RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 29-Dec-2007 16:41:32
Branch: HEAD Handle: 2007122915413101
Modified files:
rpm CHANGES
rpm/lib genpgp.sh tpgp.c
rpm/rpmio rpmpgp.c rpmpgp.h
Log:
- functional binary (as well as PEM) encoding for detached signature/pubkey.
- pgpReadPkts: identify binary encoded pgp pkts correctly.
Summary:
Revision Changes Path
1.2035 +1 -0 rpm/CHANGES
2.6 +12 -4 rpm/lib/genpgp.sh
2.10 +5 -0 rpm/lib/tpgp.c
2.84 +14 -2 rpm/rpmio/rpmpgp.c
2.67 +4 -3 rpm/rpmio/rpmpgp.h
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.2034 -r1.2035 CHANGES
--- rpm/CHANGES 28 Dec 2007 23:27:35 -0000 1.2034
+++ rpm/CHANGES 29 Dec 2007 15:41:31 -0000 1.2035
@@ -1,4 +1,5 @@
5.0b3 -> 5.0b4:
+ - jbj: pgpReadPkts: identify binary encoded pgp pkts correctly.
- jbj: fix: remove unused assertion.
- jbj: fix: undo deliberate damage from rpm's RHL8 security audit. ptooey!
- rse: allow assertion of a particular GnuPG signing key via "gnupg(<path>) = <fingerprint>" in dependencies
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/genpgp.sh
============================================================================
$ cvs diff -u -r2.5 -r2.6 genpgp.sh
--- rpm/lib/genpgp.sh 29 Dec 2007 15:14:23 -0000 2.5
+++ rpm/lib/genpgp.sh 29 Dec 2007 15:41:32 -0000 2.6
@@ -28,18 +28,26 @@
echo "static const char * plaintext = \"$str\";"
echo "static const char * plaintextfn = \"plaintext\";"
-$gpg --detach-sign -a -u DSApub --output - plaintext > DSA.sig
+$gpg --detach-sign -u DSApub --output - plaintext > DSA.sig
+$gpg --detach-sign -a -u DSApub --output - plaintext > DSA.sigpem
$gpg --clearsign -u DSApub --output - plaintext > DSA.pem
-$gpg --export -a DSApub > DSA.pub
+$gpg --export DSApub > DSA.pub
+$gpg --export -a DSApub > DSA.pubpem
echo "static const char * DSAsig = \"DSA.sig\";"
+echo "static const char * DSAsigpem = \"DSA.sigpem\";"
echo "static const char * DSApem = \"DSA.pem\";"
echo "static const char * DSApub = \"DSA.pub\";"
+echo "static const char * DSApubpem = \"DSA.pubpem\";"
-$gpg --detach-sign -a -u RSApub --output - plaintext > RSA.sig
+$gpg --detach-sign -u RSApub --output - plaintext > RSA.sig
+$gpg --detach-sign -a -u RSApub --output - plaintext > RSA.sigpem
$gpg --clearsign -u RSApub --output - plaintext > RSA.pem
-$gpg --export -a RSApub > RSA.pub
+$gpg --export RSApub > RSA.pub
+$gpg --export -a RSApub > RSA.pubpem
echo "static const char * RSAsig = \"RSA.sig\";"
+echo "static const char * RSAsigpem = \"RSA.sigpem\";"
echo "static const char * RSApem = \"RSA.pem\";"
echo "static const char * RSApub = \"RSA.pub\";"
+echo "static const char * RSApubpem = \"RSA.pubpem\";"
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/tpgp.c
============================================================================
$ cvs diff -u -r2.9 -r2.10 tpgp.c
--- rpm/lib/tpgp.c 29 Dec 2007 15:14:23 -0000 2.9
+++ rpm/lib/tpgp.c 29 Dec 2007 15:41:32 -0000 2.10
@@ -197,10 +197,15 @@
if (!strcmp("DSA", sigtype)) {
rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsig, DSApub, NULL);
+ rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsig, DSApubpem, NULL);
+ rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsigpem, DSApub, NULL);
+ rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsigpem, DSApubpem, NULL);
rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsig, NULL, NULL);
+ rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsigpem, NULL, NULL);
}
if (!strcmp("RSA", sigtype)) {
rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, RSAsig, RSApub, NULL);
+ rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, RSAsigpem, RSApubpem, NULL);
#ifdef NOTYET /* XXX RSA key id's are funky. */
rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, RSAsig, NULL, NULL);
#endif
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.c
============================================================================
$ cvs diff -u -r2.83 -r2.84 rpmpgp.c
--- rpm/rpmio/rpmpgp.c 28 Dec 2007 20:55:14 -0000 2.83
+++ rpm/rpmio/rpmpgp.c 29 Dec 2007 15:41:32 -0000 2.84
@@ -1277,6 +1277,7 @@
char * t, * te;
int pstate = 0;
pgpArmor ec = PGPARMOR_ERR_NO_BEGIN_PGP; /* XXX assume failure */
+ pgpTag tag = 0;
int rc;
rc = rpmioSlurp(fn, &b, &blen);
@@ -1285,8 +1286,19 @@
}
/* Read unarmored packets. */
- if (pgpIsPkt(b)) {
- ec = 0; /* XXX FIXME: fish out pkt type from unarmored item. */
+ if (pgpIsPkt(b, &tag)) {
+ switch (tag) {
+ default: ec = PGPARMOR_NONE; break;
+ case PGPTAG_PUBLIC_KEY: ec = PGPARMOR_PUBKEY; break;
+ case PGPTAG_SIGNATURE: ec = PGPARMOR_SIGNATURE; break;
+#ifdef NOTYET
+ case PGPTAG_SECRET_KEY: ec = PGPARMOR_SECKEY; break;
+ case PGPTAG_FOO: ec = PGPARMOR_MESSAGE; break;
+ case PGPTAG_FOO: ec = PGPARMOR_SIGNED_MESSAGE; break;
+ case PGPTAG_FOO: ec = PGPARMOR_FILE; break;
+ case PGPTAG_FOO: ec = PGPARMOR_PRIVKEY; break;
+#endif
+ }
goto exit;
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.h
============================================================================
$ cvs diff -u -r2.66 -r2.67 rpmpgp.h
--- rpm/rpmio/rpmpgp.h 26 Dec 2007 10:40:45 -0000 2.66
+++ rpm/rpmio/rpmpgp.h 29 Dec 2007 15:41:32 -0000 2.67
@@ -1617,8 +1617,8 @@
* @return 1 if an OpenPGP packet, 0 otherwise
*/
/*@unused@*/ static inline
-int pgpIsPkt(const uint8_t * p)
- /*@*/
+int pgpIsPkt(const uint8_t * p, /*@null@*/ pgpTag * tagp)
+ /*@modifies *tagp @*/
{
unsigned int val = (unsigned int) *p++;
pgpTag tag;
@@ -1663,7 +1663,8 @@
rc = 0;
break;
}
-
+ if (tagp)
+ *tagp = tag;
return rc;
}
@@ .
Received on Sat Dec 29 16:41:32 2007