head 1.23; access; symbols netbsd-11-0-RC4:1.22 netbsd-11-0-RC3:1.22 netbsd-11-0-RC2:1.22 netbsd-11-0-RC1:1.22 perseant-exfatfs-base-20250801:1.22 netbsd-11:1.22.0.2 netbsd-11-base:1.22 netbsd-10-1-RELEASE:1.19 perseant-exfatfs-base-20240630:1.21 perseant-exfatfs:1.21.0.2 perseant-exfatfs-base:1.21 netbsd-8-3-RELEASE:1.15 netbsd-9-4-RELEASE:1.16 netbsd-10-0-RELEASE:1.19 netbsd-10-0-RC6:1.19 netbsd-10-0-RC5:1.19 netbsd-10-0-RC4:1.19 netbsd-10-0-RC3:1.19 netbsd-10-0-RC2:1.19 netbsd-10-0-RC1:1.19 netbsd-10:1.19.0.2 netbsd-10-base:1.19 netbsd-9-3-RELEASE:1.16 cjep_sun2x-base1:1.18 cjep_sun2x:1.18.0.6 cjep_sun2x-base:1.18 cjep_staticlib_x-base1:1.18 netbsd-9-2-RELEASE:1.16 cjep_staticlib_x:1.18.0.4 cjep_staticlib_x-base:1.18 netbsd-9-1-RELEASE:1.16 phil-wifi-20200421:1.18 phil-wifi-20200411:1.18 is-mlppp:1.18.0.2 is-mlppp-base:1.18 phil-wifi-20200406:1.18 netbsd-8-2-RELEASE:1.15 netbsd-9-0-RELEASE:1.16 netbsd-9-0-RC2:1.16 netbsd-9-0-RC1:1.16 phil-wifi-20191119:1.18 netbsd-9:1.16.0.2 netbsd-9-base:1.16 phil-wifi-20190609:1.16 netbsd-8-1-RELEASE:1.15 netbsd-8-1-RC1:1.15 pgoyette-compat-merge-20190127:1.15 pgoyette-compat-20190127:1.15 pgoyette-compat-20190118:1.15 pgoyette-compat-1226:1.15 pgoyette-compat-1126:1.15 pgoyette-compat-1020:1.15 pgoyette-compat-0930:1.15 pgoyette-compat-0906:1.15 netbsd-7-2-RELEASE:1.12.4.1 pgoyette-compat-0728:1.15 netbsd-8-0-RELEASE:1.15 phil-wifi:1.15.0.12 phil-wifi-base:1.15 pgoyette-compat-0625:1.15 netbsd-8-0-RC2:1.15 pgoyette-compat-0521:1.15 pgoyette-compat-0502:1.15 pgoyette-compat-0422:1.15 netbsd-8-0-RC1:1.15 pgoyette-compat-0415:1.15 pgoyette-compat-0407:1.15 pgoyette-compat-0330:1.15 pgoyette-compat-0322:1.15 pgoyette-compat-0315:1.15 netbsd-7-1-2-RELEASE:1.12.4.1 pgoyette-compat:1.15.0.10 pgoyette-compat-base:1.15 netbsd-7-1-1-RELEASE:1.12.4.1 matt-nb8-mediatek:1.15.0.8 matt-nb8-mediatek-base:1.15 perseant-stdc-iso10646:1.15.0.6 perseant-stdc-iso10646-base:1.15 netbsd-8:1.15.0.4 netbsd-8-base:1.15 prg-localcount2-base3:1.15 prg-localcount2-base2:1.15 prg-localcount2-base1:1.15 prg-localcount2:1.15.0.2 prg-localcount2-base:1.15 pgoyette-localcount-20170426:1.15 bouyer-socketcan-base1:1.15 pgoyette-localcount-20170320:1.14 netbsd-7-1:1.12.4.1.0.6 netbsd-7-1-RELEASE:1.12.4.1 netbsd-7-1-RC2:1.12.4.1 netbsd-7-nhusb-base-20170116:1.12.4.1 bouyer-socketcan:1.14.0.4 bouyer-socketcan-base:1.14 pgoyette-localcount-20170107:1.14 netbsd-7-1-RC1:1.12.4.1 pgoyette-localcount-20161104:1.14 netbsd-7-0-2-RELEASE:1.12.4.1 localcount-20160914:1.14 netbsd-7-nhusb:1.12.4.1.0.4 netbsd-7-nhusb-base:1.12.4.1 pgoyette-localcount-20160806:1.14 pgoyette-localcount-20160726:1.14 pgoyette-localcount:1.14.0.2 pgoyette-localcount-base:1.14 netbsd-7-0-1-RELEASE:1.12.4.1 netbsd-7-0:1.12.4.1.0.2 netbsd-7-0-RELEASE:1.12.4.1 netbsd-7-0-RC3:1.12.4.1 netbsd-7-0-RC2:1.12.4.1 netbsd-7-0-RC1:1.12.4.1 netbsd-7:1.12.0.4 netbsd-7-base:1.12 yamt-pagecache-base9:1.12 yamt-pagecache-tag8:1.4.2.2 tls-earlyentropy:1.12.0.2 tls-earlyentropy-base:1.12 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.12 riastradh-drm2-base3:1.12 riastradh-drm2-base2:1.4 riastradh-drm2-base1:1.4 riastradh-drm2:1.4.0.4 riastradh-drm2-base:1.4 khorben-n900:1.4.0.10 agc-symver:1.4.0.8 agc-symver-base:1.4 tls-maxphys-base:1.12 tls-maxphys:1.4.0.6 yamt-pagecache-base8:1.4 yamt-pagecache:1.4.0.2 yamt-pagecache-base7:1.4 yamt-pagecache-base6:1.1 yamt-pagecache-base5:1.1 agc-netpgp-standalone:1.1.0.2; locks; strict; comment @# @; 1.23 date 2025.09.18.03.35.59; author mrg; state Exp; branches; next 1.22; commitid RQc1sc69acbZ59bG; 1.22 date 2025.04.06.23.03.04; author rillig; state Exp; branches; next 1.21; commitid 19bgwc0qOk34R2QF; 1.21 date 2023.06.03.21.30.20; author lukem; state Exp; branches 1.21.2.1; next 1.20; commitid jxeKWdozvzDbZxrE; 1.20 date 2023.06.03.09.09.01; author lukem; state Exp; branches; next 1.19; commitid aBaIRnuykonRStrE; 1.19 date 2022.08.27.08.58.31; author rillig; state Exp; branches; next 1.18; commitid 5MBq4Tt8R0HaPuRD; 1.18 date 2019.10.13.07.28.04; author mrg; state Exp; branches; next 1.17; commitid vRNwN94v7NgB2GGB; 1.17 date 2019.09.29.23.44.58; author mrg; state Exp; branches; next 1.16; commitid xrLFk44PaFrGTXEB; 1.16 date 2019.02.04.04.05.15; author mrg; state Exp; branches; next 1.15; commitid HC3U7qZ7jiPeZoaB; 1.15 date 2017.04.17.19.50.27; author agc; state Exp; branches 1.15.12.1; next 1.14; commitid aBtb0oqhc4aKmVNz; 1.14 date 2016.06.14.20.47.43; author agc; state Exp; branches 1.14.2.1 1.14.4.1; next 1.13; commitid Ia5tvZq6o4noytaz; 1.13 date 2014.12.05.04.42.36; author agc; state Exp; branches; next 1.12; commitid 4gEkv51clcGm7O0y; 1.12 date 2014.03.13.12.54.49; author joerg; state Exp; branches 1.12.4.1; next 1.11; commitid KlqYgpoYYpRlqxsx; 1.11 date 2014.03.13.08.13.21; author martin; state Exp; branches; next 1.10; commitid JlywsUnopJgMRvsx; 1.10 date 2014.03.12.06.38.56; author agc; state Exp; branches; next 1.9; commitid 3HlI2cZBjOChnnsx; 1.9 date 2014.03.10.17.00.53; author agc; state Exp; branches; next 1.8; commitid sKccl8HOy2aHSasx; 1.8 date 2014.03.09.07.00.52; author christos; state Exp; branches; next 1.7; commitid 7UkswWzio8PTAZrx; 1.7 date 2014.03.09.06.57.58; author christos; state Exp; branches; next 1.6; commitid 5cWfbMktN3PWzZrx; 1.6 date 2014.03.09.00.27.54; author agc; state Exp; branches; next 1.5; commitid qPPDvHToQtq6qXrx; 1.5 date 2014.03.09.00.15.46; author agc; state Exp; branches; next 