[Git][reproducible-builds/diffoscope][master] Use a determistic name instead of trusting gpg's --use-embedded-filenames....
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Fri Feb 9 18:43:52 UTC 2024
Chris Lamb pushed to branch master at Reproducible Builds / diffoscope
Commits:
458f7f04 by Chris Lamb at 2024-02-09T10:43:18-08:00
Use a determistic name instead of trusting gpg's --use-embedded-filenames. (Closes: reproducible-builds/diffoscope#361)
... but also expose the embedded name by attaching the ("unstable") output of
--list-packets.
Many thanks to Daniel Kahn Gillmor <dkg at debian.org> for reporting this issue
and providing feedback.
- - - - -
2 changed files:
- diffoscope/comparators/pgp.py
- tests/comparators/test_pgp.py
Changes:
=====================================
diffoscope/comparators/pgp.py
=====================================
@@ -32,6 +32,8 @@ from .utils.command import Command, our_check_output
logger = logging.getLogger(__name__)
+re_name = re.compile(r", created \d+, name=\"(?P<name>[^\"]+)\",")
+
class Pgpdump(Command):
@tool_required("pgpdump")
@@ -46,21 +48,31 @@ class Pgpdump(Command):
)
+class GpgListPackets(Command):
+ @tool_required("gpg")
+ def cmdline(self):
+ return (
+ "gpg",
+ "--no-keyring",
+ "--list-packets",
+ self.path,
+ )
+
+
class PGPContainer(Archive):
@tool_required("gpg")
def open_archive(self):
- # Extract to a fresh temporary directory so that we can use the
- # embedded filename.
-
+ # Extract to a fresh temporary directory.
self._temp_dir = get_temporary_directory(suffix="pgp")
try:
our_check_output(
(
"gpg",
- "--use-embedded-filename",
"--decrypt",
"--no-keyring",
+ "--output",
+ os.path.join(self._temp_dir.name, "contents"),
os.path.abspath(self.source.path),
),
cwd=self._temp_dir.name,
@@ -75,7 +87,7 @@ class PGPContainer(Archive):
self._temp_dir.cleanup()
def get_member_names(self):
- # Will only return one filename, taken from the signature file itself.
+ # Will only ever return one filename
return os.listdir(self._temp_dir.name)
def extract(self, member_name, dest_dir):
@@ -136,4 +148,16 @@ class PgpSignature(TextFile):
]
)
+ # ... as well as gpg --list-packets
+ difference.add_details(
+ [
+ Difference.from_operation(
+ GpgListPackets,
+ self.path,
+ other.path,
+ source="gpg --list-packets",
+ )
+ ]
+ )
+
return difference
=====================================
tests/comparators/test_pgp.py
=====================================
@@ -80,8 +80,9 @@ def test_pgp_signature_identification(signature1, signature2):
def test_pgp_signature(signature1, signature2):
difference = signature1.compare(signature2)
assert_diff(difference, "pgp_signature_expected_diff")
+ assert len(difference.details) == 2
assert difference.details[0].source1 == "pgpdump"
- assert len(difference.details) == 1
+ assert difference.details[1].source1 == "gpg --list-packets"
@skip_unless_tools_exist("pgpdump")
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240209/bcc4b1a5/attachment.htm>
More information about the rb-commits
mailing list