diff --git a/leiningen-core/src/leiningen/core/user.clj b/leiningen-core/src/leiningen/core/user.clj index 8b81daeb..154c4064 100644 --- a/leiningen-core/src/leiningen/core/user.clj +++ b/leiningen-core/src/leiningen/core/user.clj @@ -70,18 +70,28 @@ [] (or (System/getenv "LEIN_GPG") "gpg")) +(defn gpg + "Shells out to (gpg-program) with the given arguments" + [& args] + (try + (apply shell/sh (gpg-program) args) + (catch java.io.IOException e + {:exit 1 :err (.getMessage e)}))) + +(defn gpg-available? + "Verifies (gpg-program) exists" + [] + (= 0 (:exit (gpg "--version")))) + (defn credentials-fn "Decrypt map from credentials.clj.gpg in Leiningen home if present." ([] (let [cred-file (io/file (leiningen-home) "credentials.clj.gpg")] (if (.exists cred-file) (credentials-fn cred-file)))) ([file] - (let [{:keys [out err exit]} (try (shell/sh - (gpg-program) - "--quiet" "--batch" - "--decrypt" "--" (str file)) - (catch java.io.IOException e - {:exit 1 :err (.getMessage e)}))] + (let [{:keys [out err exit]} (gpg + "--quiet" "--batch" + "--decrypt" "--" (str file))] (if (pos? exit) (binding [*out* *err*] (println "Could not decrypt credentials from" (str file)) diff --git a/src/leiningen/deploy.clj b/src/leiningen/deploy.clj index 153eda65..33ea18b3 100644 --- a/src/leiningen/deploy.clj +++ b/src/leiningen/deploy.clj @@ -54,10 +54,9 @@ (add-auth-interactively)))) (defn sign [file] - (let [exit (binding [*out* (java.io.StringWriter.)] - (eval/sh (user/gpg-program) "--yes" "-ab" "--" file))] + (let [{:keys [err exit]} (user/gpg "--yes" "-ab" "--" file)] (when-not (zero? exit) - (main/abort "Could not sign" file)) + (main/abort "Could not sign" (str file "\n" err))) (str file ".asc"))) (defn signature-for [extension file] diff --git a/src/leiningen/deps.clj b/src/leiningen/deps.clj index a2d27e20..c5214e46 100644 --- a/src/leiningen/deps.clj +++ b/src/leiningen/deps.clj @@ -65,20 +65,17 @@ (defn- fetch-key [signature err] (if (re-find #"Can't check signature: public key not found" err) (let [key (second (re-find #"using \w+ key ID (.+)" err)) - exit (eval/sh (user/gpg-program) "--recv-keys" "--" key)] + {:keys [exit]} (user/gpg "--recv-keys" "--" key)] (if (zero? exit) (check-signature signature) :no-key)) :bad-signature)) (defn- check-signature [signature] - (let [err (java.io.StringWriter.) - out (java.io.StringWriter.) - exit (binding [*err* (java.io.PrintWriter. err), *out* out] - (eval/sh (user/gpg-program) "--verify" "--" (str signature)))] + (let [{:keys [err exit]} (user/gpg "--verify" "--" (str signature))] (if (zero? exit) :signed ; TODO distinguish between signed and trusted - (fetch-key signature (str err))))) + (fetch-key signature err)))) (defn- get-signature [project dep] (let [dep-map (assoc (apply hash-map (drop 2 dep)) @@ -137,8 +134,10 @@ force them to be updated, use `lein -U $TASK`." (walk-deps hierarchy print-dep)) (= command ":verify") - (walk-deps (classpath/dependency-hierarchy :dependencies project) - (partial verify project)) + (if (user/gpg-available?) + (walk-deps (classpath/dependency-hierarchy :dependencies project) + (partial verify project)) + (main/abort "Could not verify - gpg not available")) :else (classpath/resolve-dependencies :dependencies project)) (catch DependencyResolutionException e (main/abort (.getMessage e))))))