[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-cvs] ccvs/src ChangeLog cvs.h gpg.c gpg.h main.c ser... [signed-com
From: |
Derek Robert Price |
Subject: |
[Cvs-cvs] ccvs/src ChangeLog cvs.h gpg.c gpg.h main.c ser... [signed-commits3] |
Date: |
Fri, 13 Jan 2006 05:08:13 +0000 |
CVSROOT: /cvsroot/cvs
Module name: ccvs
Branch: signed-commits3
Changes by: Derek Robert Price <address@hidden> 06/01/13 05:08:12
Modified files:
src : ChangeLog cvs.h gpg.c gpg.h main.c server.c
server.h sign.c verify.c verify.h
Log message:
* gpg.c (read_signature): Rename to...
(next_signature): ...this to avoid conflicts with sign.c.
* gpg.h: Ditto.
* cvs.h (trace): Move decl...
* server.h (trace): ...here.
* main.c (trace): Move global...
* server.c (trace): ...here.
(serve_signature): s/read_signature/next_signature/.
* sign.c (get_signature): Verify signature when configured to.
* verify.c (iget_verify_checkouts, get_verify_checkouts): Use global
server_support.
(verify_state_to_string): New function.
(iget_verify_commits): Allow tracing of state.
(iverify_signature): Handle sig in a buffer.
(verify_signature): New function.
(verify_fileproc): Use new iverify_signature API.
* verify.h (get_verify_checkouts): Update proto.
(get_verify_commits, verify_signature): New protos.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/ChangeLog.diff?only_with_tag=signed-commits3&tr1=1.3328.2.28&tr2=1.3328.2.29&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/cvs.h.diff?only_with_tag=signed-commits3&tr1=1.345.4.5&tr2=1.345.4.6&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/gpg.c.diff?only_with_tag=signed-commits3&tr1=1.1.6.9&tr2=1.1.6.10&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/gpg.h.diff?only_with_tag=signed-commits3&tr1=1.1.6.4&tr2=1.1.6.5&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/main.c.diff?only_with_tag=signed-commits3&tr1=1.262.6.7&tr2=1.262.6.8&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/server.c.diff?only_with_tag=signed-commits3&tr1=1.453.2.7&tr2=1.453.2.8&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/server.h.diff?only_with_tag=signed-commits3&tr1=1.44.6.3&tr2=1.44.6.4&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sign.c.diff?only_with_tag=signed-commits3&tr1=1.1.6.10&tr2=1.1.6.11&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.c.diff?only_with_tag=signed-commits3&tr1=1.1.2.9&tr2=1.1.2.10&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.h.diff?only_with_tag=signed-commits3&tr1=1.1.2.4&tr2=1.1.2.5&r1=text&r2=text
Patches:
Index: ccvs/src/ChangeLog
diff -u ccvs/src/ChangeLog:1.3328.2.28 ccvs/src/ChangeLog:1.3328.2.29
--- ccvs/src/ChangeLog:1.3328.2.28 Thu Jan 12 20:02:40 2006
+++ ccvs/src/ChangeLog Fri Jan 13 05:08:12 2006
@@ -1,5 +1,24 @@
2006-01-12 Derek Price <address@hidden>
+ * gpg.c (read_signature): Rename to...
+ (next_signature): ...this to avoid conflicts with sign.c.
+ * gpg.h: Ditto.
+ * cvs.h (trace): Move decl...
+ * server.h (trace): ...here.
+ * main.c (trace): Move global...
+ * server.c (trace): ...here.
+ (serve_signature): s/read_signature/next_signature/.
+ * sign.c (get_signature): Verify signature when configured to.
+ * verify.c (iget_verify_checkouts, get_verify_checkouts): Use global
+ server_support.
+ (verify_state_to_string): New function.
+ (iget_verify_commits): Allow tracing of state.
+ (iverify_signature): Handle sig in a buffer.
+ (verify_signature): New function.
