From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Daiki Ueno Newsgroups: gmane.emacs.devel Subject: [PATCH] package.el: check tarball signature Date: Mon, 30 Sep 2013 15:48:16 -0400 Message-ID: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: ger.gmane.org 1380570509 14195 80.91.229.3 (30 Sep 2013 19:48:29 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 30 Sep 2013 19:48:29 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 30 21:48:33 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VQjSL-0003C2-9U for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 21:48:33 +0200 Original-Received: from localhost ([::1]:51368 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQjSK-00051J-KI for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 15:48:32 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41242) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQjSH-00050R-A3 for emacs-devel@gnu.org; Mon, 30 Sep 2013 15:48:30 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VQjSG-0003np-Ck for emacs-devel@gnu.org; Mon, 30 Sep 2013 15:48:29 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:43304) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQjSG-0003nh-9q for emacs-devel@gnu.org; Mon, 30 Sep 2013 15:48:28 -0400 Original-Received: from du-a.org ([2001:e41:db5e:fb14::1]:37387 helo=localhost.localdomain) by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1VQjSF-0004Ok-1T for emacs-devel@gnu.org; Mon, 30 Sep 2013 15:48:28 -0400 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163744 Archived-At: --=-=-= Content-Type: text/plain Well, I still don't understand why this is advertised as such a difficult problem, particularly why package.el would need sign operation with Emacs. Am I missing something? Perhaps it might make sense to discuss with some code. Here it is. The code verifies a detached signature NAME-VERSION.tar.sig with a trusted keyring located under ~/.emacs.d/elpa/gnupg/. That's it. For uploading packages, we could simply use the same mechanism as gnupload in Gnulib. It's actually a 10-minute work at an airport lobby and tested only with the local package archive. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=package-signature.patch === modified file 'lisp/emacs-lisp/package.el' --- lisp/emacs-lisp/package.el 2013-08-03 02:34:22 +0000 +++ lisp/emacs-lisp/package.el 2013-09-30 16:50:40 +0000 @@ -739,13 +739,44 @@ (error "Error during download request:%s" (buffer-substring-no-properties (point) (line-end-position)))))) +(declare-function epg-make-context "epg" + (&optional protocol armor textmode include-certs + cipher-algorithm + digest-algorithm + compress-algorithm)) +(declare-function epg-context-set-home-directory "epg" (context directory)) +(declare-function epg-verify-file "epg" (context signature + &optional signed-text plain)) + +(defun package--check-signature (pkg-desc) + "Check signature of a package. +GnuPG keyring is located under \"gnupg\" in `package-user-dir'." + (let* ((location (package-archive-base pkg-desc)) + (sig-file (concat (package-desc-full-name pkg-desc) + (package-desc-suffix pkg-desc) + ".sig")) + (signature (package--with-work-buffer location sig-file + (buffer-string))) + (context (epg-make-context 'OpenPGP))) + (epg-context-set-home-directory context + (expand-file-name "gnupg" package-user-dir)) + (epg-verify-file context signature (buffer-string)))) + (defun package-install-from-archive (pkg-desc) "Download and install a tar package." (let ((location (package-archive-base pkg-desc)) (file (concat (package-desc-full-name pkg-desc) (package-desc-suffix pkg-desc)))) (package--with-work-buffer location file - (package-unpack pkg-desc)))) + (if (condition-case nil + (progn + (package--check-signature pkg-desc) + t) + (error (y-or-n-p + (format "Cannot verify signature of `%s'; \ +install it anyway? " + (package-desc-name pkg-desc))))) + (package-unpack pkg-desc))))) (defvar package--initialized nil) --=-=-= Content-Type: text/plain Regards, -- Daiki Ueno --=-=-=--