diff options
author | Marc Espie <espie@cvs.openbsd.org> | 2014-01-23 11:52:35 +0000 |
---|---|---|
committer | Marc Espie <espie@cvs.openbsd.org> | 2014-01-23 11:52:35 +0000 |
commit | 30c3b46de258c3bc6b2e0a9a130b06e8169e44c5 (patch) | |
tree | 46d12cd9656cae77b4d9a8ee3d82ea3d7bdd876b /usr.sbin/pkg_add/OpenBSD/PkgCreate.pm | |
parent | 5af278267b870645e6323e62118dc525ff3d4a52 (diff) |
zap the sign-only part (moved to PkgSign.pm).
reuse the signer part (move to Signer.pm)
Diffstat (limited to 'usr.sbin/pkg_add/OpenBSD/PkgCreate.pm')
-rw-r--r-- | usr.sbin/pkg_add/OpenBSD/PkgCreate.pm | 297 |
1 files changed, 8 insertions, 289 deletions
diff --git a/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm b/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm index d7458e501c9..575a91335bc 100644 --- a/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm +++ b/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm @@ -1,6 +1,6 @@ #! /usr/bin/perl # ex:ts=8 sw=4: -# $OpenBSD: PkgCreate.pm,v 1.97 2014/01/20 21:10:55 naddy Exp $ +# $OpenBSD: PkgCreate.pm,v 1.98 2014/01/23 11:52:34 espie Exp $ # # Copyright (c) 2003-2014 Marc Espie <espie@openbsd.org> # @@ -22,93 +22,10 @@ use warnings; use OpenBSD::AddCreateDelete; use OpenBSD::Dependencies; use OpenBSD::SharedLibs; - -package Signer; - -my $h = { - x509 => 'Signer::X509', - signify => 'Signer::SIGNIFY', -}; - -sub factory -{ - my ($class, $state) = @_; - - my @p = @{$state->{signature_params}}; - - if (defined $h->{$p[0]}) { - return $h->{$p[0]}->new($state, @p); - } else { - $state->usage("Unknown signature scheme $p[0]"); - } -} - -package Signer::X509; -sub new -{ - my ($class, $state, @p) = @_; - - if (@p != 3 || !-f $p[1] || !-f $p[2]) { - $state->usage("$p[0] signature wants -s cert -s privkey"); - } - bless {cert => $p[1], privkey => $p[2]}, $class; -} - -sub new_sig -{ - require OpenBSD::x509; - return OpenBSD::PackingElement::DigitalSignature->blank('x509'); -} - -sub compute_signature -{ - my ($self, $state, $plist) = @_; - return OpenBSD::x509::compute_signature($plist, $self->{cert}, - $self->{privkey}); -} - -package Signer::SIGNIFY; -sub new -{ - my ($class, $state, @p) = @_; - if (@p != 2 || !-f $p[1]) { - $state->usage("$p[0] signature wants -s privkey"); - } - my $o = bless {privkey => $p[1]}, $class; - my $signer = $o->{privkey}; - $signer =~ s/\.sec$//; - my $pubkey = "$signer.pub"; - $signer =~ s,.*/,,; - $o->{signer} = $signer; - if (!-f $pubkey) { - $pubkey =~ s,.*/,/etc/signify/,; - if (!-f $pubkey) { - $state->errsay("warning: public key not found"); - return $o; - } - } - $o->{pubkey} = $pubkey; - return $o; -} - -sub new_sig -{ - require OpenBSD::signify; - return OpenBSD::PackingElement::DigitalSignature->blank('signify'); -} - -sub compute_signature -{ - my ($self, $state, $plist) = @_; - - OpenBSD::PackingElement::Signer->add($plist, $self->{signer}); - - return OpenBSD::signify::compute_signature($plist, $state, - $self->{privkey}, $self->{pubkey}); -} +use OpenBSD::Signer; package OpenBSD::PkgCreate::State; -our @ISA = qw(OpenBSD::AddCreateDelete::State); +our @ISA = qw(OpenBSD::CreateSign::State); sub init { @@ -149,12 +66,6 @@ sub set_status } } -sub todo -{ - my ($self, $offset) = @_; - return sprintf("%u/%u", $self->{done}-$offset, $self->{total}); -} - sub end_status { my $self = shift; @@ -175,17 +86,6 @@ sub handle_options sub { push(@{$state->{contents}}, shift); }, - 'o' => - sub { - $state->{output_dir} = shift; - if (!