RPM Community Forums

Mailing List Message of <rpm-cvs>

[CVS] RPM: rpm/ TODO rpm/lib/ tpgp.c rpm/rpmio/ rpmpgp.c

From: Jeff Johnson <jbj@rpm5.org>
Date: Sat 29 Dec 2007 - 19:32:02 CET
Message-Id: <20071229183202.F1AEF34845C@rpm5.org> 
  RPM Package Manager, CVS Repository
  http://rpm5.org/cvs/
  ____________________________________________________________________________

  Server: rpm5.org                         Name:   Jeff Johnson
  Root:   /v/rpm/cvs                       Email:  jbj@rpm5.org
  Module: rpm                              Date:   29-Dec-2007 19:32:02
  Branch: HEAD                             Handle: 2007122918320200

  Modified files:
    rpm                     TODO
    rpm/lib                 tpgp.c
    rpm/rpmio               rpmpgp.c

  Log:
    - functional clear signed text documents.

  Summary:
    Revision    Changes     Path
    1.104       +1  -0      rpm/TODO
    2.11        +53 -4      rpm/lib/tpgp.c
    2.86        +3  -0      rpm/rpmio/rpmpgp.c
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: rpm/TODO
  ============================================================================
  $ cvs diff -u -r1.103 -r1.104 TODO
  --- rpm/TODO	29 Dec 2007 09:22:06 -0000	1.103
  +++ rpm/TODO	29 Dec 2007 18:32:02 -0000	1.104
  @@ -161,3 +161,4 @@
       - jbj: RFE: capture arbitrary 'defines' from the ENV, and the invocation 
   	command line, each to end up in binary *.rpm's to show more of build 
   	time options
  +    - jbj: rewrite pgpReadPkts to return array of clearsign'd segments instead.
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/lib/tpgp.c
  ============================================================================
  $ cvs diff -u -r2.10 -r2.11 tpgp.c
  --- rpm/lib/tpgp.c	29 Dec 2007 15:41:32 -0000	2.10
  +++ rpm/lib/tpgp.c	29 Dec 2007 18:32:02 -0000	2.11
  @@ -55,16 +55,26 @@
   	const char * _sigfn = rpmExpand(sigfn, NULL);
   	xx = pgpReadPkts(_sigfn, &sigpkt, &sigpktlen);
   	if (xx != PGPARMOR_SIGNATURE) {
  +if (_debug)
   fprintf(stderr, "==> pgpReadPkts(%s) SIG %p[%u] ret %d\n", _sigfn, sigpkt, sigpktlen, xx);
   	    _sigfn = _free(_sigfn);
   	    goto exit;
   	}
   	_sigfn = _free(_sigfn);
       } else {
  -	/* XXX FIXME: read clearsign'd file with appended signature. */
  +	const char * _sigfn = rpmExpand(fn, NULL);
  +	xx = pgpReadPkts(_sigfn, &sigpkt, &sigpktlen);
  +	if (xx != PGPARMOR_SIGNATURE) {
  +if (_debug)
  +fprintf(stderr, "==> pgpReadPkts(%s) SIG %p[%u] ret %d\n", _sigfn, sigpkt, sigpktlen, xx);
  +	    _sigfn = _free(_sigfn);
  +	    goto exit;
  +	}
  +	_sigfn = _free(_sigfn);
       }
       xx = pgpPrtPkts((uint8_t *)sigpkt, sigpktlen, dig, printing);
       if (xx) {
  +if (_debug)
   fprintf(stderr, "==> pgpPrtPkts SIG %p[%u] ret %d\n", sigpkt, sigpktlen, xx);
   	goto exit;
       }
  @@ -72,6 +82,7 @@
       sigp = pgpGetSignature(dig);
   
       if (sigp->version != 3 && sigp->version != 4) {
  +if (_debug)
   fprintf(stderr, "==> unverifiable V%d\n", sigp->version);
   	goto exit;
       }
  @@ -81,6 +92,7 @@
   	const char * _pubfn = rpmExpand(pubfn, NULL);
   	xx = pgpReadPkts(_pubfn, &ts->pkpkt, &ts->pkpktlen);
   	if (xx != PGPARMOR_PUBKEY) {
  +if (_debug)
   fprintf(stderr, "==> pgpReadPkts(%s) PUB %p[%u] ret %d\n", _pubfn, ts->pkpkt, ts->pkpktlen, xx);
   	    _pubfn = _free(_pubfn);
   	    goto exit;
  @@ -88,12 +100,14 @@
   	_pubfn = _free(_pubfn);
   	xx = pgpPrtPkts((uint8_t *)ts->pkpkt, ts->pkpktlen, dig, printing);
   	if (xx) {
  +if (_debug)
   fprintf(stderr, "==> pgpPrtPkts PUB %p[%u] ret %d\n", ts->pkpkt, ts->pkpktlen, xx);
   	    goto exit;
   	}
       } else {
   	rpmRC res = pgpFindPubkey(dig);
   	if (res != RPMRC_OK) {
  +if (_debug)
   fprintf(stderr, "==> rpmtsFindPubkey ret %d\n", res);
   	    goto exit;
   	}
  @@ -109,30 +123,62 @@
       /* XXX V4 RSA key id's seem to be broken. */
        && (pubp->pubkey_algo == PGPPUBKEYALGO_RSA || !memcmp(sigp->signid, pubp->signid, sizeof(sigp->signid))) ) )
       {
  +if (_debug) {
   fprintf(stderr, "==> mismatch between signature and pubkey\n");
   fprintf(stderr, "\tpubkey_algo: %u  %u\n", sigp->pubkey_algo, pubp->pubkey_algo);
   fprintf(stderr, "\tsignid: %08X %08X    %08X %08X\n",
   pgpGrab(sigp->signid, 4), pgpGrab(sigp->signid+4, 4), 
   pgpGrab(pubp->signid, 4), pgpGrab(pubp->signid+4, 4));
  +}
   	goto exit;
       }
   
