Skip to content

Commit

Permalink
pgp: bump to 0.14
Browse files Browse the repository at this point in the history
baloo authored and dralley committed Nov 6, 2024
1 parent 67c09bf commit 1cef8bb
Showing 4 changed files with 42 additions and 39 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -44,7 +44,7 @@ jobs:
matrix:
rust:
- stable
- 1.74.0
- 1.75.0
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
@@ -58,7 +58,7 @@ jobs:
matrix:
rust:
- stable
- 1.74.0
- 1.75.0
flags:
- "--all-features"
- "--no-default-features"
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -11,11 +11,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- Added `zstdmt` feature which sets zstd compression to use all available cores.
- Added feature flags for every compression algorithm to support disabling unused ones.
- Bump `pgp` to 0.14.0

### Breaking Changes

- Changed default compression scheme from Gzip to Zstd.
- Removed bzip2 from the compression options enabled by default.
- Minimum supported Rust version updated to 1.75

## 0.15.1

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ repository = "https://github.com/rpm-rs/rpm"
readme = "README.md"
keywords = ["RPM", "packaging"]
categories = ["parsing", "development-tools"]
rust-version = "1.74.0"
rust-version = "1.75.0"

[lib]
name = "rpm"
@@ -46,7 +46,7 @@ digest = "0.10"
sha2 = "0.10"
md-5 = "0.10"
sha1 = "0.10"
pgp = { version = "0.13.0", optional = true }
pgp = { version = "0.14.0", optional = true }
chrono = { version = "0.4", optional = true }
log = "0.4"
itertools = "0.13"
71 changes: 36 additions & 35 deletions src/rpm/signature/pgp.rs
Original file line number Diff line number Diff line change
@@ -6,8 +6,8 @@ use std::io;

use pgp::crypto::hash::HashAlgorithm;
use pgp::crypto::public_key::PublicKeyAlgorithm;
use pgp::packet::{SignatureConfig, SignatureType, SignatureVersion, Subpacket, SubpacketData};
use pgp::{self, composed::Deserializable, types::KeyTrait};
use pgp::packet::{SignatureConfig, SignatureType, Subpacket, SubpacketData};
use pgp::{self, composed::Deserializable, types::PublicKeyTrait};
use pgp::{SignedPublicKey, SignedSecretKey};

/// Signer implementation using the `pgp` crate.
@@ -26,7 +26,7 @@ impl From<traits::AlgorithmType> for ::pgp::crypto::public_key::PublicKeyAlgorit
fn from(value: traits::AlgorithmType) -> Self {
match value {
traits::AlgorithmType::RSA => PublicKeyAlgorithm::RSA,
traits::AlgorithmType::EdDSA => PublicKeyAlgorithm::EdDSA,
traits::AlgorithmType::EdDSA => PublicKeyAlgorithm::EdDSALegacy,
}
}
}
@@ -45,20 +45,20 @@ impl traits::Signing for Signer {
// "shouldn't fail as we are using 0 nanoseconds"
.unwrap();

let sig_cfg = SignatureConfig {
version: SignatureVersion::V4,
typ: SignatureType::Binary,
pub_alg: self.algorithm().into(),
hash_alg: HashAlgorithm::SHA2_256,
issuer: Some(self.secret_key.key_id()),
created: Some(t),
unhashed_subpackets: vec![],
hashed_subpackets: vec![
Subpacket::critical(SubpacketData::SignatureCreationTime(t)),
Subpacket::critical(SubpacketData::Issuer(self.secret_key.key_id())),
//::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition
],
};
let mut sig_cfg = SignatureConfig::v4(
SignatureType::Binary,
self.algorithm().into(),
HashAlgorithm::SHA2_256,
);
sig_cfg
.hashed_subpackets
.push(Subpacket::critical(SubpacketData::SignatureCreationTime(t)));
sig_cfg
.hashed_subpackets
.push(Subpacket::critical(SubpacketData::Issuer(
self.secret_key.key_id(),
)));
//::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition

let passwd_fn = || self.key_passphrase.clone().unwrap_or_default();
let signature_packet = sig_cfg
@@ -94,7 +94,7 @@ impl Signer {
algorithm: AlgorithmType::RSA,
key_passphrase: None,
}),
PublicKeyAlgorithm::EdDSA => Ok(Self {
PublicKeyAlgorithm::EdDSALegacy => Ok(Self {
secret_key,
algorithm: AlgorithmType::EdDSA,
key_passphrase: None,
@@ -243,7 +243,7 @@ impl Verifier {
public_key,
algorithm: AlgorithmType::RSA,
}),
PublicKeyAlgorithm::EdDSA => Ok(Self {
PublicKeyAlgorithm::EdDSALegacy => Ok(Self {
public_key,
algorithm: AlgorithmType::EdDSA,
}),
@@ -341,9 +341,8 @@ pub(crate) mod test {
let sig_time = Utc.timestamp_opt(1_600_000_000, 0u32).unwrap();
// stage 2: check parsing success
//
let wrapped = Signature::new(
let wrapped = Signature::v4(
pgp::types::Version::Old,
SignatureVersion::V4,
SignatureType::Binary,
PublicKeyAlgorithm::RSA,
HashAlgorithm::SHA2_256,
@@ -385,20 +384,22 @@ pub(crate) mod test {

let sig_time = Utc.timestamp_opt(1_600_000_000, 0u32).unwrap();

let sig_cfg = SignatureConfig {
version: SignatureVersion::V4,
typ: SignatureType::Binary,
pub_alg: PublicKeyAlgorithm::RSA,
hash_alg: HashAlgorithm::SHA2_256,
issuer: Some(signer.secret_key.key_id()),
created: Some(sig_time),
unhashed_subpackets: vec![],
hashed_subpackets: vec![
Subpacket::critical(SubpacketData::SignatureCreationTime(sig_time)),
Subpacket::critical(SubpacketData::Issuer(signer.secret_key.key_id())),
//::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition
],
};
let mut sig_cfg = SignatureConfig::v4(
SignatureType::Binary,
PublicKeyAlgorithm::RSA,
HashAlgorithm::SHA2_256,
);
sig_cfg
.hashed_subpackets
.push(Subpacket::critical(SubpacketData::SignatureCreationTime(
sig_time,
)));
sig_cfg
.hashed_subpackets
.push(Subpacket::critical(SubpacketData::Issuer(
signer.secret_key.key_id(),
)));
//::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition

let signature_packet = sig_cfg
.sign(&signer.secret_key, passwd_fn, data)

0 comments on commit 1cef8bb

Please sign in to comment.