Handle the case where gpg isn't installed; consolidate gpg usage.
This commit is contained in:
Toby Crawley
parent
825e9ffb56
commit
da1856a5c4
3 changed files with 25 additions and 17 deletions
|
|
@ -70,18 +70,28 @@
|
|||
[]
|
||||
(or (System/getenv "LEIN_GPG") "gpg"))
|
||||
|
||||
(defn gpg
|
||||
"Shells out to (gpg-program) with the given arguments"
|
||||
[& args]
|
||||
(try
|
||||
(apply shell/sh (gpg-program) args)
|
||||
(catch java.io.IOException e
|
||||
{:exit 1 :err (.getMessage e)})))
|
||||
|
||||
(defn gpg-available?
|
||||
"Verifies (gpg-program) exists"
|
||||
[]
|
||||
(= 0 (:exit (gpg "--version"))))
|
||||
|
||||
(defn credentials-fn
|
||||
"Decrypt map from credentials.clj.gpg in Leiningen home if present."
|
||||
([] (let [cred-file (io/file (leiningen-home) "credentials.clj.gpg")]
|
||||
(if (.exists cred-file)
|
||||
(credentials-fn cred-file))))
|
||||
([file]
|
||||
(let [{:keys [out err exit]} (try (shell/sh
|
||||
(gpg-program)
|
||||
"--quiet" "--batch"
|
||||
"--decrypt" "--" (str file))
|
||||
(catch java.io.IOException e
|
||||
{:exit 1 :err (.getMessage e)}))]
|
||||
(let [{:keys [out err exit]} (gpg
|
||||
"--quiet" "--batch"
|
||||
"--decrypt" "--" (str file))]
|
||||
(if (pos? exit)
|
||||
(binding [*out* *err*]
|
||||
(println "Could not decrypt credentials from" (str file))
|
||||
|
|
|
|||
|
|
@ -54,10 +54,9 @@
|
|||
(add-auth-interactively))))
|
||||
|
||||
(defn sign [file]
|
||||
(let [exit (binding [*out* (java.io.StringWriter.)]
|
||||
(eval/sh (user/gpg-program) "--yes" "-ab" "--" file))]
|
||||
(let [{:keys [err exit]} (user/gpg "--yes" "-ab" "--" file)]
|
||||
(when-not (zero? exit)
|
||||
(main/abort "Could not sign" file))
|
||||
(main/abort "Could not sign" (str file "\n" err)))
|
||||
(str file ".asc")))
|
||||
|
||||
(defn signature-for [extension file]
|
||||
|
|
|
|||
|
|
@ -65,20 +65,17 @@
|
|||
(defn- fetch-key [signature err]
|
||||
(if (re-find #"Can't check signature: public key not found" err)
|
||||
(let [key (second (re-find #"using \w+ key ID (.+)" err))
|
||||
exit (eval/sh (user/gpg-program) "--recv-keys" "--" key)]
|
||||
{:keys [exit]} (user/gpg "--recv-keys" "--" key)]
|
||||
(if (zero? exit)
|
||||
(check-signature signature)
|
||||
:no-key))
|
||||
:bad-signature))
|
||||
|
||||
(defn- check-signature [signature]
|
||||
(let [err (java.io.StringWriter.)
|
||||
out (java.io.StringWriter.)
|
||||
exit (binding [*err* (java.io.PrintWriter. err), *out* out]
|
||||
(eval/sh (user/gpg-program) "--verify" "--" (str signature)))]
|
||||
(let [{:keys [err exit]} (user/gpg "--verify" "--" (str signature))]
|
||||
(if (zero? exit)
|
||||
:signed ; TODO distinguish between signed and trusted
|
||||
(fetch-key signature (str err)))))
|
||||
(fetch-key signature err))))
|
||||
|
||||
(defn- get-signature [project dep]
|
||||
(let [dep-map (assoc (apply hash-map (drop 2 dep))
|
||||
|
|
@ -137,8 +134,10 @@ force them to be updated, use `lein -U $TASK`."
|
|||
(walk-deps hierarchy
|
||||
print-dep))
|
||||
(= command ":verify")
|
||||
(walk-deps (classpath/dependency-hierarchy :dependencies project)
|
||||
(partial verify project))
|
||||
(if (user/gpg-available?)
|
||||
(walk-deps (classpath/dependency-hierarchy :dependencies project)
|
||||
(partial verify project))
|
||||
(main/abort "Could not verify - gpg not available"))
|
||||
:else (classpath/resolve-dependencies :dependencies project))
|
||||
(catch DependencyResolutionException e
|
||||
(main/abort (.getMessage e))))))
|
||||
|
|
|
|||
Loading…
Reference in a new issue