Add a Sequoia-based OpenPGP backend

This change adds support for using Sequoia as an alternative to the internal OpenPGP backend. To use this backend, it is necessary to have the rpm-sequoia library installed. https://gitlab.com/sequoia-pgp/rpm-sequoia Fixes #1978. (Backport db36ea8.)
rpm-software-management · Aug 17, 2022 · 26876ae · 26876ae
1 parent 317da93
commit 26876ae
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 11 deletions.
diff --git a/INSTALL b/INSTALL
@@ -22,10 +22,13 @@ The libmagic (aka file) library for file type detection (used by rpmbuild).
 The source for the file utility + library is available from
     ftp://ftp.astron.com/pub/file/
 
-You will need a cryptographic library to support digests and signatures.
-This library may be libgcrypt or OpenSSL, and can be specified with the
---with-crypto=[libgcrypt|openssl] argument to configure.
-libgcrypt is the default.
+You will need a cryptographic library to support digests and
+signatures.  This library may be libgcrypt, OpenSSL, or Sequoia PGP,
+and can be specified with the --with-crypto=[libgcrypt|openssl|sequoia]
+argument to configure.  libgcrypt is the default.
+
+Sequoia is used via the rpm-sequoia library, which is available from
+https://gitlab.com/sequoia-pgp/rpm-sequoia
 
 libgcrypt library is available from https://www.gnupg.org/software/libgcrypt/
 

diff --git a/configure.ac b/configure.ac
@@ -269,7 +269,7 @@ AM_CONDITIONAL(LIBELF,[test "$WITH_LIBELF" = yes])
 # Select crypto library
 AC_ARG_WITH(crypto,
             [AS_HELP_STRING([--with-crypto=CRYPTO_LIB],
-                            [The cryptographic library to use (openssl|libgcrypt). The default is libgcrypt.])
+                            [The cryptographic library to use (openssl|libgcrypt|sequoia). The default is libgcrypt.])
                             ],[],
                             [with_crypto=libgcrypt])
 
@@ -379,6 +379,24 @@ AM_CONDITIONAL([WITH_LIBGCRYPT],[test "$with_crypto" = libgcrypt])
 AC_SUBST(WITH_LIBGCRYPT_INCLUDE)
 AC_SUBST(WITH_LIBGCRYPT_LIB)
 
+#=================
+# Check for the rpm-sequoia backend.
+WITH_RPM_SEQUOIA_INCLUDE=
+WITH_RPM_SEQUOIA_LIB=
+if test "$with_crypto" = sequoia ; then
+  PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia], [have_rpm_sequoia=yes], [have_rpm_sequoia=no])
+  if test "$have_rpm_sequoia" = "yes"; then
+     WITH_RPM_SEQUOIA_INCLUDE="$RPM_SEQUOIA_CFLAGS"
+     WITH_RPM_SEQUOIA_LIB="$RPM_SEQUOIA_LIBS"
+  else
+     AC_MSG_ERROR([librpm-sequoia not found])
+  fi
+fi
+
+AM_CONDITIONAL([WITH_RPM_SEQUOIA],[test "$with_crypto" = sequoia])
+AC_SUBST(WITH_RPM_SEQUOIA_INCLUDE)
+AC_SUBST(WITH_RPM_SEQUOIA_LIB)
+
 #=================
 # Check for magic library.
 WITH_MAGIC_INCLUDE=

diff --git a/rpm.pc.in b/rpm.pc.in
@@ -12,5 +12,5 @@ Requires: popt
 Requires.private: @ZSTD_REQUIRES@
 # Conflicts:
 Cflags: -I${includedir}
-Libs: -L${libdir} -lrpm -lrpmio
+Libs: -L${libdir} -lrpm -lrpmio @WITH_RPM_SEQUOIA_LIB@
 Libs.private: -lpopt -lrt -lpthread @WITH_LZMA_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ @LUA_LIBS@
diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am
@@ -8,6 +8,7 @@ EXTRA_DIST = modemuncher.c
 AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/include/
 AM_CPPFLAGS += @WITH_OPENSSL_INCLUDE@
 AM_CPPFLAGS += @WITH_LIBGCRYPT_INCLUDE@
+AM_CPPFLAGS += @WITH_RPM_SEQUOIA_INCLUDE@
 AM_CPPFLAGS += @WITH_POPT_INCLUDE@
 AM_CPPFLAGS += $(ZSTD_CFLAGS)
 AM_CPPFLAGS += @LUA_CFLAGS@
@@ -24,14 +25,13 @@ librpmio_la_SOURCES = \
 	rpmio_internal.h rpmhook.h rpmvercmp.c rpmver.c \
 	rpmstring.c rpmfileutil.c rpmglob.c \
 	rpmkeyring.c rpmstrpool.c rpmmacro_internal.h \
-	rpmlua.c rpmlua.h lposix.c lposix.h \
-	rpmpgp_internal.c rpmpgp_internal.h
+	rpmlua.c rpmlua.h lposix.c lposix.h
 
 if WITH_OPENSSL
-librpmio_la_SOURCES += digest_openssl.c
+librpmio_la_SOURCES += digest_openssl.c rpmpgp_internal.c rpmpgp_internal.h
 else
 if WITH_LIBGCRYPT
-librpmio_la_SOURCES += digest_libgcrypt.c
+librpmio_la_SOURCES += digest_libgcrypt.c rpmpgp_internal.c rpmpgp_internal.h
 endif
 endif
 
@@ -40,6 +40,7 @@ librpmio_la_LIBADD = \
 	../misc/libmisc.la \
 	@WITH_OPENSSL_LIB@ \
 	@WITH_LIBGCRYPT_LIB@ \
+	@WITH_RPM_SEQUOIA_LIB@ \
 	@WITH_BZ2_LIB@ \
 	@WITH_ZLIB_LIB@ \
 	@WITH_POPT_LIB@ \

diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -12,7 +12,8 @@ EXTRA_DIST += local.at $(TESTSUITE)
 
 AM_CPPFLAGS = -I$(top_srcdir)/include
 
-rpmpgpcheck_LDADD = ../rpmio/librpmio.la
+rpmpgpcheck_LDADD = ../rpmio/librpmio.la \
+	@WITH_RPM_SEQUOIA_LIB@
 
 ## testsuite components
 TESTSUITE_AT = rpmtests.at