1.4; commitid 7SpVt3JvefOqlXrx; 1.4 date 2012.11.22.21.20.44; author agc; state Exp; branches 1.4.2.1 1.4.6.1; next 1.3; 1.3 date 2012.11.22.04.05.57; author agc; state Exp; branches; next 1.2; 1.2 date 2012.11.20.05.26.25; author agc; state Exp; branches; next 1.1; 1.1 date 2012.05.06.17.57.11; author agc; state dead; branches 1.1.2.1; next ; 1.21.2.1 date 2025.08.02.05.18.43; author perseant; state Exp; branches; next ; commitid 23j6GFaDws3O875G; 1.15.12.1 date 2019.06.10.21.41.09; author christos; state Exp; branches; next 1.15.12.2; commitid jtc8rnCzWiEEHGqB; 1.15.12.2 date 2020.04.13.07.45.18; author martin; state Exp; branches; next ; commitid X01YhRUPVUDaec4C; 1.14.2.1 date 2017.04.26.02.52.13; author pgoyette; state Exp; branches; next ; commitid ojV02aOSdzvBqZOz; 1.14.4.1 date 2017.04.21.16.50.55; author bouyer; state Exp; branches; next ; commitid dUG7nkTKALCadqOz; 1.12.4.1 date 2014.12.08.20.22.07; author martin; state Exp; branches; next ; commitid Cd55Hd0gScIMdh1y; 1.4.2.1 date 2012.11.22.21.20.44; author yamt; state dead; branches; next 1.4.2.2; 1.4.2.2 date 2013.01.16.05.25.56; author yamt; state Exp; branches; next 1.4.2.3; 1.4.2.3 date 2014.05.22.13.21.32; author yamt; state Exp; branches; next ; commitid C6DrqSjX75vTjxBx; 1.4.6.1 date 2012.11.22.21.20.44; author tls; state dead; branches; next 1.4.6.2; 1.4.6.2 date 2013.02.25.00.24.04; author tls; state Exp; branches; next 1.4.6.3; 1.4.6.3 date 2014.08.19.23.45.22; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.1.2.1 date 2012.05.06.17.57.11; author agc; state Exp; branches; next 1.1.2.2; 1.1.2.2 date 2012.10.20.04.59.52; author agc; state Exp; branches; next 1.1.2.3; 1.1.2.3 date 2012.10.20.12.22.00; author agc; state Exp; branches; next 1.1.2.4; 1.1.2.4 date 2012.10.23.15.00.56; author agc; state Exp; branches; next 1.1.2.5; 1.1.2.5 date 2012.10.24.02.18.56; author agc; state Exp; branches; next 1.1.2.6; 1.1.2.6 date 2012.10.30.02.10.42; author agc; state Exp; branches; next ; desc @@ 1.23 log @introduce a couple of new turn-off-gcc-warning variables and use them. GCC 14 has a new annoying calloc() checker that we turn off in a bunch of places, and there are a few more dangling-pointer issuse that come up, but seem bogus. @ text @# $NetBSD: Makefile,v 1.22 2025/04/06 23:03:04 rillig Exp $ PROG=netpgpverify BINDIR= /usr/bin SRCS= b64.c bignum.c bufgap.c digest.c SRCS+= libverify.c main.c misc.c SRCS+= pgpsum.c rsa.c SRCS+= bzlib.c zlib.c SRCS+= md5c.c rmd160.c sha1.c sha2.c CPPFLAGS+=-I${.CURDIR} -I${EXTDIST}/src/netpgpverify COPTS.libverify.c+= -Wno-format-nonliteral COPTS.bufgap.c+= ${CC_WNO_CALLOC_TRANSPOSED_ARGS} .ifndef PRODUCTION CPPFLAGS+=-g -O0 LDFLAGS+=-g -O0 .endif LINTFLAGS.bzlib.c+= -X 220 # fallthrough on case statement LINTFLAGS.zlib.c+= -X 220 # fallthrough on case statement MAN= netpgpverify.1 WARNS= 5 EXTDIST=${.CURDIR}/../../dist .PATH: ${EXTDIST}/src/netpgpverify .include COPTS+= ${CC_WNO_IMPLICIT_FALLTHROUGH} COPTS.libverify.c+= ${CC_WNO_FORMAT_TRUNCATION} .include t tst: ${PROG} ./${PROG} -k ${EXTDIST}/src/netpgpverify/pubring.gpg ${EXTDIST}/src/netpgpverify/NetBSD-6.0_RC1_hashes.asc ./${PROG} -k ${EXTDIST}/src/netpgpverify/pubring.gpg ${EXTDIST}/src/netpgpverify/NetBSD-6.0_RC1_hashes.gpg ./${PROG} -v ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub ${EXTDIST}/src/netpgpverify/data.gpg ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub ${EXTDIST}/src/netpgpverify/data.sig @@echo "expected failure, to check bad signatures fail to verify" -sed -e 's|A|B|' ${EXTDIST}/src/netpgpverify/data.gpg | ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub @@echo "testing signatures with no version" ./${PROG} -k ${EXTDIST}/src/netpgpverify/pubring.gpg ${EXTDIST}/src/netpgpverify/noversion.asc @ 1.22 log @all: remove 'constant in conditional context' from LINTFLAGS Lint no longer emits this message, as it produced too many false positives. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2023/06/03 21:30:20 lukem Exp $ d16 1 @ 1.21 log @adapt to ${CC_WNO_IMPLICIT_FALLTHROUGH} Use ${CC_WNO_IMPLICIT_FALLTHROUGH} instead of the older style more complex expressions. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2023/06/03 09:09:01 lukem Exp $ a21 1 LINTFLAGS.bzlib.c+= -X 161 # constant in conditional context @ 1.21.2.1 log @Sync with HEAD @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2025/04/06 23:03:04 rillig Exp $ d22 1 @ 1.20 log @bsd.own.mk: rename GCC_NO_* to CC_WNO_* Rename compiler-warning-disable variables from GCC_NO_warning to CC_WNO_warning where warning is the full warning name as used by the compiler. GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH Using the convention CC_compilerflag, where compilerflag is based on the full compiler flag name. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2022/08/27 08:58:31 rillig Exp $ d35 1 a35 3 .if defined(HAVE_GCC) && ${HAVE_GCC} >= 7 && ${ACTIVE_CC} == "gcc" COPTS+= -Wno-error=implicit-fallthrough .endif @ 1.19 log @netpgp: fix or suppress a few lint warnings No functional change. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2019/10/13 07:28:04 mrg Exp $ d39 1 a39 1 COPTS.libverify.c+= ${GCC_NO_FORMAT_TRUNCATION} @ 1.18 log @introduce some common variables for use in GCC warning disables: GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8) GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8) GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8) GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8) use these to turn off warnings for most GCC-8 complaints. many of these are false positives, most of the real bugs are already commited, or are yet to come. we plan to introduce versions of (some?) of these that use the "-Wno-error=" form, which still displays the warnings but does not make it an error, and all of the above will be re-considered as either being "fix me" (warning still displayed) or "warning is wrong." @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2019/09/29 23:44:58 mrg Exp $ d22 4 @ 1.17 log @convert HAVE_GCC == 7 to HAVE_GCC >= 7. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2019/02/04 04:05:15 mrg Exp $ d35 2 @ 1.16 log @- use -Wno-error=implicit-fallthrough with GCC7. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2017/04/17 19:50:27 agc Exp $ d31 1 a31 1 .if defined(HAVE_GCC) && ${HAVE_GCC} == 7 && ${ACTIVE_CC} == "gcc" @ 1.15 log @Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring over changes from master sources in pkgsrc/security/netpgpverify, version 20170201): Changes: Update netpgpverify (and libnetpgpverify) to 20160614 + handle signatures created by gpg with "--no-emit-version", don't assume there will always be a version string. + add a test for above Fixes security PR 51240. Thanks to xnox@@ubuntu.com for reporting the error Update netpgpverify and libnetpgpverify to 20160615: Simplify the method of finding the end of the versioning information in the signature - back up to the "\n" character at the end of the signature start: "-----BEGIN PGP SIGNATURE-----\n" and then find the "\n\n" character sequence to denote the start of the signature itself. The previous version worked, but this is more efficient. Update netpgpverify and libnetpgpverify to 20160616 + bring over joerg's printflike change from the netpgpverify version in src/crypto + add a test for cleartext signatures with version information to complement the one with no version information Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262 + take a bit of a step backwards, and don't use stdbool.h, just to appease Solaris 10 compiler Update netpgpverify and libnetpgpverify to 20160623 + remove use of asprintf and vasprintf from libverify. Inspired by work from Dimitri John Ledkov. Should allow building on Linux without superfluous definitions. + also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri John Ledkov Update netpgpverify and libnetpgpverify to 20160626 + make the pgpv_t and pgpv_cursor_t structures opaque + add new accessor functions for fields in the pgpv_cursor_t struct + add new creation functions for the pgpv_t and pgpv_cursor_t structs Update netpgpverify and libnetpgpverify to 20160704 + get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when the definitions moved from verify.h + fix obuf_add_mem() to use a const void *, as any struct can be dumped using it + remove redundant NO_SUBKEYS definition - unused + add an (unused as yet) ARRAY_FREE() macro Update netpgpverify and libnetpgpverify to 20160705 External API changes ==================== + add a pgpv_cursor_close() function to free resources associated with a cursor Better memory management ======================== + restructure the way dynamic arrays are used, to avoid memory corruption issues and memory leaks - keep all dynamic arrays in the global data structure, and use indices in the other data structures to index them. Means lack of data localisation, but avoids stale pointers, and leaks. + make signer field of signature a uint8_t array, rather than a pointer + use our own version of strdup(3) - don't depend on it being available in standard library + keep track of whether litdata filenames and userid were allocated or not, and free memory in pgpv_close() if it was allocated + free up allocated resources which were allocated in pgpv_close() Update netpgpverify and libnetpgpverify to 20160706 + 20160705 introduced a bug whereby a key subid would match and verify fine, but, if formatted, would not display the correct subkey information. Fix to show the correct information in this case. Update netpgpverify and libnetpgpverify to 20160707 to fix some unusual build errors shown by old gcc versions (works fine for gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32) + use ULL suffix on unsigned 64bit constants, not UL + don't typedef the public structs twice - second time just define it without the typedef Fixes PR 51327 Update netpgpverify and libnetpgpverify to 20160708 + clear and free bignums properly - helps immensely with plugging memory leaks Update netpgpverify and libnetpgpverify to 20160828 + bring over change from christos in src/crypto to check for the end of an ASCII-armored signature + no need for namespace protection in array.h any more, now that netpgp/verify.h now contains opaque structures + minor typo clean-up in a definition (benign, ignored by compiler) update netpgpverify and libnetpgpverify to 20170201 + make sure howmany() macro is defined pointed out by cube - thanks! @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2016/06/14 20:47:43 agc Exp $ d29 6 @ 1.15.12.1 log @Sync with HEAD @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2019/02/04 04:05:15 mrg Exp $ a28 6 .include .if defined(HAVE_GCC) && ${HAVE_GCC} == 7 && ${ACTIVE_CC} == "gcc" COPTS+= -Wno-error=implicit-fallthrough .endif @ 