![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / signify
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.19 / (download) - annotate - [select for diffs], Sat Apr 29 10:08:18 2023 UTC (12 months, 3 weeks ago) by espie
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.18: +5 -1 lines
Diff to previous 1.18 (colored)
as noticed by sdk@, a package with an exact numbers of 64K chunks would produce a spurious error (so 1 chance in 2^26) It's like read/write: we need to recognize 0 as EOF and not try to checksum a non-existing block. while there, also make sure that we got all the signed blocks at EOF before exit(0) Note that none of those two bugs affect the actual security of signed packages: the basic assertion that only signed data gets written through the pipe is still 100% valid ! but it's a good idea to not emit spurious messages for valid files, and also to recognize truncated files ! okay tb@ (thanks a lot)
Revision 1.18 / (download) - annotate - [select for diffs], Sun Dec 22 06:37:25 2019 UTC (4 years, 4 months ago) by espie
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.17: +4 -8 lines
Diff to previous 1.17 (colored)
have parseb64file be non-destructive, so we can write the comment in zsig without needing an extra copy okay tedu@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Dec 9 09:41:54 2019 UTC (4 years, 5 months ago) by espie
Branch: MAIN
Changes since 1.16: +9 -8 lines
Diff to previous 1.16 (colored)
tweak -z mode verification to save the header and actually output it, so that signify -zV >saved.tgz keeps the signature for later checks. Uses slightly more memory, but simplifies some processes. okay tedu@
Revision 1.16 / (download) - annotate - [select for diffs], Sat Mar 23 07:10:06 2019 UTC (5 years, 1 month ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.15: +8 -3 lines
Diff to previous 1.15 (colored)
allow -n to zero the gzip header timestamp. suggestion from Andre Stoebe. ok tb
Revision 1.15 / (download) - annotate - [select for diffs], Tue Jul 11 23:52:05 2017 UTC (6 years, 10 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
adjust size to be one less than power of 2, so that doubling will never roll to 0, but instead something very large, and thus fail in realloc
Revision 1.14 / (download) - annotate - [select for diffs], Tue Oct 4 14:40:41 2016 UTC (7 years, 7 months ago) by espie
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
typo
Revision 1.13 / (download) - annotate - [select for diffs], Tue Sep 27 02:16:40 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.12: +2 -5 lines
Diff to previous 1.12 (colored)
can make function static now that it's living in a separate file. bye bye XXX!
Revision 1.12 / (download) - annotate - [select for diffs], Sat Sep 10 12:23:16 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
spaces found during re-read
Revision 1.11 / (download) - annotate - [select for diffs], Thu Sep 8 16:04:01 2016 UTC (7 years, 8 months ago) by espie
Branch: MAIN
Changes since 1.10: +4 -10 lines
Diff to previous 1.10 (colored)
simplify the extra buffer size copy
Revision 1.10 / (download) - annotate - [select for diffs], Sun Sep 4 17:00:22 2016 UTC (7 years, 8 months ago) by espie
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
well, adding the filename doesn't help... mostly used with pipes anyhow
Revision 1.9 / (download) - annotate - [select for diffs], Sat Sep 3 20:52:53 2016 UTC (7 years, 8 months ago) by espie
Branch: MAIN
Changes since 1.8: +4 -2 lines
Diff to previous 1.8 (colored)
add the keyname to meta-info that passes thru
Revision 1.8 / (download) - annotate - [select for diffs], Sat Sep 3 17:04:13 2016 UTC (7 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.7: +12 -12 lines
Diff to previous 1.7 (colored)
switch back to SHA512/256 now that we have the official nist flavor
Revision 1.7 / (download) - annotate - [select for diffs], Sat Sep 3 12:59:33 2016 UTC (7 years, 8 months ago) by espie
Branch: MAIN
Changes since 1.6: +12 -12 lines
Diff to previous 1.6 (colored)
naddy@ pointed out that SHA512/256 is slightly different so use SHA384 which is on the shelf and good enough
Revision 1.6 / (download) - annotate - [select for diffs], Sat Sep 3 12:12:21 2016 UTC (7 years, 8 months ago) by espie
Branch: MAIN
Changes since 1.5: +30 -12 lines
Diff to previous 1.5 (colored)
MAJOR tweak: switch to SHA512/256 adjust the header information to be self-descripting and contain a signature date, and pass that thru when checking.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Sep 3 11:22:09 2016 UTC (7 years, 8 months ago) by espie
Branch: MAIN
Changes since 1.4: +12 -5 lines
Diff to previous 1.4 (colored)
nitpicks. all header info is relative. make gzheader freeable. allocate properly for storing shas.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Sep 2 21:52:12 2016 UTC (7 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.3: +17 -15 lines
Diff to previous 1.3 (colored)
style polishing
Revision 1.3 / (download) - annotate - [select for diffs], Fri Sep 2 21:48:03 2016 UTC (7 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.2: +7 -7 lines
Diff to previous 1.2 (colored)
replace exit() with err() and errx() so user knows what happened
Revision 1.2 / (download) - annotate - [select for diffs], Fri Sep 2 16:12:09 2016 UTC (7 years, 8 months ago) by espie
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
duplicate var
Revision 1.1 / (download) - annotate - [select for diffs], Fri Sep 2 16:10:56 2016 UTC (7 years, 8 months ago) by espie
Branch: MAIN
add a new option (-z) for signing gzip archives. - simple barebones gzip header parsing - signature is outside of the archive - checksums for blocks of 64K - verify stuff then pass it to the pipeline lots of inputs by tedu@ and deraadt@ okay tedu@