diff options
author | verhoek <30193551+verhoek@users.noreply.github.com> | 2018-12-28 21:31:40 +0300 |
---|---|---|
committer | verhoek <30193551+verhoek@users.noreply.github.com> | 2018-12-28 21:31:40 +0300 |
commit | 1486399a9750482ef37270a0339c0173ef6c8408 (patch) | |
tree | f2aefd409a6fee67b2fc07eaa9de3ddc55472a63 /BuildTools | |
parent | 6a10cf0c11027bce18f8130391c8751bc53a29c0 (diff) |
Extracted gpg signing from autoupdate builder.
Diffstat (limited to 'BuildTools')
4 files changed, 197 insertions, 90 deletions
diff --git a/BuildTools/AutoUpdateBuilder/Program.cs b/BuildTools/AutoUpdateBuilder/Program.cs index 6cfdbc9bd..ff577c232 100644 --- a/BuildTools/AutoUpdateBuilder/Program.cs +++ b/BuildTools/AutoUpdateBuilder/Program.cs @@ -2,8 +2,6 @@ using System.Collections.Generic; using System.Security.Cryptography; -using Duplicati.Library.Logging; - namespace AutoUpdateBuilder { public class Program @@ -13,15 +11,8 @@ namespace AutoUpdateBuilder private static string keyfile; private static string keyfilepassword; - private static string gpgkeypassphrase; - private static string gpgkeyfile; - private static string gpgpath; - private static string gpgkeyid; - private static string outputfolder; - private static readonly string LOGTAG = "AutoUpdate"; - private static void CompareToManifestPublicKey() { if (Duplicati.Library.AutoUpdater.AutoUpdateSettings.SignKey == null || privkey.ToXmlString(false) != Duplicati.Library.AutoUpdater.AutoUpdateSettings.SignKey.ToXmlString(false)) @@ -47,77 +38,19 @@ namespace AutoUpdateBuilder } } - private static void SpawnGPG(bool armor) - { - var srcfile = System.IO.Path.Combine(outputfolder, "package.zip"); - - Log.WriteInformationMessage(LOGTAG, "output", "Signing file: ", srcfile); - - var armorOption = armor ? "--armor" : ""; - var signatureFileExtension = armor ? "sig.asc" : "sig"; - var gpgArgument = string.Format("--pinentry-mode loopback --passphrase-fd 0 --batch --yes {0} --default-key \"{1}\" --output \"{2}.{3}\" --detach-sig \"{2}\"", - armorOption, - gpgkeyid, - srcfile, - signatureFileExtension); - - var proc = System.Diagnostics.Process.Start(new System.Diagnostics.ProcessStartInfo - { - FileName = gpgpath, - Arguments = gpgArgument, - RedirectStandardInput = true, - UseShellExecute = false - }); - - proc.StandardInput.WriteLine(gpgkeypassphrase); - proc.WaitForExit(); - } - - private static void SignUsingGPG() - { - gpgpath = gpgpath ?? "gpg"; - SpawnGPG(false); - SpawnGPG(true); - } - - private static void LoadGPGKeyIdAndPassphrase() - { - using (var enc = new Duplicati.Library.Encryption.AESEncryption(keyfilepassword, new Dictionary<string, string>())) - using (var ms = new System.IO.MemoryStream()) - using (var fs = System.IO.File.OpenRead(gpgkeyfile)) - { - enc.Decrypt(fs, ms); - ms.Position = 0; - - // No real format, just two lines - using (var sr = new System.IO.StreamReader(ms)) - { - var lines = sr.ReadToEnd().Split(new string[] { Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries); - gpgkeyid = lines[0]; - gpgkeypassphrase = lines[1]; - } - } - } - public static int Main(string[] _args) { var args = new