From 1cef8bbba76dc318667e6047b3b5bf60cab14369 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 5 Nov 2024 10:44:54 -0800 Subject: [PATCH] pgp: bump to 0.14 --- .github/workflows/ci.yml | 4 +-- CHANGELOG.md | 2 ++ Cargo.toml | 4 +-- src/rpm/signature/pgp.rs | 71 ++++++++++++++++++++-------------------- 4 files changed, 42 insertions(+), 39 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b726c5c..0782bc8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,7 +44,7 @@ jobs: matrix: rust: - stable - - 1.74.0 + - 1.75.0 steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@master @@ -58,7 +58,7 @@ jobs: matrix: rust: - stable - - 1.74.0 + - 1.75.0 flags: - "--all-features" - "--no-default-features" diff --git a/CHANGELOG.md b/CHANGELOG.md index 5974263..cf03d8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,11 +11,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added `zstdmt` feature which sets zstd compression to use all available cores. - Added feature flags for every compression algorithm to support disabling unused ones. +- Bump `pgp` to 0.14.0 ### Breaking Changes - Changed default compression scheme from Gzip to Zstd. - Removed bzip2 from the compression options enabled by default. +- Minimum supported Rust version updated to 1.75 ## 0.15.1 diff --git a/Cargo.toml b/Cargo.toml index d29f323..6158859 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,7 +15,7 @@ repository = "https://github.com/rpm-rs/rpm" readme = "README.md" keywords = ["RPM", "packaging"] categories = ["parsing", "development-tools"] -rust-version = "1.74.0" +rust-version = "1.75.0" [lib] name = "rpm" @@ -46,7 +46,7 @@ digest = "0.10" sha2 = "0.10" md-5 = "0.10" sha1 = "0.10" -pgp = { version = "0.13.0", optional = true } +pgp = { version = "0.14.0", optional = true } chrono = { version = "0.4", optional = true } log = "0.4" itertools = "0.13" diff --git a/src/rpm/signature/pgp.rs b/src/rpm/signature/pgp.rs index 1bee8b7..93fdbb5 100644 --- a/src/rpm/signature/pgp.rs +++ b/src/rpm/signature/pgp.rs @@ -6,8 +6,8 @@ use std::io; use pgp::crypto::hash::HashAlgorithm; use pgp::crypto::public_key::PublicKeyAlgorithm; -use pgp::packet::{SignatureConfig, SignatureType, SignatureVersion, Subpacket, SubpacketData}; -use pgp::{self, composed::Deserializable, types::KeyTrait}; +use pgp::packet::{SignatureConfig, SignatureType, Subpacket, SubpacketData}; +use pgp::{self, composed::Deserializable, types::PublicKeyTrait}; use pgp::{SignedPublicKey, SignedSecretKey}; /// Signer implementation using the `pgp` crate. @@ -26,7 +26,7 @@ impl From for ::pgp::crypto::public_key::PublicKeyAlgorit fn from(value: traits::AlgorithmType) -> Self { match value { traits::AlgorithmType::RSA => PublicKeyAlgorithm::RSA, - traits::AlgorithmType::EdDSA => PublicKeyAlgorithm::EdDSA, + traits::AlgorithmType::EdDSA => PublicKeyAlgorithm::EdDSALegacy, } } } @@ -45,20 +45,20 @@ impl traits::Signing for Signer { // "shouldn't fail as we are using 0 nanoseconds" .unwrap(); - let sig_cfg = SignatureConfig { - version: SignatureVersion::V4, - typ: SignatureType::Binary, - pub_alg: self.algorithm().into(), - hash_alg: HashAlgorithm::SHA2_256, - issuer: Some(self.secret_key.key_id()), - created: Some(t), - unhashed_subpackets: vec![], - hashed_subpackets: vec![ - Subpacket::critical(SubpacketData::SignatureCreationTime(t)), - Subpacket::critical(SubpacketData::Issuer(self.secret_key.key_id())), - //::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition - ], - }; + let mut sig_cfg = SignatureConfig::v4( + SignatureType::Binary, + self.algorithm().into(), + HashAlgorithm::SHA2_256, + ); + sig_cfg + .hashed_subpackets + .push(Subpacket::critical(SubpacketData::SignatureCreationTime(t))); + sig_cfg + .hashed_subpackets + .push(Subpacket::critical(SubpacketData::Issuer( + self.secret_key.key_id(), + ))); + //::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition let passwd_fn = || self.key_passphrase.clone().unwrap_or_default(); let signature_packet = sig_cfg @@ -94,7 +94,7 @@ impl Signer { algorithm: AlgorithmType::RSA, key_passphrase: None, }), - PublicKeyAlgorithm::EdDSA => Ok(Self { + PublicKeyAlgorithm::EdDSALegacy => Ok(Self { secret_key, algorithm: AlgorithmType::EdDSA, key_passphrase: None, @@ -243,7 +243,7 @@ impl Verifier { public_key, algorithm: AlgorithmType::RSA, }), - PublicKeyAlgorithm::EdDSA => Ok(Self { + PublicKeyAlgorithm::EdDSALegacy => Ok(Self { public_key, algorithm: AlgorithmType::EdDSA, }), @@ -341,9 +341,8 @@ pub(crate) mod test { let sig_time = Utc.timestamp_opt(1_600_000_000, 0u32).unwrap(); // stage 2: check parsing success // - let wrapped = Signature::new( + let wrapped = Signature::v4( pgp::types::Version::Old, - SignatureVersion::V4, SignatureType::Binary, PublicKeyAlgorithm::RSA, HashAlgorithm::SHA2_256, @@ -385,20 +384,22 @@ pub(crate) mod test { let sig_time = Utc.timestamp_opt(1_600_000_000, 0u32).unwrap(); - let sig_cfg = SignatureConfig { - version: SignatureVersion::V4, - typ: SignatureType::Binary, - pub_alg: PublicKeyAlgorithm::RSA, - hash_alg: HashAlgorithm::SHA2_256, - issuer: Some(signer.secret_key.key_id()), - created: Some(sig_time), - unhashed_subpackets: vec![], - hashed_subpackets: vec![ - Subpacket::critical(SubpacketData::SignatureCreationTime(sig_time)), - Subpacket::critical(SubpacketData::Issuer(signer.secret_key.key_id())), - //::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition - ], - }; + let mut sig_cfg = SignatureConfig::v4( + SignatureType::Binary, + PublicKeyAlgorithm::RSA, + HashAlgorithm::SHA2_256, + ); + sig_cfg + .hashed_subpackets + .push(Subpacket::critical(SubpacketData::SignatureCreationTime( + sig_time, + ))); + sig_cfg + .hashed_subpackets + .push(Subpacket::critical(SubpacketData::Issuer( + signer.secret_key.key_id(), + ))); + //::pgp::packet::Subpacket::SignersUserID("rpm"), TODO this would be a nice addition let signature_packet = sig_cfg .sign(&signer.secret_key, passwd_fn, data)