[PATCH] package.el: check tarball signature

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] package.el: check tarball signature

From:	Daiki Ueno
Subject:	[PATCH] package.el: check tarball signature
Date:	Mon, 30 Sep 2013 15:48:16 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)

Well, I still don't understand why this is advertised as such a
difficult problem, particularly why package.el would need sign operation
with Emacs.  Am I missing something?

Perhaps it might make sense to discuss with some code.  Here it is.

The code verifies a detached signature NAME-VERSION.tar.sig with a
trusted keyring located under ~/.emacs.d/elpa/gnupg/.  That's it.

For uploading packages, we could simply use the same mechanism as
gnupload in Gnulib.

It's actually a 10-minute work at an airport lobby and tested only with
the local package archive.

=== modified file 'lisp/emacs-lisp/package.el'
--- lisp/emacs-lisp/package.el  2013-08-03 02:34:22 +0000
+++ lisp/emacs-lisp/package.el  2013-09-30 16:50:40 +0000
@@ -739,13 +739,44 @@
       (error "Error during download request:%s"
             (buffer-substring-no-properties (point) (line-end-position))))))
 
+(declare-function epg-make-context "epg"
+                 (&optional protocol armor textmode include-certs
+                            cipher-algorithm
+                            digest-algorithm
+                            compress-algorithm))
+(declare-function epg-context-set-home-directory "epg" (context directory))
+(declare-function epg-verify-file "epg" (context signature
+                                                &optional signed-text plain))
+
+(defun package--check-signature (pkg-desc)
+  "Check signature of a package.
+GnuPG keyring is located under \"gnupg\" in `package-user-dir'."
+  (let* ((location (package-archive-base pkg-desc))
+        (sig-file (concat (package-desc-full-name pkg-desc)
+                          (package-desc-suffix pkg-desc)
+                          ".sig"))
+        (signature (package--with-work-buffer location sig-file
+                     (buffer-string)))
+        (context (epg-make-context 'OpenPGP)))
+    (epg-context-set-home-directory context
+                                   (expand-file-name "gnupg" package-user-dir))
+    (epg-verify-file context signature (buffer-string))))
+
 (defun package-install-from-archive (pkg-desc)
   "Download and install a tar package."
   (let ((location (package-archive-base pkg-desc))
        (file (concat (package-desc-full-name pkg-desc)
                       (package-desc-suffix pkg-desc))))
     (package--with-work-buffer location file
-      (package-unpack pkg-desc))))
+      (if (condition-case nil
+             (progn
+               (package--check-signature pkg-desc)
+               t)
+           (error (y-or-n-p
+                   (format "Cannot verify signature of `%s'; \
+install it anyway? "
+                           (package-desc-name pkg-desc)))))
+         (package-unpack pkg-desc)))))
 
 (defvar package--initialized nil)

Regards,
-- 
Daiki Ueno

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] package.el: check tarball signature, Daiki Ueno <=
- Re: [PATCH] package.el: check tarball signature, Eli Zaretskii, 2013/09/30
- Re: [PATCH] package.el: check tarball signature, Ted Zlatanov, 2013/09/30
  - Re: [PATCH] package.el: check tarball signature, Stefan Monnier, 2013/09/30

Prev by Date: Re: bad epg.el+GPG2 behavior: unavoidable passphrase pinentry prompt
Next by Date: Re: [PATCH] package.el: check tarball signature
Previous by thread: Re: [Emacs-diffs] trunk r114484: * lisp/emacs-lisp/package-x.el (package-upload-buffer-internal): Pass
Next by thread: Re: [PATCH] package.el: check tarball signature
Index(es):
- Date
- Thread