[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-cvs] ccvs/src ChangeLog Makefile.in client.c commit.... [signed-com
|
From: |
Derek Robert Price |
|
Subject: |
[Cvs-cvs] ccvs/src ChangeLog Makefile.in client.c commit.... [signed-commits3] |
|
Date: |
Wed, 18 Jan 2006 06:18:49 +0000 |
CVSROOT: /cvsroot/cvs
Module name: ccvs
Branch: signed-commits3
Changes by: Derek Robert Price <address@hidden> 06/01/18 06:18:48
Modified files:
src : ChangeLog Makefile.in client.c commit.c cvs.h
import.c main.c rcs.c sanity.config.sh.in
sanity.sh sign.c sign.h verify.c verify.h
Log message:
* client.c (update_entries): Improve error messages.
(client_write_sigfile): Cache signature when needed. Update all
callers.
(client_base_checkout): Used cached signature for checkout
verification.
* cvs.h (CVS_VERIFY_TEMPLATE_ENV): New macro.
* import.c (add_rcs_file): Add with signature when needed.
* main.c (main): Standardize parsing of OpenPGP env var content.
Parse $CVS_VERIFY_TEMPLATE.
* sanity.config.sh.in: Add DEFAULT_VERIFY_TEMPLATE and quote other
var content.
* sign.c (get_sign_commits, have_sigfile, get_signature): Use global
server_active. Update all references.
* verify.c (get_verify_commits_fatal): New function.
(iverify_signature): Replace with...
(verify_signature): ...this. Improve error messages. Accept fatal as
an argument. Update all references.
* sanity.sh: Update to compensate.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/ChangeLog.diff?only_with_tag=signed-commits3&tr1=1.3328.2.35&tr2=1.3328.2.36&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/Makefile.in.diff?only_with_tag=signed-commits3&tr1=1.162.2.3&tr2=1.162.2.4&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/client.c.diff?only_with_tag=signed-commits3&tr1=1.438.2.12&tr2=1.438.2.13&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/commit.c.diff?only_with_tag=signed-commits3&tr1=1.257.2.5&tr2=1.257.2.6&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/cvs.h.diff?only_with_tag=signed-commits3&tr1=1.345.4.7&tr2=1.345.4.8&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/import.c.diff?only_with_tag=signed-commits3&tr1=1.175.6.4&tr2=1.175.6.5&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/main.c.diff?only_with_tag=signed-commits3&tr1=1.262.6.9&tr2=1.262.6.10&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/rcs.c.diff?only_with_tag=signed-commits3&tr1=1.356.6.9&tr2=1.356.6.10&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sanity.config.sh.in.diff?only_with_tag=signed-commits3&tr1=1.3.6.1&tr2=1.3.6.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sanity.sh.diff?only_with_tag=signed-commits3&tr1=1.1105.2.14&tr2=1.1105.2.15&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sign.c.diff?only_with_tag=signed-commits3&tr1=1.1.6.11&tr2=1.1.6.12&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sign.h.diff?only_with_tag=signed-commits3&tr1=1.1.6.4&tr2=1.1.6.5&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.c.diff?only_with_tag=signed-commits3&tr1=1.1.2.12&tr2=1.1.2.13&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.h.diff?only_with_tag=signed-commits3&tr1=1.1.2.6&tr2=1.1.2.7&r1=text&r2=text
Patches:
Index: ccvs/src/ChangeLog
diff -u ccvs/src/ChangeLog:1.3328.2.35 ccvs/src/ChangeLog:1.3328.2.36
--- ccvs/src/ChangeLog:1.3328.2.35 Tue Jan 17 17:37:20 2006
+++ ccvs/src/ChangeLog Wed Jan 18 06:18:47 2006
@@ -1,3 +1,25 @@
+2006-01-18 Derek Price <address@hidden>
+
+ * client.c (update_entries): Improve error messages.
+ (client_write_sigfile): Cache signature when needed. Update all
+ callers.
+ (client_base_checkout): Used cached signature for checkout
+ verification.
+ * cvs.h (CVS_VERIFY_TEMPLATE_ENV): New macro.
+ * import.c (add_rcs_file): Add with signature when needed.
+ * main.c (main): Standardize parsing of OpenPGP env var content.
+ Parse $CVS_VERIFY_TEMPLATE.
+ * sanity.config.sh.in: Add DEFAULT_VERIFY_TEMPLATE and quote other
+ var content.
+ * sign.c (get_sign_commits, have_sigfile, get_signature): Use global
+ server_active. Update all references.
+ * verify.c (get_verify_commits_fatal): New function.
+ (iverify_signature): Replace with...
+ (verify_signature): ...this. Improve error messages. Accept fatal as
+ an argument. Update all references.
+
+ * sanity.sh: Update to compensate.
+
2006-01-17 Derek Price <address@hidden>
* rcs.c (RCS_has_openpgp_signatures): Suppress error on some systems.
