Prepare to cutting out the internal OpenPGP parser for good

Push the build option into the rpmpgp_legacy directory so it doesn't show up at all unless the directory is present, and rename it to WITH_LEGACY_OPENPGP to better reflect the status: it's hardly internal if it lives in a separate repo, and it's something you should not use going forward. Add a terse README to the rpmpgp_legacy directory as the initial to-be repo description to explain the status and intentionally vague build instructions: if you don't know then you really should not. Also add a separate COPYING file there: the parser originates from rpmio/ so it falls under rpm's dual license, just simplify the text that makes no sense in the new context.
rpm-software-management · Mar 20, 2024 · ff63c82 · ff63c82
1 parent 725ca51
commit ff63c82
Show file tree

Hide file tree

Showing 6 changed files with 855 additions and 8 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -32,7 +32,6 @@ option(WITH_IMAEVM "Build with IMA support" OFF)
 option(WITH_FAPOLICYD "Build with fapolicyd support" ON)
 option(WITH_SEQUOIA "Build with Sequoia OpenPGP support" ON)
 option(WITH_OPENSSL "Use openssl instead of libgcrypt for internal crypto" OFF)
-option(WITH_INTERNAL_OPENPGP "Use internal OpenPGP parser (DEPRECATED)" OFF)
 option(WITH_READLINE "Build with readline support" ON)
 option(WITH_BZIP2 "Build with bzip2 support" ON)
 option(WITH_ICONV "Build with iconv support" ON)

diff --git a/INSTALL b/INSTALL
@@ -44,11 +44,9 @@ you can build (and install) packages normally. In this mode, libgcrypt
 is used for crypthographic hash calculations by default, but alternatively
 OpenSSL can be selected by specifying -DWITH_OPENSSL=ON.
 
-Finally, the deprecated internal OpenPGP parser can be enabled with
--DWITH_SEQUOIA=OFF -DWITH_INTERNAL_OPENPGP=ON. It uses libgcrypt/OpenSSL,
-depending on the WITH_OPENSSL option.
-The internal parser is considered insecure and it's use is strongly
-discouraged.
+Finally, it's still possible to use rpm's own legacy OpenPGP parser,
+but it is considered insecure and it's use is strongly discouraged:
+ https://github.com/rpm-software-management/rpmpgp_legacy
 
 libgcrypt library is available from https://www.gnupg.org/software/libgcrypt/
 

diff --git a/rpmio/CMakeLists.txt b/rpmio/CMakeLists.txt
@@ -13,13 +13,16 @@ target_include_directories(librpmio PRIVATE
  ${Intl_INCLUDE_DIRS}
 )
 
+if (EXISTS ${CMAKE_SOURCE_DIR}/rpmio/rpmpgp_legacy/CMakeLists.txt)
+ add_subdirectory(rpmpgp_legacy)
+endif()
+
 if (WITH_SEQUOIA)
  pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.4.0)
  target_sources(librpmio PRIVATE rpmpgp_sequoia.c)
  target_link_libraries(librpmio PRIVATE PkgConfig::RPMSEQUOIA)
 else()
- if (WITH_INTERNAL_OPENPGP)
- add_subdirectory(rpmpgp_legacy)
+ if (WITH_LEGACY_OPENPGP)
  target_link_libraries(librpmio PRIVATE rpmpgp_legacy)
  else()
  target_sources(librpmio PRIVATE rpmpgp_dummy.c)

diff --git a/rpmio/rpmpgp_legacy/CMakeLists.txt b/rpmio/rpmpgp_legacy/CMakeLists.txt
@@ -2,6 +2,8 @@
 # it can only be built as a part of rpm build tree.
 add_library(rpmpgp_legacy OBJECT)
 
+option(WITH_LEGACY_OPENPGP "Use legacy OpenPGP parser (DEPRECATED)" OFF)
+
 target_sources(rpmpgp_legacy PRIVATE
  rpmpgp_internal.h rpmpgp_internal.c
 )