From 397392506aca6031605203c4072364504181f7e0 Mon Sep 17 00:00:00 2001
From: Jens Reimann <jreimann@redhat.com>
Date: Fri, 22 Nov 2019 11:06:14 +0100
Subject: [PATCH] [eclipse/packager#7]: Allow adding only MD5 checksums

This change allows specifying a custom provider for signature
configurations. By default it will support "default" and "md5-only".
---
 src/it/test15-default/pom.xml                 | 85 +++++++++++++++++++
 src/it/test15-default/verify.groovy           | 11 +++
 src/it/test15-md5-only/pom.xml                | 85 +++++++++++++++++++
 src/it/test15-md5-only/verify.groovy          | 11 +++
 src/it/test15-not-found/invoker.properties    |  1 +
 src/it/test15-not-found/pom.xml               | 85 +++++++++++++++++++
 src/it/test9-maxversion/verify.groovy         | 24 ------
 .../de/dentrassi/rpm/builder/RpmMojo.java     | 51 ++++++++++-
 .../DefaultSignatureConfiguration.java        | 27 ++++++
 .../Md5OnlySignatureConfiguration.java        | 30 +++++++
 .../signatures/SignatureConfiguration.java    | 18 ++++
 11 files changed, 402 insertions(+), 26 deletions(-)
 create mode 100644 src/it/test15-default/pom.xml
 create mode 100644 src/it/test15-default/verify.groovy
 create mode 100644 src/it/test15-md5-only/pom.xml
 create mode 100644 src/it/test15-md5-only/verify.groovy
 create mode 100644 src/it/test15-not-found/invoker.properties
 create mode 100644 src/it/test15-not-found/pom.xml
 delete mode 100644 src/it/test9-maxversion/verify.groovy
 create mode 100644 src/main/java/de/dentrassi/rpm/builder/signatures/DefaultSignatureConfiguration.java
 create mode 100644 src/main/java/de/dentrassi/rpm/builder/signatures/Md5OnlySignatureConfiguration.java
 create mode 100644 src/main/java/de/dentrassi/rpm/builder/signatures/SignatureConfiguration.java

