Skip to content

Commit

Permalink
Make the signing macros parametric
Browse files Browse the repository at this point in the history
It's not any less code, but gives us much better control over how they're
called, eliminating the need for global temporary macros for passing
what really are command arguments.

No functional change, but paves way for future programmatic switches such as
perhaps binary/ascii signatures.

This is of course incompatible with folks who have their own custom
%__gpg_sign_cmd from the past, recipes for these have unfortunately
commonly floated around the internet as "necessary" for signing.
These are double-underscore macros, people messing with those had better
know what they're doing.
  • Loading branch information
pmatilai committed Nov 28, 2024
1 parent 967ab11 commit b836353
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 14 deletions.
13 changes: 6 additions & 7 deletions macros.in
Original file line number Diff line number Diff line change
Expand Up @@ -614,25 +614,24 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\
#==============================================================================
# ---- OpenPGP signature macros.
# Macro(s) to hold the arguments passed to the cmd implementing package
# signing. Expansion result is parsed by popt, so be sure to use
# signing. Input path passed as the first argument, output as second.
# Expansion result is parsed by popt, so be sure to use
# %{shescape} where needed.
#
%__gpg @__GPG@
%__gpg_sign_cmd %{shescape:%{__gpg}} \
%__gpg_sign_cmd() %{shescape:%{__gpg}} \
--no-verbose --no-armor --no-secmem-warning \
%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
%{?_gpg_sign_cmd_extra_args} \
%{?_openpgp_sign_id:-u %{shescape:%{_openpgp_sign_id}}} \
-sbo %{shescape:%{?__signature_filename}} \
%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
-sbo %{shescape:%{2}} -- %{shescape:%{1}}

%__sq @__SQ@
%__sq_sign_cmd %{shescape:%{__sq}} \
%__sq_sign_cmd() %{shescape:%{__sq}} \
sign \
%{?_openpgp_sign_id:--signer-key %{_openpgp_sign_id}} \
%{?_sq_sign_cmd_extra_args} \
--detached --output %{shescape:%{?__signature_filename}} \
%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
--detached --output %{shescape:%{2}} -- %{shescape:%{1}}

%__openpgp_sign_path %{expand:%{__%{_openpgp_sign}}}
%__openpgp_sign_cmd %{expand:%{__%{_openpgp_sign}_sign_cmd}}
Expand Down
16 changes: 9 additions & 7 deletions sign/rpmgensig.cc
Original file line number Diff line number Diff line change
Expand Up @@ -192,21 +192,23 @@ static char ** signCmd(const char *sigfile)
{
int argc = 0;
char **argv = NULL;
char *cmd = NULL;
char *name = rpmExpand("__", "%{_openpgp_sign}", "_sign_cmd", NULL);
const char * const margs[] = { "-", sigfile, NULL };

rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);

char *cmd = rpmExpand("%{?__openpgp_sign_cmd}", NULL);

rpmPopMacro(NULL, "__plaintext_filename");
rpmPopMacro(NULL, "__signature_filename");
if (rpmExpandThisMacro(NULL, name, (ARGV_const_t)margs, &cmd, 0) < 0) {
rpmlog(RPMLOG_ERR, _("Expanding signing macro %s failed\n"), name);
goto exit;
}

if (poptParseArgvString(cmd, &argc, (const char ***)&argv) < 0 || argc < 2) {
rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd);
argv = _free(argv);
}

exit:
free(cmd);
free(name);

return argv;
}
Expand Down

0 comments on commit b836353

Please sign in to comment.