Index: ccvs/src/Makefile.in
diff -u ccvs/src/Makefile.in:1.162.2.3 ccvs/src/Makefile.in:1.162.2.4
--- ccvs/src/Makefile.in:1.162.2.3 Mon Jan 16 15:43:56 2006
+++ ccvs/src/Makefile.in Wed Jan 18 06:18:48 2006
@@ -188,6 +188,7 @@
CPPFLAGS = @CPPFLAGS@
CSH = @CSH@
CYGPATH_W = @CYGPATH_W@
+DEFAULT_VERIFY_TEMPLATE = @DEFAULT_VERIFY_TEMPLATE@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
ECHO_C = @ECHO_C@
Index: ccvs/src/client.c
diff -u ccvs/src/client.c:1.438.2.12 ccvs/src/client.c:1.438.2.13
--- ccvs/src/client.c:1.438.2.12 Mon Jan 16 21:02:05 2006
+++ ccvs/src/client.c Wed Jan 18 06:18:48 2006
@@ -1592,7 +1592,7 @@
if (get_verify_checkouts (true) && strcmp (cvs_cmd_name, "export"))
error (get_verify_checkouts_fatal (), 0,
- "The server sent unsigned file content.");
+ "No signature for `%s'.", short_pathname);
if (!validate_change (data->existp, filename, short_pathname))
{
@@ -1940,7 +1940,7 @@
delnode (n);
free (sigfile);
}
- else if (get_sign_commits (false, supported_request ("Signature")))
+ else if (get_sign_commits (supported_request ("Signature")))
error (0, 0,
"Internal error: OpenPGP signature for `%s' not found in cache.",
short_pathname);
@@ -2223,12 +2223,20 @@
+/* Write the signatures in the global STORED_SIGNATURES to SIGFILE. Use
+ * WRITABLE to set permissions. If SIGCOPY is not NULL, assume that SIGLEN
+ * isn't either and save a copy of the signature in newly allocated memory
+ * stored at *SIGCOPY and set *SIGLEN to its length.
+ */
static void
-client_write_sigfile (const char *sigfile, bool writable)
+client_write_sigfile (const char *sigfile, bool writable, char **sigcopy,
+ size_t *siglen)
{
FILE *e;
size_t want;
+ assert (!sigcopy || siglen);
+
if (!stored_signatures)
return;
@@ -2237,6 +2245,11 @@
e = xfopen (sigfile, FOPEN_BINARY_WRITE);
want = buf_length (stored_signatures);
+ if (sigcopy)
+ {
+ *sigcopy = NULL;
+ *siglen = 0;
+ }
while (want > 0)
{
char *data;
@@ -2247,6 +2260,13 @@
if (fwrite (data, sizeof *data, got, e) != got)
error (1, errno, "cannot write signature file `%s'", sigfile);
+ if (sigcopy)
+ {
+ *sigcopy = xrealloc (*sigcopy, *siglen + got);
+ memcpy (*sigcopy + *siglen, data, got);
+ *siglen += got;
+ }
+
want -= got;
}
@@ -2381,6 +2401,7 @@
{
FILE *e;
int status;
+ bool verify = get_verify_checkouts (true);
if (!*istemp)
mkdir_if_needed (CVSADM_BASE);
@@ -2397,10 +2418,32 @@
if (stored_signatures)
{
char *sigfile = Xasprintf ("%s.sig", basefile);
+ char *sigcopy;
+ size_t siglen;
- client_write_sigfile (sigfile, *istemp);
+ /* A lot of trouble is gone through here to copy the signatures
+ * into a buffer in addition to writing them to disk. Writing to
+ * disk requires a call to fsync () before the call to
+ * verify_signature otherwise, and fsync () is quite slow.
+ */
+ client_write_sigfile (sigfile, *istemp,
+ verify ? &sigcopy : NULL, &siglen);
- /* FIXME: Verify the signature here, when configured to do so. */
+ /* Verify the signature here, when configured to do so. */
+ if (verify /* cannot be `cvs export'. */)
+ {
+ char *repos = Name_Repository (NULL, update_dir);
+ const char *srepos = Short_Repository (repos);
+ if (!verify_signature (srepos, sigcopy, siglen, basefile, bin,
+ get_verify_checkouts_fatal ()))
+ {
+ /* verify_signature exits when VERIFY_FATAL. */
+ assert (!get_verify_checkouts_fatal ());
+ error (0, 0, "Bad signature for `%s'.", fullbase);
+ }
+ free (repos);
+ free (sigcopy);
+ }
if (istemp && CVS_UNLINK (sigfile) < 0)
error (0, errno, "Failed to remove temp sig file `%s'",
@@ -2408,10 +2451,11 @@
free (sigfile);
}
+ else if (verify /* cannot be `cvs export'. */)
+ error (get_verify_checkouts_fatal (), 0,
+ "No signature for `%s'.", fullbase);
}
- /* FIXME: When enabled, verify base file via openpgp signature. */
-
free (buf);
free (rev);
free (prev);
@@ -2476,7 +2520,7 @@
sigfile);
}
else
- client_write_sigfile (sigfile, false);
+ client_write_sigfile (sigfile, false, NULL, NULL);
free (rev);
free (basefile);
@@ -5388,8 +5432,7 @@
{
if (args->force_signatures
|| (!strcmp (cvs_cmd_name, "commit")
- && get_sign_commits (false,
- supported_request ("Signature"))))
+ && get_sign_commits (supported_request ("Signature"))))
{
if (!supported_request ("Signature"))
error (1, 0, "Server doesn't support commit signatures.");
@@ -5945,7 +5988,7 @@
}
/* Send signature. */
- if (get_sign_commits (false, supported_request ("Signature")))
+ if (get_sign_commits (supported_request ("Signature")))
{
if (!supported_request ("Signature"))
error (1, 0, "Server doesn't support commit signatures.");
Index: ccvs/src/commit.c
diff -u ccvs/src/commit.c:1.257.2.5 ccvs/src/commit.c:1.257.2.6
--- ccvs/src/commit.c:1.257.2.5 Thu Jan 12 18:20:31 2006
+++ ccvs/src/commit.c Wed Jan 18 06:18:48 2006
@@ -940,8 +940,7 @@
if ((status == T_ADDED || status == T_MODIFIED)
&& !force_ci && !really_quiet
/* This will not be called from the client. */
- && (get_sign_commits (server_active, true)
- || have_sigfile (server_active, finfo->file))
+ && (get_sign_commits (true) || have_sigfile (finfo->file))
&& file_contains_keyword (finfo))
{
/* Make this a warning, not an error, because the user may
Index: ccvs/src/cvs.h
diff -u ccvs/src/cvs.h:1.345.4.7 ccvs/src/cvs.h:1.345.4.8
--- ccvs/src/cvs.h:1.345.4.7 Sat Jan 14 21:43:29 2006
+++ ccvs/src/cvs.h Wed Jan 18 06:18:48 2006
@@ -251,6 +251,9 @@
/* verify checkouts */
#define CVS_VERIFY_CHECKOUTS_ENV \
"CVS_VERIFY_CHECKOUTS"
+ /* verify template */
+#define CVS_VERIFY_TEMPLATE_ENV \
+ "CVS_VERIFY_TEMPLATE"
/* sign commits */
#define CVS_SIGN_COMMITS_ENV \
Index: ccvs/src/import.c
diff -u ccvs/src/import.c:1.175.6.4 ccvs/src/import.c:1.175.6.5
--- ccvs/src/import.c:1.175.6.4 Tue Jan 10 18:42:38 2006
+++ ccvs/src/import.c Wed Jan 18 06:18:48 2006
@@ -26,6 +26,7 @@
#endif
/* GNULIB headers. */
+#include "base64.h"
#include "lstat.h"
#include "save-cwd.h"
@@ -1073,6 +1074,11 @@
* RETURNS
* Return value is 0 for success, or nonzero for failure (in which
* case an error message will have already been printed).
