PGP: Implement OpenPGP using librpm API

It implements the original librepo OpenPGP API using librpm API instead of GpgMe. It implements its own keyring for public keys. Each key with its subkeys is stored in its own file. The original GpgMe based implementation was moved to the "gpg_gpgme.c" file. So it is still present and can be activated by the USE_GPGME option in "CMakeList.txt". This commit will leave the original GpgMe implementation enabled by default in CMakeList.txt. In the .spec file it switches to the librpm API for Fedora >= 39. Requirement: A new rpm library is needed that supports OpenPGP ASCII Armored signature parsing. Tested with sequoia based rpm OpenPGP backend. Missing (requires support in the rpm library): - Setting the `can_sign` property. It now always returns TRUE. - Fingerprint for subkeys. An empty string is now returned. - Return all user IDs. Now only one returns Notes: In the Python tests, pgp tests that should succeed were disabled. This is because librepo lacks a Python API for working with OpenGPG keys. The Python tests manipulate the keyring directly using GpgMe. Of course, this only works if the librepo library uses the original GpgMe backend.
rpm-software-management · Aug 14, 2023 · bc32add · bc32add
1 parent 1a0a5fd
commit bc32add
Show file tree

Hide file tree

Showing 10 changed files with 1,206 additions and 514 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -5,6 +5,7 @@ OPTION (ENABLE_TESTS "Build test?" ON)
 OPTION (ENABLE_DOCS "Build docs?" ON)
 OPTION (WITH_ZCHUNK "Build with zchunk support" ON)
 OPTION (ENABLE_PYTHON "Build Python bindings" ON)
+OPTION (USE_GPGME "Use GpgMe (instead of rpm library) for OpenPGP key support" ON)
 
 INCLUDE (${CMAKE_SOURCE_DIR}/VERSION.cmake)
 SET (VERSION "${LIBREPO_MAJOR}.${LIBREPO_MINOR}.${LIBREPO_PATCH}")
@@ -32,8 +33,12 @@ PKG_CHECK_MODULES(GLIB2 glib-2.0>=2.66 gio-2.0 REQUIRED)
 PKG_SEARCH_MODULE(LIBCRYPTO REQUIRED libcrypto openssl)
 PKG_CHECK_MODULES(LIBXML2 libxml-2.0 REQUIRED)
 FIND_PACKAGE(CURL 7.52.0 REQUIRED)
-FIND_PACKAGE(Gpgme REQUIRED)
 
+IF (USE_GPGME)
+    FIND_PACKAGE(Gpgme REQUIRED)
+ELSE (USE_GPGME)
+    PKG_CHECK_MODULES(RPM REQUIRED rpm>=4.18.0)
+ENDIF (USE_GPGME)
 
 IF (WITH_ZCHUNK)
 PKG_CHECK_MODULES(ZCHUNKLIB zck>=0.9.11 REQUIRED)

diff --git a/librepo.spec b/librepo.spec
@@ -8,6 +8,12 @@
 %bcond_without zchunk
 %endif
 
+%if 0%{?fedora} >= 39
+%bcond_with use_gpgme
+%else
+%bcond_without use_gpgme
+%endif
+
 %global dnf_conflict 2.8.8
 
 Name:           librepo
@@ -24,7 +30,11 @@ BuildRequires:  gcc
 BuildRequires:  check-devel
 BuildRequires:  doxygen
 BuildRequires:  pkgconfig(glib-2.0) >= 2.66
+%if %{with use_gpgme}
 BuildRequires:  gpgme-devel
+%else
+BuildRequires:  pkgconfig(rpm) >= 4.18.0
+%endif
 BuildRequires:  libattr-devel
 BuildRequires:  libcurl-devel >= %{libcurl_version}
 BuildRequires:  pkgconfig(libxml-2.0)
@@ -66,7 +76,9 @@ Python 3 bindings for the librepo library.
 %autosetup -p1
 
 %build
-%cmake %{!?with_zchunk:-DWITH_ZCHUNK=OFF}
+%cmake \
+    -DWITH_ZCHUNK=%{?with_zchunk:ON}%{!?with_zchunk:OFF} \
+    -DUSE_GPGME=%{?with_use_gpgme:ON}%{!?with_use_gpgme:OFF}
 %cmake_build
 
 %check

diff --git a/librepo/CMakeLists.txt b/librepo/CMakeLists.txt
@@ -1,4 +1,4 @@
-SET (librepo_SRCS
+LIST(APPEND librepo_SRCS
      checksum.c
      downloader.c
      downloadtarget.c
@@ -20,7 +20,13 @@ SET (librepo_SRCS
      xmlparser.c
      yum.c)
 
-SET(librepo_HEADERS
+IF(USE_GPGME)
+    LIST(APPEND librepo_SRCS gpg_gpgme.c)
+ELSE(USE_GPGME)
+    LIST(APPEND librepo_SRCS gpg_rpm.c)
+ENDIF(USE_GPGME)
+
+LIST(APPEND librepo_HEADERS
     checksum.h
     fastestmirror.h
     gpg.h
@@ -44,10 +50,11 @@ SET(librepo_HEADERS
     downloader.h
     downloadtarget.h)
 
-SET(librepo_internal_HEADERS
+LIST(APPEND librepo_internal_HEADERS
     downloader_internal.h
     downloadtarget_internal.h
     fastestmirror_internal.h
+    gpg_internal.h
     handle_internal.h
     repoconf_internal.h
     result_internal.h
@@ -60,9 +67,14 @@ TARGET_LINK_LIBRARIES(librepo
                         ${LIBXML2_LIBRARIES}
                         ${CURL_LIBRARY}
                         ${LIBCRYPTO_LIBRARIES}
-                        ${GPGME_VANILLA_LIBRARIES}
                         ${GLIB2_LIBRARIES}
                      )
+IF (USE_GPGME)
+    TARGET_LINK_LIBRARIES(librepo ${GPGME_VANILLA_LIBRARIES})
+ELSE(USE_GPGME)
+    TARGET_LINK_LIBRARIES(librepo ${RPM_LIBRARIES})
+ENDIF (USE_GPGME)
+
 IF (WITH_ZCHUNK)
     TARGET_LINK_LIBRARIES(librepo ${ZCHUNKLIB_LIBRARIES})
 ENDIF (WITH_ZCHUNK)