1.15.12.2 log @Mostly merge changes from HEAD upto 20200411 @ text @d1 1 a1 1 # $NetBSD$ d31 1 a31 1 .if defined(HAVE_GCC) && ${HAVE_GCC} >= 7 && ${ACTIVE_CC} == "gcc" a34 2 COPTS.libverify.c+= ${GCC_NO_FORMAT_TRUNCATION} @ 1.14 log @add test for signatures produced by gpg --no-emit-version @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2014/12/05 04:42:36 agc Exp $ d12 1 a12 1 SRCS+= md5c.c rmd160.c sha1.c sha2.c tiger.c @ 1.14.2.1 log @Sync with HEAD @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2017/04/17 19:50:27 agc Exp $ d12 1 a12 1 SRCS+= md5c.c rmd160.c sha1.c sha2.c @ 1.14.4.1 log @Sync with HEAD @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2017/04/17 19:50:27 agc Exp $ d12 1 a12 1 SRCS+= md5c.c rmd160.c sha1.c sha2.c @ 1.13 log @Bring over the 20141204 portable version of netpgpverify from pkgsrc + Remove unused logmessage helper function + Add pgpv_get_cursor_element for easier manipulation of results returned. + libnetpgpverify(3) man page improvements + Standardise on WARNS=5 settings (6 is too intrusive and distracting) + Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility. + libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2014/03/13 12:54:49 joerg Exp $ d39 2 @ 1.12 log @It's nonliteral format strings it should not warn about. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2014/03/13 08:13:21 martin Exp $ d23 1 a23 1 WARNS= 4 @ 1.12.4.1 log @Pull up following revision(s) (requested by agc in ticket #297): crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h: revision 1.3 crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.c: revision 1.2 crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c: revision 1.2 crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c: revision 1.5 crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c: revision 1.5 crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.h: revision 1.3 crypto/external/bsd/netpgp/lib/verify/Makefile: revision 1.7 crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd: revision 1.2 crypto/external/bsd/netpgp/lib/verify/config.h: revision 1.1 crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3: revision 1.2 crypto/external/bsd/netpgp/bin/netpgpverify/Makefile: revision 1.13 Bring over the 20141204 portable version of netpgpverify from pkgsrc + Remove unused logmessage helper function + Add pgpv_get_cursor_element for easier manipulation of results returned. + libnetpgpverify(3) man page improvements + Standardise on WARNS=5 settings (6 is too intrusive and distracting) + Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility. + libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2014/03/13 12:54:49 joerg Exp $ d23 1 a23 1 WARNS= 5 @ 1.11 log @Older gcc does not support -Wno-format-literal @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2014/03/12 06:38:56 agc Exp $ d15 1 a15 3 .if !defined(HAVE_GCC) || ${HAVE_GCC} >= 45 COPTS.libverify.c+= -Wno-format-literal .endif @ 1.10 log @Turn off literal format string warnings for one file A better fix is coming @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2014/03/10 17:00:53 agc Exp $ d15 1 d17 1 @ 1.9 log @fix typo in previous commit @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2014/03/09 07:00:52 christos Exp $ d15 1 @ 1.8 log @WARNS=6 is impossible for this code :-) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2014/03/09 06:57:58 christos Exp $ d14 1 a14 1 CPPFLAGS+=-I${.CURDIR} ${EXTDIST}/src/netpgpverify @ 1.7 log @proper include @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2014/03/09 00:27:54 agc Exp $ d22 1 a22 1 WARNS= 6 @ 1.6 log @Install the binary in the correct location @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2014/03/09 00:15:46 agc Exp $ d14 1 a14 1 CPPFLAGS+=-I. ${EXTDIST}/src/netpgpverify @ 1.5 log @Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify. No functional change. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2012/07/10 19:38:17 christos Exp $ d4 1 @ 1.4 log @revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2012/11/20 05:26:25 agc Exp $ d3 5 a7 1 .include d9 3 a11 3 PROG=netpgpverify SRCS+=main.c BINDIR=/usr/bin d13 1 a13 2 WARNS=5 MAN=netpgpverify.1 d15 4 a18 1 CPPFLAGS+=-I${EXTDIST}/libverify d20 2 a21 3 LIBNETPGPVERIFYDIR!= cd ${.CURDIR}/../../lib/verify && ${PRINTOBJDIR} LDADD+= -L${LIBNETPGPVERIFYDIR} -lnetpgpverify DPADD+= ${LIBNETPGPVERIFYDIR}/libnetpgpverify.a d23 1 a23 2 LDADD+= -lz -lbz2 DPADD+= ${LIBZ} ${LIBBZ2} d25 1 a25 2 EXTDIST= ${.CURDIR}/../../dist/src .PATH: ${EXTDIST}/netpgpverify d29 8 a36 94 t: ${PROG} env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat jj.asc > output20 diff expected20 output20 rm -f output20 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < a.gpg > output21 diff expected21 output21 rm -f output21 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < jj.asc > output22 diff expected22 output22 rm -f output22 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC2_hashes.asc > output23 diff expected23 output23 rm -f output23 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < b.gpg > output24 diff expected24 output24 rm -f output24 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_RC1_hashes.gpg > output25 diff expected25 output25 rm -f output25 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC1_hashes.gpg > output26 diff expected26 output26 rm -f output26 