From 2f5b615169aef2d9c74bb337af229dee2dce595e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 14:17:01 +0100 Subject: * apt-pkg/indexcopy.cc: - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc --- apt-pkg/contrib/gpgv.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 apt-pkg/contrib/gpgv.h (limited to 'apt-pkg/contrib/gpgv.h') diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h new file mode 100644 index 000000000..c15166c94 --- /dev/null +++ b/apt-pkg/contrib/gpgv.h @@ -0,0 +1,24 @@ +// -*- mode: cpp; mode: fold -*- +// Description /*{{{*/ +/* ###################################################################### + + Helpers to deal with gpgv better and more easily + + ##################################################################### */ + /*}}}*/ +#ifndef CONTRIB_GPGV_H +#define CONTRIB_GPGV_H + +#include + +/** \brief generates and run the command to verify a file with gpgv */ +bool ExecGPGV(std::string const &File, std::string const &FileOut, + int const &statusfd, int fd[2]); + +inline bool ExecGPGV(std::string const &File, std::string const &FileOut, + int const &statusfd = -1) { + int fd[2]; + return ExecGPGV(File, FileOut, statusfd, fd); +} + +#endif -- cgit v1.2.3 From 99ed26d32226f0dffe5a37fb78c5588f9d9ecfd5 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 14:29:46 +0100 Subject: * apt-pkg/contrib/gpgv.cc: - ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases --- apt-pkg/contrib/gpgv.h | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) (limited to 'apt-pkg/contrib/gpgv.h') diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index c15166c94..8aeea2fb3 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -11,14 +11,28 @@ #include -/** \brief generates and run the command to verify a file with gpgv */ -bool ExecGPGV(std::string const &File, std::string const &FileOut, - int const &statusfd, int fd[2]); +#if __GNUC__ >= 4 + #define APT_noreturn __attribute__ ((noreturn)) +#else + #define APT_noreturn /* no support */ +#endif -inline bool ExecGPGV(std::string const &File, std::string const &FileOut, +/** \brief generates and run the command to verify a file with gpgv + * + * If File and FileSig specify the same file it is assumed that we + * deal with a clear-signed message. + * + * @param File is the message (unsigned or clear-signed) + * @param FileSig is the signature (detached or clear-signed) + */ +void ExecGPGV(std::string const &File, std::string const &FileSig, + int const &statusfd, int fd[2]) APT_noreturn; +inline void ExecGPGV(std::string const &File, std::string const &FileSig, int const &statusfd = -1) { int fd[2]; - return ExecGPGV(File, FileOut, statusfd, fd); -} + ExecGPGV(File, FileSig, statusfd, fd); +}; + +#undef APT_noreturn #endif -- cgit v1.2.3 From 2d3fe9cfadb33556b7563a98bb5a4698888e6c40 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 18:53:53 +0100 Subject: - if ExecGPGV deals with a clear-signed file it will split this file into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default --- apt-pkg/contrib/gpgv.h | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) (limited to 'apt-pkg/contrib/gpgv.h') diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index 8aeea2fb3..8e04855e4 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -10,6 +10,7 @@ #define CONTRIB_GPGV_H #include +#include #if __GNUC__ >= 4 #define APT_noreturn __attribute__ ((noreturn)) @@ -20,7 +21,9 @@ /** \brief generates and run the command to verify a file with gpgv * * If File and FileSig specify the same file it is assumed that we - * deal with a clear-signed message. + * deal with a clear-signed message. In that case the file will be + * rewritten to be in a good-known format without uneeded whitespaces + * and additional messages (unsigned or signed). * * @param File is the message (unsigned or clear-signed) * @param FileSig is the signature (detached or clear-signed) @@ -35,4 +38,40 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig, #undef APT_noreturn +/** \brief Split an inline signature into message and signature + * + * Takes a clear-signed message and puts the first signed message + * in the content file and all signatures following it into the + * second. Unsigned messages, additional messages as well as + * whitespaces are discarded. The resulting files are suitable to + * be checked with gpgv. + * + * If one or all Fds are -1 they will not be used and the content + * which would have been written to them is discarded. + * + * The code doesn't support dash-encoded lines as these are not + * expected to be present in files we have to deal with. + * + * @param InFile is the clear-signed file + * @param ContentFile is the Fd the message will be written to + * @param ContentHeader is a list of all required Amored Headers for the message + * @param SignatureFile is the Fd all signatures will be written to + */ +bool SplitClearSignedFile(std::string const &InFile, int const ContentFile, + std::vector * const ContentHeader, int const SignatureFile); + +/** \brief recombines message and signature to an inline signature + * + * Reverses the splitting down by #SplitClearSignedFile by writing + * a well-formed clear-signed message without unsigned messages, + * additional signed messages or just trailing whitespaces + * + * @param OutFile will be clear-signed file + * @param ContentFile is the Fd the message will be read from + * @param ContentHeader is a list of all required Amored Headers for the message + * @param SignatureFile is the Fd all signatures will be read from + */ +bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile, + std::vector const &ContentHeader, int const SignatureFile); + #endif -- cgit v1.2.3 From f1828b6977972b4ef6da6401602b7938f6570c32 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 19:36:55 +0100 Subject: - add method to open (maybe) clearsigned files transparently * ftparchive/writer.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc files --- apt-pkg/contrib/gpgv.