RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 05-May-2014 21:48:45
Branch: rpm-5_4 Handle: 2014050519484104
Modified files: (Branch: rpm-5_4)
rpm CHANGES
rpm/build build.c pack.c
rpm/macros macros.in macros.rpmbuild.in
Log:
- jbj: ecdsa: generate non-repudiable ecdsa signature when building.
Summary:
Revision Changes Path
1.3501.2.386+3 -1 rpm/CHANGES
2.145.2.2 +8 -2 rpm/build/build.c
2.324.2.12 +5 -2 rpm/build/pack.c
1.39.2.38 +6 -5 rpm/macros/macros.in
1.4.4.17 +6 -3 rpm/macros/macros.rpmbuild.in
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3501.2.385 -r1.3501.2.386 CHANGES
--- rpm/CHANGES 5 May 2014 19:24:36 -0000 1.3501.2.385
+++ rpm/CHANGES 5 May 2014 19:48:41 -0000 1.3501.2.386
@@ -1,5 +1,7 @@
5.4.14 -> 5.4.15:
- - jbj: pgp: fix: rescusitate.
+ - jbj: ecdsa: generate non-repudiable ecdsa signature when building.
+ - jbj: ecdsa: implement RPMSIGTAG_ECDSA/RPMTAG_ECDSAHEAER use.
+ - jbj: pgp: fix: rescusitate clear/detached signing.
- jbj: pgp: validate pubkey binding signatures w clear/detached signing.
- jbj: ecdsa: define RPMSIGTAG_ECDSA/RPMTAG_ECDSAHEADER.
- jbj: pgp: refactor some table lookup helpers.
@@ .
patch -p0 <<'@@ .'
Index: rpm/build/build.c
============================================================================
$ cvs diff -u -r2.145.2.1 -r2.145.2.2 build.c
--- rpm/build/build.c 1 Jan 2011 14:39:54 -0000 2.145.2.1
+++ rpm/build/build.c 5 May 2014 19:48:44 -0000 2.145.2.2
@@ -340,8 +340,14 @@
rpmRC rc = RPMRC_OK;
/* Generate a keypair lazily. */
- if (spec->dig == NULL)
- spec->dig = pgpDigNew(RPMVSF_DEFAULT, PGPPUBKEYALGO_DSA);
+assert(spec->dig == NULL);
+ spec->dig = pgpDigNew(RPMVSF_DEFAULT, PGPPUBKEYALGO_UNKNOWN);
+ { int xx;
+ xx = pgpDigSetAlgos(spec->dig);
+ xx = pgpImplGenerate(spec->dig);
+assert(xx == 1);
+ xx = pgpExportPubkey(spec->dig);
+ }
if (!spec->recursing && spec->BACount) {
int x;
@@ .
patch -p0 <<'@@ .'
Index: rpm/build/pack.c
============================================================================
$ cvs diff -u -r2.324.2.11 -r2.324.2.12 pack.c
--- rpm/build/pack.c 23 Apr 2014 22:25:43 -0000 2.324.2.11
+++ rpm/build/pack.c 5 May 2014 19:48:45 -0000 2.324.2.12
@@ -830,10 +830,10 @@
(void) Fflush(fd);
}
- { /* XXX Dupe the header hash for the RFC 2440/4880 signature. */
+ { /* XXX Dupe the header digest for the non-repudiable signature.
*/
DIGEST_CTX ctx = (dig ? rpmDigestDup(fd->digests[fd->ndigests-1]) :
NULL);
- /* Finalize the header SHA1. */
+ /* Finalize the header signature digest. */
/* XXX FIXME: get binary octets, not ASCII. */
fdFiniDigest(fd, PGPHASHALGO_SHA1, &SHA1, NULL, 1);
@@ -885,6 +885,9 @@
case PGPPUBKEYALGO_DSA:
he->tag = (rpmTag) RPMSIGTAG_DSA;
break;
+ case PGPPUBKEYALGO_ECDSA:
+ he->tag = (rpmTag) RPMSIGTAG_ECDSA;
+ break;
}
he->t = RPM_BIN_TYPE;
he->p.ptr = (void *) dig->sig;
@@ .
patch -p0 <<'@@ .'