diff --git a/src/it/test15-default/pom.xml b/src/it/test15-default/pom.xml
new file mode 100644
index 0000000..2665cda
--- /dev/null
+++ b/src/it/test15-default/pom.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>de.dentrassi.maven.rpm.test</groupId>
+	<artifactId>test15-md5-only</artifactId>
+	<version>1.0.0-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>Test Package #15</name>
+	<description>
+	Test Default
+	</description>
+
+	<url>http://dentrassi.de</url>
+
+	<organization>
+		<name>Jens Reimann</name>
+		<url>http://dentrassi.de</url>
+	</organization>
+
+	<licenses>
+		<license>
+			<name>Eclipse Public License - v 1.0</name>
+			<distribution>repo</distribution>
+			<url>https://www.eclipse.org/legal/epl-v10.html</url>
+		</license>
+	</licenses>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<skipSigning>true</skipSigning>
+		<rpm.skipSigning>true</rpm.skipSigning>
+	</properties>
+
+	<build>
+
+		<plugins>
+			<plugin>
+				<groupId>de.dentrassi.maven</groupId>
+				<artifactId>rpm</artifactId>
+				<version>@project.version@</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>rpm</goal>
+						</goals>
+						<configuration>
+							<group>Application/Misc</group>
+
+							<forceRelease>false</forceRelease>
+							<version>1.0.0</version>
+							<outputFileName>test15.rpm</outputFileName>
+							<signatureConfiguration>default</signatureConfiguration>
+
+							<signature>
+								<keyId>${keyId}</keyId>
+								<keyringFile>${user.home}/.gnupg/secring.gpg</keyringFile>
+								<passphrase>${passphrase}</passphrase>
+								<hashAlgorithm>SHA1</hashAlgorithm>
+								<skip>${skipSigning}</skip>
+							</signature>
+
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
+
+	<profiles>
+		<profile>
+			<id>sign</id>
+			<activation>
+				<activeByDefault>false</activeByDefault>
+			</activation>
+			<properties>
+				<skipSigning>false</skipSigning>
+			</properties>
+		</profile>
+	</profiles>
+
+</project>
diff --git a/src/it/test15-default/verify.groovy b/src/it/test15-default/verify.groovy
new file mode 100644
index 0000000..addbaa1
--- /dev/null
+++ b/src/it/test15-default/verify.groovy
@@ -0,0 +1,11 @@
+def verify ( ) {
+	Process proc = ('rpm -Kv ' + basedir + "/target/test15.rpm").execute()
+	return proc.in.getText().trim()
+}
+
+def result = verify()
+println "Verify: " + result
+
+def m1 = result =~ /MD5 digest\: OK/
+def m2 = result =~ /Header SHA1 digest\: OK/
+return m1.find() && m2.find()
\ No newline at end of file
diff --git a/src/it/test15-md5-only/pom.xml b/src/it/test15-md5-only/pom.xml
new file mode 100644
index 0000000..50cc3b7
--- /dev/null
+++ b/src/it/test15-md5-only/pom.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>de.dentrassi.maven.rpm.test</groupId>
+	<artifactId>test15-md5-only</artifactId>
+	<version>1.0.0-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>Test Package #15</name>
+	<description>
+	Test MD5 only
+	</description>
+
+	<url>http://dentrassi.de</url>
+
+	<organization>
+		<name>Jens Reimann</name>
+		<url>http://dentrassi.de</url>
+	</organization>
+
+	<licenses>
+		<license>
+			<name>Eclipse Public License - v 1.0</name>
+			<distribution>repo</distribution>
+			<url>https://www.eclipse.org/legal/epl-v10.html</url>
+		</license>
+	</licenses>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<skipSigning>true</skipSigning>
+		<rpm.skipSigning>true</rpm.skipSigning>
+	</properties>
+
+	<build>
+
+		<plugins>
+			<plugin>
+				<groupId>de.dentrassi.maven</groupId>
+				<artifactId>rpm</artifactId>
+				<version>@project.version@</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>rpm</goal>
+						</goals>
+						<configuration>
+							<group>Application/Misc</group>
+
+							<forceRelease>false</forceRelease>
+							<version>1.0.0</version>
+							<outputFileName>test15.rpm</outputFileName>
+							<signatureConfiguration>md5-only</signatureConfiguration>
+
+							<signature>
+								<keyId>${keyId}</keyId>
+								<keyringFile>${user.home}/.gnupg/secring.gpg</keyringFile>
+								<passphrase>${passphrase}</passphrase>
+								<hashAlgorithm>SHA1</hashAlgorithm>
+								<skip>${skipSigning}</skip>
+							</signature>
+
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
+
+	<profiles>
+		<profile>
+			<id>sign</id>
+			<activation>
+				<activeByDefault>false</activeByDefault>
+			</activation>
+			<properties>
+				<skipSigning>false</skipSigning>
+			</properties>
+		</profile>
+	</profiles>
+
+</project>
diff --git a/src/it/test15-md5-only/verify.groovy b/src/it/test15-md5-only/verify.groovy
new file mode 100644
index 0000000..11a998b
--- /dev/null
+++ b/src/it/test15-md5-only/verify.groovy
@@ -0,0 +1,11 @@
+def verify ( ) {
+	Process proc = ('rpm -Kv ' + basedir + "/target/test15.rpm").execute()
+	return proc.in.getText().trim()
+}
+
+def result = verify()
+println "Verify: " + result
+
+def m1 = result =~ /MD5 digest\: OK/
+def m2 = result =~ /SHA/
+return m1.find() && !m2.find()
\ No newline at end of file
diff --git a/src/it/test15-not-found/invoker.properties b/src/it/test15-not-found/invoker.properties
new file mode 100644
index 0000000..324b5fb
--- /dev/null
+++ b/src/it/test15-not-found/invoker.properties
@@ -0,0 +1 @@
+invoker.buildResult=failure
\ No newline at end of file
diff --git a/src/it/test15-not-found/pom.xml b/src/it/test15-not-found/pom.xml
new file mode 100644
index 0000000..ce84f35
--- /dev/null
+++ b/src/it/test15-not-found/pom.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>de.dentrassi.maven.rpm.test</groupId>
+	<artifactId>test15-md5-only</artifactId>
+	<version>1.0.0-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>Test Package #15</name>
+	<description>
+	Test "not found"
+	</description>
+
+	<url>http://dentrassi.de</url>
+
+	<organization>
+		<name>Jens Reimann</name>
+		<url>http://dentrassi.de</url>
+	</organization>
+
+	<licenses>
+		<license>
+			<name>Eclipse Public License - v 1.0</name>
+			<distribution>repo</distribution>
+			<url>https://www.eclipse.org/legal/epl-v10.html</url>
+		</license>
+	</licenses>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<skipSigning>true</skipSigning>
+		<rpm.skipSigning>true</rpm.skipSigning>
+	</properties>
+
+	<build>
+
+		<plugins>
+			<plugin>
+				<groupId>de.dentrassi.maven</groupId>
+				<artifactId>rpm</artifactId>
+				<version>@project.version@</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>rpm</goal>
+						</goals>
+						<configuration>
+							<group>Application/Misc</group>
+
+							<forceRelease>false</forceRelease>
+							<version>1.0.0</version>
+							<outputFileName>test15.rpm</outputFileName>
+							<signatureConfiguration>not-found</signatureConfiguration>
+
+							<signature>
+								<keyId>${keyId}</keyId>
+								<keyringFile>${user.home}/.gnupg/secring.gpg</keyringFile>
+								<passphrase>${passphrase}</passphrase>
+								<hashAlgorithm>SHA1</hashAlgorithm>
+								<skip>${skipSigning}</skip>
+							</signature>
+
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
+
+	<profiles>
+		<profile>
+			<id>sign</id>
+			<activation>
+				<activeByDefault>false</activeByDefault>
+			</activation>
+			<properties>
+				<skipSigning>false</skipSigning>
+			</properties>
+		</profile>
+	</profiles>
+
+</project>
diff --git a/src/it/test9-maxversion/verify.groovy b/src/it/test9-maxversion/verify.groovy
deleted file mode 100644
index 5f288f8..0000000
--- a/src/it/test9-maxversion/verify.groovy
+++ /dev/null
@@ -1,24 +0,0 @@
-
-def flags ( name ) {
-	Process proc = ('rpm --qf %{' + name + '} -qp ' + basedir + "/target/test8.rpm").execute();
-	return proc.in.getText().trim();
-}
-
-def suggests = flags("suggests");
-println "Suggests: " + suggests;
-
-def recommends = flags("recommends");
-println "Recommends: " + recommends;
-
-def enhances = flags("enhances");
-println "Enhances: " + enhances;
-
-def supplements = flags("supplements");
-println "Supplements: " + supplements;
-
-return
-	suggests ==  "suggest" &&
-	recommends == "recommend" &&
-	enhances == "enhance" &&
-	supplements == "supplement"
-	;
\ No newline at end of file
diff --git a/src/main/java/de/dentrassi/rpm/builder/RpmMojo.java b/src/main/java/de/dentrassi/rpm/builder/RpmMojo.java
index 19a15c7..c8b56c6 100644
--- a/src/main/java/de/dentrassi/rpm/builder/RpmMojo.java
+++ b/src/main/java/de/dentrassi/rpm/builder/RpmMojo.java
@@ -33,6 +33,7 @@
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
+import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.function.Consumer;
@@ -70,6 +71,7 @@
 