+ *
+ * FIXME
+ * I see very few reasons why this shoudn't be merged with RCS_rewrite ()
+ * or better yet RCS_checkin () and I would guess this would ease
+ * maintenance.
*/
int
add_rcs_file (const char *message, const char *rcs, const char *user,
@@ -1095,6 +1101,10 @@
mode_t file_type;
char *dead_revision = NULL;
+ TRACE (TRACE_FUNCTION,
+ "add_rcs_file (`%s', `%s', `%s', `%s', `%s', `%s', `%s')",
+ rcs, user, add_vhead, key_opt, add_vbranch, vtag, desctext);
+
if (noexec)
return 0;
@@ -1326,6 +1336,30 @@
if (fprintf (fprcs, "commitid %s;\012", global_session_id) < 0)
goto write_error;
+ if (!add_vbranch
+ && (get_sign_commits (true) || have_sigfile (userfile)))
+ {
+ char *rawsig;
+ size_t rawlen;
+ char *b64sig;
+
+ TRACE (TRACE_DATA, "add_rcs_file: found signature.");
+
+ rawsig = get_signature ("", userfile,
+ key_opt && !strcmp (key_opt, "b"),
+ &rawlen);
+ base64_encode_alloc (rawsig, rawlen, &b64sig);
+ if (!b64sig) xalloc_die ();
+ free (rawsig);
+
+ if (fprintf (fprcs, "openpgp-signatures %s;\012",
+ b64sig) < 0)
+ goto write_error;
+ free (b64sig);
+ }
+ else
+ TRACE (TRACE_DATA, "add_rcs_file: signature not found.");
+
#ifdef PRESERVE_PERMISSIONS_SUPPORT
/* Store initial permissions if necessary. */
if (config->preserve_perms)
@@ -1336,7 +1370,7 @@
}
#endif
- if (add_vbranch != NULL)
+ if (add_vbranch)
{
if (fprintf (fprcs, "\012%s.1\012", add_vbranch) < 0 ||
fprintf (fprcs, "date %s; author %s; state Exp;\012",
@@ -1346,6 +1380,29 @@
fprintf (fprcs, "commitid %s;\012", global_session_id) <
0)
goto write_error;
+ if (get_sign_commits (true) || have_sigfile (userfile))
+ {
+ char *rawsig;
+ size_t rawlen;
+ char *b64sig;
+
+ TRACE (TRACE_DATA, "add_rcs_file: found signature.");
+
+ rawsig = get_signature ("", userfile,
+ key_opt && !strcmp (key_opt, "b"),
+ &rawlen);
+ base64_encode_alloc (rawsig, rawlen, &b64sig);
+ if (!b64sig) xalloc_die ();
+ free (rawsig);
+
+ if (fprintf (fprcs, "openpgp-signatures %s;\012",
+ b64sig) < 0)
+ goto write_error;
+ free (b64sig);
+ }
+ else
+ TRACE (TRACE_DATA, "add_rcs_file: signature not found.");
+
#ifdef PRESERVE_PERMISSIONS_SUPPORT
/* Store initial permissions if necessary. */
if (config->preserve_perms)
Index: ccvs/src/main.c
diff -u ccvs/src/main.c:1.262.6.9 ccvs/src/main.c:1.262.6.10
--- ccvs/src/main.c:1.262.6.9 Sat Jan 14 21:43:29 2006
+++ ccvs/src/main.c Wed Jan 18 06:18:48 2006
@@ -611,36 +611,51 @@
}
if ((cp = getenv (CVS_VERIFY_CHECKOUTS_ENV)))
{
- if (!strcasecmp (cp, "off")
- || !strcasecmp (cp, "never")
- || !strcasecmp (cp, "false"))
- set_verify_checkouts (VERIFY_OFF);
- else if (!strcasecmp (cp, "warn"))
+ if (!strcasecmp (cp, "warn"))
set_verify_checkouts (VERIFY_WARN);
- else if (!strcasecmp (cp, "always")
- || !strcasecmp (cp, "fatal")
- || !strcasecmp (cp, "on")
- || !strcasecmp (cp, "true"))
+ else if (!strcasecmp (cp, "fatal"))
set_verify_checkouts (VERIFY_FATAL);
else
- error (1, 0,
- "Unrecognized content (`%s') in $%s",
- cp, CVS_VERIFY_CHECKOUTS_ENV);
+ {
+ bool on;
+ if (readBool ("environment", CVS_VERIFY_CHECKOUTS_ENV, cp, &on))
+ {
+ if (on)
+ set_verify_checkouts (VERIFY_FATAL);