List<string>(_args); var opts = Duplicati.Library.Utility.CommandLineParser.ExtractOptions(args); - string inputfolder; - string manifestfile; - string allowNewKey; - - opts.TryGetValue("input", out inputfolder); + opts.TryGetValue("input", out string inputfolder); opts.TryGetValue("output", out outputfolder); - opts.TryGetValue("allow-new-key", out allowNewKey); + opts.TryGetValue("allow-new-key", out string allowNewKey); opts.TryGetValue("keyfile", out keyfile); - opts.TryGetValue("manifest", out manifestfile); + opts.TryGetValue("manifest", out string manifestfile); opts.TryGetValue("keyfile-password", out keyfilepassword); - opts.TryGetValue("gpgkeyfile", out gpgkeyfile); - opts.TryGetValue("gpgpath", out gpgpath); - var usedoptions = new [] { "allow-new-key", "input", "output", "keyfile", "manifest", "keyfile-password", "gpgkeyfile", "gpgpath" }; + var usedoptions = new [] { "allow-new-key", "input", "output", "keyfile", "manifest", "keyfile-password" }; if (string.IsNullOrWhiteSpace(inputfolder)) { @@ -171,20 +104,6 @@ namespace AutoUpdateBuilder CompareToManifestPublicKey(); } - if (string.IsNullOrWhiteSpace(gpgkeyfile)) - { - Console.WriteLine("No gpgfile, skipping GPG signature files"); - } - else if (!System.IO.File.Exists(gpgkeyfile)) - { - Console.WriteLine("Missing gpgfile"); - return 6; - } - else - { - LoadGPGKeyIdAndPassphrase(); - } - Duplicati.Library.AutoUpdater.UpdateInfo updateInfo; using (var fs = System.IO.File.OpenRead(manifestfile)) @@ -240,11 +159,6 @@ namespace AutoUpdateBuilder Duplicati.Library.AutoUpdater.UpdaterManager.CreateUpdatePackage(privkey, inputfolder, outputfolder, tf); } - if (gpgkeyid != null) - { - SignUsingGPG(); - } - return 0; } } diff --git a/BuildTools/GnupgSigningTool/GnupgSigningTool.sln b/BuildTools/GnupgSigningTool/GnupgSigningTool.sln new file mode 100644 index 000000000..29d5e64f5 --- /dev/null +++ b/BuildTools/GnupgSigningTool/GnupgSigningTool.sln @@ -0,0 +1,35 @@ +
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GnupgSigningTool", "GnupgSigningTool\GnupgSigningTool.csproj", "{72B910F2-8E80-4955-A0D6-ED4C35CEE665}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Duplicati.Library.Utility", "..\..\Duplicati\Library\Utility\Duplicati.Library.Utility.csproj", "{DE3E5D4C-51AB-4E5E-BEE8-E636CEBFBA65}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Duplicati.Library.Encryption", "..\..\Duplicati\Library\Encryption\Duplicati.Library.Encryption.csproj", "{94484FDB-2EFA-4CF0-9BE6-A561157B4F87}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Duplicati.Library.Interface", "..\..\Duplicati\Library\Interface\Duplicati.Library.Interface.csproj", "{C5899F45-B0FF-483C-9D38-24A9FCAAB237}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x86 = Debug|x86
+ Release|x86 = Release|x86
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {72B910F2-8E80-4955-A0D6-ED4C35CEE665}.Debug|x86.ActiveCfg = Debug|x86
+ {72B910F2-8E80-4955-A0D6-ED4C35CEE665}.Debug|x86.Build.0 = Debug|x86
+ {72B910F2-8E80-4955-A0D6-ED4C35CEE665}.Release|x86.ActiveCfg = Release|x86
+ {72B910F2-8E80-4955-A0D6-ED4C35CEE665}.Release|x86.Build.0 = Release|x86