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_hashes.asc > output27 diff expected27 output27 rm -f output27 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_hashes.asc > output28 diff expected28 output28 rm -f output28 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_RC1_hashes_ascii.gpg > output29 diff expected29 output29 rm -f output29 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC1_hashes_ascii.gpg > output30 diff expected30 output30 rm -f output30 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat b.gpg b.gpg b.gpg > output31 diff expected31 output31 rm -f output31 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} b.gpg b.gpg b.gpg > output32 diff expected32 output32 rm -f output32 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat b.gpg jj.asc b.gpg > output33 diff expected33 output33 rm -f output33 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} det.sig > output34 diff expected34 output34 rm -f output34 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat det.sig > output35 diff expected35 output35 rm -f output35 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.gpg > output36 diff expected36 output36 rm -f output36 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.gpg > output37 diff expected37 output37 rm -f output37 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.asc > output38 diff expected38 output38 rm -f output38 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.asc > output39 diff expected39 output39 rm -f output39 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.gpg > output40 diff expected40 output40 rm -f output40 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.gpg > output41 diff expected41 output41 rm -f output41 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.asc > output42 diff expected42 output42 rm -f output42 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.asc > output43 diff expected43 output43 rm -f output43 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.gpg > output44 diff expected44 output44 rm -f output44 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 @ 1.4.6.1 log @file Makefile was added on branch tls-maxphys on 2013-02-25 00:24:04 +0000 @ text @d1 119 @ 1.4.6.2 log @resync with head @ text @a0 119 # $NetBSD$ .include PROG=netpgpverify SRCS+=main.c BINDIR=/usr/bin WARNS=5 MAN=netpgpverify.1 CPPFLAGS+=-I${EXTDIST}/libverify LIBNETPGPVERIFYDIR!= cd ${.CURDIR}/../../lib/verify && ${PRINTOBJDIR} LDADD+= -L${LIBNETPGPVERIFYDIR} -lnetpgpverify DPADD+= ${LIBNETPGPVERIFYDIR}/libnetpgpverify.a LDADD+= -lz -lbz2 DPADD+= ${LIBZ} ${LIBBZ2} EXTDIST= ${.CURDIR}/../../dist/src .PATH: ${EXTDIST}/netpgpverify .include t: ${PROG} env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat jj.asc > output20 diff expected20 output20 rm -f output20 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < a.gpg > output21 diff expected21 output21 rm -f output21 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < jj.asc > output22 diff expected22 output22 rm -f output22 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC2_hashes.asc > output23 diff expected23 output23 rm -f output23 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < b.gpg > output24 diff expected24 output24 rm -f output24 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_RC1_hashes.gpg > output25 diff expected25 output25 rm -f output25 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC1_hashes.gpg > output26 diff expected26 output26 rm -f output26 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_hashes.asc > output27 diff expected27 output27 rm -f output27 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_hashes.asc > output28 diff expected28 output28 rm -f output28 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_RC1_hashes_ascii.gpg > output29 diff expected29 output29 rm -f output29 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC1_hashes_ascii.gpg > output30 diff expected30 output30 rm -f output30 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat b.gpg b.gpg b.gpg > output31 diff expected31 output31 rm -f output31 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} b.gpg b.gpg b.gpg > output32 diff expected32 output32 rm -f output32 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat b.gpg jj.asc b.gpg > output33 diff expected33 output33 rm -f output33 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} det.sig > output34 diff expected34 output34 rm -f output34 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat det.sig > output35 diff expected35 output35 rm -f output35 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.gpg > output36 diff expected36 output36 rm -f output36 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.gpg > output37 diff expected37 output37 rm -f output37 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.asc > output38 diff expected38 output38 rm -f output38 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.asc > output39 diff expected39 output39 rm -f output39 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.gpg > output40 diff expected40 output40 rm -f output40 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.gpg > output41 diff expected41 output41 rm -f output41 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.asc > output42 diff expected42 output42 rm -f output42 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.asc > output43 diff expected43 