+ else
+ set_verify_checkouts (VERIFY_OFF);
+ }
+ else
+ error (1, 0,
+ "Unrecognized content (`%s') in $%s",
+ cp, CVS_VERIFY_CHECKOUTS_ENV);
+ }
}
if ((cp = getenv (CVS_SIGN_COMMITS_ENV)))
{
if (!strcasecmp (cp, "auto")
|| !strcasecmp (cp, "server"))
set_sign_commits (SIGN_DEFAULT);
- else if (!strcasecmp (cp, "on"))
- set_sign_commits (SIGN_ALWAYS);
- else if (!strcasecmp (cp, "off"))
+ else if (!strcasecmp (cp, ""))
set_sign_commits (SIGN_NEVER);
else
- error (0, 0,
- "Unrecognized content (`%s') in $%s ignored",
- cp, CVS_SIGN_COMMITS_ENV);
- }
+ {
+ bool on;
+ if (readBool ("environment", CVS_SIGN_COMMITS_ENV, cp, &on))
+ {
+ if (on)
+ set_sign_commits (SIGN_ALWAYS);
+ else
+ set_sign_commits (SIGN_NEVER);
+ }
+ else
+ error (0, 0,
+ "Unrecognized content (`%s') in $%s ignored",
+ cp, CVS_SIGN_COMMITS_ENV);
+ }
+ }
+ if ((cp = getenv (CVS_VERIFY_TEMPLATE_ENV)))
+ set_verify_template (cp);
/* Set this to 0 to force getopt initialization. getopt() sets
this to 1 internally. */
Index: ccvs/src/rcs.c
diff -u ccvs/src/rcs.c:1.356.6.9 ccvs/src/rcs.c:1.356.6.10
--- ccvs/src/rcs.c:1.356.6.9 Tue Jan 17 17:37:20 2006
+++ ccvs/src/rcs.c Wed Jan 18 06:18:48 2006
@@ -4887,8 +4887,7 @@
free (n->data);
}
- newsig = get_signature (server_active,
- Short_Repository (finfo->repository), finfo->file,
+ newsig = get_signature (Short_Repository (finfo->repository), finfo->file,
finfo->rcs->expand
&& STREQ (finfo->rcs->expand, "b"),
&newlen);
@@ -5423,9 +5422,7 @@
addnode (delta->other_delta, np);
/* Save the OpenPGP signature. */
- if (!delta->dead
- && (get_sign_commits (server_active, true)
- || have_sigfile (server_active, workfile)))
+ if (!delta->dead && (get_sign_commits (true) || have_sigfile (workfile)))
{
char *rawsig;
size_t rawlen;
@@ -5433,7 +5430,7 @@
np = getnode();
np->type = RCSSTRING;
np->key = xstrdup ("openpgp-signatures");
- rawsig = get_signature (server_active, "", workfile,
+ rawsig = get_signature ("", workfile,
rcs->expand && STREQ (rcs->expand, "b"),
&rawlen);
np->len = base64_encode_alloc (rawsig, rawlen, (char **)&np->data);
Index: ccvs/src/sanity.config.sh.in
diff -u ccvs/src/sanity.config.sh.in:1.3.6.1
ccvs/src/sanity.config.sh.in:1.3.6.2
--- ccvs/src/sanity.config.sh.in:1.3.6.1 Wed Dec 21 13:25:10 2005
+++ ccvs/src/sanity.config.sh.in Wed Jan 18 06:18:48 2006
@@ -1,2 +1,3 @@
address@hidden@
address@hidden@
+RSH_DFLT="@RSH_DFLT@"
+GPG="@GPG@"
+DEFAULT_VERIFY_TEMPLATE="@DEFAULT_VERIFY_TEMPLATE@"
Index: ccvs/src/sanity.sh
diff -u ccvs/src/sanity.sh:1.1105.2.14 ccvs/src/sanity.sh:1.1105.2.15
--- ccvs/src/sanity.sh:1.1105.2.14 Mon Jan 16 21:02:06 2006
+++ ccvs/src/sanity.sh Wed Jan 18 06:18:48 2006
@@ -433,8 +433,8 @@
if $bases; then
unset CVSNOBASES
# Accept the default GPG mode.
- unset CVS_VERIFY_CHECKOUTS
unset CVS_SIGN_COMMITS
+ unset CVS_VERIFY_CHECKOUTS
else
# Force the client to not report base support to the server.
export CVSNOBASES=:
@@ -1262,6 +1262,24 @@
modify_repo cp -Rp $TESTDIR/CVSROOT.save $CVSROOT_DIRNAME/CVSROOT
}
+# OpenPGP signatures don't play nice with RCS keywords, so disable signatures
+# for the duration of a test.
