Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 1 | # |
| 2 | # SPDX-License-Identifier: GPL-2.0-only |
| 3 | # |
| 4 | |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 5 | """Helper module for GPG signing""" |
| 6 | import os |
| 7 | |
| 8 | import bb |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 9 | import subprocess |
| 10 | import shlex |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 11 | |
| 12 | class LocalSigner(object): |
| 13 | """Class for handling local (on the build host) signing""" |
| 14 | def __init__(self, d): |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 15 | self.gpg_bin = d.getVar('GPG_BIN') or \ |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 16 | bb.utils.which(os.getenv('PATH'), 'gpg') |
Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 17 | self.gpg_cmd = [self.gpg_bin] |
Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 18 | self.gpg_agent_bin = bb.utils.which(os.getenv('PATH'), "gpg-agent") |
Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 19 | # Without this we see "Cannot allocate memory" errors when running processes in parallel |
| 20 | # It needs to be set for any gpg command since any agent launched can stick around in memory |
| 21 | # and this parameter must be set. |
| 22 | if self.gpg_agent_bin: |
| 23 | self.gpg_cmd += ["--agent-program=%s|--auto-expand-secmem" % (self.gpg_agent_bin)] |
| 24 | self.gpg_path = d.getVar('GPG_PATH') |
| 25 | self.rpm_bin = bb.utils.which(os.getenv('PATH'), "rpmsign") |
| 26 | self.gpg_version = self.get_gpg_version() |
| 27 | |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 28 | |
| 29 | def export_pubkey(self, output_file, keyid, armor=True): |
| 30 | """Export GPG public key to a file""" |
Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 31 | cmd = self.gpg_cmd + ["--no-permission-warning", "--batch", "--yes", "--export", "-o", output_file] |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 32 | if self.gpg_path: |
Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 33 | cmd += ["--homedir", self.gpg_path] |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 34 | if armor: |
Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 35 | cmd += ["--armor"] |
| 36 | cmd += [keyid] |
| 37 | subprocess.check_output(cmd, stderr=subprocess.STDOUT) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 38 | |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 39 | def sign_rpms(self, files, keyid, passphrase, digest, sign_chunk, fsk=None, fsk_password=None): |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 40 | """Sign RPM files""" |
| 41 | |
| 42 | cmd = self.rpm_bin + " --addsign --define '_gpg_name %s' " % keyid |
Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 43 | gpg_args = '--no-permission-warning --batch --passphrase=%s --agent-program=%s|--auto-expand-secmem' % (passphrase, self.gpg_agent_bin) |
Brad Bishop | 37a0e4d | 2017-12-04 01:01:44 -0500 | [diff] [blame] | 44 | if self.gpg_version > (2,1,): |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 45 | gpg_args += ' --pinentry-mode=loopback' |
| 46 | cmd += "--define '_gpg_sign_cmd_extra_args %s' " % gpg_args |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 47 | cmd += "--define '_binary_filedigest_algorithm %s' " % digest |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 48 | if self.gpg_bin: |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 49 | cmd += "--define '__gpg %s' " % self.gpg_bin |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 50 | if self.gpg_path: |
| 51 | cmd += "--define '_gpg_path %s' " % self.gpg_path |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 52 | if fsk: |
| 53 | cmd += "--signfiles --fskpath %s " % fsk |
| 54 | if fsk_password: |
| 55 | cmd += "--define '_file_signing_key_password %s' " % fsk_password |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 56 | |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 57 | # Sign in chunks |
| 58 | for i in range(0, len(files), sign_chunk): |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 59 | subprocess.check_output(shlex.split(cmd + ' '.join(files[i:i+sign_chunk])), stderr=subprocess.STDOUT) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 60 | |
| 61 | def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True): |
| 62 | """Create a detached signature of a file""" |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 63 | |
