[lispy-cvs] CVS lispy

mkennedy mkennedy at common-lisp.net
Sun Aug 16 17:33:00 UTC 2009


Update of /project/lispy/cvsroot/lispy
In directory cl-net:/tmp/cvs-serv30943

Modified Files:
	utils.lisp specials.lisp packages.lisp logging.lisp lispy.lisp 
	lispy.asd 
Added Files:
	verify.lisp 
Log Message:
Add support for three feature flags:

   :lispy-insecure  - Bypass map signature verification completely
   :lispy-gpg       - Use command line GnuPG tools (default)
   :lispy-pgpme     - CFFI interface to GPGME (currently broken with latest CFFI)


--- /project/lispy/cvsroot/lispy/utils.lisp	2008/04/12 17:16:57	1.8
+++ /project/lispy/cvsroot/lispy/utils.lisp	2009/08/16 17:33:00	1.9
@@ -66,11 +66,3 @@
 					:if-exists :supersede)
 	   (copy-stream stream output-stream))
       (close stream))))
-
-#+nil
-(defun verify-signature (text-pathname signature-pathname)
-  (multiple-value-bind (output error status)
-       (trivial-shell:shell-command (format nil "gpg --verify ~A ~A" signature-pathname text-pathname))
-    (declare (ignore output))
-    (values (zerop status)
-	    error)))
--- /project/lispy/cvsroot/lispy/specials.lisp	2008/01/27 19:54:07	1.6
+++ /project/lispy/cvsroot/lispy/specials.lisp	2009/08/16 17:33:00	1.7
@@ -24,3 +24,5 @@
 (defvar *lispy-log-stream* t
   "A stream Lispy should use to write log messages.")
 
+(defvar *lispy-offline* nil
+  "If non-nil then online operations such as map and library downloads are skipped.")
\ No newline at end of file
--- /project/lispy/cvsroot/lispy/packages.lisp	2009/03/07 07:38:21	1.7
+++ /project/lispy/cvsroot/lispy/packages.lisp	2009/08/16 17:33:00	1.8
@@ -7,6 +7,7 @@
            #:*lispy-asdf-config-pathname*
            #:*lispy-distfiles-pathname*
            #:*lispy-log-stream*
+	   #:*lisp-offline*
            #:+lispy-default-map-url+
            #:initialize
            #:install
--- /project/lispy/cvsroot/lispy/logging.lisp	2008/02/04 15:15:08	1.2
+++ /project/lispy/cvsroot/lispy/logging.lisp	2009/08/16 17:33:00	1.3
@@ -9,15 +9,18 @@
 (log5:defcategory installation)
 (log5:defcategory asdf)
 (log5:defcategory fetch)
+(log5:defcategory verify)
 
-(log5:defcategory all-categories (install uninstall upgrade extract map installation asdf fetch))
+(log5:defcategory all-categories (install uninstall upgrade extract map installation asdf fetch verify))
 
 (log5:defoutput newline (format nil "~%"))
 
+;; 2009-08-06 01:13:00
+
 (log5:defoutput time-hms
     (multiple-value-bind (second minute hour day month year)
-	(decode-universal-time (get-universal-time))
-      (format nil "~D:~2,'0D:~2,'0D" hour minute second)))
+	 (decode-universal-time (get-universal-time))
+       (format nil "~D-~2,'0D-~2,'0D ~2,'0D:~2,'0D:~2,'0D" year month day hour minute second)))
 
 (log5:start-sender 'debug
 	      (log5:stream-sender :location *error-output*)
--- /project/lispy/cvsroot/lispy/lispy.lisp	2009/03/07 07:38:21	1.16
+++ /project/lispy/cvsroot/lispy/lispy.lisp	2009/08/16 17:33:00	1.17
@@ -118,17 +118,6 @@
     (download-file map-signature-url map-signature-pathname)
     map-signature-pathname))
 
-(defun verify-map (map-signature map map-signature-url)
-  (let ((result (verify-signature map-signature map)))
-    (dolist (signature (getf (cadr result) :signatures))
-      (if (member :green (getf signature :summary))
-	  (log5:log-for map "GPG validation success ~A" (uri-to-string map-signature-url))
-	  (error "GPG verification of map ~A with signature ~A failed: ~S"
-		 map
-		 map-signature
-		 signature))))
-  (values))
-
 (defun read-maps (&optional (map-urls *lispy-map-urls*))
   "Read all maps in the list MAP-URLS, merging each map into *LISPY-MAPS*.
 Returns the mutated *LISPY-MAPS*."
--- /project/lispy/cvsroot/lispy/lispy.asd	2009/03/07 07:37:32	1.10
+++ /project/lispy/cvsroot/lispy/lispy.asd	2009/08/16 17:33:00	1.11
@@ -5,6 +5,16 @@
 