Index: rpm/macros/macros.in
============================================================================
$ cvs diff -u -r1.39.2.37 -r1.39.2.38 macros.in
--- rpm/macros/macros.in 18 Apr 2014 18:45:56 -0000 1.39.2.37
+++ rpm/macros/macros.in 5 May 2014 19:48:45 -0000 1.39.2.38
@@ -1,7 +1,7 @@
#/*! \page config_macros Default configuration: @USRLIBRPM@/macros
# \verbatim
#
-# $Id: macros.in,v 1.39.2.37 2014/04/18 18:45:56 jbj Exp $
+# $Id: macros.in,v 1.39.2.38 2014/05/05 19:48:45 jbj Exp $
#
# This is a global RPM configuration file. All changes made here will
# be lost when the rpm package is upgraded. Any per-system configuration
@@ -518,7 +518,7 @@
# pgps +batchmode=on +verbose=0 +armor=off \
# "+myname=%{_pgp_name}" -b %{__plaintext_filename} -o
%{__signature_filename}
-# rpm-5.0 and later verifies signatures internally using beecrypt/NSS/openssl
+# rpm-5.0 and later verifies signatures internally
#%__gpg_verify_cmd %{__gpg} \
# gpg --batch --no-verbose --verify --no-secmem-warning \
# %{__signature_filename} %{__plaintext_filename}
@@ -544,8 +544,9 @@
# Horowitz Key Protocol server configuration
#
+%_hkp_keyserver hkp://keys.rpm5.org
#%_hkp_keyserver hkp://keys.n3npq.net
-%_hkp_keyserver hkp://pool.sks-keyservers.net
+#%_hkp_keyserver hkp://pool.sks-keyservers.net
%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search=
@@ -572,8 +573,8 @@
%_transaction_color @RPMCANONCOLOR@
# A default autorelocation path prefixed to file paths of packages
-# that have an incompatible arch. This is used on ia64 to prefix
-# /emul/ia32 to i386 file paths, and nowhere else (yet).
+# that have an incompatible arch. This was used on ia64 to prefix
+# /emul/ia32 to i386 file paths, and nowhere else.
#
# XXX Note: escaped %% for use in headerSprintf()
#%_autorelocate_path @autorelocate_path@
@@ .
patch -p0 <<'@@ .'
Index: rpm/macros/macros.rpmbuild.in
============================================================================
$ cvs diff -u -r1.4.4.16 -r1.4.4.17 macros.rpmbuild.in
--- rpm/macros/macros.rpmbuild.in 25 Apr 2014 20:03:16 -0000 1.4.4.16
+++ rpm/macros/macros.rpmbuild.in 5 May 2014 19:48:45 -0000 1.4.4.17
@@ -1,7 +1,7 @@
#/*! \page build_macros Default configuration: @USRLIBRPM@/macros.rpmbuild
# \verbatim
#
-# $Id: macros.rpmbuild.in,v 1.4.4.16 2014/04/25 20:03:16 jbj Exp $
+# $Id: macros.rpmbuild.in,v 1.4.4.17 2014/05/05 19:48:45 jbj Exp $
#
# This file contains rpmbuild configuration macros.
#
@@ -265,14 +265,17 @@
#
# Choose the non-repudiable signature algorithm:
# DSA (default)
-# DSA/SHA224
-# DSA/SHA256
# RSA (implies SHA1)
+# ECDSA (implies SHA256)
# RSA/SHA1
# RSA/SHA224
# RSA/SHA256
# RSA/SHA384
# RSA/SHA512
+# ECDSA/SHA224 (using NIST P-224)
+# ECDSA/SHA256 (using NIST P-256)
+# ECDSA/SHA384 (using NIST P-385)
+# ECDSA/SHA512 (using NIST P-521)
#
%_build_sign DSA
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
