github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/gpg_cli.go (about)

     1  // Copyright 2015 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  package libkb
     5  
     6  import (
     7  	"bytes"
     8  	"errors"
     9  	"fmt"
    10  	"io"
    11  	"os"
    12  	"os/exec"
    13  
    14  	"strings"
    15  	"sync"
    16  
    17  	"github.com/blang/semver"
    18  )
    19  
    20  type GpgCLI struct {
    21  	Contextified
    22  	path    string
    23  	options []string
    24  	version string
    25  	tty     string
    26  
    27  	mutex *sync.Mutex
    28  
    29  	logUI LogUI
    30  }
    31  
    32  func NewGpgCLI(g *GlobalContext, logUI LogUI) *GpgCLI {
    33  	if logUI == nil {
    34  		logUI = g.Log
    35  	}
    36  	return &GpgCLI{
    37  		Contextified: NewContextified(g),
    38  		mutex:        new(sync.Mutex),
    39  		logUI:        logUI,
    40  	}
    41  }
    42  
    43  func (g *GpgCLI) SetTTY(t string) {
    44  	g.tty = t
    45  }
    46  
    47  func (g *GpgCLI) Configure(mctx MetaContext) (err error) {
    48  
    49  	g.mutex.Lock()
    50  	defer g.mutex.Unlock()
    51  
    52  	prog := g.G().Env.GetGpg()
    53  	opts := g.G().Env.GetGpgOptions()
    54  
    55  	if len(prog) > 0 {
    56  		err = canExec(prog)
    57  	} else {
    58  		prog, err = exec.LookPath("gpg2")
    59  		if err != nil {
    60  			prog, err = exec.LookPath("gpg")
    61  		}
    62  	}
    63  	if err != nil {
    64  		return err
    65  	}
    66  
    67  	mctx.Debug("| configured GPG w/ path: %s", prog)
    68  
    69  	g.path = prog
    70  	g.options = opts
    71  
    72  	return
    73  }
    74  
    75  // CanExec returns true if a gpg executable exists.
    76  func (g *GpgCLI) CanExec(mctx MetaContext) (bool, error) {
    77  	err := g.Configure(mctx)
    78  	if IsExecError(err) {
    79  		return false, nil
    80  	}
    81  	if err != nil {
    82  		return false, err
    83  	}
    84  	return true, nil
    85  }
    86  
    87  // Path returns the path of the gpg executable.
    88  // Path is only available if CanExec() is true.
    89  func (g *GpgCLI) Path(mctx MetaContext) string {
    90  	canExec, err := g.CanExec(mctx)
    91  	if err == nil && canExec {
    92  		return g.path
    93  	}
    94  	return ""
    95  }
    96  
    97  func (g *GpgCLI) ImportKeyArmored(mctx MetaContext, secret bool, fp PGPFingerprint, tty string) (string, error) {
    98  	g.outputVersion(mctx)
    99  	var cmd string
   100  	var which string
   101  	if secret {
   102  		cmd = "--export-secret-key"
   103  		which = "secret "
   104  	} else {
   105  		cmd = "--export"
   106  	}
   107  
   108  	arg := RunGpg2Arg{
   109  		Arguments: []string{"--armor", cmd, fp.String()},
   110  		Stdout:    true,
   111  		TTY:       tty,
   112  	}
   113  
   114  	res := g.Run2(mctx, arg)
   115  	if res.Err != nil {
   116  		return "", res.Err
   117  	}
   118  
   119  	buf := new(bytes.Buffer)
   120  	_, err := buf.ReadFrom(res.Stdout)
   121  	if err != nil {
   122  		return "", err
   123  	}
   124  	armored := buf.String()
   125  
   126  	// Convert to posix style on windows
   127  	armored = PosixLineEndings(armored)
   128  
   129  	if err := res.Wait(); err != nil {
   130  		return "", err
   131  	}
   132  
   133  	if len(armored) == 0 {
   134  		return "", NoKeyError{fmt.Sprintf("No %skey found for fingerprint %s", which, fp)}
   135  	}
   136  
   137  	return armored, nil
   138  }
   139  
   140  func (g *GpgCLI) ImportKey(mctx MetaContext, secret bool, fp PGPFingerprint, tty string) (*PGPKeyBundle, error) {
   141  
   142  	armored, err := g.ImportKeyArmored(mctx, secret, fp, tty)
   143  	if err != nil {
   144  		return nil, err
   145  	}
   146  
   147  	bundle, w, err := ReadOneKeyFromString(armored)
   148  	w.Warn(g.G())
   149  	if err != nil {
   150  		return nil, err
   151  	}
   152  
   153  	// For secret keys, *also* import the key in public mode, and then grab the
   154  	// ArmoredPublicKey from that. That's because the public import goes out of
   155  	// its way to preserve the exact armored string from GPG.
