, eliminating the need for global temporary macros for passing
what really are command arguments.

No functional change, but paves way for future programmatic switches such as
perhaps binary/ascii signatures.

This is of course incompatible with folks who have their own custom
%__gpg_sign_cmd from the past, recipes for these have unfortunately
commonly floated around the internet as "necessary" for signing.
These are double-underscore macros, people messing with those had better
know what they're doing.
  • Loading branch information
pmatilai committed Nov 28, 2024
1 parent 6838482 commit 6db4c9c
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 18 deletions.
13 changes: 6 additions & 7 deletions macros.in
Original file line number Diff line number Diff line change
Expand Up @@ -614,25 +614,24 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\
#==============================================================================
# ---- OpenPGP signature macros.
# Macro(s) to hold the arguments passed to the cmd implementing package
# signing. Expansion result is parsed by popt, so be sure to use
# signing. Input path passed as the first argument, output as second.
# Expansion result is parsed by popt, so be sure to use
# %{shescape} where needed.
#
%__gpg @__GPG@
%__gpg_sign_cmd %{shescape:%{__gpg}} \
%__gpg_sign_cmd() %{shescape:%{__gpg}} \
--no-verbose --no-armor --no-secmem-warning \
%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
%{?_gpg_sign_cmd_extra_args} \
%{?_openpgp_sign_id:-u %{shescape:%{_openpgp_sign_id}}} \
-sbo %{shescape:%{?__signature_filename}} \
%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
-sbo %{shescape:%{2}} -- %{shescape:%{1}}

%__sq @__SQ@
%__sq_sign_cmd %{shescape:%{__sq}} \
%__sq_sign_cmd() %{shescape:%{__sq}} \
sign \
%{?_openpgp_sign_id:--signer-key %{_openpgp_sign_id}} \
%{?_sq_sign_cmd_extra_args} \
--detached --output %{shescape:%{?__signature_filename}} \
%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
--detached --output %{shescape:%{2}} -- %{shescape:%{1}}

%__openpgp_sign_path %{expand:%{__%{_openpgp_sign}}}
%__openpgp_sign_cmd %{expand:%{__%{_openpgp_sign}_sign_cmd}}
Expand Down
23 changes: 12 additions & 11 deletions sign/rpmgensig.cc
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@

#include "rpmlead.hh"
#include "signature.hh"
#include "rpmmacro_internal.hh"
#include "rpmvs.hh"

#include "debug.h"
Expand Down Expand Up @@ -192,22 +193,22 @@ static char ** signCmd(const char *sigfile)
{
int argc = 0;
char **argv = NULL;
auto mctx = rpm::macros();
auto [ ign, name ] = mctx.expand({"__", "%{_openpgp_sign}", "_sign_cmd"});
const char * const margs[] = { "-", sigfile, NULL };

rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);

char *cmd = rpmExpand("%{?__openpgp_sign_cmd}", NULL);

rpmPopMacro(NULL, "__plaintext_filename");
rpmPopMacro(NULL, "__signature_filename");
auto [ rc, cmd ] = mctx.expand_this(name, (ARGV_const_t)margs, 0);
if (rc) {
rpmlog(RPMLOG_ERR, _("Expanding signing macro %s failed\n"),
name.c_str());
return NULL;
}

if (poptParseArgvString(cmd, &argc, (const char ***)&argv) < 0 || argc < 2) {
rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd);
if (poptParseArgvString(cmd.c_str(), &argc, (const char ***)&argv) < 0 || argc < 2) {
rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd.c_str());
argv = _free(argv);
}

free(cmd);

return argv;
}

Expand Down

0 comments on commit 6db4c9c

Please sign in to comment.