Use gpgv for signature verification in cargo

lucab · lucab · commit 01aaeef619cc · 2012-10-14T14:52:24.000+02:00
Parsing gpg output for signature verification is not recommended, as it can break easily (and doesn't work with i18n). This patch makes use of gpgv, as suggested by gpg authors: http://lists.gnupg.org/pipermail/gnupg-users/2004-August/023141.html This closes #3762. Signed-off-by: Luca Bruno <lucab@debian.org>
diff --git a/src/cargo/cargo.rs b/src/cargo/cargo.rs
@@ -1162,20 +1162,20 @@ fn sync_one_file(c: &Cargo, dir: &Path, src: @Source) -> bool {
     }
     match (src.key, src.keyfp) {
         (Some(_), Some(f)) => {
-            let r = pgp::verify(&c.root, &pkgfile, &sigfile, f);
+            let r = pgp::verify(&c.root, &pkgfile, &sigfile);
 
             if !r {
-                error(fmt!("signature verification failed for source %s",
-                          name));
+                error(fmt!("signature verification failed for source %s with key %s",
+                          name, f));
                 return false;
             }
 
             if has_src_file {
-                let e = pgp::verify(&c.root, &srcfile, &srcsigfile, f);
+                let e = pgp::verify(&c.root, &srcfile, &srcsigfile);
 
                 if !e {
-                    error(fmt!("signature verification failed for source %s",
-                              name));
+                    error(fmt!("signature verification failed for source %s with key %s",
+                              name, f));
                     return false;
                 }
             }
@@ -1273,21 +1273,21 @@ fn sync_one_git(c: &Cargo, dir: &Path, src: @Source) -> bool {
     }
     match (src.key, src.keyfp) {
         (Some(_), Some(f)) => {
-            let r = pgp::verify(&c.root, &pkgfile, &sigfile, f);
+            let r = pgp::verify(&c.root, &pkgfile, &sigfile);
 
             if !r {
-                error(fmt!("signature verification failed for source %s",
-                          name));
+                error(fmt!("signature verification failed for source %s with key %s",
+                          name, f));
                 rollback(name, dir, false);
                 return false;
             }
 
             if has_src_file {
-                let e = pgp::verify(&c.root, &srcfile, &srcsigfile, f);
+                let e = pgp::verify(&c.root, &srcfile, &srcsigfile);
 
                 if !e {
-                    error(fmt!("signature verification failed for source %s",
-                              name));
+                    error(fmt!("signature verification failed for source %s with key %s",
+                              name, f));
                     rollback(name, dir, false);
                     return false;
                 }
@@ -1370,11 +1370,11 @@ fn sync_one_curl(c: &Cargo, dir: &Path, src: @Source) -> bool {
                 return false;
             }
 
-            let r = pgp::verify(&c.root, &pkgfile, &sigfile, f);
+            let r = pgp::verify(&c.root, &pkgfile, &sigfile);
 
             if !r {
-                error(fmt!("signature verification failed for source %s",
-                          name));
+                error(fmt!("signature verification failed for source %s with key %s",
+                          name, f));
                 return false;
             }
 
@@ -1390,11 +1390,11 @@ fn sync_one_curl(c: &Cargo, dir: &Path, src: @Source) -> bool {
                     return false;
                 }
 
-                let e = pgp::verify(&c.root, &srcfile, &srcsigfile, f);
+                let e = pgp::verify(&c.root, &srcfile, &srcsigfile);
 
                 if !e {
                     error(~"signature verification failed for " +
-                          ~"source " + name);
+                          ~"source " + name + ~" with key " + f);
                     return false;
                 }
             }
@@ -1463,8 +1463,7 @@ fn cmd_init(c: &Cargo) {
         return;
     }
 
