10 releases (6 stable)
1.2.0 | Nov 23, 2022 |
---|---|
1.1.2 | Nov 8, 2022 |
1.1.1 | Oct 28, 2022 |
1.0.1 | Sep 30, 2022 |
0.1.0 | Apr 29, 2022 |
#276 in Cryptography
31 downloads per month
98KB
2K
SLoC
This library provides an implementation of the rpm's pgp interface using Sequoia.
Configuration
This library reads the crypto policy configuration in
/etc/crypto-policies/back-ends/sequoia.config
. This can be
overridden using the SEQUOIA_CRYPTO_POLICY
environment variable. If
set to the empty string, then no crypto policy will be read and
instead Sequoia's default policy will be used.
Refer to the Fedora Crypto Policy project for information about the crypto policy.
Building
To build, you need rustc (version 1.60 or later), cargo, and nettle-devel, which is the cryptographic library that Sequoia uses by default.
Here's how to build rpm-sequoia and a version of rpm that uses it:
$ mkdir /tmp/rpm
$ cd /tmp/rpm
$ git clone git@github.com:rpm-software-management/rpm-sequoia.git
Cloning into 'rpm-sequoia'...
done.
$ cd rpm-sequoia
$ PREFIX=/usr cargo build --release && cargo test --release
Updating crates.io index
...
test result: ok. ...
$ cd /tmp/rpm
$ git clone git@github.com:rpm-software-management/rpm.git
Cloning into 'rpm'...
done.
$ cd rpm
$ git checkout rpm-4.18.0-release
Switched to a new branch 'rpm-4.18.0-release'
$ autoreconf -fis
...
$ mkdir b
$ cd b
$ export PKG_CONFIG_PATH=/tmp/rpm/rpm-sequoia/target/release
$ export LD_LIBRARY_PATH=/tmp/rpm/rpm-sequoia/target/release
$ ../configure --with-crypto=sequoia
$ make
$ make check
Note: this builds version 4.18 of rpm
, which is the current stable
release of rpm
. The current development branch of rpm
has
switched to using cmake
instead of autoconf
. Please refer to
rpm's INSTALL
file for how to build master
.
To use a different cryptographic backend, you need to disable the
default backend, and select your preferred backend. For instance, to
use Sequoia's OpenSSL backend, you would compile rpm-sequoia
as
follows:
$ cargo build --release --no-default-features --features sequoia-openpgp/crypto-openssl
See sequoia-openpgp
's README for the list of currently supported
cryptographic backends.
The rpm-sequoia artifacts (the .a, .so, and the .pc files) are placed
in the build directory, which, in this case, is
/tmp/rpm/rpm-sequoia/target/release
. We also set the PREFIX
environment variable when calling cargo build
. This is the prefix
that will be used in the generated rpm-sequoia.pc
file. It defaults
to /usr/local
.
To run just one or two tests, do something like the following:
Note: when building or running the test suite, it is essential to make
sure PKG_CONFIG_PATH
and LD_LIBRARY_PATH
are set appropriately (as
in the above transcript).
$ cd /tmp/rpm/rpm/b/tests
$ export PKG_CONFIG_PATH=/tmp/rpm/rpm-sequoia/target/release
$ export LD_LIBRARY_PATH=/tmp/rpm/rpm-sequoia/target/release
$ make populate_testing
$ T="266 273"; for t in $T; do if ! ../../tests/rpmtests $t; then cat rpmtests.dir/$t/rpmtests.log; fi; done
To get tracing output, set RPM_TRACE to 1:
$ cd /tmp/rpm/rpm/b/tests
$ export PKG_CONFIG_PATH=/tmp/rpm/rpm-sequoia/target/release
$ export LD_LIBRARY_PATH=/tmp/rpm/rpm-sequoia/target/release
$ make populate_testing
$ export RPM_TRACE=1
$ ../../tests/rpmtests 273
$ cat rpmtests.dir/273/rpmtests.log
...
+pgpDigParamsFree: -> success
+rpmFreeCrypto: entered
+rpmFreeCrypto: -> success
273. rpmsigdig.at:495: 273. rpmsign --addsign (rpmsigdig.at:495): FAILED (rpmsigdig.at:503)
...
Dependencies
~12–16MB
~292K SLoC