Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 907038 Details for
Bug 1107529
Include support for signing file digests (e.g. for obs-sign)
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
add file-is-digest option to gnupg2
gnupg-2.0.20-add-file-is-digest-option.patch (text/plain), 5.93 KB, created by
Josef Stribny
on 2014-06-10 07:00:18 UTC
(
hide
)
Description:
add file-is-digest option to gnupg2
Filename:
MIME Type:
Creator:
Josef Stribny
Created:
2014-06-10 07:00:18 UTC
Size:
5.93 KB
patch
obsolete
>diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c >--- gnupg-2.0.18.orig/g10/gpg.c 2011-07-22 13:00:44.000000000 +0100 >+++ gnupg-2.0.18/g10/gpg.c 2011-08-06 21:07:32.000000000 +0100 >@@ -341,6 +341,7 @@ enum cmd_and_opt_values > oTTYtype, > oLCctype, > oLCmessages, >+ oFileIsDigest, > oXauthority, > oGroup, > oUnGroup, >@@ -706,6 +707,7 @@ static ARGPARSE_OPTS opts[] = { > ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), > ARGPARSE_s_s (oPersonalCompressPreferences, > "personal-compress-preferences", "@"), >+ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"), > > /* Aliases. I constantly mistype these, and assume other people do > as well. */ >@@ -1996,6 +1998,7 @@ main (int argc, char **argv) > opt.def_sig_expire="0"; > opt.def_cert_expire="0"; > set_homedir ( default_homedir () ); >+ opt.file_is_digest=0; > opt.passphrase_repeat=1; > > /* Check whether we have a config file on the command line. */ >@@ -2484,6 +2487,7 @@ main (int argc, char **argv) > case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; > case oForceV3Sigs: opt.force_v3_sigs = 1; break; > case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; >+ case oFileIsDigest: opt.file_is_digest = 1; break; > case oForceV4Certs: opt.force_v4_certs = 1; break; > case oNoForceV4Certs: opt.force_v4_certs = 0; break; > case oForceMDC: opt.force_mdc = 1; break; >Only in gnupg-2.0.18/g10: gpg.c.orig >diff -rup gnupg-2.0.18.orig/g10/options.h gnupg-2.0.18/g10/options.h >--- gnupg-2.0.18.orig/g10/options.h 2011-07-22 13:00:44.000000000 +0100 >+++ gnupg-2.0.18/g10/options.h 2011-08-06 21:07:32.000000000 +0100 >@@ -194,6 +194,7 @@ struct > int no_auto_check_trustdb; > int preserve_permissions; > int no_homedir_creation; >+ int file_is_digest; > struct groupitem *grouplist; > int mangle_dos_filenames; > int enable_progress_filter; >diff -rup gnupg-2.0.18.orig/g10/sign.c gnupg-2.0.18/g10/sign.c >--- gnupg-2.0.18.orig/g10/sign.c 2011-07-22 13:00:44.000000000 +0100 >+++ gnupg-2.0.18/g10/sign.c 2011-08-06 21:07:32.000000000 +0100 >@@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list > mk_notation_policy_etc (sig, NULL, sk); > } > >+ if (!opt.file_is_digest) { > hash_sigversion_to_magic (md, sig); > gcry_md_final (md); >+ } else if (sig->version >= 4) { >+ log_bug("file-is-digest doesn't work with v4 sigs\n"); >+ } > > rc = do_sign( sk, sig, md, hash_for (sk) ); > gcry_md_close (md); >@@ -723,6 +727,8 @@ sign_file( strlist_t filenames, int deta > SK_LIST sk_rover = NULL; > int multifile = 0; > u32 duration=0; >+ int sigclass = 0x00; >+ u32 timestamp = 0; > > pfx = new_progress_context (); > afx = new_armor_context (); >@@ -739,7 +745,16 @@ sign_file( strlist_t filenames, int deta > fname = NULL; > > if( fname && filenames->next && (!detached || encryptflag) ) >- log_bug("multiple files can only be detached signed"); >+ log_bug("multiple files can only be detached signed\n"); >+ >+ if (opt.file_is_digest && (multifile || !fname)) >+ log_bug("file-is-digest only works with one file\n"); >+ if (opt.file_is_digest && !detached) >+ log_bug("file-is-digest can only write detached signatures\n"); >+ if (opt.file_is_digest && !opt.def_digest_algo) >+ log_bug("file-is-digest needs --digest-algo\n"); >+ if (opt.file_is_digest && opt.textmode) >+ log_bug("file-is-digest doesn't work with --textmode\n"); > > if(encryptflag==2 > && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) >@@ -767,7 +782,7 @@ sign_file( strlist_t filenames, int deta > goto leave; > > /* prepare iobufs */ >- if( multifile ) /* have list of filenames */ >+ if( multifile || opt.file_is_digest) /* have list of filenames */ > inp = NULL; /* we do it later */ > else { > inp = iobuf_open(fname); >@@ -900,7 +915,7 @@ sign_file( strlist_t filenames, int deta > gcry_md_enable (mfx.md, hash_for(sk)); > } > >- if( !multifile ) >+ if( !multifile && !opt.file_is_digest ) > iobuf_push_filter( inp, md_filter, &mfx ); > > if( detached && !encryptflag && !RFC1991 ) >@@ -955,6 +970,8 @@ sign_file( strlist_t filenames, int deta > > write_status_begin_signing (mfx.md); > >+ sigclass = opt.textmode && !outfile? 0x01 : 0x00; >+ > /* Setup the inner packet. */ > if( detached ) { > if( multifile ) { >@@ -995,6 +1012,45 @@ sign_file( strlist_t filenames, int deta > if( opt.verbose ) > putc( '\n', stderr ); > } >+ else if (opt.file_is_digest) { >+ byte *mdb, ts[5]; >+ size_t mdlen; >+ const char *fp; >+ int c, d; >+ >+ gcry_md_final(mfx.md); >+ /* this assumes gcry_md_read returns the same buffer */ >+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); >+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); >+ if (strlen(fname) != mdlen * 2 + 11) >+ log_bug("digests must be %d + @ + 5 bytes\n", mdlen); >+ d = -1; >+ for (fp = fname ; *fp; ) { >+ c = *fp++; >+ if (c >= '0' && c <= '9') >+ c -= '0'; >+ else if (c >= 'a' && c <= 'f') >+ c -= 'a' - 10; >+ else if (c >= 'A' && c <= 'F') >+ c -= 'A' - 10; >+ else >+ log_bug("filename is not hex\n"); >+ if (d >= 0) { >+ *mdb++ = d << 4 | c; >+ c = -1; >+ if (--mdlen == 0) { >+ mdb = ts; >+ if (*fp++ != '@') >+ log_bug("missing time separator\n"); >+ } >+ } >+ d = c; >+ } >+ sigclass = ts[0]; >+ if (sigclass != 0x00 && sigclass != 0x01) >+ log_bug("bad cipher class\n"); >+ timestamp = buffer_to_u32(ts + 1); >+ } > else { > /* read, so that the filter can calculate the digest */ > while( iobuf_get(inp) != -1 ) >@@ -1012,8 +1068,8 @@ sign_file( strlist_t filenames, int deta > > /* write the signatures */ > rc = write_signature_packets (sk_list, out, mfx.md, >- opt.textmode && !outfile? 0x01 : 0x00, >- 0, duration, detached ? 'D':'S'); >+ sigclass, >+ timestamp, duration, detached ? 'D':'S'); > if( rc ) > goto leave; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=907038">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1107529
: 907038 |
914512