From 6db4c9c449a5270fc55d1012e3e65a66d8622ee6 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Thu, 28 Nov 2024 12:51:52 +0200 Subject: [PATCH] Make the signing macros parametric It's not any less code, but gives us much better control over how they're called, eliminating the need for global temporary macros for passing what really are command arguments. No functional change, but paves way for future programmatic switches such as perhaps binary/ascii signatures. This is of course incompatible with folks who have their own custom %__gpg_sign_cmd from the past, recipes for these have unfortunately commonly floated around the internet as "necessary" for signing. These are double-underscore macros, people messing with those had better know what they're doing. --- macros.in | 13 ++++++------- sign/rpmgensig.cc | 23 ++++++++++++----------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/macros.in b/macros.in index db5617d032..33335d5b01 100644 --- a/macros.in +++ b/macros.in @@ -614,25 +614,24 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\ #============================================================================== # ---- OpenPGP signature macros. # Macro(s) to hold the arguments passed to the cmd implementing package -# signing. Expansion result is parsed by popt, so be sure to use +# signing. Input path passed as the first argument, output as second. +# Expansion result is parsed by popt, so be sure to use # %{shescape} where needed. # %__gpg @__GPG@ -%__gpg_sign_cmd %{shescape:%{__gpg}} \ +%__gpg_sign_cmd() %{shescape:%{__gpg}} \ --no-verbose --no-armor --no-secmem-warning \ %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \ %{?_gpg_sign_cmd_extra_args} \ %{?_openpgp_sign_id:-u %{shescape:%{_openpgp_sign_id}}} \ - -sbo %{shescape:%{?__signature_filename}} \ - %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + -sbo %{shescape:%{2}} -- %{shescape:%{1}} %__sq @__SQ@ -%__sq_sign_cmd %{shescape:%{__sq}} \ +%__sq_sign_cmd() %{shescape:%{__sq}} \ sign \ %{?_openpgp_sign_id:--signer-key %{_openpgp_sign_id}} \ %{?_sq_sign_cmd_extra_args} \ - --detached --output %{shescape:%{?__signature_filename}} \ - %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + --detached --output %{shescape:%{2}} -- %{shescape:%{1}} %__openpgp_sign_path %{expand:%{__%{_openpgp_sign}}} %__openpgp_sign_cmd %{expand:%{__%{_openpgp_sign}_sign_cmd}} diff --git a/sign/rpmgensig.cc b/sign/rpmgensig.cc index ad3cf38234..bb66af9755 100644 --- a/sign/rpmgensig.cc +++ b/sign/rpmgensig.cc @@ -29,6 +29,7 @@ #include "rpmlead.hh" #include "signature.hh" +#include "rpmmacro_internal.hh" #include "rpmvs.hh" #include "debug.h" @@ -192,22 +193,22 @@ static char ** signCmd(const char *sigfile) { int argc = 0; char **argv = NULL; + auto mctx = rpm::macros(); + auto [ ign, name ] = mctx.expand({"__", "%{_openpgp_sign}", "_sign_cmd"}); + const char * const margs[] = { "-", sigfile, NULL }; - rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1); - rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1); - - char *cmd = rpmExpand("%{?__openpgp_sign_cmd}", NULL); - - rpmPopMacro(NULL, "__plaintext_filename"); - rpmPopMacro(NULL, "__signature_filename"); + auto [ rc, cmd ] = mctx.expand_this(name, (ARGV_const_t)margs, 0); + if (rc) { + rpmlog(RPMLOG_ERR, _("Expanding signing macro %s failed\n"), + name.c_str()); + return NULL; + } - if (poptParseArgvString(cmd, &argc, (const char ***)&argv) < 0 || argc < 2) { - rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd); + if (poptParseArgvString(cmd.c_str(), &argc, (const char ***)&argv) < 0 || argc < 2) { + rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd.c_str()); argv = _free(argv); } - free(cmd); - return argv; }