 import de.dentrassi.rpm.builder.Naming.Case;
 import de.dentrassi.rpm.builder.PackageEntry.Collector;
+import de.dentrassi.rpm.builder.signatures.SignatureConfiguration;
 
 /**
  * Build an RPM file
@@ -537,7 +539,7 @@ public void setGenerateDefaultSourcePackage ( final boolean generateDefaultSourc
     private final List<SimpleDependency> recommends = new LinkedList<> ();;
 
     /**
-     * An optional signature descriptor for GPP signing the final RPM
+     * An optional signature descriptor for GPG signing the final RPM
      * <p>
      * Also see <a href="signing.html">signing</a>
      * </p>
@@ -640,6 +642,40 @@ public void setMaximumSupportedRpmVersion ( final String maximumSupportedRpmVers
         this.maximumSupportedRpmVersion = Version.fromVersionString ( maximumSupportedRpmVersion ).orElseThrow ( () -> new IllegalArgumentException ( String.format ( "Version '%s' is unknown", maximumSupportedRpmVersion ) ) );
     }
 
+    /**
+     * Specify the "hint" for a provider of a signature configuration.
+     * <p>
+     * By default the RPM writer will calculate and add information like MD5,
+     * SHA1, SHA256, etc. to the signature header of the RPM file. However,
+     * some, especially older (really old) RPM versions, have issues when the
+     * encounter signature information they don't understand. This parameter
+     * allows you to configure this process.
+     * <p>
+     * What you configure here is the so called "hint" (Plexus component
+     * name/hint) of the provider to use. This plexus component has to be found
+     * in the class path of the plugin, during runtime. There are two default
+     * providers available, one is <code>default</code> and the other is
+     * <code>md5-only</code>. The latter only adds MD5 checksum information.
+     * <p>
+     * The default is to add as much information as possible to the RPM. So
+     * normally you don't need this parameter.
+     * <p>
+     * Specifying a configuration provider which cannot be found during the
+     * build, will fail the build.
+     *
+     * @since 1.4.0
+     */
+    @Parameter
+    private String signatureConfiguration;
+
+    public void setSignatureConfiguration ( final String signatureConfiguration )
+    {
+        this.signatureConfiguration = signatureConfiguration;
+    }
+
+    @Component ( role = SignatureConfiguration.class )
+    protected Map<String, SignatureConfiguration> signatureConfigurationProviders;
+
     @Override
     public void execute () throws MojoExecutionException, MojoFailureException
     {
@@ -718,7 +754,18 @@ public void execute () throws MojoExecutionException, MojoFailureException
             fillPayload ( builder );
             fillPrefixes ( builder );
 