+test_uses_keywords ()
+{
+ save_CVS_VERIFY_CHECKOUTS=$CVS_VERIFY_CHECKOUTS
+ CVS_VERIFY_CHECKOUTS=off; export CVS_VERIFY_CHECKOUTS
+}
+
+test_uses_keywords_done ()
+{
+ if test "x$save_CVS_VERIFY_CHECKOUTS" != x; then
+ CVS_VERIFY_CHECKOUTS=$save_CVS_VERIFY_CHECKOUTS
+ export CVS_VERIFY_CHECKOUTS
+ else
+ unset CVS_VERIFY_CHECKOUTS
+ fi
+}
+
# Test that $RSYNC supports the options we need or try to find a
# replacement. If $RSYNC works or we replace it, and return 0.
# Otherwise, set $skipreason and return 77.
@@ -1813,6 +1831,9 @@
log_keyid="OpenPGP signature using key ID 0x[0-9a-f]*;
"
gpg=:
+ CVS_VERIFY_TEMPLATE="`echo $DEFAULT_VERIFY_TEMPLATE \
+ |sed 's/ -- / --quiet -- /'` 2>/dev/null"
+ export CVS_VERIFY_TEMPLATE
else # GPG not set
echo "No working GPG was found. This test suite will run, but OpenPGP" >&2
echo "commit signatures will not be tested." >&2
@@ -2811,19 +2832,22 @@
# Testing :pserver: would be hard (inetd issues). (How about using tcpserver
# and some high port number? DRP)
-if $linkroot; then
- mkdir ${TESTDIR}/realcvsroot
- ln -s realcvsroot ${TESTDIR}/cvsroot
-fi
-CVSROOT_DIRNAME=${TESTDIR}/cvsroot
-CVSROOT=`newroot $CVSROOT_DIRNAME`; export CVSROOT
-
###
### Initialize the repository
###
-dotest init-1 "$testcvs init"
+CVSROOT_DIRNAME=$TESTDIR/cvsroot
+CVSROOT=`newroot $CVSROOT_DIRNAME`; export CVSROOT
+dotest init-1 "$testcvs -d$CVSROOT_DIRNAME init"
+
+
+
+# Hide the real root behind a symlink in $linkroot mode.
+if $linkroot; then
+ mv $CVSROOT_DIRNAME $TESTDIR/realcvsroot
+ ln -s realcvsroot mv $CVSROOT_DIRNAME
+fi
# Now hide the primary root behind a secondary if requested.
if $proxy; then
@@ -5379,6 +5403,8 @@
commit-readonly)
+ test_uses_keywords
+
mkdir 1; cd 1
module=x
@@ -5407,6 +5433,7 @@
cd ../..
rm -rf 1
modify_repo rm -rf $CVSROOT_DIRNAME/"$module"
+ test_uses_keywords_done
;;
@@ -5602,6 +5629,8 @@
rdiff)
# Test rdiff
+ test_uses_keywords
+
# XXX for now this is just the most essential test...
cd ${TESTDIR}
@@ -5688,6 +5717,7 @@
cd ..
rm -r testimport
modify_repo rm -rf $CVSROOT_DIRNAME/trdiff
+ test_uses_keywords_done
;;
@@ -8686,6 +8716,7 @@
# neither tag should be expanded in the output. Also diff
# one revision with the working copy.
+ test_uses_keywords
modify_repo mkdir $CVSROOT_DIRNAME/first-dir
dotest rcslib-diff1 "${testcvs} -q co first-dir" ''
cd first-dir
@@ -9059,6 +9090,7 @@
$CVSROOT_DIRNAME/second-dir \
$CVSROOT_DIRNAME/123456789012345678901234567890
rm -rf first-dir second-dir 2
+ test_uses_keywords_done
;;
@@ -9156,6 +9188,8 @@
# import-CVS -- refuse to import directories named "CVS".
# import-quirks -- short tests of import quirks.
+ test_uses_keywords
+
# import
mkdir import-dir ; cd import-dir
@@ -9356,6 +9390,7 @@
rm -rf first-dir
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
rm -r import-dir
+ test_uses_keywords_done
;;
@@ -9454,7 +9489,7 @@
----------------------------
revision 1\.1\.1\.1
date: ${ISO8601DATE}; author: ${username}; state: Exp; lines: ${PLUS}0 -0;
commitid: ${commitid};
-add
+${log_keyid}add
============================================================================="
dokeep
@@ -9551,7 +9586,7 @@
revision 1\.1\.1\.1
date: ${ISO8601DATE2034}; author: ${username}; state: Exp; lines: ${PLUS}0
-0; commitid: ${commitid};
branches: 1\.1\.1\.1\.2;
-import-it
+${log_keyid}import-it
----------------------------
revision 1\.1\.1\.1\.2\.1
date: ${ISO8601DATE}; author: ${username}; state: Exp; lines: ${PLUS}1 -0;
commitid: ${commitid};
@@ -9580,7 +9615,7 @@
----------------------------
revision 1\.1\.1\.1
date: ${ISO8601DATE1971}; author: ${username}; state: Exp; lines: ${PLUS}0
-0; commitid: ${commitid};
-import-it
+${log_keyid}import-it
============================================================================="
cd ..
@@ -9703,7 +9738,7 @@
----------------------------
revision 1\.1\.1\.1
date: ${ISO8601DATE}; author: ${username}; state: Exp; lines: ${PLUS}0 -0;
commitid: ${commitid};
-add
+${log_keyid}add
============================================================================="
dotest importX-6 "${testcvs} -q log file1" "
@@ -9736,7 +9771,7 @@
----------------------------
revision 1\.1\.1\.1
date: ${ISO8601DATE}; author: ${username}; state: Exp; lines: ${PLUS}0 -0;
commitid: ${commitid};
-add
+${log_keyid}add
============================================================================="
cd ../..