-d $state->{output_dir}) { - $state->usage("no such dir"); - } - }, - 'S' => - sub { - $state->{source} = shift; - }, 'p' => sub { $state->{prefix} = shift; @@ -198,15 +98,11 @@ sub handle_options my $w = shift; $state->{wantlib}{$w} = 1; }, - 's' => sub { - push(@{$state->{signature_params}}, shift); - }, }; $state->{no_exports} = 1; - $state->SUPER::handle_options('p:f:d:j:M:U:s:A:B:P:W:qQo:S:', + $state->SUPER::handle_options('p:f:d:M:U:A:B:P:W:qQ', '[-nQqvx] [-A arches] [-B pkg-destdir] [-D name[=value]]', '[-L localbase] [-M displayfile] [-P pkg-dependency]', - '[-s [x509 -s cert|signify] -s priv] [-o dir] [-S source]', '[-U undisplayfile] [-W wantedlib]', '[-d desc -D COMMENT=value -f packinglist -p prefix]', 'pkg-name...'); @@ -395,10 +291,6 @@ sub prepare_for_archival return $o; } -sub copy_over -{ -} - sub discover_directories { } @@ -472,14 +364,6 @@ sub prepare_for_archival return $o; } -sub copy_over -{ - my ($self, $state, $wrarc, $rdarc) = @_; - $wrarc->destdir($rdarc->info); - my $e = $wrarc->prepare($self->{name}); - $e->write; -} - sub forbidden() { 1 } # override for CONTENTS: we cannot checksum this. @@ -562,13 +446,6 @@ sub verify_checksum $self->verify_checksum_with_base($state, $state->{base}); } -sub copy_over -{ - my ($self, $state, $wrarc, $rdarc) = @_; - my $e = $rdarc->next; - $e->copy($wrarc); -} - sub find_every_library { my ($self, $h) = @_; @@ -1162,144 +1039,6 @@ sub add_description close($fh); } -sub add_signature -{ - my ($self, $plist, $state) = @_; - - if ($plist->has('digital-signature') || $plist->has('signer')) { - if ($state->defines('resign')) { - if ($state->defines('nosig')) { - $state->errsay("NOT CHECKING DIGITAL SIGNATURE FOR #1", - $plist->pkgname); - } else { - if (!$plist->check_signature($state)) { - $state->fatal("#1 is corrupted", - $plist->pkgname); - } - } - $state->errsay("Resigning #1", $plist->pkgname); - delete $plist->{'digital-signature'}; - delete $plist->{signer}; - } - } - - my $sig = $state->{signer}->new_sig; - $sig->add_object($plist); - $sig->{b64sig} = $state->{signer}->compute_signature($state, $plist); -} - -sub create_archive -{ - my ($self, $state, $filename, $dir) = @_; - require IO::Compress::Gzip; - my $fh = IO::Compress::Gzip->new($filename); - return OpenBSD::Ustar->new($fh, $state, $dir); -} - -sub sign_existing_package -{ - my ($self, $state, $pkg) = @_; - my $output = $state->{output_dir} // "."; - my $dir = $pkg->info; - my $plist = OpenBSD::PackingList->fromfile($dir.CONTENTS); - $plist->set_infodir($dir); - $self->add_signature($plist, $state); - $plist->save; - my $tmp = OpenBSD::Temp::permanent_file($output, "pkg"); - my $wrarc = $self->create_archive($state, $tmp, "."); - $plist->copy_over($state, $wrarc, $pkg); - $wrarc->close; - $pkg->wipe_info; - chmod((0666 & ~umask), $tmp); - rename($tmp, $output.'/'.