[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-cvs] ccvs/src ChangeLog Makefile.am Makefile.in main... [signed-com
From: |
Derek Robert Price |
Subject: |
[Cvs-cvs] ccvs/src ChangeLog Makefile.am Makefile.in main... [signed-commits3] |
Date: |
Sat, 31 Dec 2005 19:51:11 +0000 |
CVSROOT: /cvsroot/cvs
Module name: ccvs
Branch: signed-commits3
Changes by: Derek Robert Price <address@hidden> 05/12/31 19:51:11
Modified files:
src : ChangeLog Makefile.am Makefile.in main.c root.c
root.h sign.c sign.h
Added files:
src : verify.c verify.h
Log message:
* verify.c, verify.h: New files.
* Makefile.am (cvs_SOURCES): Add new files.
* main.c: Include "verify.h".
(opt_usage): Add --verify* args.
(main): Process same.
* root.c (new_cvsroot_t): Default verify method options.
(parse_cvsroot): Process same.
* root.h (cvsroot_t): Add verify method options.
* sign.c (get_sign_textmode), sign.h (get_sign_textmode): Export.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/ChangeLog.diff?only_with_tag=signed-commits3&tr1=1.3328.2.9&tr2=1.3328.2.10&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/Makefile.am.diff?only_with_tag=signed-commits3&tr1=1.47.6.1&tr2=1.47.6.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/Makefile.in.diff?only_with_tag=signed-commits3&tr1=1.162.2.1&tr2=1.162.2.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/main.c.diff?only_with_tag=signed-commits3&tr1=1.262.6.1&tr2=1.262.6.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/root.c.diff?only_with_tag=signed-commits3&tr1=1.121.2.1&tr2=1.121.2.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/root.h.diff?only_with_tag=signed-commits3&tr1=1.23.2.1&tr2=1.23.2.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sign.c.diff?only_with_tag=signed-commits3&tr1=1.1.6.1&tr2=1.1.6.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sign.h.diff?only_with_tag=signed-commits3&tr1=1.1.6.1&tr2=1.1.6.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.c?only_with_tag=signed-commits3&rev=1.1.2.1
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.h?only_with_tag=signed-commits3&rev=1.1.2.1
Patches:
Index: ccvs/src/ChangeLog
diff -u ccvs/src/ChangeLog:1.3328.2.9 ccvs/src/ChangeLog:1.3328.2.10
--- ccvs/src/ChangeLog:1.3328.2.9 Fri Dec 30 23:48:58 2005
+++ ccvs/src/ChangeLog Sat Dec 31 19:51:10 2005
@@ -1,3 +1,15 @@
+2005-12-31 Derek Price <address@hidden>
+
+ * verify.c, verify.h: New files.
+ * Makefile.am (cvs_SOURCES): Add new files.
+ * main.c: Include "verify.h".
+ (opt_usage): Add --verify* args.
+ (main): Process same.
+ * root.c (new_cvsroot_t): Default verify method options.
+ (parse_cvsroot): Process same.
+ * root.h (cvsroot_t): Add verify method options.
+ * sign.c (get_sign_textmode), sign.h (get_sign_textmode): Export.
+
2005-12-30 Derek Price <address@hidden>
* client.c (handle_openpgp_signatures): Clarify error message.
Index: ccvs/src/Makefile.am
diff -u ccvs/src/Makefile.am:1.47.6.1 ccvs/src/Makefile.am:1.47.6.2
--- ccvs/src/Makefile.am:1.47.6.1 Wed Dec 21 13:25:10 2005
+++ ccvs/src/Makefile.am Sat Dec 31 19:51:11 2005
@@ -85,6 +85,7 @@
subr.c subr.h \
tag.c \
update.c \
+ verify.c verify.h \
version.c \
vers_ts.c \
watch.c \
Index: ccvs/src/Makefile.in
diff -u ccvs/src/Makefile.in:1.162.2.1 ccvs/src/Makefile.in:1.162.2.2
--- ccvs/src/Makefile.in:1.162.2.1 Wed Dec 21 13:25:10 2005
+++ ccvs/src/Makefile.in Sat Dec 31 19:51:11 2005
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# Makefile.in generated by automake 1.9.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -32,6 +32,8 @@
