summaryrefslogtreecommitdiffstats
path: root/scripts/Dpkg/OpenPGP
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-07 13:30:08 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-07 13:30:08 +0000
commit44cf9c6d2d274eac37502e835155f7e985f1b8e6 (patch)
tree9576ba968924c5b9a55ba9e14f4f26184c62c7d4 /scripts/Dpkg/OpenPGP
parentAdding upstream version 1.22.6. (diff)
downloaddpkg-44cf9c6d2d274eac37502e835155f7e985f1b8e6.tar.xz
dpkg-44cf9c6d2d274eac37502e835155f7e985f1b8e6.zip
Adding upstream version 1.22.7.upstream/1.22.7
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--scripts/Dpkg/OpenPGP/Backend/GnuPG.pm14
-rw-r--r--scripts/Dpkg/OpenPGP/ErrorCodes.pm19
2 files changed, 31 insertions, 2 deletions
diff --git a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm
index 6c834be..43ac1e2 100644
--- a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm
+++ b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm
@@ -34,7 +34,9 @@ use strict;
use warnings;
use POSIX qw(:sys_wait_h);
+use File::Basename;
use File::Temp;
+use File::Copy;
use MIME::Base64;
use Dpkg::ErrorHandling;
@@ -296,6 +298,18 @@ sub inline_sign {
return OPENPGP_MISSING_CMD if ! $self->has_backend_cmd();
+ my $file = basename($data);
+ my $signdir = File::Temp->newdir('dpkg-sign.XXXXXXXX', TMPDIR => 1);
+ my $signfile = "$signdir/$file";
+
+ # Make sure the file to sign ends with a newline, as GnuPG does not adhere
+ # to the OpenPGP specification (see <https://dev.gnupg.org/T7106>).
+ copy($data, $signfile);
+ open my $signfh, '>>', $signfile
+ or syserr(g_('cannot open %s'), $signfile);
+ print { $signfh } "\n";
+ close $signfh or syserr(g_('cannot close %s'), $signfile);
+
my @exec = ($self->{cmd});
push @exec, _gpg_options_weak_digests();
push @exec, qw(--utf8-strings --textmode --armor);
diff --git a/scripts/Dpkg/OpenPGP/ErrorCodes.pm b/scripts/Dpkg/OpenPGP/ErrorCodes.pm
index 0db59aa..3a67dd8 100644
--- a/scripts/Dpkg/OpenPGP/ErrorCodes.pm
+++ b/scripts/Dpkg/OpenPGP/ErrorCodes.pm
@@ -1,4 +1,4 @@
-# Copyright © 2022 Guillem Jover <guillem@debian.org>
+# Copyright © 2022-2024 Guillem Jover <guillem@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -44,7 +44,12 @@ our @EXPORT = qw(
OPENPGP_MISSING_INPUT
OPENPGP_KEY_IS_PROTECTED
OPENPGP_UNSUPPORTED_SUBCMD
+ OPENPGP_UNSUPPORTED_SPECIAL_PREFIX
+ OPENPGP_AMBIGUOUS_INPUT
OPENPGP_KEY_CANNOT_SIGN
+ OPENPGP_INCOMPATIBLE_OPTIONS
+ OPENPGP_NO_HW_KEY_FOUND
+ OPENPGP_HW_KEY_FAILURE
OPENPGP_MISSING_CMD
OPENPGP_NEEDS_KEYSTORE
@@ -58,7 +63,7 @@ use Exporter qw(import);
use Dpkg::Gettext;
# Error codes based on
-# https://ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-04.html#section-6
+# https://ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-10.html#section-7
#
# Local error codes use a negative number, as that should not conflict with
# the SOP exit codes.
@@ -74,7 +79,12 @@ use constant {
OPENPGP_MISSING_INPUT => 61,
OPENPGP_KEY_IS_PROTECTED => 67,
OPENPGP_UNSUPPORTED_SUBCMD => 69,
+ OPENPGP_UNSUPPORTED_SPECIAL_PREFIX => 71,
+ OPENPGP_AMBIGUOUS_INPUT => 73,
OPENPGP_KEY_CANNOT_SIGN => 79,
+ OPENPGP_INCOMPATIBLE_OPTIONS => 83,
+ OPENPGP_NO_HW_KEY_FOUND => 97,
+ OPENPGP_HW_KEY_FAILURE => 101,
OPENPGP_MISSING_CMD => -1,
OPENPGP_NEEDS_KEYSTORE => -2,
@@ -92,7 +102,12 @@ my %code2error = (
OPENPGP_MISSING_INPUT() => N_('input file does not exist'),
OPENPGP_KEY_IS_PROTECTED() => N_('cannot unlock password-protected key'),
OPENPGP_UNSUPPORTED_SUBCMD() => N_('unsupported subcommand'),
+ OPENPGP_UNSUPPORTED_SPECIAL_PREFIX() => N_('unknown special designator in indirect parameter'),
+ OPENPGP_AMBIGUOUS_INPUT() => N_('special designator in indirect parameter is an existing file'),
OPENPGP_KEY_CANNOT_SIGN() => N_('key is not signature-capable'),
+ OPENPGP_INCOMPATIBLE_OPTIONS() => N_('mutually exclusive options'),
+ OPENPGP_NO_HW_KEY_FOUND() => N_('cannot identify hardware device for hardware-backed secret keys'),
+ OPENPGP_HW_KEY_FAILURE() => N_('cannot perform operation on hardware-backed secret key'),
OPENPGP_MISSING_CMD() => N_('missing OpenPGP implementation'),
OPENPGP_NEEDS_KEYSTORE() => N_('specified key needs a keystore'),