Model gpg

cmcgee1024 · cmcgee1024 · commit 3567261d156b · 2025-05-01T17:20:51.000-04:00
diff --git a/Sources/LinuxPlatform/Linux.swift b/Sources/LinuxPlatform/Linux.swift
@@ -275,12 +275,11 @@ public struct Linux: Platform {
             try await fs.withTemporary(files: tmpFile) {
                 try await ctx.httpClient.getGpgKeys().download(to: tmpFile)
                 if let mockedHomeDir = ctx.mockedHomeDir {
-                    try self.runProgram(
-                        "gpg", "--import", "\(tmpFile)", quiet: true,
-                        env: ["GNUPGHOME": (mockedHomeDir / ".gnupg").string]
-                    )
+                    var env = ProcessInfo.processInfo.environment
+                    env["GNUPGHOME"] = (mockedHomeDir / ".gnupg").string
+                    try await sys.gpg()._import(keys: tmpFile).run(self, env: env, quiet: true)
                 } else {
-                    try self.runProgram("gpg", "--import", "\(tmpFile)", quiet: true)
+                    try await sys.gpg()._import(keys: tmpFile).run(self, quiet: true)
                 }
             }
         }
@@ -417,12 +416,11 @@ public struct Linux: Platform {
             await ctx.print("Verifying toolchain signature...")
             do {
                 if let mockedHomeDir = ctx.mockedHomeDir {
-                    try self.runProgram(
-                        "gpg", "--verify", "\(sigFile)", "\(archive)", quiet: false,
-                        env: ["GNUPGHOME": (mockedHomeDir / ".gnupg").string]
-                    )
+                    var env = ProcessInfo.processInfo.environment
+                    env["GNUPGHOME"] = (mockedHomeDir / ".gnupg").string
+                    try await sys.gpg().verify(detachedSignature: sigFile, signedData: archive).run(self, env: env, quiet: false)
                 } else {
-                    try self.runProgram("gpg", "--verify", "\(sigFile)", "\(archive)", quiet: !verbose)
+                    try await sys.gpg().verify(detachedSignature: sigFile, signedData: archive).run(self, quiet: !verbose)
                 }
             } catch {
                 throw SwiftlyError(message: "Signature verification failed: \(error).")
@@ -447,12 +445,11 @@ public struct Linux: Platform {
             await ctx.print("Verifying swiftly signature...")
             do {
                 if let mockedHomeDir = ctx.mockedHomeDir {
-                    try self.runProgram(
-                        "gpg", "--verify", "\(sigFile)", "\(archive)", quiet: false,
-                        env: ["GNUPGHOME": (mockedHomeDir / ".gnupg").string]
-                    )
+                    var env = ProcessInfo.processInfo.environment
+                    env["GNUPGHOME"] = (mockedHomeDir / ".gnupg").string
+                    try await sys.gpg().verify(detachedSignature: sigFile, signedData: archive).run(self, env: env, quiet: false)
                 } else {
-                    try self.runProgram("gpg", "--verify", "\(sigFile)", "\(archive)", quiet: !verbose)
+                    try await sys.gpg().verify(detachedSignature: sigFile, signedData: archive).run(self, quiet: !verbose)
                 }
             } catch {
                 throw SwiftlyError(message: "Signature verification failed: \(error).")
diff --git a/Sources/SwiftlyCore/Commands.swift b/Sources/SwiftlyCore/Commands.swift
@@ -1216,3 +1216,100 @@ extension SystemCommand {
 
