All of lore.kernel.org
 help / color / mirror / Atom feed
From: Robert Yang <liezhi.yang@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [PATCH 1/3] rpm: check _gpg_passphrase before ask for input
Date: Mon, 21 Mar 2016 02:25:49 -0700	[thread overview]
Message-ID: <5d8eede8b5f8fa67fc8a341abdaabfd66f0a3dd4.1458551516.git.liezhi.yang@windriver.com> (raw)
In-Reply-To: <cover.1458551516.git.liezhi.yang@windriver.com>

rpm always asked for pass phrasae when add signature, which made it
can't work non-interactively, this patch fix the problem. It will work
non-interactively if _gpg_passphrase is defined, and work as before if
not.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 ...heck-_gpg_passphrase-before-ask-for-input.patch |   70 ++++++++++++++++++++
 meta/recipes-devtools/rpm/rpm_5.4.16.bb            |    1 +
 2 files changed, 71 insertions(+)
 create mode 100644 meta/recipes-devtools/rpm/rpm/rpmqv.c-check-_gpg_passphrase-before-ask-for-input.patch

diff --git a/meta/recipes-devtools/rpm/rpm/rpmqv.c-check-_gpg_passphrase-before-ask-for-input.patch b/meta/recipes-devtools/rpm/rpm/rpmqv.c-check-_gpg_passphrase-before-ask-for-input.patch
new file mode 100644
index 0000000..c68681c
--- /dev/null
+++ b/meta/recipes-devtools/rpm/rpm/rpmqv.c-check-_gpg_passphrase-before-ask-for-input.patch
@@ -0,0 +1,70 @@
+From bb48dbc88a58bc05a43d71a3375fb05358119ec5 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Sun, 20 Mar 2016 20:20:16 -0700
+Subject: [PATCH] rpmqv.c: check _gpg_passphrase before ask for input
+
+rpm always asked for pass phrasae when add signature, which made it
+can't work non-interactively, this patch fix the problem. It will work
+non-interactively if _gpg_passphrase is defined, and work as before if
+not.
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ macros/macros.in |    7 +++++--
+ rpmqv.c          |   17 ++++++++++-------
+ 2 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/macros/macros.in b/macros/macros.in
+index 2e5b07d..01b3aad 100644
+--- a/macros/macros.in
++++ b/macros/macros.in
+@@ -520,15 +520,18 @@ $_arbitrary_tags_tests	Foo:Bar
+ #	Macro(s) to hold the arguments passed to GPG/PGP for package
+ #	signing and verification.
+ #
++
++%_gpg_passphrase_way %{?_gpg_passphrase:--passphrase "%{_gpg_passphrase}"}%{!?_gpg_passphrase:--passphrase-fd 3}
++
+ %__gpg_check_password_cmd	%{__gpg} \
+-	gpg --batch --no-verbose --passphrase-fd 3 -u "%{_gpg_name}" -so -
++	gpg --batch --no-verbose %{_gpg_passphrase_way} -u "%{_gpg_name}" -so -
+ #%__pgp_check_password_cmd	%{__pgp} \
+ #	pgp +batchmode=on +verbose=0 "%{_pgp_name}" -sf
+ #%__pgp5_check_password_cmd	%{__pgp} \
+ #	pgps +batchmode=on +verbose=0 +armor=off "%{_pgp_name}" -f
+ 
+ %__gpg_sign_cmd			%{__gpg} \
+-	gpg --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning \
++	gpg --batch --no-verbose --no-armor %{_gpg_passphrase_way}  --no-secmem-warning \
+ 	-u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}
+ #%__pgp_sign_cmd			%{__pgp} \
+ #	pgp +batchmode=on +verbose=0 +armor=off \
+diff --git a/rpmqv.c b/rpmqv.c
+index b306486..7604396 100644
+--- a/rpmqv.c
++++ b/rpmqv.c
+@@ -831,13 +831,16 @@ int main(int argc, const char ** argv)
+ #endif
+ 	    )
+ 	    {
+-		passPhrase = Getpass(_("Enter pass phrase: "));
+-		if (rpmCheckPassPhrase(passPhrase)) {
+-		    fprintf(stderr, _("Pass phrase check failed\n"));
+-		    ec = EXIT_FAILURE;
+-		    goto exit;
++		passPhrase = rpmExpand("%{?_gpg_passphrase}", NULL);
++		if (passPhrase == NULL || passPhrase[0] == '\0') {
++			passPhrase = Getpass(_("Enter pass phrase: "));
++			if (rpmCheckPassPhrase(passPhrase)) {
++			    fprintf(stderr, _("Pass phrase check failed\n"));
++			    ec = EXIT_FAILURE;
++			    goto exit;
++			}
++			fprintf(stderr, _("Pass phrase is good.\n"));
+ 		}
+-		fprintf(stderr, _("Pass phrase is good.\n"));
+ 		/* XXX Getpass() should realloc instead. */
+ 		passPhrase = xstrdup(passPhrase);
+ 	    }
diff --git a/meta/recipes-devtools/rpm/rpm_5.4.16.bb b/meta/recipes-devtools/rpm/rpm_5.4.16.bb
index eba043e..7621f8f 100644
--- a/meta/recipes-devtools/rpm/rpm_5.4.16.bb
+++ b/meta/recipes-devtools/rpm/rpm_5.4.16.bb
@@ -114,6 +114,7 @@ SRC_URI += " \
 	   file://rpm-python-AddErase.patch \
 	   file://rpm-rpmpgp-popt.patch \
 	   file://rpm-fix-lua-tests-compilation-failure.patch \
+	   file://rpmqv.c-check-_gpg_passphrase-before-ask-for-input.patch \
 "
 
 # OE specific changes
-- 
1.7.9.5



  reply	other threads:[~2016-03-21  9:25 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-21  9:25 [PATCH 0/3] gpg_sign.py: get rid of pexpect Robert Yang
2016-03-21  9:25 ` Robert Yang [this message]
2016-03-21  9:25 ` [PATCH 2/3] " Robert Yang
2016-03-21  9:25 ` [PATCH 3/3] selftest/signing.py: RPM_GPG_PASSPHRASE_FILE -> RPM_GPG_PASSPHRASE Robert Yang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5d8eede8b5f8fa67fc8a341abdaabfd66f0a3dd4.1458551516.git.liezhi.yang@windriver.com \
    --to=liezhi.yang@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.