Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package minisign for openSUSE:Factory checked in at 2025-02-03 21:43:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/minisign (Old) and /work/SRC/openSUSE:Factory/.minisign.new.2316 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "minisign" Mon Feb 3 21:43:33 2025 rev:2 rq:1242099 version:0.12 Changes: -------- --- /work/SRC/openSUSE:Factory/minisign/minisign.changes 2024-07-25 11:58:10.155971247 +0200 +++ /work/SRC/openSUSE:Factory/.minisign.new.2316/minisign.changes 2025-02-03 21:44:06.675962295 +0100 @@ -1,0 +2,9 @@ +Sat Feb 1 11:18:41 UTC 2025 - Joshua Smith <[email protected]> + +- Update to version 0.12 + * Libsodium is now an optional dependency. When using the Zig + toolchain to compile Minisign, you can specify the + -Dwithout-libsodium flag to build and run without libsodium. + * Key identifiers are now zero-padded when printed. + +------------------------------------------------------------------- Old: ---- 0.11.tar.gz New: ---- 0.12.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ minisign.spec ++++++ --- /var/tmp/diff_new_pack.85sw6V/_old 2025-02-03 21:44:07.247985906 +0100 +++ /var/tmp/diff_new_pack.85sw6V/_new 2025-02-03 21:44:07.251986071 +0100 @@ -1,7 +1,7 @@ # # spec file for package minisign # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,12 +15,13 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + Name: minisign -Version: 0.11 +Version: 0.12 Release: 0 License: ISC Summary: A dead simple tool to sign files and verify signatures -Url: https://jedisct1.github.io/minisign/ +URL: https://jedisct1.github.io/minisign/ Group: Productivity/Networking/Security Source0: https://github.com/jedisct1/minisign/archive/%{version}.tar.gz BuildRequires: cmake ++++++ 0.11.tar.gz -> 0.12.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/.clang-format new/minisign-0.12/.clang-format --- old/minisign-0.11/.clang-format 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/.clang-format 2025-01-15 22:46:54.000000000 +0100 @@ -94,7 +94,7 @@ IndentCaseLabels: false IndentCaseBlocks: false IndentGotoLabels: true -IndentPPDirectives: None +IndentPPDirectives: AfterHash IndentExternBlock: AfterExternBlock IndentRequires: false IndentWidth: 4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/.github/workflows/issues.yml new/minisign-0.12/.github/workflows/issues.yml --- old/minisign-0.11/.github/workflows/issues.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/minisign-0.12/.github/workflows/issues.yml 2025-01-15 22:46:54.000000000 +0100 @@ -0,0 +1,17 @@ +name: Close inactive issues +on: + schedule: + - cron: "30 1 * * *" + +jobs: + close-issues: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: "This issue is stale because it has been open for 30 days with no activity." + close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale." + repo-token: ${{ secrets.GITHUB_TOKEN }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/.travis.yml new/minisign-0.12/.travis.yml --- old/minisign-0.11/.travis.yml 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/.travis.yml 1970-01-01 01:00:00.000000000 +0100 @@ -1,43 +0,0 @@ -sudo: required - -language: c - -os: - - linux - -compiler: - - gcc - -before_script: - - git clone https://github.com/jedisct1/libsodium.git --branch=stable - - cd libsodium - - env CPPFLAGS=-DED25519_NONDETERMINISTIC ./configure --disable-dependency-tracking - - make -j$(nproc) - - sudo make install - - sudo ldconfig - - cd .. - -script: - - rm -fr build - - mkdir build - - cd build - - cmake .. - - make -j$(nproc) - - cd .. - - - rm -fr build - - mkdir build - - cd build - - cmake -D STATIC_LIBSODIUM=1 .. - - make -j$(nproc) - - cd .. - - - rm -fr build - - mkdir build - - cd build - - cmake -D BUILD_STATIC_EXECUTABLES=1 .. - - make -j$(nproc) - - cd .. - -matrix: - - fast_finish: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/CMakeLists.txt new/minisign-0.12/CMakeLists.txt --- old/minisign-0.11/CMakeLists.txt 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/CMakeLists.txt 2025-01-15 22:46:54.000000000 +0100 @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.8.12) +cmake_minimum_required(VERSION 3.10) project(minisign C) @@ -7,7 +7,7 @@ set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_CURRENT_SOURCE_DIR}/README.md") set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE") set(CPACK_PACKAGE_VERSION_MAJOR "0") -set(CPACK_PACKAGE_VERSION_MINOR "11") +set(CPACK_PACKAGE_VERSION_MINOR "12") set(CPACK_PACKAGE_VERSION_PATCH "0") set( CPACK_SOURCE_PACKAGE_FILE_NAME diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/LICENSE new/minisign-0.12/LICENSE --- old/minisign-0.11/LICENSE 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/LICENSE 2025-01-15 22:46:54.000000000 +0100 @@ -1,7 +1,7 @@ ISC LICENSE. /* - * Copyright (c) 2015-2023 + * Copyright (c) 2015-2025 * Frank Denis <j at pureftpd dot org> * * Permission to use, copy, modify, and/or distribute this software for any diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/README.md new/minisign-0.12/README.md --- old/minisign-0.11/README.md 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/README.md 2025-01-15 22:46:54.000000000 +0100 @@ -16,19 +16,34 @@ Compilation / installation -------------------------- -## Using [Zig](https://ziglang.org): +## Building with Zig Dependencies: -* [libsodium](https://libsodium.org/) +* [libsodium](https://libsodium.org/) (*optional*) +* [zig](https://ziglang.org) -Compilation: +Compilation with libsodium, dynamically linked (libsodium will need to be installed on the system for the command to run): + + $ zig build -Doptimize=ReleaseSmall + +Compilation with libsodium, statically linked (libsodium will only be needed for compilation): + + $ zig build -Doptimize=ReleaseSmall -Dstatic + +Compilation without libsodium, no dependencies required: + + $ zig build -Doptimize=ReleaseSmall -Dwithout-libsodium - $ zig build -Drelease-safe +The resulting binary can be found in `zig-out/bin/minisign`. -## Using cmake and gcc or clang: +In all these examples, `ReleaseFast` can be replaced with `ReleaseSmall` to favor speed over size. -* [libsodium](https://libsodium.org/) +## Building with cmake and gcc or clang: + +Dependencies: + +* [libsodium](https://libsodium.org/) (*required*) * cmake * pkg-config * gcc or clang @@ -65,6 +80,13 @@ $ docker run -i --rm jedisct1/minisign +For example, verifying a signature using the docker image can be done +with: + + $ docker run -v .:/minisign -e HOME=/minisign -w /minisign \ + -it --rm jedisct1/minisign \ + -Vm file_to_verify -p minisign.pub + The image can be verified with the following cosign public key: ```text @@ -102,6 +124,8 @@ * [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation. * [py-minisign](https://github.com/x13a/py-minisign) is a Python implementation. +* [minisign](https://hexdocs.pm/minisign/Minisign.html) is an Elixir implementation + (verification only) Signature determinism --------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/build-dist-package.sh new/minisign-0.12/build-dist-package.sh --- old/minisign-0.11/build-dist-package.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/minisign-0.12/build-dist-package.sh 2025-01-15 22:46:54.000000000 +0100 @@ -0,0 +1,4 @@ +#! /bin/sh + +tar czpvf minisign-0.12.tar.gz $(git ls-files) +minisign -Sm minisign-0.12.tar.gz diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/build.zig new/minisign-0.12/build.zig --- old/minisign-0.11/build.zig 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/build.zig 2025-01-15 22:46:54.000000000 +0100 @@ -1,21 +1,49 @@ const std = @import("std"); -pub fn build(b: *std.build.Builder) !void { - var target = b.standardTargetOptions(.{}); - const mode = b.standardReleaseOptions(); +pub fn build(b: *std.Build) !void { + const target = b.standardTargetOptions(.{}); + const optimize = b.standardOptimizeOption(.