@@ -9813,7 +9848,7 @@
----------------------------
revision 1\.1\.1\.1
date: ${ISO8601DATE}; author: ${username}; state: Exp; lines: ${PLUS}0 -0;
commitid: ${commitid};
-add
+${log_keyid}add
============================================================================="
dokeep
@@ -11220,6 +11255,7 @@
join-admin)
+ test_uses_keywords
mkdir 1; cd 1
dotest join-admin-0-1 "$testcvs -q co -l ."
module=x
@@ -11263,6 +11299,7 @@
cd ../..
rm -rf 1
modify_repo rm -rf $CVSROOT_DIRNAME/$module
+ test_uses_keywords_done
;;
@@ -11272,6 +11309,7 @@
# removes a file, then modifies another containing an $Id...$ line,
# the resulting file contains the unexpanded `$Id.$' string, as
# -kk requires.
+ test_uses_keywords
mkdir 1; cd 1
dotest join-admin-2-1 "$testcvs -q co -l ." ''
module=x
@@ -11323,6 +11361,7 @@
cd ../..
rm -rf 1
modify_repo rm -rf $CVSROOT_DIRNAME/$module
+ test_uses_keywords_done
;;
@@ -12270,6 +12309,8 @@
continue
fi
+ test_uses_keywords
+
mkdir keywordexpand; cd keywordexpand
dotest keywordexpand-1 "${testcvs} -q co CVSROOT" \
@@ -12388,6 +12429,7 @@
rm -rf $TESTDIR/keywordexpand
modify_repo rm -rf $CVSROOT_DIRNAME/keywordexpand
restore_adm
+ test_uses_keywords_done
;;
@@ -16373,6 +16415,8 @@
continue
fi
+ test_uses_keywords
+
mkdir errmsg4
cd errmsg4
dotest errmsg4-init-1 "$testcvs -Q import -m. errmsg4 VENDOR RELEASE"
@@ -16394,6 +16438,7 @@
cd ../..
rm -rf errmsg4
modify_repo rm -rf $CVSROOT_DIRNAME/errmsg4
+ test_uses_keywords_done
;;
@@ -17822,6 +17867,9 @@
# * -k wrappers: binwrap, binwrap2, binwrap3
# * "cvs import" and wrappers: binwrap, binwrap2, binwrap3
# * -k option to "cvs import": none yet, as far as I know.
+
+ test_uses_keywords
+
modify_repo mkdir $CVSROOT_DIRNAME/first-dir
mkdir 1; cd 1
dotest binfiles-1 "${testcvs} -q co first-dir" ''
@@ -18108,6 +18156,7 @@
cd ../..
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
rm -rf 1 2
+ test_uses_keywords_done
;;
@@ -20540,6 +20589,9 @@
# much of a test for local CVS.
# We test this with some keyword expansion games, but the situation
# also arises if the user modifies the file while CVS is running.
+
+ test_uses_keywords
+
modify_repo mkdir $CVSROOT_DIRNAME/first-dir
mkdir 1
cd 1
@@ -20587,6 +20639,7 @@
cd ../..
rm -rf 1 2
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -21988,6 +22041,9 @@
# the output of `cvs annotate' -- it uses values from the previous
# delta. In this case, `1.1' instead of `1.2', even though it puts
# the proper version number on the prefix to each line of output.
+
+ test_uses_keywords
+
mkdir 1; cd 1
dotest ann-id-1 "$testcvs -q co -l ."
module=x
@@ -22020,6 +22076,7 @@
cd ../..
rm -rf 1
modify_repo rm -rf $CVSROOT_DIRNAME/$module
+ test_uses_keywords_done
;;
@@ -22214,6 +22271,11 @@
# See tests admin-13, admin-25 and rcs-8a for exporting RCS files.
+ # This test doesn't really use keywords, but there are no signatures
+ # in the RCS content that has been pasted into this script, so
+ # supress the OpenPGP support.
+ test_uses_keywords
+
# Save the timezone and set it to UTC for these tests to make the
# value more predicatable.
save_TZ=$TZ
@@ -22698,6 +22760,7 @@
cd ..
rm -rf first-dir
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -22706,6 +22769,7 @@
# More date tests. Might as well do this as a separate
# test from "rcs", so that we don't need to perturb the
# "written by RCS 5.7" RCS file.
+ test_uses_keywords
modify_repo mkdir $CVSROOT_DIRNAME/first-dir
# Significance of various dates:
# * At least one Y2K standard refers to recognizing 9 Sep 1999
@@ -22787,6 +22851,7 @@
cd ..
rm -rf first-dir
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -22794,6 +22859,7 @@
rcs3)
# More RCS file tests, in particular at least some of the
# error handling issues.
+ test_uses_keywords
mkdir ${CVSROOT_DIRNAME}/first-dir
cat <<EOF >$TESTDIR/file1,v
head 1.1; access; symbols; locks; expand o; 1.1 date 2007.03.20.04.03.02
@@ -22857,6 +22923,7 @@
cd ../..
rm -rf 1
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -22964,6 +23031,7 @@
# spec, though it doesn't appear to be possible to create such a log
# message using RCS 5.7.
+ test_uses_keywords
modify_repo mkdir $CVSROOT_DIRNAME/rcs5
cat <<\EOF >$TESTDIR/file1,v
head 1.1;
@@ -23008,6 +23076,7 @@
cd ..
rm -rf rcs5
modify_repo rm -rf $CVSROOT_DIRNAME/rcs5
+ test_uses_keywords_done
;;
@@ -23259,6 +23328,7 @@
# Granted, the developer should have been notified not to do this
# by now, but still...
#
+ test_uses_keywords
mkdir backuprecover; cd backuprecover
mkdir 1; cd 1
dotest backuprecover-1 "$testcvs -q co -l ."