 extension SystemCommand.ProductBuildCommand.SynthesizeCommand: Runnable {}
 extension SystemCommand.ProductBuildCommand.DistributionCommand: Runnable {}
+
+extension SystemCommand {
+    public static func gpg(executable: Executable = GpgCommand.defaultExecutable) -> GpgCommand {
+        GpgCommand(executable: executable)
+    }
+
+    public struct GpgCommand {
+        public static var defaultExecutable: Executable { .name("gpg") }
+
+        public var executable: Executable
+
+        public init(executable: Executable) {
+            self.executable = executable
+        }
+
+        public func config() -> Configuration {
+            var args: [String] = []
+
+            return Configuration(
+                executable: self.executable,
+                arguments: Arguments(args),
+                environment: .inherit
+            )
+        }
+
+        public func _import(keys: FilePath...) -> ImportCommand {
+            self._import(keys: keys)
+        }
+
+        public func _import(keys: [FilePath]) -> ImportCommand {
+            ImportCommand(self, keys: keys)
+        }
+
+        public struct ImportCommand {
+            public var gpg: GpgCommand
+
+            public var keys: [FilePath]
+
+            public init(_ gpg: GpgCommand, keys: [FilePath]) {
+                self.gpg = gpg
+                self.keys = keys
+            }
+
+            public func config() -> Configuration {
+                var c: Configuration = self.gpg.config()
+
+                var args = c.arguments.storage.map(\.description)
+
+                args.append("--import")
+
+                for key in self.keys {
+                    args.append("\(key)")
+                }
+
+                c.arguments = .init(args)
+
+                return c
+            }
+        }
+
+        public func verify(detachedSignature: FilePath, signedData: FilePath) -> VerifyCommand {
+            VerifyCommand(self, detachedSignature: detachedSignature, signedData: signedData)
+        }
+
+        public struct VerifyCommand {
+            public var gpg: GpgCommand
+
+            public var detachedSignature: FilePath
+
+            public var signedData: FilePath
+
+            public init(_ gpg: GpgCommand, detachedSignature: FilePath, signedData: FilePath) {
+                self.gpg = gpg
+                self.detachedSignature = detachedSignature
+                self.signedData = signedData
+            }
+
+            public func config() -> Configuration {
+                var c: Configuration = self.gpg.config()
+
+                var args = c.arguments.storage.map(\.description)
+
+                args.append("--verify")
+
+                args.append("\(self.detachedSignature)")
+                args.append("\(self.signedData)")
+
+                c.arguments = .init(args)
+
+                return c
+            }
+        }
+    }
+}
+
+extension SystemCommand.GpgCommand.ImportCommand: Runnable {}
+extension SystemCommand.GpgCommand.VerifyCommand: Runnable {}
diff --git a/Tests/SwiftlyTests/CommandLineTests.swift b/Tests/SwiftlyTests/CommandLineTests.swift
@@ -220,4 +220,12 @@ public struct CommandLineTests {
         config = sys.productbuild().distribution(.packagePath(FilePath("pkgpath")), .sign("mycert"), distPath: FilePath("mydist"), productOutputPath: FilePath("myproduct")).config()
         #expect(String(describing: config) == "productbuild --distribution mydist --package-path pkgpath --sign mycert myproduct")
     }
+
+    @Test func testGpg() async throws {
+        var config = sys.gpg()._import(keys: FilePath("somekeys.asc")).config()
+        #expect(String(describing: config) == "gpg --import somekeys.asc")
+
+        config = sys.gpg().verify(detachedSignature: FilePath("file.sig"), signedData: FilePath("file")).config()
+        #expect(String(describing: config) == "gpg --verify file.sig file")
+    }
 }
diff --git a/Tests/SwiftlyTests/HTTPClientTests.swift b/Tests/SwiftlyTests/HTTPClientTests.swift
@@ -19,7 +19,7 @@ import Testing
             }
 
             try await withGpg { runGpg in
-                try runGpg(["--import", "\(tmpFile)"])
+                try await runGpg(sys.gpg()._import(keys: tmpFile))
             }
         }
     }
@@ -47,8 +47,8 @@ import Testing
 
             try await withGpg { runGpg in
                 try await httpClient.getGpgKeys().download(to: keysFile)
-                try runGpg(["--import", "\(keysFile)"])
-                try runGpg(["--verify", "\(tmpFileSignature)", "\(tmpFile)"])
+                try await runGpg(sys.gpg()._import(keys: keysFile))
+                try await runGpg(sys.gpg().verify(detachedSignature: tmpFileSignature, signedData: tmpFile))
             }
         }
     }
@@ -76,8 +76,8 @@ import Testing
 
             try await withGpg { runGpg in
                 try await httpClient.getGpgKeys().download(to: keysFile)
-                try runGpg(["--import", "\(keysFile)"])
-                try runGpg(["--verify", "\(tmpFileSignature)", "\(tmpFile)"])
+                try await runGpg(sys.gpg()._import(keys: keysFile))
+                try await runGpg(sys.gpg().verify(detachedSignature: tmpFileSignature, signedData: tmpFile))
             }
         }
     }
@@ -126,15 +126,17 @@ import Testing
     }
 }
 
-private func withGpg(_ body: (([String]) throws -> Void) async throws -> Void) async throws {
+private func withGpg(_ body: ((Runnable) async throws -> Void) async throws -> Void) async throws {
 #if os(Linux)
     // With linux, we can ask gpg to try an import to see if the file is valid
     // in a sandbox home directory to avoid contaminating the system
     let gpgHome = fs.mktemp()
     try await fs.mkdir(.parents, atPath: gpgHome)
     try await fs.withTemporary(files: gpgHome) {
-        func runGpg(arguments: [String]) throws {
-            try Swiftly.currentPlatform.runProgram(["gpg"] + arguments, quiet: false, env: ["GNUPGHOME": gpgHome.string])
+        func runGpg(_ runnable: Runnable) async throws {
+            var env = ProcessInfo.processInfo.environment
+            env["GNUPGHOME"] = gpgHome.string
+            try await runnable.run(Swiftly.currentPlatform, env: env, quiet: false)
         }
 
         try await body(runGpg)