{}); - const minisign = b.addExecutable("minisign", null); - minisign.setTarget(target); - minisign.setBuildMode(mode); - minisign.install(); + const use_libzodium = b.option(bool, "without-libsodium", "Use the zig standard library instead of libsodium") orelse false; + const use_static_linking = b.option(bool, "static", "Statically link the binary") orelse false; + + const minisign = b.addExecutable(.{ + .name = "minisign", + .target = target, + .optimize = optimize, + .strip = true, + }); minisign.linkLibC(); - minisign.addLibraryPath("/opt/homebrew/lib"); - minisign.addLibraryPath("/usr/local/lib"); - minisign.linkSystemLibrary("sodium"); + if (use_libzodium) { + const libzodium_mod = b.createModule(.{ + .root_source_file = b.path("src/libzodium.zig"), + .target = target, + .optimize = optimize, + }); + const libzodium = b.addStaticLibrary(.{ + .name = "zodium", + .root_module = libzodium_mod, + .strip = true, + }); + libzodium.linkLibC(); + b.installArtifact(libzodium); + minisign.root_module.addCMacro("LIBZODIUM", "1"); + minisign.linkLibrary(libzodium); + } else { + minisign.root_module.linkSystemLibrary( + "sodium", + .{ + .use_pkg_config = .yes, + .preferred_link_mode = if (use_static_linking) .static else .dynamic, + }, + ); + } + minisign.addIncludePath(b.path("src")); + minisign.addSystemIncludePath(.{ .cwd_relative = "/opt/homebrew/include" }); + minisign.addSystemIncludePath(.{ .cwd_relative = "/usr/local/include" }); + minisign.root_module.addCMacro("_GNU_SOURCE", "1"); + const source_files = &.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }; + minisign.addCSourceFiles(.{ .files = source_files }); - minisign.addIncludePath("src"); - minisign.addSystemIncludePath("/opt/homebrew/include"); - minisign.addSystemIncludePath("/usr/local/include"); - minisign.defineCMacro("_GNU_SOURCE", "1"); - minisign.addCSourceFiles(&.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }, &.{}); + b.installArtifact(minisign); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/build.zig.zon new/minisign-0.12/build.zig.zon --- old/minisign-0.11/build.zig.zon 1970-01-01 01:00:00.000000000 +0100 +++ new/minisign-0.12/build.zig.zon 2025-01-15 22:46:54.000000000 +0100 @@ -0,0 +1,12 @@ +.{ + .name = "minisign", + .version = "0.12.0", + .paths = .{ + "LICEMSE", + "README.md", + "build.zig", + "build.zig.zon", + "src", + "share", + }, +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/src/base64.c new/minisign-0.12/src/base64.c --- old/minisign-0.11/src/base64.c 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/src/base64.c 2025-01-15 22:46:54.000000000 +0100 @@ -52,7 +52,7 @@ REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE }; const unsigned char *b64_u = (const unsigned char *) b64; - unsigned char * bin_w = bin; + unsigned char *bin_w = bin; unsigned char mask = 0U; unsigned char t0 = 0, t1 = 0, t2 = 0, t3 = 0; uint32_t t = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/src/get_line.c new/minisign-0.12/src/get_line.c --- old/minisign-0.11/src/get_line.c 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/src/get_line.c 2025-01-15 22:46:54.000000000 +0100 @@ -1,6 +1,6 @@ #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include <sys/types.h> +# include <sys/types.h> #endif #include <assert.h> @@ -10,19 +10,19 @@ #include <string.h> #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include <fcntl.h> -#include <poll.h> -#include <termios.h> -#include <unistd.h> +# include <fcntl.h> +# include <poll.h> +# include <termios.h> +# include <unistd.h> #elif defined(_WIN32) -#include <windows.h> +# include <windows.h> #endif #include "get_line.h" #include "helpers.h" #ifndef TCSAFLUSH -#define TCSAFLUSH 0 +# define TCSAFLUSH 0 #endif #ifndef VERIFY_ONLY @@ -33,7 +33,7 @@ fflush(stdout); fflush(stderr); -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) +# if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) { struct termios p; @@ -43,7 +43,7 @@ p.c_lflag &= ~ECHO; tcsetattr(0, TCSAFLUSH, &p); } -#elif defined(_WIN32) +# elif defined(_WIN32) { HANDLE handle = GetStdHandle(STD_INPUT_HANDLE); DWORD mode = 0; @@ -51,7 +51,7 @@ GetConsoleMode(handle, &mode); SetConsoleMode(handle, mode & ~ENABLE_ECHO_INPUT); } -#endif +# endif } static void @@ -60,7 +60,7 @@ fflush(stdout); fflush(stderr); -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) +# if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) { struct termios p; @@ -70,7 +70,7 @@ p.c_lflag |= ECHO; tcsetattr(0, TCSAFLUSH, &p); } -#elif defined(_WIN32) +# elif defined(_WIN32) { HANDLE handle = GetStdHandle(STD_INPUT_HANDLE); DWORD mode = 0; @@ -78,7 +78,7 @@ GetConsoleMode(handle, &mode); SetConsoleMode(handle, mode | ENABLE_ECHO_INPUT); } -#endif +# endif } int diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/src/helpers.c new/minisign-0.12/src/helpers.c --- old/minisign-0.11/src/helpers.c 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/src/helpers.c 2025-01-15 22:46:54.000000000 +0100 @@ -1,10 +1,10 @@ #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include <fcntl.h> -#include <sys/stat.h> -#include <sys/types.h> +# include <fcntl.h> +# include <sys/stat.h> +# include <sys/types.h> #elif defined(_WIN32) -#include <direct.h> +# include <direct.h> #endif #include <errno.h> @@ -14,7 +14,11 @@ #include <stdlib.h> #include <string.h> -#include <sodium.h> +#ifdef LIBZODIUM +# include "zodium.h" +#else +# include <sodium.h> +#endif #include "base64.h" #include "helpers.h" @@ -100,7 +104,7 @@ int xfprintf(FILE *fp, const char *format, ...) { - char * out; + char *out; size_t out_maxlen = 4096U; int len; va_list va; @@ -126,7 +130,7 @@ xfput_b64(FILE *fp, const unsigned char *bin, size_t bin_len) { const size_t b64_maxlen = (bin_len + 2) * 4 / 3 + 1; - char * b64; + char *b64; b64 = xsodium_malloc(b64_maxlen); if (bin_to_b64(b64, bin, b64_maxlen, bin_len) == NULL) { @@ -160,7 +164,7 @@ while (i-- > (size_t) 0U) { if (str[i] == '\n') { str[i] = 0; - t = 1; + t = 1; } else if (str[i] == '\r') { str[i] = 0; } @@ -198,7 +202,7 @@ basedir_create_useronly(const char *file) { const char *basename; - char * dir; + char *dir; int ret = -1; dir = xstrdup(file); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/src/helpers.h new/minisign-0.12/src/helpers.h --- old/minisign-0.11/src/helpers.h 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/src/helpers.h 2025-01-15 22:46:54.000000000 +0100 @@ -6,12 +6,12 @@ #include <stdio.h> #if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(X) +# define __attribute__(X) #endif #ifdef _WIN32 -#define DIR_SEP '\\' +# define DIR_SEP '\\' #else -#define DIR_SEP '/' +# define DIR_SEP '/' #endif uint64_t le64_load(const unsigned char *p); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/src/libzodium.zig new/minisign-0.12/src/libzodium.zig --- old/minisign-0.11/src/libzodium.zig 1970-01-01 01:00:00.000000000 +0100 +++ new/minisign-0.12/src/libzodium.zig 2025-01-15 22:46:54.000000000 +0100 @@ -0,0 +1,120 @@ +const std = @import("std"); +const crypto = std.crypto; +const mem = std.mem; +const Ed25519 = crypto.sign.Ed25519; + +export fn sodium_init() callconv(.C) c_int { + return 0; +} + +export fn sodium_memzero(pnt: [*c]u8, len: usize) callconv(.C) void { + crypto.utils.secureZero(u8, pnt[0..len]); +} + +export fn randombytes_buf(pnt: [*c]u8, len: usize) callconv(.C) void { + crypto.random.bytes(pnt[0..len]); +} + +export fn sodium_malloc(len: usize) callconv(.C) ?*anyopaque { + return std.c.malloc(len); +} + +export fn sodium_free(pnt: ?*anyopaque) callconv(.C) void { + return std.c.free(pnt); +} + +export fn crypto_pwhash_scryptsalsa208sha256( + out: [*c]u8, + outlen: c_ulonglong, + passwd: [*c]const u8, + passwdlen: c_ulonglong, + salt: [*c]const u8, + opslimit: c_ulonglong, + memlimit: usize, +) callconv(.C) c_int { + crypto.pwhash.scrypt.kdf( + std.heap.c_allocator, + out[0..outlen], + passwd[0..passwdlen], + salt[0..32], + crypto.pwhash.scrypt.Params.fromLimits(opslimit, memlimit), + ) catch return -1; + return 0; +} + +const crypto_generichash_state = crypto.hash.blake2.Blake2b512; + +export fn crypto_generichash_init( + state: *crypto_generichash_state, + _: [*c]const u8, + _: usize, + outlen: usize, +) c_int { + state.