From 8cfab42bc3a063f48a3934326818f1c5f2ca9721 Mon Sep 17 00:00:00 2001
From: David Bremner <david@tethera.net>
Date: Thu, 5 May 2022 08:29:21 -0300
Subject: refactor use of gnupg in CONSFIGURATOR.DATA.PGP

Add a new low level function GPG, and a function GPG-FILE-AS-STRING intended
for use in the pgp data source and the future pass(1) data source.  Both of
these functions support a new parameter *DATA-SOURCE-GNUPGHOME*, which allows
the user (or test suite) to control where key material is stored for accessing
data sources.

Signed-off-by: David Bremner <david@tethera.net>
---
 src/data/pgp.lisp  | 19 +++++++------------
 src/data/util.lisp | 24 ++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 12 deletions(-)

(limited to 'src/data')

diff --git a/src/data/pgp.lisp b/src/data/pgp.lisp
index ef258d3..d0df280 100644
--- a/src/data/pgp.lisp
+++ b/src/data/pgp.lisp
@@ -51,20 +51,15 @@
       (cons #'check #'extract))))
 
 (defun read-store (location)
-  (handler-case
-      (safe-read-from-string
-       (run-program
-        (sh-escape (list "gpg" "--decrypt" location)) :output :string))
-    (subprocess-error (error)
-      (missing-data-source "While attempt to decrypt, gpg exited with ~A"
-			   (uiop:subprocess-error-code error)))))
+  (safe-read-from-string
+   (gpg-file-as-string location)))
 
 (defun put-store (location data)
-  (run-program (list "gpg" "--encrypt")
-               :input (make-string-input-stream
-                       (with-standard-io-syntax
-                         (prin1-to-string data)))
-               :output (unix-namestring location)))
+  (gpg '("--encrypt")
+       :input (make-string-input-stream
+               (with-standard-io-syntax
+                 (prin1-to-string data)))
+       :output (unix-namestring location)))
 
 (defun data-assoc (iden1 iden2 data)
   (assoc (cons iden1 iden2) data
diff --git a/src/data/util.lisp b/src/data/util.lisp
index 3fd8895..871eb9a 100644
--- a/src/data/util.lisp
+++ b/src/data/util.lisp
@@ -1,6 +1,7 @@
 ;;; Consfigurator -- Lisp declarative configuration management system
 
 ;;; Copyright (C) 2022  David Bremner <david@tethera.net>
+;;; Copyright (C) 2021  Sean Whitton <spwhitton@spwhitton.name>
 
 ;;; This file is free software; you can redistribute it and/or modify
 ;;; it under the terms of the GNU General Public License as published by
@@ -38,3 +39,26 @@ may contain '/' characters to map into multiple levels of directory."
       (uiop:relativize-pathname-directory
        (ensure-directory-pathname iden1))
       base-dir))))
+
+(defun gpg (args &key input output)
+  "Run gnupg, taking homedir from *DATA-SOURCE-GNUPGHOME* if set.
+
+INPUT and OUTPUT have the same meaning as for RUN-PROGRAM, except that OUTPUT
+defaults to :STRING.  The default return value is thus the output from gnupg,
+as a string."
+  (run-program
+   `("gpg"
+     ,@(and *data-source-gnupghome*
+            (list "--homedir" (namestring *data-source-gnupghome*)))
+     ,@args)
+   :input  input
+   :output (or output :string)))
+
+(defun gpg-file-as-string (location)
+  "Decrypt the contents of a gpg encrypted file at LOCATION, return as a
+string."
+  (handler-case
+      (gpg (list "--decrypt" (unix-namestring location)))
+    (subprocess-error (error)
+      (missing-data-source "While attempt to decrypt ~A, gpg exited with ~A"
+			   location (uiop:subprocess-error-code error)))))
-- 
cgit v1.2.3