+ (verify_fileproc): Use new iverify_signature API.
+ * verify.h (get_verify_checkouts): Update proto.
+ (get_verify_commits, verify_signature): New protos.
+
* sanity.sh (writeproxy-0): Accept `sign' requests.
* gpg.h: #include "parseinfo.h" for struct config.
Index: ccvs/src/cvs.h
diff -u ccvs/src/cvs.h:1.345.4.5 ccvs/src/cvs.h:1.345.4.6
--- ccvs/src/cvs.h:1.345.4.5 Thu Jan 12 18:20:31 2006
+++ ccvs/src/cvs.h Fri Jan 13 05:08:12 2006
@@ -342,7 +342,6 @@
char *emptydir_name (void);
int safe_location (char *);
-extern int trace; /* Show all commands */
extern int noexec; /* Don't modify disk anywhere */
extern int readonlyfs; /* fail on all write locks; succeed all read
locks */
extern int logoff; /* Don't write history entry */
Index: ccvs/src/gpg.c
diff -u ccvs/src/gpg.c:1.1.6.9 ccvs/src/gpg.c:1.1.6.10
--- ccvs/src/gpg.c:1.1.6.9 Thu Jan 12 18:42:31 2006
+++ ccvs/src/gpg.c Fri Jan 13 05:08:12 2006
@@ -345,7 +345,7 @@
* failure function on memory allocation failures, which could exit.
*/
int
-read_signature (struct buffer *bpin, struct buffer *bpout)
+next_signature (struct buffer *bpin, struct buffer *bpout)
{
int pkttype;
uint32_t pktlen;
Index: ccvs/src/gpg.h
diff -u ccvs/src/gpg.h:1.1.6.4 ccvs/src/gpg.h:1.1.6.5
--- ccvs/src/gpg.h:1.1.6.4 Thu Jan 12 18:42:31 2006
+++ ccvs/src/gpg.h Fri Jan 13 05:08:12 2006
@@ -40,7 +40,7 @@
-int read_signature (struct buffer *bpin, struct buffer *bpout);
+int next_signature (struct buffer *bpin, struct buffer *bpout);
int parse_signature (struct buffer *bpin, struct openpgp_signature *spout);
void set_openpgp_textmode (const char *textmode);
Index: ccvs/src/main.c
diff -u ccvs/src/main.c:1.262.6.7 ccvs/src/main.c:1.262.6.8
--- ccvs/src/main.c:1.262.6.7 Thu Jan 12 18:42:31 2006
+++ ccvs/src/main.c Fri Jan 13 05:08:12 2006
@@ -51,7 +51,6 @@
int cvswrite = !CVSREAD_DFLT;
int really_quiet = 0;
int quiet = 0;
-int trace = 0;
int noexec = 0;
int readonlyfs = 0;
int logoff = 0;
Index: ccvs/src/server.c
diff -u ccvs/src/server.c:1.453.2.7 ccvs/src/server.c:1.453.2.8
--- ccvs/src/server.c:1.453.2.7 Thu Jan 12 18:20:32 2006
+++ ccvs/src/server.c Fri Jan 13 05:08:12 2006
@@ -41,9 +41,9 @@
int server_active = 0;
+int trace = 0;
#if defined (SERVER_SUPPORT) || defined (CLIENT_SUPPORT)
-
# include "log-buffer.h"
# include "ms-buffer.h"
#endif /* defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT) */
@@ -2168,7 +2168,7 @@
else
sig_buf = buf_nonio_initialize (NULL);
- status = read_signature (buf_from_net, sig_buf);
+ status = next_signature (buf_from_net, sig_buf);
if (status)
{
if (alloc_pending (80))
Index: ccvs/src/server.h
diff -u ccvs/src/server.h:1.44.6.3 ccvs/src/server.h:1.44.6.4
--- ccvs/src/server.h:1.44.6.3 Fri Jan 6 20:37:13 2006
+++ ccvs/src/server.h Fri Jan 13 05:08:12 2006
@@ -209,7 +209,10 @@
int);
void server_edit_file (struct file_info *finfo);
+
+
/* The TRACE macro */
+extern int trace; /* User defined trace level. */
void cvs_trace (int level, const char *fmt, ...)