| 64 | if passphrase_file and passphrase: |
| 65 | raise Exception("You should use either passphrase_file of passphrase, not both") |
| 66 | |
Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 67 | cmd = self.gpg_cmd + ['--detach-sign', '--no-permission-warning', '--batch', |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 68 | '--no-tty', '--yes', '--passphrase-fd', '0', '-u', keyid] |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 69 | |
| 70 | if self.gpg_path: |
| 71 | cmd += ['--homedir', self.gpg_path] |
| 72 | if armor: |
| 73 | cmd += ['--armor'] |
| 74 | |
| 75 | #gpg > 2.1 supports password pipes only through the loopback interface |
| 76 | #gpg < 2.1 errors out if given unknown parameters |
Brad Bishop | 37a0e4d | 2017-12-04 01:01:44 -0500 | [diff] [blame] | 77 | if self.gpg_version > (2,1,): |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 78 | cmd += ['--pinentry-mode', 'loopback'] |
| 79 | |
| 80 | cmd += [input_file] |
| 81 | |
| 82 | try: |
| 83 | if passphrase_file: |
| 84 | with open(passphrase_file) as fobj: |
| 85 | passphrase = fobj.readline(); |
| 86 | |
| 87 | job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 88 | (_, stderr) = job.communicate(passphrase.encode("utf-8")) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 89 | |
| 90 | if job.returncode: |
Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 91 | bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8"))) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 92 | |
| 93 | except IOError as e: |
| 94 | bb.error("IO error (%s): %s" % (e.errno, e.strerror)) |
| 95 | raise Exception("Failed to sign '%s'" % input_file) |
| 96 | |
| 97 | except OSError as e: |
| 98 | bb.error("OS error (%s): %s" % (e.errno, e.strerror)) |
| 99 | raise Exception("Failed to sign '%s" % input_file) |
| 100 | |
| 101 | |
| 102 | def get_gpg_version(self): |
Brad Bishop | 37a0e4d | 2017-12-04 01:01:44 -0500 | [diff] [blame] | 103 | """Return the gpg version as a tuple of ints""" |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 104 | try: |
Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 105 | cmd = self.gpg_cmd + ["--version", "--no-permission-warning"] |
| 106 | ver_str = subprocess.check_output(cmd).split()[2].decode("utf-8") |
Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 107 | return tuple([int(i) for i in ver_str.split("-")[0].split('.')]) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 108 | except subprocess.CalledProcessError as e: |
Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 109 | bb.fatal("Could not get gpg version: %s" % e) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 110 | |
| 111 | |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 112 | def verify(self, sig_file, valid_sigs = ''): |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 113 | """Verify signature""" |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 114 | cmd = self.gpg_cmd + ["--verify", "--no-permission-warning", "--status-fd", "1"] |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 115 | if self.gpg_path: |
Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 116 | cmd += ["--homedir", self.gpg_path] |
| 117 | |
| 118 | cmd += [sig_file] |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 119 | status = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
| 120 | # Valid if any key matches if unspecified |
| 121 | if not valid_sigs: |
| 122 | ret = False if status.returncode else True |
| 123 | return ret |
| 124 | |
| 125 | import re |
| 126 | goodsigs = [] |
| 127 | sigre = re.compile(r'^\[GNUPG:\] GOODSIG (\S+)\s(.*)$') |
| 128 | for l in status.stdout.decode("utf-8").splitlines(): |
| 129 | s = sigre.match(l) |
| 130 | if s: |
| 131 | goodsigs += [s.group(1)] |
| 132 | |
| 133 | for sig in valid_sigs.split(): |
| 134 | if sig in goodsigs: |
| 135 | return True |
| 136 | if len(goodsigs): |
| 137 | bb.warn('No accepted signatures found. Good signatures found: %s.' % ' '.join(goodsigs)) |
| 138 | return False |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 139 | |
| 140 | |
| 141 | def get_signer(d, backend): |
| 142 | """Get signer object for the specified backend""" |
| 143 | # Use local signing by default |
| 144 | if backend == 'local': |
| 145 | return LocalSigner(d) |
| 146 | else: |
| 147 | bb.fatal("Unsupported signing backend '%s'" % backend) |