 (in-package #:lispy-system)
 
+;; *features* documentation:
+;; 
+;;   lispy-gnupg     - signature verification via GnuPG command-line tools (default)
+;;   lispy-gpgme     - signature verification via GPGME CFFI interface
+;;   lispy-insecure  - ignore signatures entirely
+
+#-(or lispy-gnupg lispy-gpgme lispy-insecure)
+(pushnew :lispy-gnupg *features*)
+  
+
 (defsystem #:lispy
   :description "Common Lisp library management in Common Lisp"
   :author "Matthew Kennedy"
@@ -13,7 +23,7 @@
 	       (:file "logging")
                (:file "utils")
                (:file "specials")
-	       (:file "gpgme")
+	       (:file "verify")
                (:file "lispy"))
   :serial t
   :depends-on (#:drakma
@@ -23,7 +33,8 @@
                #:ironclad
                #:cl-fad
  	       #:log5
-	       #:gpgme
+	       #+lispy-gpgme #:gpgme
+	       #+lispy-gnupg #:trivial-shell
 	       #:cffi
                #:cl-ppcre))
 

--- /project/lispy/cvsroot/lispy/verify.lisp	2009/08/16 17:33:00	NONE
+++ /project/lispy/cvsroot/lispy/verify.lisp	2009/08/16 17:33:00	1.1

(in-package #:lispy)

#+(and lispy-gnupg (not sbcl))
(defun verify-signature (signature-pathname plain-pathname)
  (multiple-value-bind (output error status)
      (trivial-shell:shell-command (format nil "gpg --verify ~A ~A" signature-pathname plain-pathname))
    (declare (ignore output))
    (values (zerop status)
	    error)))

#+(and lispy-gnupg sbcl)
(defun verify-signature (signature-pathname plain-pathname)
  (let ((process (sb-ext:run-program "gpg" `("--verify" ,(namestring signature-pathname) ,(namestring plain-pathname))
				     :wait t
				     :error :stream
				     :search t)))

    (unwind-protect
	 (let ((status (zerop (sb-ext:process-exit-code process)))
	       (error-text (with-output-to-string (output)
			     (with-open-stream (stream (sb-ext:process-error process))
			       (do ((line (read-line stream nil nil) (read-line stream nil nil)))
				   ((null line))
				 (write-line line output))))))
	   (write-string error-text *standard-output*)
	   (values status error-text))
      (sb-ext:process-close process))))

#+lispy-gnupg
(defun verify-map (map-signature map map-signature-url)
  (multiple-value-bind (success error)
      (verify-signature map-signature map)
    (if success
	(log5:log-for verify "GPG validation success ~A" (uri-to-string map-signature-url))
	(error "GPG verification of map ~A with signature ~A failed: ~S"
	       map
	       map-signature
	       error)))
  (values))

;;; FIXME: Even though gpgme-data-t is an alias for :string, the
;;; specializer does not seem to dispatch on it.

#+lispy-gpgme
(defmethod gpgme::translate-to-foreign (value (type (eql 'gpgme::gpgme-data-t)))
  (cond
    (value value)
    (t (cffi:null-pointer))))

#+lispy-gpgme
(defun verify-signature (signature-pathname plain-pathname)
  (with-open-file (plain plain-pathname)
    (with-open-file (signature signature-pathname)
      (gpgme:with-context (ctx)
	(gpgme:op-verify ctx signature plain :detached t)))))

#+lispy-gpgme
(defun verify-map (map-signature map map-signature-url)
  (let ((result (verify-signature map-signature map)))
    (dolist (signature (getf (cadr result) :signatures))
      (if (member :green (getf signature :summary))
	  (log5:log-for verify "GPG validation success ~A" (uri-to-string map-signature-url))
	  (error "GPG verification of map ~A with signature ~A failed: ~S"
		 map
		 map-signature
		 signature))))
  (values))

#+(or lispy-insecure (not (or lispy-gnupg lispy-gpgme)))
(defun verify-map (map-signature map map-signature-url)
  (log5:log-for verify "WARNING: GPG verification of map ~A with signature ~A has will be bypassed." map map-signature)
  (values))




More information about the Lispy-cvs mailing list