RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 05-May-2014 21:48:45 Branch: rpm-5_4 Handle: 2014050519484104 Modified files: (Branch: rpm-5_4) rpm CHANGES rpm/build build.c pack.c rpm/macros macros.in macros.rpmbuild.in Log: - jbj: ecdsa: generate non-repudiable ecdsa signature when building. Summary: Revision Changes Path 1.3501.2.386+3 -1 rpm/CHANGES 2.145.2.2 +8 -2 rpm/build/build.c 2.324.2.12 +5 -2 rpm/build/pack.c 1.39.2.38 +6 -5 rpm/macros/macros.in 1.4.4.17 +6 -3 rpm/macros/macros.rpmbuild.in ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/CHANGES ============================================================================ $ cvs diff -u -r1.3501.2.385 -r1.3501.2.386 CHANGES --- rpm/CHANGES 5 May 2014 19:24:36 -0000 1.3501.2.385 +++ rpm/CHANGES 5 May 2014 19:48:41 -0000 1.3501.2.386 @@ -1,5 +1,7 @@ 5.4.14 -> 5.4.15: - - jbj: pgp: fix: rescusitate. + - jbj: ecdsa: generate non-repudiable ecdsa signature when building. + - jbj: ecdsa: implement RPMSIGTAG_ECDSA/RPMTAG_ECDSAHEAER use. + - jbj: pgp: fix: rescusitate clear/detached signing. - jbj: pgp: validate pubkey binding signatures w clear/detached signing. - jbj: ecdsa: define RPMSIGTAG_ECDSA/RPMTAG_ECDSAHEADER. - jbj: pgp: refactor some table lookup helpers. @@ . patch -p0 <<'@@ .' Index: rpm/build/build.c ============================================================================ $ cvs diff -u -r2.145.2.1 -r2.145.2.2 build.c --- rpm/build/build.c 1 Jan 2011 14:39:54 -0000 2.145.2.1 +++ rpm/build/build.c 5 May 2014 19:48:44 -0000 2.145.2.2 @@ -340,8 +340,14 @@ rpmRC rc = RPMRC_OK; /* Generate a keypair lazily. */ - if (spec->dig == NULL) - spec->dig = pgpDigNew(RPMVSF_DEFAULT, PGPPUBKEYALGO_DSA); +assert(spec->dig == NULL); + spec->dig = pgpDigNew(RPMVSF_DEFAULT, PGPPUBKEYALGO_UNKNOWN); + { int xx; + xx = pgpDigSetAlgos(spec->dig); + xx = pgpImplGenerate(spec->dig); +assert(xx == 1); + xx = pgpExportPubkey(spec->dig); + } if (!spec->recursing && spec->BACount) { int x; @@ . patch -p0 <<'@@ .' Index: rpm/build/pack.c ============================================================================ $ cvs diff -u -r2.324.2.11 -r2.324.2.12 pack.c --- rpm/build/pack.c 23 Apr 2014 22:25:43 -0000 2.324.2.11 +++ rpm/build/pack.c 5 May 2014 19:48:45 -0000 2.324.2.12 @@ -830,10 +830,10 @@ (void) Fflush(fd); } - { /* XXX Dupe the header hash for the RFC 2440/4880 signature. */ + { /* XXX Dupe the header digest for the non-repudiable signature. */ DIGEST_CTX ctx = (dig ? rpmDigestDup(fd->digests[fd->ndigests-1]) : NULL); - /* Finalize the header SHA1. */ + /* Finalize the header signature digest. */ /* XXX FIXME: get binary octets, not ASCII. */ fdFiniDigest(fd, PGPHASHALGO_SHA1, &SHA1, NULL, 1); @@ -885,6 +885,9 @@ case PGPPUBKEYALGO_DSA: he->tag = (rpmTag) RPMSIGTAG_DSA; break; + case PGPPUBKEYALGO_ECDSA: + he->tag = (rpmTag) RPMSIGTAG_ECDSA; + break; } he->t = RPM_BIN_TYPE; he->p.ptr = (void *) dig->sig; @@ . patch -p0 <<'@@ .' Index: rpm/macros/macros.in ============================================================================ $ cvs diff -u -r1.39.2.37 -r1.39.2.38 macros.in --- rpm/macros/macros.in 18 Apr 2014 18:45:56 -0000 1.39.2.37 +++ rpm/macros/macros.in 5 May 2014 19:48:45 -0000 1.39.2.38 @@ -1,7 +1,7 @@ #/*! \page config_macros Default configuration: @USRLIBRPM@/macros # \verbatim # -# $Id: macros.in,v 1.39.2.37 2014/04/18 18:45:56 jbj Exp $ +# $Id: macros.in,v 1.39.2.38 2014/05/05 19:48:45 jbj Exp $ # # This is a global RPM configuration file. All changes made here will # be lost when the rpm package is upgraded. Any per-system configuration @@ -518,7 +518,7 @@ # pgps +batchmode=on +verbose=0 +armor=off \ # "+myname=%{_pgp_name}" -b %{__plaintext_filename} -o %{__signature_filename} -# rpm-5.0 and later verifies signatures internally using beecrypt/NSS/openssl +# rpm-5.0 and later verifies signatures internally #%__gpg_verify_cmd %{__gpg} \ # gpg --batch --no-verbose --verify --no-secmem-warning \ # %{__signature_filename} %{__plaintext_filename} @@ -544,8 +544,9 @@ # Horowitz Key Protocol server configuration # +%_hkp_keyserver hkp://keys.rpm5.org #%_hkp_keyserver hkp://keys.n3npq.net -%_hkp_keyserver hkp://pool.sks-keyservers.net +#%_hkp_keyserver hkp://pool.sks-keyservers.net %_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search= @@ -572,8 +573,8 @@ %_transaction_color @RPMCANONCOLOR@ # A default autorelocation path prefixed to file paths of packages -# that have an incompatible arch. This is used on ia64 to prefix -# /emul/ia32 to i386 file paths, and nowhere else (yet). +# that have an incompatible arch. This was used on ia64 to prefix +# /emul/ia32 to i386 file paths, and nowhere else. # # XXX Note: escaped %% for use in headerSprintf() #%_autorelocate_path @autorelocate_path@ @@ . patch -p0 <<'@@ .' Index: rpm/macros/macros.rpmbuild.in ============================================================================ $ cvs diff -u -r1.4.4.16 -r1.4.4.17 macros.rpmbuild.in --- rpm/macros/macros.rpmbuild.in 25 Apr 2014 20:03:16 -0000 1.4.4.16 +++ rpm/macros/macros.rpmbuild.in 5 May 2014 19:48:45 -0000 1.4.4.17 @@ -1,7 +1,7 @@ #/*! \page build_macros Default configuration: @USRLIBRPM@/macros.rpmbuild # \verbatim # -# $Id: macros.rpmbuild.in,v 1.4.4.16 2014/04/25 20:03:16 jbj Exp $ +# $Id: macros.rpmbuild.in,v 1.4.4.17 2014/05/05 19:48:45 jbj Exp $ # # This file contains rpmbuild configuration macros. # @@ -265,14 +265,17 @@ # # Choose the non-repudiable signature algorithm: # DSA (default) -# DSA/SHA224 -# DSA/SHA256 # RSA (implies SHA1) +# ECDSA (implies SHA256) # RSA/SHA1 # RSA/SHA224 # RSA/SHA256 # RSA/SHA384 # RSA/SHA512 +# ECDSA/SHA224 (using NIST P-224) +# ECDSA/SHA256 (using NIST P-256) +# ECDSA/SHA384 (using NIST P-385) +# ECDSA/SHA512 (using NIST P-521) # %_build_sign DSA @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org