$plist->pkgname.".tgz") or - $state->fatal("Can't create final signed package: #1", $!); - $state->system(sub { - chdir($output); - open(STDOUT, '>>', 'SHA256'); - }, - OpenBSD::Paths->sha256, '-b', $plist->pkgname.".tgz"); -} - -sub sign_list -{ - my ($self, $l, $repo, $maxjobs, $state) = @_; - $state->{total} = scalar @$l; - $maxjobs //= 1; - my $code = sub { - my $pkg = $repo->find(shift); - $self->sign_existing_package($state, $pkg); - }; - my $display = $state->verbose ? - sub { - $state->progress->set_header("Signed ".shift); - $state->{done}++; - $state->progress->next($state->ntogo); - } : - sub { - }; - if ($maxjobs > 1) { - my $jobs = {}; - my $n = 0; - my $reap_job = sub { - my $pid = wait; - if (!defined $jobs->{$pid}) { - $state->fatal("Wait returned #1: unknown process", $pid); - } - if ($? != 0) { - $state->fatal("Signature of #1 failed\n", - $jobs->{$pid}); - } - $n--; - &$display($jobs->{$pid}); - delete $state->{signer}{pubkey}; - delete $jobs->{$pid}; - }; - - while (@$l > 0) { - my $name = shift @$l; - my $pid = fork(); - if ($pid == 0) { - $repo->reinitialize; - &$code($name); - exit(0); - } else { - $jobs->{$pid} = $name; - $n++; - } - if ($n >= $maxjobs) { - &$reap_job; - } - } - while ($n != 0) { - &$reap_job; - } - } else { - for my $name (@$l) { - &$code($name); - &$display($name); - delete $state->{signer}{pubkey}; - } - } - $state->system(sub { - chdir($state->{output_dir}) if $state->{output_dir}; - open(STDOUT, '>', 'SHA256.new'); - }, 'sort', 'SHA256'); - rename($state->{output_dir}.'/SHA256.new', - $state->{output_dir}.'/SHA256'); -} - -sub sign_existing_repository -{ - my ($self, $state, $source) = @_; - require OpenBSD::PackageRepository; - my $repo = OpenBSD::PackageRepository->new($source, $state); - my @list = sort @{$repo->list}; - if (@list == 0) { - $state->errsay('Source repository "#1" is empty', $source); - } - $self->sign_list(\@list, $repo, $state->opt('j'), $state); -} - sub add_extra_info { my ($self, $plist, $state) = @_; @@ -1450,8 +1189,7 @@ sub create_package local $SIG{'HUP'} = $h; local $SIG{'KILL'} = $h; local $SIG{'TERM'} = $h; - $state->{archive} = $self->create_archive($state, $wname, - $plist->infodir); + $state->{archive} = $state->create_archive($wname, $plist->infodir); $state->set_status("archiving"); $state->progress->visit_with_size($plist, 'create_package', $state); $state->end_status; @@ -1595,7 +1333,7 @@ sub parse_and_run my $state = OpenBSD::PkgCreate::State->new($cmd); $state->handle_options; - if (@ARGV == 0 && !defined $state->{source}) { + if (@ARGV == 0) { $regen_package = 1; } elsif (@ARGV != 1) { if (defined $state->{contents} || @@ -1605,19 +1343,12 @@ sub parse_and_run } try { - if (defined $state->{signature_params}) { - $state->{signer} = Signer->factory($state); - } if (defined $state->opt('Q')) { $state->{opt}{q} = 1; } if (!defined $state->{contents}) { - if (defined $state->{signer}) { - $sign_only = 1; - } else { - $state->usage("Packing-list required"); - } + $state->usage("Packing-list required"); } my $plist; @@ -1627,18 +1358,6 @@ sub parse_and_run } $plist = $self->read_existing_plist($state, $state->{contents}[0]); - } elsif ($sign_only) { - if ($state->not) { - $state->fatal("can't pretend to sign existing packages"); - } - $state->{wantntogo} = $state->config->istrue("ntogo"); - if (defined $state->{source}) { - $self->sign_existing_repository($state, - $state->{source}); - } - $self->sign_list(\@ARGV, $state->repo, $state->opt('j'), - $state); - return 0; } else { $plist = $self->create_plist($state, $ARGV[0]); } @@ -1692,7 +1411,7 @@ sub parse_and_run $state->{bad} = 0; if (defined $state->{signer}) { - $self->add_signature($plist, $state); + $state->add_signature($plist); $plist->save if $regen_package; } |