+ {DE3E5D4C-51AB-4E5E-BEE8-E636CEBFBA65}.Debug|x86.ActiveCfg = Debug|Any CPU
+ {DE3E5D4C-51AB-4E5E-BEE8-E636CEBFBA65}.Debug|x86.Build.0 = Debug|Any CPU
+ {DE3E5D4C-51AB-4E5E-BEE8-E636CEBFBA65}.Release|x86.ActiveCfg = Release|Any CPU
+ {DE3E5D4C-51AB-4E5E-BEE8-E636CEBFBA65}.Release|x86.Build.0 = Release|Any CPU
+ {94484FDB-2EFA-4CF0-9BE6-A561157B4F87}.Debug|x86.ActiveCfg = Debug|Any CPU
+ {94484FDB-2EFA-4CF0-9BE6-A561157B4F87}.Debug|x86.Build.0 = Debug|Any CPU
+ {94484FDB-2EFA-4CF0-9BE6-A561157B4F87}.Release|x86.ActiveCfg = Release|Any CPU
+ {94484FDB-2EFA-4CF0-9BE6-A561157B4F87}.Release|x86.Build.0 = Release|Any CPU
+ {C5899F45-B0FF-483C-9D38-24A9FCAAB237}.Debug|x86.ActiveCfg = Debug|Any CPU
+ {C5899F45-B0FF-483C-9D38-24A9FCAAB237}.Debug|x86.Build.0 = Debug|Any CPU
+ {C5899F45-B0FF-483C-9D38-24A9FCAAB237}.Release|x86.ActiveCfg = Release|Any CPU
+ {C5899F45-B0FF-483C-9D38-24A9FCAAB237}.Release|x86.Build.0 = Release|Any CPU
+ EndGlobalSection
+EndGlobal
diff --git a/BuildTools/GnupgSigningTool/GnupgSigningTool/GnupgSigningTool.csproj b/BuildTools/GnupgSigningTool/GnupgSigningTool/GnupgSigningTool.csproj new file mode 100644 index 000000000..47cfd7510 --- /dev/null +++ b/BuildTools/GnupgSigningTool/GnupgSigningTool/GnupgSigningTool.csproj @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup>
+ <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+ <Platform Condition=" '$(Platform)' == '' ">x86</Platform>
+ <ProjectGuid>{72B910F2-8E80-4955-A0D6-ED4C35CEE665}</ProjectGuid>
+ <OutputType>Exe</OutputType>
+ <RootNamespace>GnupgSigningTool</RootNamespace>
+ <AssemblyName>GnupgSigningTool</AssemblyName>
+ <TargetFrameworkVersion>v4.7</TargetFrameworkVersion>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x86' ">
+ <DebugSymbols>true</DebugSymbols>
+ <DebugType>full</DebugType>
+ <Optimize>false</Optimize>
+ <OutputPath>bin\Debug</OutputPath>
+ <DefineConstants>DEBUG;</DefineConstants>
+ <ErrorReport>prompt</ErrorReport>
+ <WarningLevel>4</WarningLevel>
+ <PlatformTarget>x86</PlatformTarget>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x86' ">
+ <Optimize>true</Optimize>
+ <OutputPath>bin\Release</OutputPath>
+ <ErrorReport>prompt</ErrorReport>
+ <WarningLevel>4</WarningLevel>
+ <PlatformTarget>x86</PlatformTarget>
+ </PropertyGroup>
+ <ItemGroup>
+ <Compile Include="Program.cs" />
+ </ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="..\..\..\Duplicati\Library\Encryption\Duplicati.Library.Encryption.csproj">
+ <Project>{94484FDB-2EFA-4CF0-9BE6-A561157B4F87}</Project>
+ <Name>Duplicati.Library.Encryption</Name>
+ </ProjectReference>
+ <ProjectReference Include="..\..\..\Duplicati\Library\Utility\Duplicati.Library.Utility.csproj">
+ <Project>{DE3E5D4C-51AB-4E5E-BEE8-E636CEBFBA65}</Project>
+ <Name>Duplicati.Library.Utility</Name>
+ </ProjectReference>
+ <ProjectReference Include="..\..\..\Duplicati\Library\Interface\Duplicati.Library.Interface.csproj">
+ <Project>{C5899F45-B0FF-483C-9D38-24A9FCAAB237}</Project>
+ <Name>Duplicati.Library.Interface</Name>
+ </ProjectReference>
+ </ItemGroup>
+ <ItemGroup>
+ <Reference Include="System" />
+ </ItemGroup>
+ <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>