-            // add signer
+            // setup basic signature processors
+
+            if ( this.signatureConfiguration != null )
+            {
+                this.logger.info ( "Initialize with custom signature configuration: %s (%s)", this.signatureConfiguration, this.signatureConfiguration.getClass () );
+                final SignatureConfiguration provider = this.signatureConfigurationProviders.get ( this.signatureConfiguration );
+                if ( provider == null )
+                {
+                    throw new MojoExecutionException ( String.format ( "Unable to find requested signature configuration provider '%s', have: %s", this.signatureConfiguration, this.signatureConfigurationProviders.keySet () ) );
+                }
+                provider.apply ( builder );
+            }
 
             if ( !this.skipSigning && this.signature != null )
             {
diff --git a/src/main/java/de/dentrassi/rpm/builder/signatures/DefaultSignatureConfiguration.java b/src/main/java/de/dentrassi/rpm/builder/signatures/DefaultSignatureConfiguration.java
new file mode 100644
index 0000000..dd45da4
--- /dev/null
+++ b/src/main/java/de/dentrassi/rpm/builder/signatures/DefaultSignatureConfiguration.java
@@ -0,0 +1,27 @@
+/*******************************************************************************
+ * Copyright (c) 2019 Red Hat Inc and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * Contributors:
+ *     Red Hat Inc - initial API and implementation
+ *******************************************************************************/
+package de.dentrassi.rpm.builder.signatures;
+
+import org.codehaus.plexus.component.annotations.Component;
+import org.eclipse.packager.rpm.build.RpmBuilder;
+
+@Component ( role = SignatureConfiguration.class, hint = "default" )
+public class DefaultSignatureConfiguration implements SignatureConfiguration
+{
+
+    @Override
+    public void apply ( final RpmBuilder builder )
+    {
+        builder.removeAllSignatureProcessors ();
+        builder.addDefaultSignatureProcessors ();
+    }
+
+}
diff --git a/src/main/java/de/dentrassi/rpm/builder/signatures/Md5OnlySignatureConfiguration.java b/src/main/java/de/dentrassi/rpm/builder/signatures/Md5OnlySignatureConfiguration.java
new file mode 100644
index 0000000..7c51681
--- /dev/null
+++ b/src/main/java/de/dentrassi/rpm/builder/signatures/Md5OnlySignatureConfiguration.java
@@ -0,0 +1,30 @@
+/*******************************************************************************
+ * Copyright (c) 2019 Red Hat Inc and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * Contributors:
+ *     Red Hat Inc - initial API and implementation
+ *******************************************************************************/
+package de.dentrassi.rpm.builder.signatures;
+
+import org.codehaus.plexus.component.annotations.Component;
+import org.eclipse.packager.rpm.build.RpmBuilder;
+import org.eclipse.packager.rpm.signature.SignatureProcessors;
+
+@Component ( role = SignatureConfiguration.class, hint = "md5-only" )
+public class Md5OnlySignatureConfiguration implements SignatureConfiguration
+{
+
+    @Override
+    public void apply ( final RpmBuilder builder )
+    {
+        builder.removeAllSignatureProcessors ();
+        builder.addSignatureProcessor ( SignatureProcessors.size () );
+        builder.addSignatureProcessor ( SignatureProcessors.md5 () );
+        builder.addSignatureProcessor ( SignatureProcessors.payloadSize () );
+    }
+
+}
diff --git a/src/main/java/de/dentrassi/rpm/builder/signatures/SignatureConfiguration.java b/src/main/java/de/dentrassi/rpm/builder/signatures/SignatureConfiguration.java
new file mode 100644
index 0000000..e5ef0bf
--- /dev/null
+++ b/src/main/java/de/dentrassi/rpm/builder/signatures/SignatureConfiguration.java
@@ -0,0 +1,18 @@
+/*******************************************************************************
+ * Copyright (c) 2019 Red Hat Inc and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * Contributors:
+ *     Red Hat Inc - initial API and implementation
+ *******************************************************************************/
+package de.dentrassi.rpm.builder.signatures;
+
+import org.eclipse.packager.rpm.build.RpmBuilder;
+
+public interface SignatureConfiguration
+{
+    public void apply ( RpmBuilder builder );
+}