   156  	if secret {
   157  		publicBundle, err := g.ImportKey(mctx, false, fp, tty)
   158  		if err != nil {
   159  			return nil, err
   160  		}
   161  		bundle.ArmoredPublicKey = publicBundle.ArmoredPublicKey
   162  
   163  		// It's a bug that gpg --export-secret-keys doesn't grep subkey revocations.
   164  		// No matter, we have both in-memory, so we can copy it over here
   165  		bundle.CopySubkeyRevocations(publicBundle.Entity)
   166  	}
   167  
   168  	return bundle, nil
   169  }
   170  
   171  func (g *GpgCLI) ExportKeyArmored(mctx MetaContext, s string) (err error) {
   172  	g.outputVersion(mctx)
   173  	arg := RunGpg2Arg{
   174  		Arguments: []string{"--import"},
   175  		Stdin:     true,
   176  	}
   177  	res := g.Run2(mctx, arg)
   178  	if res.Err != nil {
   179  		return res.Err
   180  	}
   181  	_, err = res.Stdin.Write([]byte(s))
   182  	if err != nil {
   183  		return err
   184  	}
   185  	err = res.Stdin.Close()
   186  	if err != nil {
   187  		return err
   188  	}
   189  	err = res.Wait()
   190  	return err
   191  }
   192  
   193  func (g *GpgCLI) ExportKey(mctx MetaContext, k PGPKeyBundle, private bool, batch bool) (err error) {
   194  	g.outputVersion(mctx)
   195  	arg := RunGpg2Arg{
   196  		Arguments: []string{"--import"},
   197  		Stdin:     true,
   198  	}
   199  
   200  	if batch {
   201  		arg.Arguments = append(arg.Arguments, "--batch")
   202  	}
   203  
   204  	res := g.Run2(mctx, arg)
   205  	if res.Err != nil {
   206  		return res.Err
   207  	}
   208  
   209  	e1 := k.EncodeToStream(res.Stdin, private)
   210  	e2 := res.Stdin.Close()
   211  	e3 := res.Wait()
   212  	return PickFirstError(e1, e2, e3)
   213  }
   214  
   215  func (g *GpgCLI) Sign(mctx MetaContext, fp PGPFingerprint, payload []byte) (string, error) {
   216  	g.outputVersion(mctx)
   217  	arg := RunGpg2Arg{
   218  		Arguments: []string{"--armor", "--sign", "-u", fp.String()},
   219  		Stdout:    true,
   220  		Stdin:     true,
   221  	}
   222  
   223  	res := g.Run2(mctx, arg)
   224  	if res.Err != nil {
   225  		return "", res.Err
   226  	}
   227  
   228  	_, err := res.Stdin.Write(payload)
   229  	if err != nil {
   230  		return "", err
   231  	}
   232  	res.Stdin.Close()
   233  
   234  	buf := new(bytes.Buffer)
   235  	_, err = buf.ReadFrom(res.Stdout)
   236  	if err != nil {
   237  		return "", err
   238  	}
   239  	armored := buf.String()
   240  
   241  	// Convert to posix style on windows
   242  	armored = PosixLineEndings(armored)
   243  
   244  	if err := res.Wait(); err != nil {
   245  		return "", err
   246  	}
   247  
   248  	return armored, nil
   249  }
   250  
   251  func (g *GpgCLI) Version() (string, error) {
   252  	if len(g.version) > 0 {
   253  		return g.version, nil
   254  	}
   255  
   256  	args := g.options
   257  	args = append(args, "--version")
   258  	out, err := exec.Command(g.path, args...).Output()
   259  	if err != nil {
   260  		return "", err
   261  	}
   262  	g.version = string(out)
   263  	return g.version, nil
   264  }
   265  
   266  func (g *GpgCLI) outputVersion(mctx MetaContext) {
   267  	v, err := g.Version()
   268  	if err != nil {
   269  		mctx.Debug("error getting GPG version: %s", err)
   270  		return
   271  	}
   272  	mctx.Debug("GPG version:\n%s", v)
   273  }
   274  
   275  func (g *GpgCLI) SemanticVersion() (*semver.Version, error) {
   276  	out, err := g.Version()
   277  	if err != nil {
   278  		return nil, err
   279  	}
   280  	lines := strings.Split(out, "\n")
   281  	if len(lines) == 0 {
   282  		return nil, errors.New("empty gpg version")
   283  	}
   284  	parts := strings.Fields(lines[0])
   285  	if len(parts) < 3 {
