SVK
view release on metacpan or search on metacpan
lib/SVK/Command/Verify.pm view on Meta::CPAN
sub parse_arg {
my ($self, @arg) = @_;
return if $#arg < 0;
return ($arg[0], $self->arg_depotname ($arg[1] || '//'));
}
sub _verify {
my ($depot, $sig, $chg) = @_;
my $fs = $depot->repos->fs;
my $editor = SVK::VerifyEditor->new ({ sig => $sig,
depot => $depot });
# should really just use paths_changed
SVN::Repos::dir_delta ($fs->revision_root ($chg-1), '/', '',
$fs->revision_root ($chg), '/',
$editor, undef,
0, 1, 0, 1
);
return loc ("Signature verification failed.\n") if $editor->{fail};
return loc( "Signature verified.\n");
}
sub run {
my ($self, $chg, $depot) = @_;
my $target = $self->arg_depotpath ("/$depot/");
my $fs = $target->repos->fs;
my $sig = $fs->revision_prop ($chg, 'svk:signature');
return _verify($target->depot, $sig, $chg)
if $sig;
$logger->info( "No signature found for change $chg at /$depot/.");
return;
}
# XXX: Don't need this editor once root->paths_changed is available.
package SVK::VerifyEditor;
use base 'SVK::Editor';
use SVK::Logger;
__PACKAGE__->mk_accessors(qw(depot sig));
sub add_file {
my ($self, $path, @arg) = @_;
return $path;
}
sub open_file {
my ($self, $path, @arg) = @_;
return $path;
}
sub close_file {
my ($self, $path, $checksum, $pool) = @_;
$self->{checksum}{"/$path"} = $checksum;
}
sub close_edit {
my ($self, $baton) = @_;
my $sig = $self->sig;
local *D;
# verify the signature
my $pgp = $ENV{SVKPGP} || 'gpg';
open D, "|$pgp --verify --batch --no-tty";
print D $sig;
close D;
if ($?) {
warn "Self is $self";
$logger->info( "Can't verify signature");
$self->{fail} = 1;
return;
}
# verify the content
my $header = '-----BEGIN PGP SIGNED MESSAGE-----';
$sig =~ s/^.*$header/$header/s;
my ($anchor) = $sig =~ m/^ANCHOR: (.*)$/m;
my ($path) = $self->depot->find_local_mirror(split(':', $anchor));
$path ||= (split(':', $anchor))[1];
while ($sig =~ m/^MD5\s(.*?)\s(.*?)$/gm) {
my ($md5, $filename) = ($1, $2);
my $checksum = delete $self->{checksum}{"$path/$filename"};
if ($checksum ne $md5) {
$logger->info( "checksum for $path/$filename mismatched: $checksum vs $md5");
$self->{fail} = 1;
return;
}
}
# unsigned change
if (my @unsig = keys %{$self->{checksum}}) {
$logger->info("Checksum for changed path ".join (',', @unsig)." not signed.");
$self->{fail} = 1;
}
}
1;
__DATA__
=head1 NAME
SVK::Command::Verify - Verify change signatures
=head1 SYNOPSIS
verify CHANGE [DEPOTNAME]
=head1 OPTIONS
None
( run in 1.039 second using v1.01-cache-2.11-cpan-df04353d9ac )