Replace custom OpenPGP packet parsing with pysequoia #7433
Replace custom OpenPGP packet parsing with pysequoia #7433
Conversation
|
@mdellweg @gerrod3 This is first draft quality, I have not thoroughly reviewed this. But let me know what you think, and feel free to look at the pysequoia PR as well. I will note, that I don't think pysequoia actually supports PQC yet (the patches exist but aren't merged yet, I think RH is applying them downstream in places). So we will need to make sure that it's not doing "too much" validation Requires wiktor-k/pysequoia#61 |
dralley
force-pushed
the
use-pysequoia
branch
4 times, most recently
from
a4007d3 to
ccf9278
Compare
dralley
changed the title
| username (str): Empty string; primary UID not available without extending pysequoia. | ||
| data (bytes or None): The verified plaintext content for inline signatures, None for | ||
| detached signatures. | ||
| """ |
There was a problem hiding this comment.
I'm not actually sure that we need this, but gpg_verify is public API, so I figured we would have to at least try. Unless we wait until the next breaking change release.
pyproject.toml
Outdated
| "psycopg[binary]>=3.1.8,<3.4", # SemVer, not explicitely stated, but mentioned on multiple changes. | ||
| "pyparsing>=3.1.0,<3.4", # Looks like only bugfixes in z-Stream. | ||
| "python-gnupg>=0.5.0,<0.6", # Looks like only bugfixes in z-Stream [changelog only in git] | ||
| "pysequoia @ git+https://github.com/wiktor-k/pysequoia.git@refs/pull/61/head", |
| if "~=" in ops: | ||
| warnings.warn(f"{filename}:{nr}: Please avoid using ~= on {req.name}!") | ||
| elif "<" not in ops and "<=" not in ops and "==" not in ops: | ||
| elif "<" not in ops and "<=" not in ops and "==" not in ops and "@" not in line: |
There was a problem hiding this comment.
Well this check was actually intentional:
The check-commit wf fails until all the dependencies are in order again.
It should still allow the tests to run. But obviously prevent prematurely merging it.
There was a problem hiding this comment.
It wasn't reaching the tests IIRC
There was a problem hiding this comment.
OIC this check is in the wrong place. It should be next to "check commit messages".
There was a problem hiding this comment.
I think we even document that you can do this...
| "raw_data": body, | ||
| "created": packet.signature_created, | ||
| } | ||
| # Note: Pulp's concept of "expiration time" is a duration starting at creation time |
There was a problem hiding this comment.
Oh it should have been expiration date?
"time" really is ambiguous.
There was a problem hiding this comment.
TBF, pulp is using the terminology that was defined in the spec, so it was "correct", it's just that the terminology in the spec was ambiguous.
https://www.rfc-editor.org/rfc/rfc9580.html#name-signature-expiration-time
Opinions probably differ whether Sequoia providing expiration_time as something else is a good idea. Less ambiguous wording, but a bit confusing when it comes to the spec.
| if isinstance(signature, str): | ||
| sig_data = stack.enter_context(open(signature, "rb")).read() | ||
| elif isinstance(signature, models.Artifact): | ||
| sig_data = stack.enter_context(signature.file).read() |
There was a problem hiding this comment.
Admittedly, again, this is not new. But do you think we can feed this as a stream into pysequoia?
There was a problem hiding this comment.
By stream do you mean read the data lazily? e.g. just passing the file handle, not a bytes buffer?
There was a problem hiding this comment.
Yes, that's what i thought.
Specifically if it's an attached signature the file may be huge.
There was a problem hiding this comment.
Probably https://docs.python.org/3/c-api/buffer.html
Actually, no, at least not as easily as I would hope
Why are attached signatures large? You would extract the signature for checking, surely?
There was a problem hiding this comment.
In case detached_data=None we assume that signature contains the actual data (possible multiple GB) and the attached signature. And re just slurp that into memory with read.
But again, not necessarily the scope of this pr.
There was a problem hiding this comment.
yeah I suppose that is a problem with the existing implementation as well. Do we have an issue filed for that?
| "pyparsing>=3.1.0,<3.4", # Looks like only bugfixes in z-Stream. | ||
| "python-gnupg>=0.5.0,<0.6", # Looks like only bugfixes in z-Stream [changelog only in git] | ||
| "pysequoia @ git+https://github.com/wiktor-k/pysequoia.git@refs/pull/61/head", | ||
| # "pysequoia>=0.1.32", |
There was a problem hiding this comment.
Are we now ready to drop the gpg dependency?
There was a problem hiding this comment.
I think so, I think the remaining usage was just in tests, but it's something I would double check before marking the PR ready
There was a problem hiding this comment.
So moving it to the test_requirements wouldn't even tell us we really don't use it in the application... That is sad.
There was a problem hiding this comment.
The add-signing-service management command also exports keys from the system keyring using python-gnupg
There was a problem hiding this comment.
I'm not entirely sure how we will get rid of that one, tbh.
dralley
force-pushed
the
use-pysequoia
branch
2 times, most recently
from
b75892e to
56bd4a3
Compare
Generated-By: claude-opus-4.6
Use pysequoia instead Generated-By: claude-opus-4.6
Generated-By: claude-opus-4.6
2 participants
📜 Checklist
See: Pull Request Walkthrough