output43 rm -f output43 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.gpg > output44 diff expected44 output44 rm -f output44 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 @ 1.4.6.3 log @Rebase to HEAD as of a few days ago. @ text @d1 3 a3 1 # $NetBSD$ d6 2 a7 9 BINDIR= /usr/bin SRCS= b64.c bignum.c bufgap.c digest.c SRCS+= libverify.c main.c misc.c SRCS+= pgpsum.c rsa.c SRCS+= bzlib.c zlib.c SRCS+= md5c.c rmd160.c sha1.c sha2.c tiger.c d9 2 a10 2 CPPFLAGS+=-I${.CURDIR} -I${EXTDIST}/src/netpgpverify COPTS.libverify.c+= -Wno-format-nonliteral d12 1 a12 4 .ifndef PRODUCTION CPPFLAGS+=-g -O0 LDFLAGS+=-g -O0 .endif d14 3 a16 2 MAN= netpgpverify.1 WARNS= 4 d18 2 a19 1 EXTDIST=${.CURDIR}/../../dist d21 2 a22 1 .PATH: ${EXTDIST}/src/netpgpverify d26 94 a119 8 t tst: ${PROG} ./${PROG} -k ${EXTDIST}/src/netpgpverify/pubring.gpg ${EXTDIST}/src/netpgpverify/NetBSD-6.0_RC1_hashes.asc ./${PROG} -k ${EXTDIST}/src/netpgpverify/pubring.gpg ${EXTDIST}/src/netpgpverify/NetBSD-6.0_RC1_hashes.gpg ./${PROG} -v ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub ${EXTDIST}/src/netpgpverify/data.gpg ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub ${EXTDIST}/src/netpgpverify/data.sig @@echo "expected failure, to check bad signatures fail to verify" -sed -e 's|A|B|' ${EXTDIST}/src/netpgpverify/data.gpg | ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub @ 1.4.2.1 log @file Makefile was added on branch yamt-pagecache on 2013-01-16 05:25:56 +0000 @ text @d1 119 @ 1.4.2.2 log @sync with (a bit old) head @ text @a0 119 # $NetBSD$ .include PROG=netpgpverify SRCS+=main.c BINDIR=/usr/bin WARNS=5 MAN=netpgpverify.1 CPPFLAGS+=-I${EXTDIST}/libverify LIBNETPGPVERIFYDIR!= cd ${.CURDIR}/../../lib/verify && ${PRINTOBJDIR} LDADD+= -L${LIBNETPGPVERIFYDIR} -lnetpgpverify DPADD+= ${LIBNETPGPVERIFYDIR}/libnetpgpverify.a LDADD+= -lz -lbz2 DPADD+= ${LIBZ} ${LIBBZ2} EXTDIST= ${.CURDIR}/../../dist/src .PATH: ${EXTDIST}/netpgpverify .include t: ${PROG} env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat jj.asc > output20 diff expected20 output20 rm -f output20 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < a.gpg > output21 diff expected21 output21 rm -f output21 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < jj.asc > output22 diff expected22 output22 rm -f output22 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC2_hashes.asc > output23 diff expected23 output23 rm -f output23 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < b.gpg > output24 diff expected24 output24 rm -f output24 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_RC1_hashes.gpg > output25 diff expected25 output25 rm -f output25 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC1_hashes.gpg > output26 diff expected26 output26 rm -f output26 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_hashes.asc > output27 diff expected27 output27 rm -f output27 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_hashes.asc > output28 diff expected28 output28 rm -f output28 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_RC1_hashes_ascii.gpg > output29 diff expected29 output29 rm -f output29 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC1_hashes_ascii.gpg > output30 diff expected30 output30 rm -f output30 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat b.gpg b.gpg b.gpg > output31 diff expected31 output31 rm -f output31 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} b.gpg b.gpg b.gpg > output32 diff expected32 output32 rm -f output32 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat b.gpg jj.asc b.gpg > output33 diff expected33 output33 rm -f output33 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} det.sig > output34 diff expected34 output34 rm -f output34 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat det.sig > output35 diff expected35 output35 rm -f output35 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.gpg > output36 diff expected36 output36 rm -f output36 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.gpg > output37 diff expected37 output37 rm -f output37 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.asc > output38 diff expected38 output38 rm -f output38 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.asc > output39 diff expected39 output39 rm -f output39 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.gpg > output40 diff expected40 output40 rm -f output40 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.gpg > output41 diff expected41 output41 rm -f output41 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.asc > output42 diff expected42 output42 rm -f output42 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.asc > output43 diff expected43 output43 rm -f output43 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.gpg > output44 diff expected44 output44 rm -f output44 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 @ 1.4.2.3 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @d1 3 a3 1 # $NetBSD$ d6 2 a7 9 BINDIR= /usr/bin SRCS= b64.c bignum.c bufgap.c digest.c SRCS+= libverify.c main.c misc.c SRCS+= pgpsum.c rsa.c SRCS+= bzlib.c zlib.c SRCS+= md5c.c rmd160.c sha1.c sha2.c tiger.c d9 2 a10 2 CPPFLAGS+=-I${.CURDIR} -I${EXTDIST}/src/netpgpverify COPTS.libverify.c+= -Wno-format-nonliteral d12 1 a12 4 .ifndef PRODUCTION CPPFLAGS+=-g -O0 LDFLAGS+=-g -O0 .endif d14 3 a16 2 MAN= netpgpverify.1 WARNS= 4 d18 2 a19 1 