# GNU General Public License for more details.
+SOURCES = $(cvs_SOURCES) $(EXTRA_cvs_SOURCES)
+
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
@@ -152,8 +154,9 @@
root.$(OBJEXT) rsh-client.$(OBJEXT) run.$(OBJEXT) \
scramble.$(OBJEXT) server.$(OBJEXT) sign.$(OBJEXT) \
stack.$(OBJEXT) status.$(OBJEXT) subr.$(OBJEXT) tag.$(OBJEXT) \
- update.$(OBJEXT) version.$(OBJEXT) vers_ts.$(OBJEXT) \
- watch.$(OBJEXT) wrapper.$(OBJEXT) zlib.$(OBJEXT)
+ update.$(OBJEXT) verify.$(OBJEXT) version.$(OBJEXT) \
+ vers_ts.$(OBJEXT) watch.$(OBJEXT) wrapper.$(OBJEXT) \
+ zlib.$(OBJEXT)
cvs_OBJECTS = $(am_cvs_OBJECTS)
am__DEPENDENCIES_1 =
binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
@@ -371,6 +374,7 @@
subr.c subr.h \
tag.c \
update.c \
+ verify.c verify.h \
version.c \
vers_ts.c \
watch.c \
@@ -570,6 +574,7 @@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
address@hidden@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
Index: ccvs/src/main.c
diff -u ccvs/src/main.c:1.262.6.1 ccvs/src/main.c:1.262.6.2
--- ccvs/src/main.c:1.262.6.1 Wed Dec 21 13:25:10 2005
+++ ccvs/src/main.c Sat Dec 31 19:51:11 2005
@@ -17,14 +17,21 @@
*
*/
-#include "cvs.h"
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+/* GNULIB includes. */
#include "closeout.h"
#include "setenv.h"
#include "strftime.h"
#include "xgethostname.h"
+/* CVS includes. */
#include "sign.h"
+#include "verify.h"
+
+#include "cvs.h"
@@ -319,6 +326,14 @@
" --textmode ARG\n",
" Pass ARG to OpenPGP TEMPLATE when verifying or\n",
" generating signatures.\n",
+ " --verify[=(off | warn | fatal)] | --no-verify\n",
+ " Force (or forbid) OpenPGP signature verification\n",
+ " (default warns).\n",
+ " -G TEMPLATE\n",
+ " --verify-template TEMPLATE\n",
+ " Use TEMPLATE to verify OpenPGP signatures.\n",
+ " --verify-arg ARG\n",
+ " Pass ARG to OpenPGP TEMPLATE when verifying.\n",
"(Specify the --help option for a list of other help options)\n",
NULL
};
@@ -541,8 +556,12 @@
{"sign", optional_argument, NULL, 'g'},
{"no-sign", 0, NULL, 5},
{"sign-template", required_argument, NULL, 'G'},
- {"sign-arg", required_argument, NULL, '6'},
- {"sign-textmode", required_argument, NULL, 7},
+ {"sign-arg", required_argument, NULL, 6},
+ {"textmode", required_argument, NULL, 7},
+ {"verify", optional_argument, NULL, 8},
+ {"no-verify", 0, NULL, 9},
+ {"verify-template", required_argument, NULL, 10},
+ {"verify-arg", required_argument, NULL, 11},
#ifdef SERVER_SUPPORT
{"allow-root", required_argument, NULL, 3},
#endif /* SERVER_SUPPORT */
@@ -678,7 +697,7 @@
else if (!strcasecmp (optarg, "off"))
set_sign_commits (SIGN_NEVER);
else
- error (1, 0, "Unrecognized argument to sign (`%s')",
+ error (1, 0, "Unrecognized argument to --sign (`%s')",
optarg);
}
else
@@ -697,9 +716,44 @@
add_sign_arg (optarg);
break;
case 7:
- /* --sign-textmode */
+ /* --textmode */
set_sign_textmode (optarg);
break;
+ case 8:
+ /* --verify */
+ if (optarg)
+ {
+ if (!strcasecmp (optarg, "off")
+ || !strcasecmp (optarg, "never")
+ || !strcasecmp (optarg, "false"))
+ set_verify_checkouts (VERIFY_OFF);
+ else if (!strcasecmp (optarg, "warn"))
+ set_verify_checkouts (VERIFY_WARN);
+ else if (!strcasecmp (optarg, "always")