Original file line number	Diff line number	Diff line change
`@@ -220,4 +220,12 @@ public struct CommandLineTests {`
`220`	`220`	`config = sys.productbuild().distribution(.packagePath(FilePath("pkgpath")), .sign("mycert"), distPath: FilePath("mydist"), productOutputPath: FilePath("myproduct")).config()`
`221`	`221`	`#expect(String(describing: config) == "productbuild --distribution mydist --package-path pkgpath --sign mycert myproduct")`
`222`	`222`	`}`
	`223`	`+`
	`224`	`+ @Test func testGpg() async throws {`
	`225`	`+ var config = sys.gpg()._import(keys: FilePath("somekeys.asc")).config()`
	`226`	`+ #expect(String(describing: config) == "gpg --import somekeys.asc")`
	`227`	`+`
	`228`	`+ config = sys.gpg().verify(detachedSignature: FilePath("file.sig"), signedData: FilePath("file")).config()`
	`229`	`+ #expect(String(describing: config) == "gpg --verify file.sig file")`
	`230`	`+ }`
`223`	`231`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ import Testing`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`try await withGpg { runGpg in`
`22`		`- try runGpg(["--import", "\(tmpFile)"])`
	`22`	`+ try await runGpg(sys.gpg()._import(keys: tmpFile))`
`23`	`23`	`}`
`24`	`24`	`}`
`25`	`25`	`}`
`@@ -47,8 +47,8 @@ import Testing`
`47`	`47`
`48`	`48`	`try await withGpg { runGpg in`
`49`	`49`	`try await httpClient.getGpgKeys().download(to: keysFile)`
`50`		`- try runGpg(["--import", "\(keysFile)"])`
`51`		`- try runGpg(["--verify", "\(tmpFileSignature)", "\(tmpFile)"])`
	`50`	`+ try await runGpg(sys.gpg()._import(keys: keysFile))`
	`51`	`+ try await runGpg(sys.gpg().verify(detachedSignature: tmpFileSignature, signedData: tmpFile))`
`52`	`52`	`}`
`53`	`53`	`}`
`54`	`54`	`}`
`@@ -76,8 +76,8 @@ import Testing`
`76`	`76`
`77`	`77`	`try await withGpg { runGpg in`
`78`	`78`	`try await httpClient.getGpgKeys().download(to: keysFile)`
`79`		`- try runGpg(["--import", "\(keysFile)"])`
`80`		`- try runGpg(["--verify", "\(tmpFileSignature)", "\(tmpFile)"])`
	`79`	`+ try await runGpg(sys.gpg()._import(keys: keysFile))`
	`80`	`+ try await runGpg(sys.gpg().verify(detachedSignature: tmpFileSignature, signedData: tmpFile))`
`81`	`81`	`}`
`82`	`82`	`}`
`83`	`83`	`}`
`@@ -126,15 +126,17 @@ import Testing`
`126`	`126`	`}`
`127`	`127`	`}`
`128`	`128`
`129`		`-private func withGpg(_ body: (([String]) throws -> Void) async throws -> Void) async throws {`
	`129`	`+private func withGpg(_ body: ((Runnable) async throws -> Void) async throws -> Void) async throws {`
`130`	`130`	`#if os(Linux)`
`131`	`131`	`// With linux, we can ask gpg to try an import to see if the file is valid`
`132`	`132`	`// in a sandbox home directory to avoid contaminating the system`
`133`	`133`	`let gpgHome = fs.mktemp()`
`134`	`134`	`try await fs.mkdir(.parents, atPath: gpgHome)`
`135`	`135`	`try await fs.withTemporary(files: gpgHome) {`
`136`		`- func runGpg(arguments: [String]) throws {`
`137`		`- try Swiftly.currentPlatform.runProgram(["gpg"] + arguments, quiet: false, env: ["GNUPGHOME": gpgHome.string])`
	`136`	`+ func runGpg(_ runnable: Runnable) async throws {`
	`137`	`+ var env = ProcessInfo.processInfo.environment`
	`138`	`+ env["GNUPGHOME"] = gpgHome.string`
	`139`	`+ try await runnable.run(Swiftly.currentPlatform, env: env, quiet: false)`
`138`	`140`	`}`
`139`	`141`
`140`	`142`	`try await body(runGpg)`