From b8363536ef08a4d3df9f482707504d41dc6e9ef1 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Thu, 28 Nov 2024 12:51:52 +0200 Subject: [PATCH] Make the signing macros parametric It's not any less code, but gives us much better control over how they're called, eliminating the need for global temporary macros for passing what really are command arguments. No functional change, but paves way for future programmatic switches such as perhaps binary/ascii signatures. This is of course incompatible with folks who have their own custom %__gpg_sign_cmd from the past, recipes for these have unfortunately commonly floated around the internet as "necessary" for signing. These are double-underscore macros, people messing with those had better know what they're doing. --- macros.in | 13 ++++++------- sign/rpmgensig.cc | 16 +++++++++------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/macros.in b/macros.in index db5617d032..33335d5b01 100644 --- a/macros.in +++ b/macros.in @@ -614,25 +614,24 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\ #============================================================================== # ---- OpenPGP signature macros. # Macro(s) to hold the arguments passed to the cmd implementing package -# signing. Expansion result is parsed by popt, so be sure to use +# signing. Input path passed as the first argument, output as second. +# Expansion result is parsed by popt, so be sure to use # %{shescape} where needed. # %__gpg @__GPG@ -%__gpg_sign_cmd %{shescape:%{__gpg}} \ +%__gpg_sign_cmd() %{shescape:%{__gpg}} \ --no-verbose --no-armor --no-secmem-warning \ %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \ %{?_gpg_sign_cmd_extra_args} \ %{?_openpgp_sign_id:-u %{shescape:%{_openpgp_sign_id}}} \ - -sbo %{shescape:%{?__signature_filename}} \ - %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + -sbo %{shescape:%{2}} -- %{shescape:%{1}} %__sq @__SQ@ -%__sq_sign_cmd %{shescape:%{__sq}} \ +%__sq_sign_cmd() %{shescape:%{__sq}} \ sign \ %{?_openpgp_sign_id:--signer-key %{_openpgp_sign_id}} \ %{?_sq_sign_cmd_extra_args} \ - --detached --output %{shescape:%{?__signature_filename}} \ - %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + --detached --output %{shescape:%{2}} -- %{shescape:%{1}} %__openpgp_sign_path %{expand:%{__%{_openpgp_sign}}} %__openpgp_sign_cmd %{expand:%{__%{_openpgp_sign}_sign_cmd}} diff --git a/sign/rpmgensig.cc b/sign/rpmgensig.cc index ad3cf38234..221ac52951 100644 --- a/sign/rpmgensig.cc +++ b/sign/rpmgensig.cc @@ -192,21 +192,23 @@ static char ** signCmd(const char *sigfile) { int argc = 0; char **argv = NULL; + char *cmd = NULL; + char *name = rpmExpand("__", "%{_openpgp_sign}", "_sign_cmd", NULL); + const char * const margs[] = { "-", sigfile, NULL }; - rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1); - rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1); - - char *cmd = rpmExpand("%{?__openpgp_sign_cmd}", NULL); - - rpmPopMacro(NULL, "__plaintext_filename"); - rpmPopMacro(NULL, "__signature_filename"); + if (rpmExpandThisMacro(NULL, name, (ARGV_const_t)margs, &cmd, 0) < 0) { + rpmlog(RPMLOG_ERR, _("Expanding signing macro %s failed\n"), name); + goto exit; + } if (poptParseArgvString(cmd, &argc, (const char ***)&argv) < 0 || argc < 2) { rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd); argv = _free(argv); } +exit: free(cmd); + free(name); return argv; }