* = crypto.hash.blake2.Blake2b512.init(.{ .expected_out_bits = outlen * 8 }); + return 0; +} + +export fn crypto_generichash_update( + state: *crypto_generichash_state, + in: [*c]const u8, + inlen: c_ulonglong, +) c_int { + state.*.update(in[0..inlen]); + return 0; +} + +export fn crypto_generichash_final( + state: *crypto_generichash_state, + out: [*c]u8, + outlen: usize, +) c_int { + var h: [64]u8 = undefined; + state.*.final(&h); + @memcpy(out[0..outlen], h[0..outlen]); + return 0; +} + +export fn crypto_sign_keypair(pk: [*c]u8, sk: [*c]u8) callconv(.C) c_int { + const kp = Ed25519.KeyPair.generate(); + pk[0..32].* = kp.public_key.toBytes(); + sk[0..64].* = kp.secret_key.toBytes(); + return 0; +} + +export fn crypto_sign_detached( + sig_bytes: [*c]u8, + _: [*c]c_ulonglong, + m: [*c]const u8, + mlen: c_ulonglong, + sk_bytes: [*c]const u8, +) callconv(.C) c_int { + const sk = Ed25519.SecretKey.fromBytes(sk_bytes[0..64].*) catch return -1; + const kp = Ed25519.KeyPair.fromSecretKey(sk) catch return -1; + var noise: [Ed25519.noise_length]u8 = undefined; + crypto.random.bytes(&noise); + const s = kp.sign(m[0..mlen], noise) catch return -1; + sig_bytes[0..64].* = s.toBytes(); + return 0; +} + +export fn crypto_sign_verify_detached( + sig_bytes: [*c]const u8, + m: [*c]const u8, + mlen: c_ulonglong, + pk_bytes: [*c]const u8, +) callconv(.C) c_int { + const pk = Ed25519.PublicKey.fromBytes(pk_bytes[0..32].*) catch return -1; + const sig = Ed25519.Signature.fromBytes(sig_bytes[0..64].*); + sig.verify(m[0..mlen], pk) catch return 1; + return 0; +} + +export fn sodium_bin2hex( + hex: [*c]u8, + hex_maxlen: usize, + bin: [*c]const u8, + bin_len: usize, +) callconv(.C) [*c]u8 { + _ = std.fmt.bufPrint(hex[0..hex_maxlen], "{s}", .{std.fmt.fmtSliceHexLower(bin[0..bin_len])}) catch return null; + return hex; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/src/minisign.c new/minisign-0.12/src/minisign.c --- old/minisign-0.11/src/minisign.c 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/src/minisign.c 2025-01-15 22:46:54.000000000 +0100 @@ -10,7 +10,11 @@ #include <time.h> #include <unistd.h> -#include <sodium.h> +#ifdef LIBZODIUM +# include "zodium.h" +#else +# include <sodium.h> +#endif #include "base64.h" #include "get_line.h" @@ -289,6 +293,7 @@ exit_msg("A public key is required"); } +#ifndef VERIFY_ONLY static void seckey_compute_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seckey_struct) { @@ -302,7 +307,6 @@ crypto_generichash_final(&hs, chk, sizeof seckey_struct->keynum_sk.chk); } -#ifndef VERIFY_ONLY static void decrypt_key(SeckeyStruct *const seckey_struct, unsigned char chk[crypto_generichash_BYTES]) { @@ -461,9 +465,9 @@ if (memcmp(sig_struct->keynum, pubkey_struct->keynum_pk.keynum, sizeof sig_struct->keynum) != 0) { fprintf(stderr, - "Signature key id in %s is %" PRIX64 + "Signature key id in %s is %016" PRIX64 "\n" - "but the key id in the public key is %" PRIX64 "\n", + "but the key id in the public key is %016" PRIX64 "\n", sig_file, le64_load(sig_struct->keynum), le64_load(pubkey_struct->keynum_pk.keynum)); exit(1); @@ -662,7 +666,7 @@ if ((fp = fopen(pk_file, "w")) == NULL) { exit_err(pk_file); } - xfprintf(fp, COMMENT_PREFIX "minisign public key %" PRIX64 "\n", + xfprintf(fp, COMMENT_PREFIX "minisign public key %016" PRIX64 "\n", le64_load(pubkey_struct->keynum_pk.keynum)); xfput_b64(fp, (const unsigned char *) (const void *) pubkey_struct, sizeof *pubkey_struct); xfclose(fp); @@ -829,20 +833,28 @@ #ifndef VERIFY_ONLY char *sk_file = sig_default_skfile(); #endif - const char *sig_file = NULL; - const char *message_file = NULL; - const char *comment = NULL; - const char *pubkey_s = NULL; - const char *trusted_comment = NULL; - unsigned char opt_seen[16] = { 0 }; + const char *sig_file = NULL; + const char *message_file = NULL; +#ifndef VERIFY_ONLY + const char *comment = NULL; +#endif + const char *pubkey_s = NULL; +#ifndef VERIFY_ONLY + const char *trusted_comment = NULL; +#endif + unsigned char opt_seen[16] = { 0 }; int opt_flag; - int quiet = 0; - int output = 0; - int force = 0; - int allow_legacy = 1; - int sign_legacy = 0; - int unencrypted_key = 0; - Action action = ACTION_NONE; + int quiet = 0; + int output = 0; +#ifndef VERIFY_ONLY + int force = 0; +#endif + int allow_legacy = 1; +#ifndef VERIFY_ONLY + int sign_legacy = 0; + int unencrypted_key = 0; +#endif + Action action = ACTION_NONE; while ((opt_flag = getopt(argc, argv, getopt_options)) != -1) { switch (opt_flag) { @@ -891,9 +903,11 @@ case 'H': allow_legacy = 0; break; +#ifndef VERIFY_ONLY case 'l': sign_legacy = 1; break; +#endif case 'm': message_file = optarg; break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/src/minisign.h new/minisign-0.12/src/minisign.h --- old/minisign-0.11/src/minisign.h 2023-01-16 22:42:27.000000000 +0100 +++ new/minisign-0.12/src/minisign.h 2025-01-15 22:46:54.000000000 +0100 @@ -20,7 +20,7 @@ #define SIG_DEFAULT_PKFILE "minisign.pub" #define SIG_DEFAULT_SKFILE "minisign.key" #define SIG_SUFFIX ".minisig" -#define VERSION_STRING "minisign 0.11" +#define VERSION_STRING "minisign 0.12" typedef struct KeynumSK_ { unsigned char keynum[KEYNUMBYTES]; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/minisign-0.11/src/zodium.h new/minisign-0.12/src/zodium.h --- old/minisign-0.11/src/zodium.h 1970-01-01 01:00:00.000000000 +0100 +++ new/minisign-0.12/src/zodium.h 2025-01-15 22:46:54.000000000 +0100 @@ -0,0 +1,62 @@ +#pragma once + +#include <stddef.h> + +int sodium_init(void) __attribute__((warn_unused_result)); +; + +void sodium_memzero(void* const pnt, const size_t len); + +void randombytes_buf(void* const buf, const size_t size) __attribute__((nonnull)); + +void* sodium_malloc(const size_t size) __attribute__((malloc)); + +void sodium_free(void* ptr); + +#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U +#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U +#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U +#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U +#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U + +int crypto_pwhash_scryptsalsa208sha256(unsigned char* const out, + unsigned long long outlen, + const char* const passwd, + unsigned long long passwdlen, + const unsigned char* const salt, + unsigned long long opslimit, + size_t memlimit) __attribute__((warn_unused_result)) +__attribute__((nonnull)); + +typedef struct crypto_generichash_state { + unsigned char opaque[512]; +} crypto_generichash_state; + +#define crypto_generichash_BYTES_MAX 64U +#define crypto_generichash_BYTES 32U + +int crypto_generichash_init(crypto_generichash_state* state, const unsigned char* key, + const size_t keylen, const size_t outlen) __attribute__((nonnull(1))); + +int crypto_generichash_update(crypto_generichash_state* state, + const unsigned char* in, + unsigned long long inlen) __attribute__((nonnull(1))); + +int crypto_generichash_final(crypto_generichash_state* state, unsigned char* out, + const size_t outlen) __attribute__((nonnull)); + +#define crypto_sign_SECRETKEYBYTES 64 +#define crypto_sign_PUBLICKEYBYTES 32 +#define crypto_sign_BYTES 64 + +int crypto_sign_keypair(unsigned char* pk, unsigned char* sk) __attribute__((nonnull)); + +int crypto_sign_detached(unsigned char* sig, unsigned long long* siglen_p, const unsigned char* m, + unsigned long long mlen, const unsigned char* sk) + __attribute__((nonnull(1, 5))); + +int crypto_sign_verify_detached(const unsigned char* sig, + const unsigned char* m, + unsigned long long mlen, + const unsigned char* pk) __attribute__((warn_unused_result)) +__attribute__((nonnull(1, 4))); \ No newline at end of file
