Re: remove date from signify zsig

Tue, 19 Mar 2019 01:59:00 -0700 

On 18.03.2019 20:49, Ted Unangst wrote:
> Andre Stoebe wrote:
>> Hi,
>>
>> I, too, would like to have a way of signing the gzip archive in a
>> reproducible way, so here's a diff that uses -n, similar to gzip(1).
> 
> Thanks. I think it's more consistent to store a zero time stamp. This diff is
> a little simpler and avoids some variable reabuse.

Hi Ted,

I agree, this diff is pretty elegant. And it works fine here.

Regards
Andre

> Index: signify.1
> ===================================================================
> RCS file: /home/cvs/src/usr.bin/signify/signify.1,v
> retrieving revision 1.45
> diff -u -p -r1.45 signify.1
> --- signify.1 26 Feb 2019 22:24:41 -0000      1.45
> +++ signify.1 18 Mar 2019 19:47:05 -0000
> @@ -35,7 +35,7 @@
>  .Fl s Ar seckey
>  .Nm signify
>  .Fl S
> -.Op Fl ez
> +.Op Fl enz
>  .Op Fl x Ar sigfile
>  .Fl s Ar seckey
>  .Fl m Ar message
> @@ -91,10 +91,15 @@ When verifying with
>  .Fl e ,
>  the file to create.
>  .It Fl n
> -Do not ask for a passphrase during key generation.
> +When generating a key pair, do not ask for a passphrase.
>  Otherwise,
>  .Nm
>  will prompt the user for a passphrase to protect the secret key.
> +When signing with
> +.Fl z ,
> +store a zero time stamp in the
> +.Xr gzip 1
> +header.
>  .It Fl p Ar pubkey
>  Public key produced by
>  .Fl G ,
> Index: signify.c
> ===================================================================
> RCS file: /home/cvs/src/usr.bin/signify/signify.c,v
> retrieving revision 1.130
> diff -u -p -r1.130 signify.c
> --- signify.c 17 Jan 2019 05:40:10 -0000      1.130
> +++ signify.c 18 Mar 2019 19:41:05 -0000
> @@ -80,7 +80,7 @@ usage(const char *error)
>  #ifndef VERIFYONLY
>           "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
>           "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
> -         "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n"
> +         "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
>  #endif
>           "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m 
> message\n",
>           getprogname());
> @@ -754,7 +754,8 @@ main(int argc, char **argv)
>       char sigfilebuf[PATH_MAX];
>       const char *comment = "signify";
>       char *keytype = NULL;
> -     int ch, rounds;
> +     int ch;
> +     int none = 0;
>       int embedded = 0;
>       int quiet = 0;
>       int gzip = 0;
> @@ -769,8 +770,6 @@ main(int argc, char **argv)
>       if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
>               err(1, "pledge");
>  
> -     rounds = 42;
> -
>       while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
>               switch (ch) {
>  #ifndef VERIFYONLY
> @@ -808,7 +807,7 @@ main(int argc, char **argv)
>                       msgfile = optarg;
>                       break;
>               case 'n':
> -                     rounds = 0;
> +                     none = 1;
>                       break;
>               case 'p':
>                       pubkeyfile = optarg;
> @@ -871,14 +870,14 @@ main(int argc, char **argv)
>               if (!pubkeyfile || !seckeyfile)
>                       usage("must specify pubkey and seckey");
>               check_keyname_compliance(pubkeyfile, seckeyfile);
> -             generate(pubkeyfile, seckeyfile, rounds, comment);
> +             generate(pubkeyfile, seckeyfile, none ? 0 : 42, comment);
>               break;
>       case SIGN:
>               /* no pledge */
>               if (gzip) {
>                       if (!msgfile || !seckeyfile || !sigfile)
>                               usage("must specify message sigfile seckey");
> -                     zsign(seckeyfile, msgfile, sigfile);
> +                     zsign(seckeyfile, msgfile, sigfile, none);
>               } else {
>                       if (!msgfile || !seckeyfile)
>                               usage("must specify message and seckey");
> Index: signify.h
> ===================================================================
> RCS file: /home/cvs/src/usr.bin/signify/signify.h,v
> retrieving revision 1.1
> diff -u -p -r1.1 signify.h
> --- signify.h 2 Sep 2016 16:10:56 -0000       1.1
> +++ signify.h 18 Mar 2019 19:38:33 -0000
> @@ -19,7 +19,7 @@
>  #ifndef signify_h
>  #define signify_h
>  extern void zverify(const char *, const char *, const char *, const char *);
> -extern void zsign(const char *, const char *, const char *);
> +extern void zsign(const char *, const char *, const char *, int);
>  
>  extern void *xmalloc(size_t);
>  extern void writeall(int, const void *, size_t, const char *);
> Index: zsig.c
> ===================================================================
> RCS file: /home/cvs/src/usr.bin/signify/zsig.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 zsig.c
> --- zsig.c    11 Jul 2017 23:52:05 -0000      1.15
> +++ zsig.c    18 Mar 2019 19:43:08 -0000
> @@ -231,7 +231,8 @@ zverify(const char *pubkeyfile, const ch
>  }
>  
>  void
> -zsign(const char *seckeyfile, const char *msgfile, const char *sigfile)
> +zsign(const char *seckeyfile, const char *msgfile, const char *sigfile,
> +    int skipdate)
>  {
>       size_t bufsize = MYBUFSIZE;
>       int fdin, fdout;
> @@ -261,7 +262,11 @@ zsign(const char *seckeyfile, const char
>  
>       msg = xmalloc(space);
>       buffer = xmalloc(bufsize);
> -     time(&clock);
> +     if (skipdate) {
> +             clock = 0;
> +     } else {
> +             time(&clock);
> +     }
>       strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ", gmtime(&clock));
>       snprintf(msg, space,
>           "date=%s\n"
>

Reply via email to