EXTDIST=${.CURDIR}/../../dist d21 2 a22 1 .PATH: ${EXTDIST}/src/netpgpverify d26 94 a119 8 t tst: ${PROG} ./${PROG} -k ${EXTDIST}/src/netpgpverify/pubring.gpg ${EXTDIST}/src/netpgpverify/NetBSD-6.0_RC1_hashes.asc ./${PROG} -k ${EXTDIST}/src/netpgpverify/pubring.gpg ${EXTDIST}/src/netpgpverify/NetBSD-6.0_RC1_hashes.gpg ./${PROG} -v ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub ${EXTDIST}/src/netpgpverify/data.gpg ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub ${EXTDIST}/src/netpgpverify/data.sig @@echo "expected failure, to check bad signatures fail to verify" -sed -e 's|A|B|' ${EXTDIST}/src/netpgpverify/data.gpg | ./${PROG} -S ${EXTDIST}/src/netpgpverify/sshtest-20140202.pub @ 1.3 log @link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS. @ text @d18 3 @ 1.2 log @Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch. Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages. netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it. % supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total % % make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s] 2/2 passed (0 failed) Committed action 19 % @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.2.6 2012/10/30 02:10:42 agc Exp $ a17 3 LDADD+= -lz -lbz2 DPADD+= ${LIBZ} ${LIBBZ2} @ 1.1 log @file Makefile was initially added on branch agc-netpgp-standalone. @ text @d1 119 @ 1.1.2.1 log @reachover build infrastructure for standalone version of netpgp @ text @a0 47 # $NetBSD: Makefile,v 1.5 2010/08/13 05:16:28 he Exp $ .include PROG= netpgpverify BINDIR= /usr/bin SRCS= verify.c CPPFLAGS+= -I${EXTDIST}/include -I${.CURDIR}/../../lib/netpgp CPPFLAGS+= -I${EXTDIST}/src/libbn CPPFLAGS+= -I${EXTDIST}/src/librsa LIBNETPGPDIR!= cd ${.CURDIR}/../../lib/netpgp && ${PRINTOBJDIR} LDADD+= -L${LIBNETPGPDIR} -lnetpgp DPADD+= ${LIBNETPGPDIR}/libnetpgp.a LIBNETPGPVERIFYDIR!= cd ${.CURDIR}/../../lib/verify && ${PRINTOBJDIR} LDADD+= -L${LIBNETPGPVERIFYDIR} -lnetpgpverify DPADD+= ${LIBNETPGPVERIFYDIR}/libnetpgpverify.a LIBNETCIPHERDIR!= cd ${.CURDIR}/../../lib/cipher && ${PRINTOBJDIR} LDADD+= -L${LIBNETCIPHERDIR} -lnetpgpcipher DPADD+= ${LIBNETCIPHERDIR}/libnetpgpcipher.a LIBNETRSADIR!= cd ${.CURDIR}/../../lib/rsa && ${PRINTOBJDIR} LDADD+= -L${LIBNETRSADIR} -lnetpgprsa DPADD+= ${LIBNETRSADIR}/libnetpgprsa.a LIBNETBNDIR!= cd ${.CURDIR}/../../lib/bn && ${PRINTOBJDIR} LDADD+= -L${LIBNETBNDIR} -lnetpgpbn DPADD+= ${LIBNETBNDIR}/libnetpgpbn.a LIBMJDIR!= cd ${.CURDIR}/../../lib/mj && ${PRINTOBJDIR} LDADD+= -L${LIBMJDIR} -lmj DPADD+= ${LIBMJDIR}/libmj.a LDADD+= -lz -lbz2 DPADD+= ${LIBZ} ${LIBBZ2} MAN= netpgpverify.1 WARNS= 4 EXTDIST= ${.CURDIR}/../../dist .PATH: ${EXTDIST}/src/netpgpverify ${EXTDIST}/src/libnetpgp .include @ 1.1.2.2 log @Replace the netpgpverify command and libnetpgpverify in the agc-netpgp-standalone branch with a completely rewritten "from the RFC up" version designed to be small, standalone, and easy to maintain. % ldd bin/netpgpverify/netpgpverify bin/netpgpverify/netpgpverify: -lz.1 => /usr/lib/libz.so.1 -lgcc_s.1 => /usr/lib/libgcc_s.so.1 -lc.12 => /usr/lib/libc.so.12 -lbz2.1 => /usr/lib/libbz2.so.1 -lnetpgpverify.4 => /usr/lib/libnetpgpverify.so.4 % ldd lib/verify/libnetpgpverify.so lib/verify/libnetpgpverify.so: -lc.12 => /usr/lib/libc.so.12 % ls -al lib/verify/libnetpgpverify* bin/netpgpverify/netpgpverify -rwxr-xr-x 1 agc agc 10502 Oct 18 20:59 bin/netpgpverify/netpgpverify -rw-r--r-- 1 agc agc 159720 Oct 18 20:59 lib/verify/libnetpgpverify.a -rw-r--r-- 1 agc agc 4822 Oct 18 20:59 lib/verify/libnetpgpverify.html3 lrwxr-xr-x 1 agc agc 22 Oct 18 20:59 lib/verify/libnetpgpverify.so -> libnetpgpverify.so.4.0 lrwxr-xr-x 1 agc agc 22 Oct 18 20:59 lib/verify/libnetpgpverify.so.4 -> libnetpgpverify.so.4.0 -rwxr-xr-x 1 agc agc 123069 Oct 18 20:59 lib/verify/libnetpgpverify.so.4.0 -rw-r--r-- 1 agc agc 169696 Oct 18 20:59 lib/verify/libnetpgpverify_p.a -rw-r--r-- 1 agc agc 149968 Oct 18 20:59 lib/verify/libnetpgpverify_pic.a % ("Small" here includes the full BIGNUM/mpi functionality required to verify signatures). Instead of using extensive callbacks for input data, which have proved to be fragile and difficult to maintain, as well as precluding uses elsewhere, this uses straight mmaping of input files where possible, and falls back to reading if unavailable. RFC 4880 makes provision for two types of data to be signed, binary data and text, and text is subject to modification of data before the signature is made, and is usually opaque. The new netpgpverify(1) can handle this, our old version could not. DSA signatures are not yet supported -- watch this space -- but full RSA ones, including those of text documents like the signed NetBSD release hashes (see PR bin/46930) are recognised and are included in the regression tests. % env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify < NetBSD-6.0_hashes.asc Good signature for [stdin] made Mon Oct 15 09:28:54 2012 signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23 fingerprint: ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e uid NetBSD Security Officer encryption 4096/RSA (Encrypt or Sign) 9ff2c24fdf2ce620 2009-06-23 [Expiry 2019-06-21] fingerprint: 1915 0801 fbd8 f45d 89f2 0205 9ff2 c24f df2c e620 % Redirection from stdin is also supported, as are multiple files, and detached signatures. Another interesting use is to verify the signatures, and to retrieve the data only if a signature matches - this was the old "--cat" command to netpgpverify(1), and it has been brought forward into the newer version. % env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify -c cat det.sig | diff det - % This is implemented as a library and a small program to call so that it is easier to embed verification of signatures in scripting languages, or other source code. @ text @d1 1 a1 1 # $NetBSD$ d5 3 a7 19 PROG=netpgpverify SRCS+=main.c WARNS=5 MAN=netpgpverify.1 LDADD+=-lz LDADD+=-lbz2 LDADD+=-lnetpgpverify CPPFLAGS+=-I${EXTDIST}/libverify # XXX - debugging #CPPFLAGS+=-g -O0 #LDFLAGS+=-g -O0 #CPPFLAGS+=-O3 #LDFLAGS+=-O3 LIBNETPGPVERIFYDIR!