From db36ea85aac23620d71ed38cc9a263b6bab3af98 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@pep.foundation>
Date: Sun, 27 Mar 2022 00:53:39 +0100
Subject: [PATCH] Add a Sequoia-based OpenPGP backend

This change adds support for using Sequoia as an alternative to the
internal OpenPGP backend.  To use this backend, it is necessary to
have the rpm-sequoia library installed.

https://gitlab.com/sequoia-pgp/rpm-sequoia

Fixes #1978.
---
 INSTALL           | 11 +++++++----
 configure.ac      | 20 +++++++++++++++++++-
 rpm.pc.in         |  2 +-
 rpmio/Makefile.am |  9 +++++----
 tests/Makefile.am |  3 ++-
 5 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/INSTALL b/INSTALL
index 961a160e0..a48bfc038 100644
--- a/INSTALL
+++ b/INSTALL
@@ -22,10 +22,13 @@ The libmagic (aka file) library for file type detection (used by rpmbuild).
 The source for the file utility + library is available from
     ftp://ftp.astron.com/pub/file/
 
-You will need a cryptographic library to support digests and signatures.
-This library may be libgcrypt or OpenSSL, and can be specified with the
---with-crypto=[libgcrypt|openssl] argument to configure.
-libgcrypt is the default.
+You will need a cryptographic library to support digests and
+signatures.  This library may be libgcrypt, OpenSSL, or Sequoia PGP,
+and can be specified with the --with-crypto=[libgcrypt|openssl|sequoia]
+argument to configure.  libgcrypt is the default.
+
+Sequoia is used via the rpm-sequoia library, which is available from
+https://gitlab.com/sequoia-pgp/rpm-sequoia
 
 libgcrypt library is available from https://www.gnupg.org/software/libgcrypt/
 
diff --git a/configure.ac b/configure.ac
index 94a8b6f95..4f37ce4ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -272,7 +272,7 @@ AM_CONDITIONAL(LIBELF,[test "$WITH_LIBELF" = yes])
 # Select crypto library
 AC_ARG_WITH(crypto,
             [AC_HELP_STRING([--with-crypto=CRYPTO_LIB],
-                            [The cryptographic library to use (openssl|libgcrypt). The default is libgcrypt.])
+                            [The cryptographic library to use (openssl|libgcrypt|sequoia). The default is libgcrypt.])
                             ],[],
                             [with_crypto=libgcrypt])
 
@@ -382,6 +382,24 @@ AM_CONDITIONAL([WITH_LIBGCRYPT],[test "$with_crypto" = libgcrypt])
 AC_SUBST(WITH_LIBGCRYPT_INCLUDE)
 AC_SUBST(WITH_LIBGCRYPT_LIB)
 
+#=================
+# Check for the rpm-sequoia backend.
+WITH_RPM_SEQUOIA_INCLUDE=
+WITH_RPM_SEQUOIA_LIB=
+if test "$with_crypto" = sequoia ; then
+  PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia], [have_rpm_sequoia=yes], [have_rpm_sequoia=no])
+  if test "$have_rpm_sequoia" = "yes"; then
+     WITH_RPM_SEQUOIA_INCLUDE="$RPM_SEQUOIA_CFLAGS"
+     WITH_RPM_SEQUOIA_LIB="$RPM_SEQUOIA_LIBS"
+  else
+     AC_MSG_ERROR([librpm-sequoia not found])
+  fi
+fi
+
+AM_CONDITIONAL([WITH_RPM_SEQUOIA],[test "$with_crypto" = sequoia])
+AC_SUBST(WITH_RPM_SEQUOIA_INCLUDE)
+AC_SUBST(WITH_RPM_SEQUOIA_LIB)
+
 #=================
 # Check for magic library.
 WITH_MAGIC_INCLUDE=
diff --git a/rpm.pc.in b/rpm.pc.in
index 1f76f0685..5449f01a0 100644
--- a/rpm.pc.in
+++ b/rpm.pc.in
@@ -12,5 +12,5 @@ Requires: popt
 Requires.private: @ZSTD_REQUIRES@
 # Conflicts:
 Cflags: -I${includedir}
-Libs: -L${libdir} -lrpm -lrpmio
+Libs: -L${libdir} -lrpm -lrpmio @WITH_RPM_SEQUOIA_LIB@
 Libs.private: -lpopt -lrt -lpthread @WITH_LZMA_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ @LUA_LIBS@
diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am
index 94be6581f..106e69d00 100644
--- a/rpmio/Makefile.am
+++ b/rpmio/Makefile.am
@@ -8,6 +8,7 @@ EXTRA_DIST = modemuncher.c
 AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/include/
 AM_CPPFLAGS += @WITH_OPENSSL_INCLUDE@
 AM_CPPFLAGS += @WITH_LIBGCRYPT_INCLUDE@
+AM_CPPFLAGS += @WITH_RPM_SEQUOIA_INCLUDE@
 AM_CPPFLAGS += @WITH_POPT_INCLUDE@
 AM_CPPFLAGS += $(ZSTD_CFLAGS)
 AM_CPPFLAGS += @LUA_CFLAGS@
@@ -24,14 +25,13 @@ librpmio_la_SOURCES = \
 	rpmio_internal.h rpmhook.h rpmvercmp.c rpmver.c \
 	rpmstring.c rpmfileutil.c rpmglob.c \
 	rpmkeyring.c rpmstrpool.c rpmmacro_internal.h \
-	rpmlua.c rpmlua.h lposix.c lposix.h \
-	rpmpgp_internal.c rpmpgp_internal.h
+	rpmlua.c rpmlua.h lposix.c lposix.h
 
 if WITH_OPENSSL
-librpmio_la_SOURCES += digest_openssl.c
+librpmio_la_SOURCES += digest_openssl.c rpmpgp_internal.c rpmpgp_internal.h
 else
 if WITH_LIBGCRYPT
-librpmio_la_SOURCES += digest_libgcrypt.c
+librpmio_la_SOURCES += digest_libgcrypt.c rpmpgp_internal.c rpmpgp_internal.h
 endif
 endif
 
@@ -40,6 +40,7 @@ librpmio_la_LIBADD = \
 	../misc/libmisc.la \
 	@WITH_OPENSSL_LIB@ \
 	@WITH_LIBGCRYPT_LIB@ \
+	@WITH_RPM_SEQUOIA_LIB@ \
 	@WITH_BZ2_LIB@ \
 	@WITH_ZLIB_LIB@ \
 	@WITH_POPT_LIB@ \
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 291452a75..05e4fa7e8 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -12,7 +12,8 @@ EXTRA_DIST += local.at $(TESTSUITE)
 
 AM_CPPFLAGS = -I$(top_srcdir)/include
 
-rpmpgpcheck_LDADD = ../rpmio/librpmio.la
+rpmpgpcheck_LDADD = ../rpmio/librpmio.la \
+	@WITH_RPM_SEQUOIA_LIB@
 
 ## testsuite components
 TESTSUITE_AT = rpmtests.at