\ No newline at end of file diff --git a/BuildTools/GnupgSigningTool/GnupgSigningTool/Program.cs b/BuildTools/GnupgSigningTool/GnupgSigningTool/Program.cs new file mode 100644 index 000000000..650e00a94 --- /dev/null +++ b/BuildTools/GnupgSigningTool/GnupgSigningTool/Program.cs @@ -0,0 +1,108 @@ +using System; +using System.Collections.Generic; + +namespace GnupgSigningTool +{ + public class Program + { + + private static string keyfilepassword; + + private static string gpgkeypassphrase; + private static string gpgkeyfile; + private static string gpgpath; + private static string gpgkeyid; + private static bool useArmor; + + private static string inputFile; + private static string signatureFile; + + private static void SpawnGPG() + { + + var armorOption = useArmor ? "--armor" : ""; + var gpgArgument = string.Format("--pinentry-mode loopback --passphrase-fd 0 --batch --yes {0} -u \"{1}\" --output \"{2}\" --detach-sig \"{3}\"", + armorOption, + gpgkeyid, + signatureFile, + inputFile); + + var proc = System.Diagnostics.Process.Start(new System.Diagnostics.ProcessStartInfo + { + FileName = gpgpath, + Arguments = gpgArgument, + RedirectStandardInput = true, + UseShellExecute = false + }); + + proc.StandardInput.WriteLine(gpgkeypassphrase); + proc.WaitForExit(); + } + + private static void LoadGPGKeyIdAndPassphrase() + { + using (var enc = new Duplicati.Library.Encryption.AESEncryption(keyfilepassword, new Dictionary<string, string>())) + using (var ms = new System.IO.MemoryStream()) + using (var fs = System.IO.File.OpenRead(gpgkeyfile)) + { + + try + { + enc.Decrypt(fs, ms); + } catch (System.Security.Cryptography.CryptographicException e) { + Console.Write("Failed to decrypt gpg secret credentials file: {0}\n", e.Message); + return; + } + ms.Position = 0; + + using (var sr = new System.IO.StreamReader(ms)) + { + var lines = sr.ReadToEnd().Split(new string[] { Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries); + gpgkeyid = lines[0]; + gpgkeypassphrase = lines[1]; + } + } + } + + + public static int Main(string [] _args) + { + var args = new List<string>(_args); + var opts = Duplicati.Library.Utility.CommandLineParser.ExtractOptions(args); + + opts.TryGetValue("inputfile", out inputFile); + opts.TryGetValue("signaturefile", out signatureFile); + opts.TryGetValue("keyfile-password", out keyfilepassword); + opts.TryGetValue("gpgkeyfile", out gpgkeyfile); + opts.TryGetValue("gpgpath", out gpgpath); + opts.TryGetValue("armor", out string armor); + + useArmor = Boolean.TryParse(armor, out useArmor) && useArmor; + + if (string.IsNullOrWhiteSpace(gpgkeyfile)) + { + Console.WriteLine("No gpgfile with encrypted credentials specified, exiting"); + return 1; + } + + if (!System.IO.File.Exists(gpgkeyfile)) + { + Console.WriteLine("Specified file with encrypted gpg credentials not found, exiting"); + return 1; + } + + LoadGPGKeyIdAndPassphrase(); + + if (gpgkeyid is null || gpgkeypassphrase is null) + { + Console.WriteLine("Could not fetch gpg key id or gpg passphrase, exiting."); + return 1; + } + + gpgpath = gpgpath ?? "gpg"; + SpawnGPG(); + + return 0; + } + } +} |