+ || !strcasecmp (optarg, "fatal")
+ || !strcasecmp (optarg, "on")
+ || !strcasecmp (optarg, "true"))
+ set_verify_checkouts (VERIFY_FATAL);
+ else
+ error (1, 0,
+ "Unrecognized argument to --verify (`%s')",
+ optarg);
+ }
+ else
+ set_verify_checkouts (VERIFY_FATAL);
+ break;
+ case 9:
+ /* --no-verify */
+ set_verify_checkouts (VERIFY_OFF);
+ break;
+ case 10:
+ /* --verify-template */
+ set_verify_template (optarg);
+ break;
+ case 11:
+ /* --verify-arg */
+ add_verify_arg (optarg);
+ break;
#ifdef SERVER_SUPPORT
case 3:
/* --allow-root */
Index: ccvs/src/root.c
diff -u ccvs/src/root.c:1.121.2.1 ccvs/src/root.c:1.121.2.2
--- ccvs/src/root.c:1.121.2.1 Wed Dec 21 13:25:10 2005
+++ ccvs/src/root.c Sat Dec 31 19:51:11 2005
@@ -402,6 +402,9 @@
newroot->sign_template = xstrdup (DEFAULT_SIGN_TEMPLATE);
newroot->sign_textmode = xstrdup (DEFAULT_SIGN_TEXTMODE);
newroot->sign_args = getlist ();
+ newroot->verify = VERIFY_DEFAULT;
+ newroot->verify_template = xstrdup (DEFAULT_VERIFY_TEMPLATE);
+ newroot->verify_args = getlist ();
#ifdef CLIENT_SUPPORT
newroot->username = NULL;
newroot->password = NULL;
@@ -438,6 +441,9 @@
if (root->sign_textmode)
free (root->sign_textmode);
dellist (&root->sign_args);
+ if (root->verify_template)
+ free (root->verify_template);
+ dellist (&root->verify_args);
#ifdef CLIENT_SUPPORT
if (root->username != NULL)
free (root->username);
@@ -646,6 +652,34 @@
newroot->sign_textmode = xstrdup (q);
else if (!strcasecmp (p, "sign-arg"))
push_string (newroot->sign_args, q);
+ else if (!strcasecmp (p, "no-verify"))
+ newroot->verify = VERIFY_OFF;
+ else if (!strcasecmp (p, "verify"))
+ {
+ if (!q)
+ newroot->verify = VERIFY_FATAL;
+ else if (!strcasecmp (q, "fatal"))
+ newroot->verify = VERIFY_FATAL;
+ else if (!strcasecmp (q, "warn"))
+ newroot->verify = VERIFY_WARN;
+ else
+ {
+ bool on;
+ if (readBool ("CVSROOT", "verify", q, &on))
+ {
+ if (on)
+ newroot->verify = VERIFY_FATAL;
+ else
+ newroot->verify = VERIFY_OFF;
+ }
+ else
+ goto error_exit;
+ }
+ }
+ else if (!strcasecmp (p, "verify-template"))
+ newroot->verify_template = xstrdup (q);
+ else if (!strcasecmp (p, "verify-arg"))
+ push_string (newroot->verify_args, q);
else if (!strcasecmp (p, "CVS_RSH"))
{
/* override CVS_RSH environment variable */
Index: ccvs/src/root.h
diff -u ccvs/src/root.h:1.23.2.1 ccvs/src/root.h:1.23.2.2
--- ccvs/src/root.h:1.23.2.1 Wed Dec 21 13:25:10 2005
+++ ccvs/src/root.h Sat Dec 31 19:51:11 2005
@@ -16,9 +16,12 @@
#ifndef ROOT_H
#define ROOT_H
+/* ANSI C includes. */
#include <stdbool.h>
+/* CVS Includes. */
#include "sign.h"
+#include "verify.h"
/* Access method specified in CVSroot. */
typedef enum {
@@ -48,6 +51,13 @@
List *sign_args; /* Keep track of any additional arguments for
* the sign tool.
*/
+ verify_state verify; /* Whether to verify checkouts. */
+ char *verify_template; /* The template to use to launch the external
+ * program to verify GPG signatures.
+ */
+ List *verify_args; /* Keep track of any additional arguments for
+ * the verify tool.
+ */
/* The following is required for servers now to allow Redirects to be sent
* for remote roots when client support is disabled.