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'apt-pkg/contrib/gpgv.h') diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index 8e04855e4..ab7d35ab1 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -12,6 +12,8 @@ #include #include +#include + #if __GNUC__ >= 4 #define APT_noreturn __attribute__ ((noreturn)) #else @@ -52,10 +54,17 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig, * The code doesn't support dash-encoded lines as these are not * expected to be present in files we have to deal with. * + * The content of the split files is undefined if the splitting was + * unsuccessful. + * + * Note that trying to split an unsigned file will fail, but + * not generate an error message. + * * @param InFile is the clear-signed file * @param ContentFile is the Fd the message will be written to * @param ContentHeader is a list of all required Amored Headers for the message * @param SignatureFile is the Fd all signatures will be written to + * @return true if the splitting was successful, false otherwise */ bool SplitClearSignedFile(std::string const &InFile, int const ContentFile, std::vector * const ContentHeader, int const SignatureFile); @@ -74,4 +83,17 @@ bool SplitClearSignedFile(std::string const &InFile, int const ContentFile, bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile, std::vector const &ContentHeader, int const SignatureFile); +/** \brief open a file which might be clear-signed + * + * This method tries to extract the (signed) message of a file. + * If the file isn't signed it will just open the given filename. + * Otherwise the message is extracted to a temporary file which + * will be opened instead. + * + * @param ClearSignedFileName is the name of the file to open + * @param[out] MessageFile is the FileFd in which the file will be opened + * @return true if opening was successful, otherwise false + */ +bool OpenMaybeClearSignedFile(std::string const &ClearSignedFileName, FileFd &MessageFile); + #endif -- cgit v1.2.3 From 233b78083f6f79730fcb5a6faeb74e2a78b6038a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 22:57:08 +0100 Subject: * apt-pkg/deb/debindexfile.cc, apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files --- apt-pkg/contrib/gpgv.h | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'apt-pkg/contrib/gpgv.h') diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index ab7d35ab1..8cbe553bc 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -69,20 +69,6 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig, bool SplitClearSignedFile(std::string const &InFile, int const ContentFile, std::vector * const ContentHeader, int const SignatureFile); -/** \brief recombines message and signature to an inline signature - * - * Reverses the splitting down by #SplitClearSignedFile by writing - * a well-formed clear-signed message without unsigned messages, - * additional signed messages or just trailing whitespaces - * - * @param OutFile will be clear-signed file - * @param ContentFile is the Fd the message will be read from - * @param ContentHeader is a list of all required Amored Headers for the message - * @param SignatureFile is the Fd all signatures will be read from - */ -bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile, - std::vector const &ContentHeader, int const SignatureFile); - /** \brief open a file which might be clear-signed * * This method tries to extract the (signed) message of a file. -- cgit v1.2.3 From b408e4ad0010b273dac0af7dc87ab61062d89e49 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 19 Mar 2013 10:49:57 +0100 Subject: use FileFd instead of int fds to tidy up the interface a bit --- apt-pkg/contrib/gpgv.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'apt-pkg/contrib/gpgv.h') diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index 8cbe553bc..1f877fc2d 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -48,8 +48,8 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig, * whitespaces are discarded. The resulting files are suitable to * be checked with gpgv. * - * If one or all Fds are -1 they will not be used and the content - * which would have been written to them is discarded. + * If a FileFd pointers is NULL it will not be used and the content + * which would have been written to it is silently discarded. * * The code doesn't support dash-encoded lines as these are not * expected to be present in files we have to deal with. @@ -61,13 +61,13 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig, * not generate an error message. * * @param InFile is the clear-signed file - * @param ContentFile is the Fd the message will be written to + * @param ContentFile is the FileFd the message will be written to * @param ContentHeader is a list of all required Amored Headers for the message - * @param SignatureFile is the Fd all signatures will be written to + * @param SignatureFile is the FileFd all signatures will be written to * @return true if the splitting was successful, false otherwise */ -bool SplitClearSignedFile(std::string const &InFile, int const ContentFile, - std::vector * const ContentHeader, int const SignatureFile); +bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile, + std::vector * const ContentHeader, FileFd * const SignatureFile); /** \brief open a file which might be clear-signed * -- cgit v1.2.3 From cb32348956441e33733e6bd8c2c572f19600dc25 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 19 Mar 2013 12:37:50 +0100 Subject: support dash-escaped text in clearsigned files as implementations are free to escape all lines (we have no lines in our files which need to be escaped as these would be invalid fieldnames) and while ExecGPGV would detect dash-escaped text as invalid (as its not expected in messages with detached signatures) it would be possible to "comment" lines in (signed) dsc files which are only parsed but not verified --- apt-pkg/contrib/gpgv.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'apt-pkg/contrib/gpgv.h') diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index 1f877fc2d..08b10a97a 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -51,9 +51,6 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig, * If a FileFd pointers is NULL it will not be used and the content * which would have been written to it is silently discarded. * - * The code doesn't support dash-encoded lines as these are not - * expected to be present in files we have to deal with. - * * The content of the split files is undefined if the splitting was * unsuccessful. * -- cgit v1.2.3