@@ -23488,6 +23558,7 @@
cd ../../..
rm -rf backuprecover
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -24178,6 +24249,7 @@
stamps)
# Test timestamps.
+ test_uses_keywords
mkdir 1; cd 1
dotest stamps-1 "${testcvs} -q co -l ." ''
mkdir first-dir
@@ -24285,6 +24357,7 @@
cd ../..
rm -rf 1 2
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -24613,6 +24686,7 @@
# I don't think any test is testing "cvs import -k".
# Other keyword expansion tests:
# keywordlog - $Log.
+ test_uses_keywords
mkdir 1; cd 1
dotest keyword-1 "${testcvs} -q co -l ." ''
mkdir first-dir
@@ -24793,12 +24867,14 @@
cd ../..
rm -rf 1
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
keywordlog)
# Test the Log keyword.
+ test_uses_keywords
mkdir 1; cd 1
dotest keywordlog-1 "${testcvs} -q co -l ." ''
mkdir first-dir
@@ -25099,6 +25175,7 @@
restore_adm
rm -rf 1 2 3
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -25107,6 +25184,7 @@
# Test the Name keyword.
# See the keyword test for a descriptions of some other tests that
# test keyword expansion modes.
+ test_uses_keywords
mkdir keywordname; cd keywordname
mkdir 1; cd 1
dotest keywordname-init-1 "${testcvs} -q co -l ." ''
@@ -25200,6 +25278,7 @@
cd ../../..
rm -rf keywordname
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -25214,6 +25293,7 @@
# test sequence
# Note2: We are testing positive on binary corruption here
# we probably really DON'T want to 'cvs update -kk' a binary
file...
+ test_uses_keywords
mkdir 1; cd 1
dotest keyword2-1 "${testcvs} -q co -l ." ''
mkdir first-dir
@@ -25330,6 +25410,7 @@
cd ../..
rm -rf 1
modify_repo rm -rf $CVSROOT_DIRNAME/first-dir
+ test_uses_keywords_done
;;
@@ -27539,6 +27620,7 @@
# FIXME: This test should be rewritten to be much more concise.
# It currently weighs in at something like 600 lines, but the
# same thing could probably be tested in more like 50-100 lines.
+ test_uses_keywords
mkdir diffmerge2
# This tests for another diffmerge bug reported by Martin
@@ -28220,6 +28302,7 @@
cd ..
rm -rf diffmerge2
modify_repo rm -rf $CVSROOT_DIRNAME/diffmerge2
+ test_uses_keywords_done
;;
@@ -32056,7 +32139,7 @@
SECONDARY_CVSROOT=`newroot $SECONDARY_CVSROOT_DIRNAME`
# Initialize the primary repository
- dotest writeproxy-init-1 "$testcvs -d$PRIMARY_CVSROOT init"
+ dotest writeproxy-init-1 "$testcvs -d$PRIMARY_CVSROOT_DIRNAME init"
mkdir writeproxy; cd writeproxy
mkdir primary; cd primary
dotest writeproxy-init-2 "$testcvs -Qd$PRIMARY_CVSROOT co CVSROOT"
@@ -32230,6 +32313,7 @@
PRIMARY_CVSROOT=$PRIMARY_CVSROOT_save
SECONDARY_CVSROOT_DIRNAME=$SECONDARY_CVSROOT_DIRNAME_save
SECONDARY_CVSROOT=$SECONDARY_CVSROOT_save
+ test_uses_keywords_done
;;
@@ -32264,6 +32348,8 @@
SECONDARY_CVSROOT_DIRNAME_save=$SECONDARY_CVSROOT_DIRNAME
SECONDARY_CVSROOT_DIRNAME=$TESTDIR/writeproxy_cvsroot
+ test_uses_keywords
+
# Initialize the primary repository
dotest writeproxy-noredirect-init-1 \
"$testcvs -d'$PRIMARY_CVSROOT' init"
@@ -32766,6 +32852,10 @@
echo some content >file1
dotest openpgp-init-6 "$testcvs -Q add file1"
+ # Make GPG noisy again.
+ save_CVS_VERIFY_TEMPLATE=$CVS_VERIFY_TEMPLATE
+ unset CVS_VERIFY_TEMPLATE
+
dotest openpgp-0 "$testcvs -Q ci -m newfile file1" \
"$DOTSTAR Good signature from \"CVS Test Script $DOTSTAR"
@@ -32793,8 +32883,11 @@
restore_adm
rm -rf openpgp
modify_repo rm -rf $CVSROOT_DIRNAME/openpgp
+ CVS_VERIFY_TEMPLATE=$save_CVS_VERIFY_TEMPLATE
;;
+
+
openpgp2)
# Some tests of the client (independent of the server).
if $remote; then :; else
@@ -32811,6 +32904,10 @@
continue
fi
+ save_CVS_VERIFY_TEMPLATE=$CVS_VERIFY_TEMPLATE
+ CVS_VERIFY_TEMPLATE="$DEFAULT_VERIFY_TEMPLATE"
+ export CVS_VERIFY_TEMPLATE
+
cat >$TESTDIR/serveme <<EOF
#!$TESTSHELL
# This is admittedly a bit cheezy, in the sense that we make lots
@@ -32914,6 +33011,7 @@
cd ..
rm -r openpgp2
CVS_SERVER=$save_CVS_SERVER; export CVS_SERVER
+ CVS_VERIFY_TEMPLATE=$save_CVS_VERIFY_TEMPLATE
;;
Index: ccvs/src/sign.c
diff -u ccvs/src/sign.c:1.1.6.11 ccvs/src/sign.c:1.1.6.12
--- ccvs/src/sign.c:1.1.6.11 Fri Jan 13 05:08:12 2006
+++ ccvs/src/sign.c Wed Jan 18 06:18:48 2006
@@ -85,6 +85,7 @@
void
set_sign_commits (sign_state sign)
{
+ TRACE (TRACE_FUNCTION, "set_sign_commits (%d)", sign);
sign_commits = sign;
}
@@ -116,7 +117,7 @@
* server_support Whether the server supports signed files.