__attribute__ ((__format__ (__printf__, 2, 3)));
#define TRACE cvs_trace
@@ -227,6 +230,8 @@
#define TRACE_FLOW 2
#define TRACE_DATA 3
+
+
extern cvsroot_t *referrer;
void server_base_checkout (RCSNode *rcs, struct file_info *finfo,
Index: ccvs/src/sign.c
diff -u ccvs/src/sign.c:1.1.6.10 ccvs/src/sign.c:1.1.6.11
--- ccvs/src/sign.c:1.1.6.10 Thu Jan 12 18:42:31 2006
+++ ccvs/src/sign.c Fri Jan 13 05:08:12 2006
@@ -41,6 +41,7 @@
#include "classify.h"
#include "client.h"
#include "filesubr.h"
+#include "gpg.h"
#include "ignore.h"
#include "recurse.h"
#include "root.h"
@@ -348,13 +349,26 @@
/* Generate a signature or read one from the sigfile and return it in
* allocated memory.
+ *
+ * ERRORS
+ * When configured to do so, verify the signature. If it isn't valid, then
+ * exit with an error as configured.
*/
char *
get_signature (bool server_active, const char *srepos, const char *filename,
bool bin, size_t *len)
{
- if (server_active) return read_signature (filename, len);
- /* else */ return gen_signature (srepos, filename, bin, len);
+ char *sig;
+
+ if (server_active)
+ sig = read_signature (filename, len);
+ else
+ sig = gen_signature (srepos, filename, bin, len);
+
+ if (get_verify_commits ())
+ verify_signature (srepos, sig, *len, filename, bin);
+
+ return sig;
}
Index: ccvs/src/verify.c
diff -u ccvs/src/verify.c:1.1.2.9 ccvs/src/verify.c:1.1.2.10
--- ccvs/src/verify.c:1.1.2.9 Thu Jan 12 18:42:31 2006
+++ ccvs/src/verify.c Fri Jan 13 05:08:12 2006
@@ -120,7 +120,7 @@
* VERIFY_OFF, VERIFY_WARN, or VERIFY_FATAL.
*/
static verify_state
-iget_verify_checkouts (bool server_active, bool server_support)
+iget_verify_checkouts (bool server_support)
{
verify_state tmp;
@@ -153,14 +153,35 @@
* This function exits with a fatal error if iget_verify_checkouts does.
*/
bool
-get_verify_checkouts (bool server_active, bool server_support)
+get_verify_checkouts (bool server_support)
{
- verify_state tmp = iget_verify_checkouts (server_active, server_support);
+ verify_state tmp = iget_verify_checkouts (server_support);
return tmp == VERIFY_WARN || tmp == VERIFY_FATAL;
}
+static const char *
+verify_state_to_string (verify_state state)
+{
+ switch (state)
+ {
+ case VERIFY_FATAL:
+ return "VERIFY_FATAL";
+ case VERIFY_WARN:
+ return "VERIFY_WARN";
+ case VERIFY_OFF:
+ return "VERIFY_OFF";
+ case VERIFY_DEFAULT:
+ return "VERIFY_DEFAULT";
+ default:
+ error (1, 0, "Unknown verify_state %d", state);
+ return "Can't reach";
+ }
+}
+
+
+
/* Return the current verify_state based on the command line options, current
* config, and compiled default.
*
@@ -183,6 +204,9 @@
if (tmp == VERIFY_DEFAULT)
tmp = VERIFY_OFF;
+ TRACE (TRACE_DATA, "iget_verify_commits () returning %s",
+ trace >= TRACE_DATA ? verify_state_to_string (tmp) : "");
+
return tmp;
}
@@ -295,7 +319,9 @@
-/* Verify a signature, returning true or false.
