Laisse GPG localiser et charger automatiquement les clefs.

29bbbeb0 · Guillaume Perréal · 5915e791 · 29bbbeb0 · 29bbbeb0 · 29bbbeb0
Commit 29bbbeb0 authored 6 years ago by Guillaume Perréal
Hide whitespace changes
Inline Side-by-side

Showing

with 34 additions and 19 deletions
+34 -19
--- a/configs/php-cs-fixer.yaml
+++ b/configs/php-cs-fixer.yaml
@@ -5,7 +5,7 @@ package:
 phar:
  archive_url: https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases/download/%version%/php-cs-fixer.phar
  signature_url: https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases/download/%version%/php-cs-fixer.phar.asc
-  keys: BBAB5DF0A0D6672989CF1869E82B2FB314E9906E
+  keys: E82B2FB314E9906E
 target:
  name: irstea/php-cs-fixer-shim

--- a/configs/phpunit.yaml
+++ b/configs/phpunit.yaml
@@ -5,7 +5,7 @@ package:
 phar:
  archive_url: https://phar.phpunit.de/phpunit-%version%.phar
  signature_url: https://phar.phpunit.de/phpunit-%version%.phar.asc
-  keys: D8406D0D82947747293778314AA394086372C20A
+  keys: 4AA394086372C20A
 target:
  name: irstea/phpunit-shim

--- a/src/Signature/Verifier.php
+++ b/src/Signature/Verifier.php
@@ -31,6 +31,11 @@ class Verifier implements VerifierInterface, LoggerAwareInterface
     */
    private $gpgBinary;
+    /**
+     * @var string[]
+     */
+    private $trustedKeys = [];
    /**
     * Verifier constructor.
     *
@@ -48,22 +53,7 @@ class Verifier implements VerifierInterface, LoggerAwareInterface
     */
    public function loadKeys(array $ids): void
    {
-        if (!$ids) {
+        $this->trustedKeys = array_merge($this->trustedKeys, $ids);
-            return;
-        }
-        try {
-            Assertion::allString($ids);
-            $cmd = array_merge([$this->getGpgBinaryPath(), '--receive-keys'], $ids);
-            $process = new Process($cmd);
-            $process->mustRun();
-            $this->logger->debug('Loaded keys: ' . implode(', ', $ids));
-        } catch (ExceptionInterface $exception) {
-            throw new VerifierException('could not receive keys: ' . implode(', ', $ids), 0, $exception);
-        }
    }
    /**
@@ -75,7 +65,13 @@ class Verifier implements VerifierInterface, LoggerAwareInterface
            Assertion::file($signaturePath);
            Assertion::file($dataPath);
-            $process = new Process([$this->getGpgBinaryPath(), '--verify', $signaturePath, $dataPath]);
+            $cmd = array_merge(
+                [$this->getGpgBinaryPath()],
+                $this->getGpgOptions(),
+                ['--verify', $signaturePath, $dataPath]
+            );
+            $process = new Process($cmd);
            $process->mustRun();
            $this->logger->info("$dataPath signature verified.");
        } catch (ExceptionInterface $exception) {
@@ -83,6 +79,25 @@ class Verifier implements VerifierInterface, LoggerAwareInterface
        }
    }
+    /**
+     * @return array
+     */
+    private function getGpgOptions(): array
+    {
+        $options = [
+            '--batch',
+            '--auto-key-locate=wkd',
+            '--auto-key-retrieve',
+        ];
+        foreach ($this->trustedKeys as $keyId) {
+            $options[] = '--trusted-key';
+            $options[] = $keyId;
+        }
+        return $options;
+    }
    /**
     * @return string
     */