*/
bool
-get_sign_commits (bool server_active, bool server_support)
+get_sign_commits (bool server_support)
{
sign_state tmp;
@@ -234,7 +235,7 @@
bool
-have_sigfile (bool server_active, const char *fn)
+have_sigfile (const char *fn)
{
char *sfn;
bool retval;
@@ -355,8 +356,7 @@
* exit with an error as configured.
*/
char *
-get_signature (bool server_active, const char *srepos, const char *filename,
- bool bin, size_t *len)
+get_signature (const char *srepos, const char *filename, bool bin, size_t *len)
{
char *sig;
@@ -366,7 +366,8 @@
sig = gen_signature (srepos, filename, bin, len);
if (get_verify_commits ())
- verify_signature (srepos, sig, *len, filename, bin);
+ verify_signature (srepos, sig, *len, filename, bin,
+ get_verify_commits_fatal ());
return sig;
}
Index: ccvs/src/sign.h
diff -u ccvs/src/sign.h:1.1.6.4 ccvs/src/sign.h:1.1.6.5
--- ccvs/src/sign.h:1.1.6.4 Thu Jan 12 18:42:31 2006
+++ ccvs/src/sign.h Wed Jan 18 06:18:48 2006
@@ -37,14 +37,14 @@
void add_sign_arg (const char *arg);
/* Get values. */
-bool get_sign_commits (bool server_active, bool server_support);
+bool get_sign_commits (bool server_support);
char *gen_signature (const char *srepos, const char *filename, bool bin,
size_t *len);
-char *get_signature (bool server_active, const char *srepos,
- const char *filename, bool bin, size_t *len);
+char *get_signature (const char *srepos, const char *filename, bool bin,
+ size_t *len);
/* Other utilities. */
-bool have_sigfile (bool server_active, const char *fn);
+bool have_sigfile (const char *fn);
char *get_sigfile_name (const char *fn);
/* Sign command. */
Index: ccvs/src/verify.c
diff -u ccvs/src/verify.c:1.1.2.12 ccvs/src/verify.c:1.1.2.13
--- ccvs/src/verify.c:1.1.2.12 Mon Jan 16 21:02:06 2006
+++ ccvs/src/verify.c Wed Jan 18 06:18:48 2006
@@ -80,6 +80,7 @@
void
set_verify_checkouts (verify_state verify)
{
+ TRACE (TRACE_FUNCTION, "set_verify_checkouts (%d)", verify);
verify_checkouts = verify;
}
@@ -240,6 +241,15 @@
+bool
+get_verify_commits_fatal (void)
+{
+ verify_state tmp = iget_verify_commits ();
+ return tmp == VERIFY_FATAL;
+}
+
+
+
/* Return VERIFY_TEMPLATE from the command line if it exists, else return the
* VERIFY_TEMPLATE from CURRENT_PARSED_ROOT.
*/
@@ -346,9 +356,9 @@
* ERRORS
* Exits with a fatal error when FATAL and a signature cannot be verified.
*/
-static bool
-iverify_signature (const char *srepos, const char *sig, size_t siglen,
- const char *filename, bool bin, bool fatal)
+bool
+verify_signature (const char *srepos, const char *sig, size_t siglen,
+ const char *filename, bool bin, bool fatal)
{
char *cmdline;
char *sigfile;
@@ -431,11 +441,12 @@
else if (pipestatus)
{
if (WIFEXITED (pipestatus))
- error (fatal, 0, "verify program exited with error code %d",
- WEXITSTATUS (pipestatus));
+ error (fatal, 0,
+ "failed to verify `%s': exited with error code %d",
+ filename, WEXITSTATUS (pipestatus));
else
- error (fatal, 0, "verify program exited via signal %d",
- WTERMSIG (pipestatus));
+ error (fatal, 0, "failed to verify `%s': exited via signal %d",
+ filename, WTERMSIG (pipestatus));
retval = false;
}
else
@@ -451,21 +462,12 @@
-bool
-verify_signature (const char *srepos, const char *sig, size_t siglen,
- const char *filename, bool bin)
-{
- return iverify_signature (srepos, sig, siglen, filename, bin,
- iget_verify_commits () == VERIFY_FATAL);
-}
-
-
-
static const char *const verify_usage[] =
{
"Usage: %s %s [-lR]\n",
"\t-l\tLocal directory only, no recursion.\n",
"\t-R\tProcess directories recursively.\n",
+ "\t-p\tOutput signature to STDOUT without verifying.\n",
"(Specify the --help global option for a list of other help options)\n",
NULL
};
@@ -607,8 +609,8 @@
}
if (!errors && !userargs->pipeout)
- errors = !iverify_signature (Short_Repository (finfo->repository),
- NULL, 0, signedfn, bin, false);
+ errors = !verify_signature (Short_Repository (finfo->repository),
+ NULL, 0, signedfn, bin, false);
if (tmpfn)
{
Index: ccvs/src/verify.h
diff -u ccvs/src/verify.h:1.1.2.6 ccvs/src/verify.h:1.1.2.7
--- ccvs/src/verify.h:1.1.2.6 Fri Jan 13 16:14:03 2006
+++ ccvs/src/verify.h Wed Jan 18 06:18:48 2006
@@ -47,8 +47,9 @@
bool get_verify_checkouts (bool server_support);
bool get_verify_checkouts_fatal (void);
bool get_verify_commits (void);
+bool get_verify_commits_fatal (void);
bool verify_signature (const char *srepos, const char *sig, size_t siglen,
- const char *filename, bool bin);
+ const char *filename, bool bin, bool fatal);
/* User command. */
int verify (int argc, char **argv);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Cvs-cvs] ccvs/src ChangeLog Makefile.in client.c commit.... [signed-commits3],
Derek Robert Price <=