   286  		return nil, fmt.Errorf("unhandled gpg version output %q full: %q", lines[0], lines)
   287  	}
   288  	return semver.New(parts[2])
   289  }
   290  
   291  func (g *GpgCLI) VersionAtLeast(s string) (bool, error) {
   292  	min, err := semver.New(s)
   293  	if err != nil {
   294  		return false, err
   295  	}
   296  	cur, err := g.SemanticVersion()
   297  	if err != nil {
   298  		return false, err
   299  	}
   300  	return cur.GTE(*min), nil
   301  }
   302  
   303  type RunGpg2Arg struct {
   304  	Arguments []string
   305  	Stdin     bool
   306  	Stderr    bool
   307  	Stdout    bool
   308  	TTY       string
   309  }
   310  
   311  type RunGpg2Res struct {
   312  	Stdin  io.WriteCloser
   313  	Stdout io.ReadCloser
   314  	Stderr io.ReadCloser
   315  	Wait   func() error
   316  	Err    error
   317  }
   318  
   319  func (g *GpgCLI) Run2(mctx MetaContext, arg RunGpg2Arg) (res RunGpg2Res) {
   320  	if g.path == "" {
   321  		res.Err = errors.New("no gpg path set")
   322  		return
   323  	}
   324  
   325  	cmd := g.MakeCmd(mctx, arg.Arguments, arg.TTY)
   326  
   327  	if arg.Stdin {
   328  		if res.Stdin, res.Err = cmd.StdinPipe(); res.Err != nil {
   329  			return
   330  		}
   331  	}
   332  
   333  	var stdout, stderr io.ReadCloser
   334  
   335  	if stdout, res.Err = cmd.StdoutPipe(); res.Err != nil {
   336  		return
   337  	}
   338  	if stderr, res.Err = cmd.StderrPipe(); res.Err != nil {
   339  		return
   340  	}
   341  
   342  	if res.Err = cmd.Start(); res.Err != nil {
   343  		return
   344  	}
   345  
   346  	waited := false
   347  	out := 0
   348  	ch := make(chan error)
   349  	var fep FirstErrorPicker
   350  
   351  	res.Wait = func() error {
   352  		for out > 0 {
   353  			fep.Push(<-ch)
   354  			out--
   355  		}
   356  		if !waited {
   357  			waited = true
   358  			err := cmd.Wait()
   359  			if err != nil {
   360  				fep.Push(ErrorToGpgError(err))
   361  			}
   362  			return fep.Error()
   363  		}
   364  		return nil
   365  	}
   366  
   367  	bgmctx := mctx.BackgroundWithLogTags()
   368  	if !arg.Stdout {
   369  		out++
   370  		go func() {
   371  			ch <- DrainPipe(stdout, func(s string) { bgmctx.Debug(s) })
   372  		}()
   373  	} else {
   374  		res.Stdout = stdout
   375  	}
   376  
   377  	if !arg.Stderr {
   378  		out++
   379  		go func() {
   380  			ch <- DrainPipe(stderr, func(s string) { bgmctx.Debug(s) })
   381  		}()
   382  	} else {
   383  		res.Stderr = stderr
   384  	}
   385  
   386  	return
   387  }
   388  
   389  func (g *GpgCLI) MakeCmd(mctx MetaContext, args []string, tty string) *exec.Cmd {
   390  	var nargs []string
   391  	if g.options != nil {
   392  		nargs = make([]string, len(g.options))
   393  		copy(nargs, g.options)
   394  		nargs = append(nargs, args...)
   395  	} else {
   396  		nargs = args
   397  	}
   398  	// Always use --no-auto-check-trustdb to prevent gpg from refreshing trustdb.
   399  	// Refreshing the trustdb can cause hangs when bad keys from CVE-2019-13050 are in the keyring.
   400  	// --no-auto-check-trustdb was introduced around gpg 1.0 so ought to always be implemented.
   401  	nargs = append([]string{"--no-auto-check-trustdb"}, nargs...)
   402  	if g.G().Service {
   403  		nargs = append([]string{"--no-tty"}, nargs...)
   404  	}
   405  	mctx.Debug("| running Gpg: %s %s", g.path, strings.Join(nargs, " "))
   406  	ret := exec.Command(g.path, nargs...)
   407  	if tty == "" {
   408  		tty = g.tty
   409  	}
   410  	if tty != "" {
   411  		ret.Env = append(os.Environ(), "GPG_TTY="+tty)
   412  		mctx.Debug("| setting GPG_TTY=%s", tty)
   413  	} else {
   414  		mctx.Debug("| no tty provided, GPG_TTY will not be changed")
   415  	}
   416  	return ret
   417  }