       /* Compute the message digest. */
       ctx = rpmDigestInit(sigp->hash_algo, RPMDIGEST_NONE);
   
  -    {	const char * _fn = rpmExpand(fn, NULL);
  +    {	
  +	static const char clrtxt[] = "-----BEGIN PGP SIGNED MESSAGE-----";
  +	static const char sigtxt[] = "-----BEGIN PGP SIGNATURE-----";
  +	const char * _fn = rpmExpand(fn, NULL);
   	uint8_t * b = NULL;
   	ssize_t blen = 0;
   	int _rc = rpmioSlurp(_fn, &b, &blen);
   
   	if (!(_rc == 0 && b != NULL && blen > 0)) {
  +if (_debug)
   fprintf(stderr, "==> rpmioSlurp(%s) MSG %p[%u] ret %d\n", _fn, b, blen, _rc);
   	    b = _free(b);
   	    _fn = _free(_fn);
   	    goto exit;
   	}
   	_fn = _free(_fn);
  -	xx = rpmDigestUpdate(ctx, b, blen);
  +
  +	/* XXX clearsign sig is PGPSIGTYPE_TEXT not PGPSIGTYPE_BINARY. */
  +	if (!strncmp((char *)b, clrtxt, strlen(clrtxt))) {
  +	    const char * be = (char *) (b + blen);
  +	    const char * t;
  +	    const char * te;
  +
  +	    /* Skip to '\n\n' start-of-plaintext */
  +	    t = (char *) b;
  +	    while (t && t < be && *t != '\n')
  +		t = strchr(t, '\n') + 1;
  +	    if (!(t && t < be))
  +		goto exit;
  +	    t++;
  +
  +	    /* Skip to start-of-signature */
  +	    te = t;
  +	    while (te && te < be && strncmp(te, sigtxt, strlen(sigtxt)))
  +		te = strchr(te, '\n') + 1;
  +	    if (!(te && te < be))
  +		goto exit;
  +	    te--;	/* hmmm, one too far? does clearsign snip last \n? */
  +
  +	    xx = rpmDigestUpdate(ctx, t, (te - t));
  +	} else
  +	    xx = rpmDigestUpdate(ctx, b, blen);
  +
   	b = _free(b);
       }
   
  @@ -161,6 +207,7 @@
   	break;
       }
       if (xx) {
  +if (_debug)
   fprintf(stderr, "==> can't load pubkey_algo(%u)\n", sigp->pubkey_algo);
   	goto exit;
       }
  @@ -196,6 +243,7 @@
       int rc = 0;
   
       if (!strcmp("DSA", sigtype)) {
  +	rc = rpmCheckPgpSignatureOnFile(ts, DSApem, NULL, DSApub, NULL);
   	rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsig, DSApub, NULL);
   	rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsig, DSApubpem, NULL);
   	rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsigpem, DSApub, NULL);
  @@ -204,9 +252,10 @@
   	rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, DSAsigpem, NULL, NULL);
       }
       if (!strcmp("RSA", sigtype)) {
  +	rc = rpmCheckPgpSignatureOnFile(ts, RSApem, NULL, RSApub, NULL);
  +#ifdef	NOTYET	/* XXX RSA key id's are funky. */
   	rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, RSAsig, RSApub, NULL);
   	rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, RSAsigpem, RSApubpem, NULL);
  -#ifdef	NOTYET	/* XXX RSA key id's are funky. */
   	rc = rpmCheckPgpSignatureOnFile(ts, plaintextfn, RSAsig, NULL, NULL);
   #endif
       }
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmio/rpmpgp.c
  ============================================================================
  $ cvs diff -u -r2.85 -r2.86 rpmpgp.c
  --- rpm/rpmio/rpmpgp.c	29 Dec 2007 16:00:08 -0000	2.85
  +++ rpm/rpmio/rpmpgp.c	29 Dec 2007 18:32:02 -0000	2.86
  @@ -1328,6 +1328,9 @@
   		ec = PGPARMOR_ERR_UNKNOWN_ARMOR_TYPE;
   		goto exit;
   	    }
  +	    /* XXX Ignore clear signed message start. */
  +	    if (rc == PGPARMOR_SIGNED_MESSAGE)
  +		continue;
   	    ec = rc;	/* Save the packet type as exit code. */
   	    armortype = t;
   
  @@ .
Received on Sat Dec 29 19:32:03 2007
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.