tools/gpgtar: Implement signing.

* tests/openpgp/gpgtar.test: Test signing. * tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the appropriate gpg arguments to implement signing and selecting the local user. * tools/gpgtar.c (parse_options): We do handle '--local-user' now. (main): Handle signing, encrypting, and doing both when creating an archive. * tools/gpgtar.h (gpgtar_create): Update prototype. Signed-off-by: Justus Winter <justus@g10code.com>
2025-01-03 12:11:33 +01:00 · 2015-11-30 18:39:00 +01:00 · 2015-11-30 18:39:00 +01:00 · 45c814f348
commit 45c814f348
parent 0c0dafd8e8
4 changed files with 60 additions and 18 deletions
--- a/tests/openpgp/gpgtar.test
+++ b/tests/openpgp/gpgtar.test
@ -25,35 +25,65 @@ TESTFILES="$plain_files $data_files"
 TESTDIR=gpgtar.d
 FILELIST="${TESTDIR}/filelist"
 GPG=../../g10/gpg2
-GPGARGS="--trust-model=always"
+GPGARGS="$opt_always --no-permission-warning"

 GPGTAR="../../tools/gpgtar"
 GPGZIP="sh ../../tools/gpg-zip"

-for TOOL in "$GPGTAR" "$GPGZIP"
-do
+# Create, inspect, and extract an archive with the given options.
+#
+# $1 the tool to test
+# $2 options used to create the archive
+# $3 options used to inspect the archive
+# $4 options used to extract the archive
+do_test()
+{
+  (
+    TOOL="$1"
+    CREATE_FLAGS="$2"
+    INSPECT_FLAGS="$3"
+    EXTRACT_FLAGS="$4"
+
    rm -rf -- "${TESTDIR}"
    mkdir "${TESTDIR}"

-    $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \
-          --encrypt --recipient "$usrname2" \
+    $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $CREATE_FLAGS \
 	  --output "${TESTDIR}/test.tar.pgp" $TESTFILES

-    $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \
-          --list-archive "${TESTDIR}/test.tar.pgp" \
+    $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $INSPECT_FLAGS \
+          "${TESTDIR}/test.tar.pgp" \
          >"$FILELIST"
    for F in $TESTFILES
    do
 	grep -qe "\\b${F}\\b" "$FILELIST"
    done

-    $TOOL --gpg "$GPG"  --gpg-args "$GPGARGS" \
+    $TOOL --gpg "$GPG"  --gpg-args "$GPGARGS" $EXTRACT_FLAGS \
          --tar-args --directory="${TESTDIR}" \
-          --decrypt "${TESTDIR}/test.tar.pgp"
+          "${TESTDIR}/test.tar.pgp"
    for F in $TESTFILES
    do
 	diff -q "$F" "${TESTDIR}/$F"
    done
+  )
+}
+
+for TOOL in "$GPGTAR" "$GPGZIP"
+do
+    do_test "$TOOL" \
+	    "--encrypt --recipient $usrname2" \
+	    "--list-archive" \
+	    "--decrypt"
+
+    do_test "$TOOL" \
+	    "--encrypt --recipient $usrname2 --sign --local-user $usrname3" \
+	    "--list-archive" \
+	    "--decrypt"
+
+    do_test "$TOOL" \
+	    "--sign --local-user $usrname3" \
+	    "--list-archive" \
+	    "--decrypt"
 done

 # Success!
--- a/tools/gpgtar-create.c
+++ b/tools/gpgtar-create.c
@ -741,7 +741,7 @@ write_eof_mark (estream_t stream)
   INPATTERN is NULL take the pattern as null terminated strings from
   stdin.  */
 gpg_error_t
-gpgtar_create (char **inpattern, int encrypt)
+gpgtar_create (char **inpattern, int encrypt, int sign)
 {
  gpg_error_t err = 0;
  struct scanctrl_s scanctrl_buffer;
@ -865,7 +865,7 @@ gpgtar_create (char **inpattern, int encrypt)
  if (outstream == es_stdout)
    es_set_binary (es_stdout);

-  if (encrypt)
+  if (encrypt || sign)
    {
      cipher_stream = outstream;
      outstream = es_fopenmem (0, "rwb");
@ -886,7 +886,7 @@ gpgtar_create (char **inpattern, int encrypt)
  if (err)
    goto leave;

-  if (encrypt)
+  if (encrypt || sign)
    {
      int i;
      strlist_t arg;
@ -898,7 +898,7 @@ gpgtar_create (char **inpattern, int encrypt)

      argv = xtrycalloc (strlist_length (opt.gpg_arguments)
                         + 2 * strlist_length (opt.recipients)
-                         + 2,
+                         + 1 + !!encrypt + !!sign + 2 * !!opt.user,
                         sizeof *argv);
      if (argv == NULL)
        {
@ -906,7 +906,15 @@ gpgtar_create (char **inpattern, int encrypt)
          goto leave;
        }
      i = 0;
+      if (encrypt)
        argv[i++] = "--encrypt";
+      if (sign)
+        argv[i++] = "--sign";
+      if (opt.user)
+        {
+          argv[i++] = "--local-user";
+          argv[i++] = opt.user;
+        }
      for (arg = opt.recipients; arg; arg = arg->next)
        {
          argv[i++] = "--recipient";
@ -917,7 +925,7 @@ gpgtar_create (char **inpattern, int encrypt)
      argv[i++] = NULL;
      assert (i == strlist_length (opt.gpg_arguments)
              + 2 * strlist_length (opt.recipients)
-              + 2);
+              + 1 + !!encrypt + !!sign + 2 * !!opt.user);

      err = sh_exec_tool_stream (opt.gpg_program, argv,
                                 outstream, cipher_stream);
--- a/tools/gpgtar.c
+++ b/tools/gpgtar.c
@ -318,7 +318,6 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
          break;

        case oUser:
-          log_info ("note: ignoring option --user\n");
          opt.user = pargs->r.ret_str;
          break;

@ -452,12 +451,17 @@ main (int argc, char **argv)
      break;

    case aEncrypt:
+    case aSign:
+    case aSignEncrypt:
      if ((!argc && !null_names)
          || (argc && null_names))
        usage (1);
      if (opt.filename)
        log_info ("note: ignoring option --set-filename\n");
-      err = gpgtar_create (null_names? NULL :argv, !skip_crypto);
+      err = gpgtar_create (null_names? NULL :argv,
+                           !skip_crypto
+                           && (cmd == aEncrypt || cmd == aSignEncrypt),
+                           cmd == aSign || cmd == aSignEncrypt);
      if (err && log_get_errorcount (0) == 0)
        log_error ("creating archive failed: %s\n", gpg_strerror (err));
      break;
--- a/tools/gpgtar.h
+++ b/tools/gpgtar.h
@ -119,7 +119,7 @@ gpg_error_t read_record (estream_t stream, void *record);
 gpg_error_t write_record (estream_t stream, const void *record);

 /*-- gpgtar-create.c --*/
-gpg_error_t gpgtar_create (char **inpattern, int encrypt);
+gpg_error_t gpgtar_create (char **inpattern, int encrypt, int sign);

 /*-- gpgtar-extract.c --*/
 gpg_error_t gpgtar_extract (const char *filename, int decrypt);