From 71e88ec089152ae921918c4e579e84bbfd6ee4cb Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Thu, 28 Nov 2024 12:51:52 +0200 Subject: [PATCH] Make the signing macros parametric It's not any less code, but gives us much better control over how they're called, eliminating the need for global temporary macros for passing what really are command arguments. No functional change, but paves way for future programmatic switches such as perhaps binary/ascii signatures. This is of course incompatible with folks who have their own custom %__gpg_sign_cmd from the past, recipes for these have unfortunately commonly floated around the internet as "necessary" for signing. These are double-underscore macros, people messing with those had better know what they're doing. --- macros.in | 13 ++++++------- sign/rpmgensig.cc | 23 ++++++++++++----------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/macros.in b/macros.in index ca67b8ee8e..f38e776540 100644 --- a/macros.in +++ b/macros.in @@ -619,27 +619,26 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\ #============================================================================== # ---- OpenPGP signature macros. # Macro(s) to hold the arguments passed to the cmd implementing package -# signing. Expansion result is parsed by popt, so be sure to use +# signing. Input path passed as the first argument, output as second. +# Expansion result is parsed by popt, so be sure to use # %{shescape} where needed. # %__gpg @__GPG@ -%__gpg_sign_cmd %{shescape:%{__gpg}} \ +%__gpg_sign_cmd() %{shescape:%{__gpg}} \ --no-verbose --no-armor --no-secmem-warning \ %{?_gpg_path:--homedir %{shescape:%{_gpg_path}}} \ %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \ %{?_gpg_sign_cmd_extra_args} \ %{?_openpgp_sign_id:-u %{shescape:%{_openpgp_sign_id}}} \ - -sbo %{shescape:%{?__signature_filename}} \ - %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + -sbo %{shescape:%{2}} -- %{shescape:%{1}} %__sq @__SQ@ -%__sq_sign_cmd %{shescape:%{__sq}} \ +%__sq_sign_cmd() %{shescape:%{__sq}} \ sign \ %{?_sq_path:--homedir %{shescape:%{_sq_path}}} \ %{?_openpgp_sign_id:--signer-key %{_openpgp_sign_id}} \ %{?_sq_sign_cmd_extra_args} \ - --binary --detached --output %{shescape:%{?__signature_filename}} \ - %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + --binary --detached --output %{shescape:%{2}} -- %{shescape:%{1}} %__openpgp_sign_cmd %{expand:%{__%{_openpgp_sign}_sign_cmd}} diff --git a/sign/rpmgensig.cc b/sign/rpmgensig.cc index 5d6455cb7b..baaa4fedc4 100644 --- a/sign/rpmgensig.cc +++ b/sign/rpmgensig.cc @@ -29,6 +29,7 @@ #include "rpmlead.hh" #include "signature.hh" +#include "rpmmacro_internal.hh" #include "rpmvs.hh" #include "debug.h" @@ -192,22 +193,22 @@ static char ** signCmd(const char *sigfile) { int argc = 0; char **argv = NULL; + auto mctx = rpm::macros(); + auto [ ign, name ] = mctx.expand({"__", "%{_openpgp_sign}", "_sign_cmd"}); + const char * const margs[] = { "-", sigfile, NULL }; - rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1); - rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1); - - char *cmd = rpmExpand("%{?__openpgp_sign_cmd}", NULL); - - rpmPopMacro(NULL, "__plaintext_filename"); - rpmPopMacro(NULL, "__signature_filename"); + auto [ rc, cmd ] = mctx.expand_this(name, (ARGV_const_t)margs, 0); + if (rc) { + rpmlog(RPMLOG_ERR, _("Expanding signing macro %s failed\n"), + name.c_str()); + return NULL; + } - if (poptParseArgvString(cmd, &argc, (const char ***)&argv) < 0 || argc < 2) { - rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd); + if (poptParseArgvString(cmd.c_str(), &argc, (const char ***)&argv) < 0 || argc < 2) { + rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd.c_str()); argv = _free(argv); } - free(cmd); - return argv; }