tools/gpgtar: Implement signing.

* tests/openpgp/gpgtar.test: Test signing.
* tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the
appropriate gpg arguments to implement signing and selecting the local
user.
* tools/gpgtar.c (parse_options): We do handle '--local-user' now.
(main): Handle signing, encrypting, and doing both when creating an
archive.
* tools/gpgtar.h (gpgtar_create): Update prototype.

Signed-off-by: Justus Winter <justus@g10code.com>

tests/openpgp/gpgtar.test

@@ -25,35 +25,65 @@ TESTFILES="$plain_files $data_files"
 TESTDIR=gpgtar.d
 FILELIST="${TESTDIR}/filelist"
 GPG=../../g10/gpg2
-GPGARGS="--trust-model=always"
+GPGARGS="$opt_always --no-permission-warning"
 
 GPGTAR="../../tools/gpgtar"
 GPGZIP="sh ../../tools/gpg-zip"
 
-for TOOL in "$GPGTAR" "$GPGZIP"
+# Create, inspect, and extract an archive with the given options.
-do
+#
+# $1 the tool to test
+# $2 options used to create the archive
+# $3 options used to inspect the archive
+# $4 options used to extract the archive
+do_test()
+{
+  (
+    TOOL="$1"
+    CREATE_FLAGS="$2"
+    INSPECT_FLAGS="$3"
+    EXTRACT_FLAGS="$4"
+
     rm -rf -- "${TESTDIR}"
     mkdir "${TESTDIR}"
 
-    $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \
+    $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $CREATE_FLAGS \
-          --encrypt --recipient "$usrname2" \
 	  --output "${TESTDIR}/test.tar.pgp" $TESTFILES
 
-    $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \
+    $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $INSPECT_FLAGS \
-          --list-archive "${TESTDIR}/test.tar.pgp" \
+          "${TESTDIR}/test.tar.pgp" \
           >"$FILELIST"
     for F in $TESTFILES
     do
 	grep -qe "\\b${F}\\b" "$FILELIST"
     done
 
-    $TOOL --gpg "$GPG"  --gpg-args "$GPGARGS" \
+    $TOOL --gpg "$GPG"  --gpg-args "$GPGARGS" $EXTRACT_FLAGS \
           --tar-args --directory="${TESTDIR}" \
-          --decrypt "${TESTDIR}/test.tar.pgp"
+          "${TESTDIR}/test.tar.pgp"
     for F in $TESTFILES
     do
 	diff -q "$F" "${TESTDIR}/$F"
     done
+  )
+}
+
+for TOOL in "$GPGTAR" "$GPGZIP"
+do
+    do_test "$TOOL" \
+	    "--encrypt --recipient $usrname2" \
+	    "--list-archive" \
+	    "--decrypt"
+
+    do_test "$TOOL" \
+	    "--encrypt --recipient $usrname2 --sign --local-user $usrname3" \
+	    "--list-archive" \
+	    "--decrypt"
+
+    do_test "$TOOL" \
+	    "--sign --local-user $usrname3" \
+	    "--list-archive" \
+	    "--decrypt"
 done
 
 # Success!

tools/gpgtar-create.c

@@ -741,7 +741,7 @@ write_eof_mark (estream_t stream)
    INPATTERN is NULL take the pattern as null terminated strings from
    stdin.  */
 gpg_error_t
-gpgtar_create (char **inpattern, int encrypt)
+gpgtar_create (char **inpattern, int encrypt, int sign)
 {
   gpg_error_t err = 0;
   struct scanctrl_s scanctrl_buffer;
@@ -865,7 +865,7 @@ gpgtar_create (char **inpattern, int encrypt)
   if (outstream == es_stdout)
     es_set_binary (es_stdout);
 
-  if (encrypt)
+  if (encrypt || sign)
     {
       cipher_stream = outstream;
       outstream = es_fopenmem (0, "rwb");
@@ -886,7 +886,7 @@ gpgtar_create (char **inpattern, int encrypt)
   if (err)
     goto leave;
 
-  if (encrypt)
+  if (encrypt || sign)
     {
       int i;
       strlist_t arg;
@@ -898,7 +898,7 @@ gpgtar_create (char **inpattern, int encrypt)
 
       argv = xtrycalloc (strlist_length (opt.gpg_arguments)
                          + 2 * strlist_length (opt.recipients)
-                         + 2,
+                         + 1 + !!encrypt + !!sign + 2 * !!opt.user,
                          sizeof *argv);
       if (argv == NULL)
         {
@@ -906,7 +906,15 @@ gpgtar_create (char **inpattern, int encrypt)
           goto leave;
         }
       i = 0;
-      argv[i++] = "--encrypt";
+      if (encrypt)
+        argv[i++] = "--encrypt";
+      if (sign)
+        argv[i++] = "--sign";
+      if (opt.user)
+        {
+          argv[i++] = "--local-user";
+          argv[i++] = opt.user;
+        }
       for (arg = opt.recipients; arg; arg = arg->next)
         {
           argv[i++] = "--recipient";
@@ -917,7 +925,7 @@ gpgtar_create (char **inpattern, int encrypt)
       argv[i++] = NULL;
       assert (i == strlist_length (opt.gpg_arguments)
               + 2 * strlist_length (opt.recipients)
-              + 2);
+              + 1 + !!encrypt + !!sign + 2 * !!opt.user);
 
       err = sh_exec_tool_stream (opt.gpg_program, argv,
                                  outstream, cipher_stream);

tools/gpgtar.c

@@ -318,7 +318,6 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
           break;
 
         case oUser:
-          log_info ("note: ignoring option --user\n");
           opt.user = pargs->r.ret_str;
           break;
 
@@ -452,12 +451,17 @@ main (int argc, char **argv)
       break;
 
     case aEncrypt:
+    case aSign:
+    case aSignEncrypt:
       if ((!argc && !null_names)
           || (argc && null_names))
         usage (1);
       if (opt.filename)
         log_info ("note: ignoring option --set-filename\n");
-      err = gpgtar_create (null_names? NULL :argv, !skip_crypto);
+      err = gpgtar_create (null_names? NULL :argv,
+                           !skip_crypto
+                           && (cmd == aEncrypt || cmd == aSignEncrypt),
+                           cmd == aSign || cmd == aSignEncrypt);
       if (err && log_get_errorcount (0) == 0)
         log_error ("creating archive failed: %s\n", gpg_strerror (err));
       break;

tools/gpgtar.h

@@ -119,7 +119,7 @@ gpg_error_t read_record (estream_t stream, void *record);
 gpg_error_t write_record (estream_t stream, const void *record);
 
 /*-- gpgtar-create.c --*/
-gpg_error_t gpgtar_create (char **inpattern, int encrypt);
+gpg_error_t gpgtar_create (char **inpattern, int encrypt, int sign);
 
 /*-- gpgtar-extract.c --*/
 gpg_error_t gpgtar_extract (const char *filename, int decrypt);