Index: ccvs/src/sign.c
diff -u ccvs/src/sign.c:1.1.6.1 ccvs/src/sign.c:1.1.6.2
--- ccvs/src/sign.c:1.1.6.1 Wed Dec 21 13:25:10 2005
+++ ccvs/src/sign.c Sat Dec 31 19:51:11 2005
@@ -144,8 +144,11 @@
/* Return SIGN_TEXTMODE from the command line if it exists, else return the
* SIGN_TEXTMODE from CURRENT_PARSED_ROOT.
+ *
+ * This function is not static because sign_textmode is reused for
+ * verify_textmode.
*/
-static inline const char *
+const char *
get_sign_textmode (void)
{
if (sign_textmode) return sign_textmode;
Index: ccvs/src/sign.h
diff -u ccvs/src/sign.h:1.1.6.1 ccvs/src/sign.h:1.1.6.2
--- ccvs/src/sign.h:1.1.6.1 Wed Dec 21 13:25:10 2005
+++ ccvs/src/sign.h Sat Dec 31 19:51:11 2005
@@ -39,6 +39,7 @@
/* Get values. */
bool get_sign_commits (bool server_active, bool server_support);
+const char *get_sign_textmode (void);
char *gen_signature (const char *srepos, const char *filename, bool bin,
size_t *len);
char *get_signature (bool server_active, const char *srepos,
Index: ccvs/src/verify.c
diff -u /dev/null ccvs/src/verify.c:1.1.2.1
--- /dev/null Sat Dec 31 19:51:11 2005
+++ ccvs/src/verify.c Sat Dec 31 19:51:11 2005
@@ -0,0 +1,243 @@
+/*
+ * Copyright (C) 2005 The Free Software Foundation, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+/* Verify interface. */
+#include "verify.h"
+
+/* ANSI C headers. */
+#include <assert.h>
+#include <stdlib.h>
+
+/* GNULIB headers. */
+#include "error.h"
+#include "xalloc.h"
+
+/* CVS headers. */
+#include "stack.h"
+
+/* Get current_parsed_root. */
+#include "cvs.h"
+
+
+
+extern int noexec;
+
+
+
+/*
+ * Globals set via the command line parser in main.c.
+ */
+
+/* If a program capable of generating OpenPGP signatures couldn't be found at
+ * configure time, default the sign state to off, otherwise, depend on the
+ * server support.
+ */
+#ifdef HAVE_OPENPGP
+static verify_state verify_checkouts = VERIFY_DEFAULT;
+#else
+static verify_state verify_checkouts = VERIFY_NEVER;
+#endif
+
+static char *verify_template;
+static List *verify_args;
+
+
+
+void
+set_verify_checkouts (verify_state verify)
+{
+ verify_checkouts = verify;
+}
+
+
+
+void
+set_verify_template (const char *template)
+{
+ assert (template);
+ if (verify_template) free (verify_template);
+ verify_template = xstrdup (template);
+}
+
+
+
+void
+add_verify_arg (const char *arg)
+{
+ if (!verify_args) verify_args = getlist ();
+ push_string (verify_args, xstrdup (arg));
+}
+
+
+
+/* Return the current verify_state based on the command line options, current
+ * cvsroot, and compiled default.
+ *
+ * INPUTS
+ * server_active Whether the server is active.
+ * server_support Whether the server supports signed files.
+ *
+ * ERRORS
+ * This function exits with a fatal error when the server does not support
+ * OpenPGP signatures and VERIFY_FATAL would otherwise be returned.
+ *
+ * RETURNS
+ * VERIFY_OFF, VERIFY_WARN, or VERIFY_FATAL.
+ */
+static verify_state
+iget_verify_checkouts (bool server_active, bool server_support)
+{
+ verify_state tmp;
+
+ /* Only verify checkouts from the client (and in local mode). */
+ if (server_active) return false;
+
+ if (verify_checkouts == VERIFY_DEFAULT)
+ tmp = current_parsed_root->verify;
+ else
+ tmp = verify_checkouts;
+
+ if (tmp == VERIFY_DEFAULT)
+ tmp = VERIFY_FATAL;
+
+ if (tmp == VERIFY_FATAL && !server_support)
+ error (1, 0, "Server does not support OpenPGP signatures.");
+
+ return tmp;
+}
+
+
+
+/* Return true if the client should attempt to verify files sent by the server.