+/* Verify a signature for the data in WORKFILE, returning true or false. If
+ * SIG is set, it must contain signature data of length of length SIGLEN.
+ * Otherwise, assume WORKFILE.sig contains the signature data.
*
* INPUTS
* finfo File information on the file being signed.
@@ -304,19 +330,22 @@
* Exits with a fatal error when FATAL and a signature cannot be verified.
*/
static bool
-iverify_signature (const char *srepos, const char *filename, bool bin,
- bool fatal)
+iverify_signature (const char *srepos, const char *sig, size_t siglen,
+ const char *filename, bool bin, bool fatal)
{
char *cmdline;
- char *sigfile = Xasprintf ("%s%s", filename, ".sig");
+ char *sigfile;
FILE *pipefp;
bool save_noexec = noexec;
- size_t len;
- char buf[256];
int pipestatus;
bool retval;
- if (!isfile (sigfile))
+ if (sig)
+ sigfile = "-";
+ else
+ sigfile = Xasprintf ("%s%s", filename, ".sig");
+
+ if (!sig && !isfile (sigfile))
{
error (fatal, 0, "No signature file found (`%s')", sigfile);
free (sigfile);
@@ -359,7 +388,7 @@
}
noexec = false;
- if (!(pipefp = run_popen (cmdline, "r")))
+ if (!(pipefp = run_popen (cmdline, "w")))
{
error (fatal, errno, "failed to execute signature verifier");
retval = false;
@@ -367,16 +396,13 @@
}
noexec = save_noexec;
- do
+ if (sig)
{
- len = fread (buf, sizeof *buf, sizeof buf, pipefp);
- if (!really_quiet && len)
- cvs_output (buf, len);
- /* Fewer bytes than requested means EOF or error. */
- } while (len == sizeof buf);
-
- if (ferror (pipefp))
- error (0, ferror (pipefp), "Error reading from verify program.");
+ size_t len;
+ len = fwrite (sig, sizeof *sig, siglen, pipefp);
+ if (len < siglen)
+ error (0, ferror (pipefp), "Error writing to verify program.");
+ }
pipestatus = pclose (pipefp);
if (pipestatus == -1)
@@ -399,7 +425,8 @@
retval = true;
done:
- free (sigfile);
+ if (!sig)
+ free (sigfile);
free (cmdline);
return retval;
@@ -407,6 +434,16 @@
+bool
+verify_signature (const char *srepos, const char *sig, size_t siglen,
+ const char *filename, bool bin)
+{
+ return iverify_signature (srepos, sig, siglen, filename, bin,
+ iget_verify_commits () == VERIFY_FATAL);
+}
+
+
+
static const char *const verify_usage[] =
{
"Usage: %s %s [-lR]\n",
@@ -564,7 +601,7 @@
if (!errors && !userargs->pipeout)
errors = !iverify_signature (Short_Repository (finfo->repository),
- signedfn, bin, false);
+ NULL, 0, signedfn, bin, false);
if (tmpfn)
{
Index: ccvs/src/verify.h
diff -u ccvs/src/verify.h:1.1.2.4 ccvs/src/verify.h:1.1.2.5
--- ccvs/src/verify.h:1.1.2.4 Thu Jan 12 18:42:31 2006
+++ ccvs/src/verify.h Fri Jan 13 05:08:12 2006
@@ -44,7 +44,10 @@
void add_verify_arg (const char *arg);
/* Get values. */
-bool get_verify_checkouts (bool server_active, bool server_support);
+bool get_verify_checkouts (bool server_support);
+bool get_verify_commits (void);
+bool verify_signature (const char *srepos, const char *sig, size_t siglen,
+ const char *filename, bool bin);
/* User command. */
int verify (int argc, char **argv);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Cvs-cvs] ccvs/src ChangeLog cvs.h gpg.c gpg.h main.c ser... [signed-commits3],
Derek Robert Price <=