This library provides an implementation of the [rpm]'s [pgp interface] using [Sequoia].

Configuration

This library reads the [crypto policy configuration] in /etc/crypto-policies/back-ends/sequoia.config. This can be overridden using the SEQUOIA_CRYPTO_POLICY environment variable. If set to the empty string, then no crypto policy will be read and instead [Sequoia's default policy] will be used.

Refer to the [Fedora Crypto Policy] project for information about the crypto policy.

Building

To build, you need [rustc] (version 1.60 or later), cargo, and [nettle-devel], which is the cryptographic library that Sequoia uses by default.

Here's how to build rpm-sequoia and a version of rpm that uses it:

$ mkdir /tmp/rpm $ cd /tmp/rpm $ git clone git@github.com:rpm-software-management/rpm-sequoia.git Cloning into 'rpm-sequoia'... done. $ cd rpm-sequoia $ PREFIX=/usr cargo build --release && cargo test --release Updating crates.io index ... test result: ok. ... $ cd /tmp/rpm $ git clone git@github.com:rpm-software-management/rpm.git Cloning into 'rpm'... done. $ cd rpm $ git checkout rpm-4.18.0-release Switched to a new branch 'rpm-4.18.0-release' $ autoreconf -fis ... $ mkdir b $ cd b $ export PKG_CONFIG_PATH=/tmp/rpm/rpm-sequoia/target/release $ export LD_LIBRARY_PATH=/tmp/rpm/rpm-sequoia/target/release $ ../configure --with-crypto=sequoia $ make $ make check

Note: this builds version 4.18 of rpm, which is the current stable release of rpm. The current development branch of rpm has switched to using cmake instead of autoconf. Please refer to [rpm's INSTALL] file for how to build master.

To use a different cryptographic backend, you need to disable the default backend, and select your preferred backend. For instance, to use Sequoia's OpenSSL backend, you would compile rpm-sequoia as follows:

$ cargo build --release --no-default-features --features sequoia-openpgp/crypto-openssl

See [sequoia-openpgp's README] for the list of currently supported cryptographic backends.

The rpm-sequoia artifacts (the .a, .so, and the .pc files) are placed in the build directory, which, in this case, is /tmp/rpm/rpm-sequoia/target/release. We also set the PREFIX environment variable when calling cargo build. This is the prefix that will be used in the generated rpm-sequoia.pc file. It defaults to /usr/local.

To run just one or two tests, do something like the following:

Note: when building or running the test suite, it is essential to make sure PKG_CONFIG_PATH and LD_LIBRARY_PATH are set appropriately (as in the above transcript).

$ cd /tmp/rpm/rpm/b/tests $ export PKG_CONFIG_PATH=/tmp/rpm/rpm-sequoia/target/release $ export LD_LIBRARY_PATH=/tmp/rpm/rpm-sequoia/target/release $ make populate_testing $ T="266 273"; for t in $T; do if ! ../../tests/rpmtests $t; then cat rpmtests.dir/$t/rpmtests.log; fi; done

To get tracing output, set RPM_TRACE to 1:

$ cd /tmp/rpm/rpm/b/tests $ export PKG_CONFIG_PATH=/tmp/rpm/rpm-sequoia/target/release $ export LD_LIBRARY_PATH=/tmp/rpm/rpm-sequoia/target/release $ make populate_testing $ export RPM_TRACE=1 $ ../../tests/rpmtests 273 $ cat rpmtests.dir/273/rpmtests.log ... +pgpDigParamsFree: -> success +rpmFreeCrypto: entered +rpmFreeCrypto: -> success 273. rpmsigdig.at:495: 273. rpmsign --addsign (rpmsigdig.at:495): FAILED (rpmsigdig.at:503) ...