+ *
+ * INPUTS
+ * server_active Whether the server is active.
+ * server_support Whether the server supports signed files.
+ *
+ * ERRORS
+ * This function exits with a fatal error if iget_verify_checkouts does.
+ */
+bool
+get_verify_checkouts (bool server_active, bool server_support)
+{
+ verify_state tmp = iget_verify_checkouts (server_active, server_support);
+ return tmp == VERIFY_WARN || tmp == VERIFY_FATAL;
+}
+
+
+
+/* Return VERIFY_TEMPLATE from the command line if it exists, else return the
+ * VERIFY_TEMPLATE from CURRENT_PARSED_ROOT.
+ */
+static inline const char *
+get_verify_template (void)
+{
+ if (verify_template) return verify_template;
+ return current_parsed_root->verify_template;
+}
+
+
+
+/* Return VERIFY_ARGS from the command line if it exists, else return the
+ * VERIFY_ARGS from CURRENT_PARSED_ROOT.
+ */
+static inline List *
+get_verify_args (void)
+{
+ if (verify_args && !list_isempty (verify_args)) return verify_args;
+ return current_parsed_root->verify_args;
+}
+
+
+
+/* This function is intended to be passed into walklist() with a list of args
+ * to be substituted into the sign template.
+ *
+ * closure will be a struct format_cmdline_walklist_closure
+ * where closure is undefined.
+ */
+static int
+verify_args_list_to_args_proc (Node *p, void *closure)
+{
+ struct format_cmdline_walklist_closure *c = closure;
+ char *arg = NULL;
+ const char *f;
+ char *d;
+ size_t doff;
+
+ if (p->data == NULL) return 1;
+
+ f = c->format;
+ d = *c->d;
+ /* foreach requested attribute */
+ while (*f)
+ {
+ switch (*f++)
+ {
+ case 'a':
+ arg = p->key;
+ break;
+ default:
+ error (1, 0,
+ "Unknown format character or not a list attribute: %c",
+ f[-1]);
+ /* NOTREACHED */
+ break;
+ }
+ /* copy the attribute into an argument */
+ if (c->quotes)
+ {
+ arg = cmdlineescape (c->quotes, arg);
+ }
+ else
+ {
+ arg = cmdlinequote ('"', arg);
+ }
+
+ doff = d - *c->buf;
+ expand_string (c->buf, c->length, doff + strlen (arg));
+ d = *c->buf + doff;
+ strncpy (d, arg, strlen (arg));
+ d += strlen (arg);
+ free (arg);
+
+ /* Always put the extra space on. we'll have to back up a char
+ * when we're done, but that seems most efficient.
+ */
+ doff = d - *c->buf;
+ expand_string (c->buf, c->length, doff + 1);
+ d = *c->buf + doff;
+ *d++ = ' ';
+ }
+ /* correct our original pointer into the buff */
+ *c->d = d;
+ return 0;
+}
+
+
+
+/* Generate a signature and return it in allocated memory. */
+char *
+verify_signature (const char *srepos, const char *filename, bool bin,\
+ size_t *len)
+{
+}
Index: ccvs/src/verify.h
diff -u /dev/null ccvs/src/verify.h:1.1.2.1
--- /dev/null Sat Dec 31 19:51:11 2005
+++ ccvs/src/verify.h Sat Dec 31 19:51:11 2005
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2005 The Free Software Foundation, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+#ifndef VERIFY_H
+#define VERIFY_H
+
+#include <stdbool.h>
+#include <stddef.h>
+
+/* Get List. */
+#include "hash.h"
+
+
+
+typedef enum
+{
+ VERIFY_DEFAULT,
+ VERIFY_OFF,
+ VERIFY_WARN,
+ VERIFY_FATAL
+} verify_state;
+
+
+
+/* Set values to override current_parsed_root. */
+void set_verify_checkouts (verify_state verify);
+void set_verify_template (const char *template);
+void set_verify_textmode (const char *textmode);
+void add_verify_arg (const char *arg);
+
+/* Get values. */
+bool get_verify_checkouts (bool server_active, bool server_support);
+char *verify_signature (const char *srepos, const char *filename, bool bin,
+ size_t *len);
+#endif /* VERIFY_H */
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Cvs-cvs] ccvs/src ChangeLog Makefile.am Makefile.in main... [signed-commits3],
Derek Robert Price <=