= cd ${.CURDIR}/../../lib/verify && ${PRINTOBJDIR} LDADD+= -L${LIBNETPGPVERIFYDIR} -lnetpgpverify DPADD+= ${LIBNETPGPVERIFYDIR}/libnetpgpverify.a d9 37 a45 2 EXTDIST= ${.CURDIR}/../../dist/src .PATH: ${EXTDIST}/netpgpverify a47 62 t: ${PROG} env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat jj.asc > output20 diff expected20 output20 rm -f output20 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < a.gpg > output21 diff expected21 output21 rm -f output21 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < jj.asc > output22 diff expected22 output22 rm -f output22 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC2_hashes.asc > output23 diff expected23 output23 rm -f output23 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < b.gpg > output24 diff expected24 output24 rm -f output24 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_RC1_hashes.gpg > output25 diff expected25 output25 rm -f output25 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC1_hashes.gpg > output26 diff expected26 output26 rm -f output26 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_hashes.asc > output27 diff expected27 output27 rm -f output27 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_hashes.asc > output28 diff expected28 output28 rm -f output28 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} NetBSD-6.0_RC1_hashes_ascii.gpg > output29 diff expected29 output29 rm -f output29 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} < NetBSD-6.0_RC1_hashes_ascii.gpg > output30 diff expected30 output30 rm -f output30 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat b.gpg b.gpg b.gpg > output31 diff expected31 output31 rm -f output31 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} b.gpg b.gpg b.gpg > output32 diff expected32 output32 rm -f output32 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat b.gpg jj.asc b.gpg > output33 diff expected33 output33 rm -f output33 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} det.sig > output34 diff expected34 output34 rm -f output34 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat det.sig > output35 diff expected35 output35 rm -f output35 @ 1.1.2.3 log @install into the correct place @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.2.2 2012/10/20 04:59:52 agc Exp $ a6 2 BINDIR=/usr/bin @ 1.1.2.4 log @Fix a tyop in the getopt string so that it specifies that -k takes an argument - makes the specification of public keyrings work again. Make pgpv_verify return a cookie if the signature matches, rather than just a plain pseudo-boolean value. The cookie can be used subsequently to retrieve the verified data Use the cookie as input to pgp_get_verified() Add tests for DSA key verification @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.2.3 2012/10/20 12:22:00 agc Exp $ d17 6 a92 24 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.gpg > output36 diff expected36 output36 rm -f output36 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.gpg > output37 diff expected37 output37 rm -f output37 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.asc > output38 diff expected38 output38 rm -f output38 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.asc > output39 diff expected39 output39 rm -f output39 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.gpg > output40 diff expected40 output40 rm -f output40 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.gpg > output41 diff expected41 output41 rm -f output41 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.asc > output42 diff expected42 output42 rm -f output42 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.asc > output43 diff expected43 output43 rm -f output43 @ 1.1.2.5 log @get rid of RCS Ids in test files - both input and expected output @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.2.4 2012/10/23 15:00:56 agc Exp $ a110 6 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.gpg > output44 diff expected44 output44 rm -f output44 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 @ 1.1.2.6 log @changes to libnetpgpverify: + isolate the RSA verification code (the DSA verification code was isolated previously), and include it in our sources, rather than including the source for librsa, (and thus bringing in all the code for signing and encryption/decryption) - no crypto is involved in signature verification, just the digest calculation, and the BIGNUM expmod. + check some more arguments + order the user ids as expected in public keys (i.e. if there's a primary user id signature sub-packet, honor it), and fix up the regression test results accordingly. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.2.5 2012/10/24 02:18:56 agc Exp $ a116 3 env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 @