-    let r = pgp::verify(&c.root, &srcfile, &sigfile,
-                        pgp::signing_key_fp());
+    let r = pgp::verify(&c.root, &srcfile, &sigfile);
     if !r {
         error(fmt!("signature verification failed for '%s'",
                    srcfile.to_str()));
diff --git a/src/cargo/pgp.rs b/src/cargo/pgp.rs
@@ -1,5 +1,5 @@
-fn gpg(args: ~[~str]) -> { status: int, out: ~str, err: ~str } {
-    return run::program_output(~"gpg", args);
+fn gpgv(args: ~[~str]) -> { status: int, out: ~str, err: ~str } {
+    return run::program_output(~"gpgv", args);
 }
 
 fn signing_key() -> ~str {
@@ -59,7 +59,7 @@ fn signing_key_fp() -> ~str {
 }
 
 fn supported() -> bool {
-    let r = gpg(~[~"--version"]);
+    let r = gpgv(~[~"--version"]);
     r.status == 0
 }
 
@@ -88,15 +88,14 @@ fn add(root: &Path, key: &Path) {
     }
 }
 
-fn verify(root: &Path, data: &Path, sig: &Path, keyfp: ~str) -> bool {
+fn verify(root: &Path, data: &Path, sig: &Path) -> bool {
     let path = root.push("gpg");
-    let p = gpg(~[~"--homedir", path.to_str(),
-                  ~"--with-fingerprint",
-                  ~"--verify", sig.to_str(),
-                 data.to_str()]);
-    let res = ~"Primary key fingerprint: " + keyfp;
-    for str::split_char_each(p.err, '\n') |line| {
-        if line == res { return true; }
+    let res = gpgv(~[~"--homedir", path.to_str(),
+                  ~"--keyring", ~"pubring.gpg",
+                  ~"--verbose",
+                 sig.to_str(), data.to_str()]);
+    if res.status != 0 {
+        return false;
     }
-    return false;
+    return true;
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`		`-fn gpg(args: ~[~str]) -> { status: int, out: ~str, err: ~str } {`
`2`		`- return run::program_output(~"gpg", args);`
	`1`	`+fn gpgv(args: ~[~str]) -> { status: int, out: ~str, err: ~str } {`
	`2`	`+ return run::program_output(~"gpgv", args);`
`3`	`3`	`}`
`4`	`4`
`5`	`5`	`fn signing_key() -> ~str {`
`@@ -59,7 +59,7 @@ fn signing_key_fp() -> ~str {`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`fn supported() -> bool {`
`62`		`- let r = gpg(~[~"--version"]);`
	`62`	`+ let r = gpgv(~[~"--version"]);`
`63`	`63`	`r.status == 0`
`64`	`64`	`}`
`65`	`65`
`@@ -88,15 +88,14 @@ fn add(root: &Path, key: &Path) {`
`88`	`88`	`}`
`89`	`89`	`}`
`90`	`90`
`91`		`-fn verify(root: &Path, data: &Path, sig: &Path, keyfp: ~str) -> bool {`
	`91`	`+fn verify(root: &Path, data: &Path, sig: &Path) -> bool {`
`92`	`92`	`let path = root.push("gpg");`
`93`		`- let p = gpg(~[~"--homedir", path.to_str(),`
`94`		`- ~"--with-fingerprint",`
`95`		`- ~"--verify", sig.to_str(),`
`96`		`- data.to_str()]);`
`97`		`- let res = ~"Primary key fingerprint: " + keyfp;`
`98`		`- for str::split_char_each(p.err, '\n') \|line\| {`
`99`		`- if line == res { return true; }`
	`93`	`+ let res = gpgv(~[~"--homedir", path.to_str(),`
	`94`	`+ ~"--keyring", ~"pubring.gpg",`
	`95`	`+ ~"--verbose",`
	`96`	`+ sig.to_str(), data.to_str()]);`
	`97`	`+ if res.status != 0 {`
	`98`	`+ return false;`
`100`	`99`	`}`
`101`		`- return false;`
	`100`	`+ return true;`
`102`	`101`	`}`