Fossil SCM

Add ability to sign check-ins with ssh.

danield 2024-10-30 13:21 trunk

Commit bbed5d8d7e192fa9c72396fa87db09ec6bc008f64ed1b24b09b8cd358206a741

Parent a3be0b80cebcbec…

1 file changed +24 -3

M src/clearsign.c

+24 -3

		--- src/clearsign.c
		+++ src/clearsign.c
		@@ -36,21 +36,42 @@
36	36	if( is_false(zBase) ){
37	37	return 0;
38	38	}
39	39	zRand = db_text(0, "SELECT hex(randomblob(10))");
40	40	zOut = mprintf("out-%s", zRand);
41		- zIn = mprintf("in-%z", zRand);
42	41	blob_write_to_file(pIn, zOut);
43		- zCmd = mprintf("%s %s %s", zBase, zIn, zOut);
	42	+ if( fossil_strncmp(zBase, "ssh", 3)==0 ){
	43	+ zIn = mprintf("out-%s.sig", zRand);
	44	+ zCmd = mprintf("%s %s", zBase, zOut);
	45	+ }else{
	46	+ zIn = mprintf("in-%z", zRand);
	47	+ zCmd = mprintf("%s %s %s", zBase, zIn, zOut);
	48	+ }
44	49	rc = fossil_system(zCmd);
45	50	free(zCmd);
46	51	if( rc==0 ){
47	52	if( pOut==pIn ){
48	53	blob_reset(pIn);
49	54	}
50	55	blob_zero(pOut);
51		- blob_read_from_file(pOut, zIn, ExtFILE);
	56	+ if( fossil_strncmp(zBase, "ssh", 3)==0 ){
	57	+ /* SSH cannot currently (2024) create non-detached SSH signatures */
	58	+ /* We put one together */
	59	+ Blob tmpBlob;
	60	+ blob_zero(&tmpBlob);
	61	+ blob_read_from_file(&tmpBlob, zOut, ExtFILE);
	62	+ /* Add armor header line and manifest */
	63	+ blob_appendf(pOut, "%s", "-----BEGIN SSH SIGNED MESSAGE-----\n\n");
	64	+ blob_appendf(pOut, "%s", blob_str(&tmpBlob));
	65	+ blob_zero(&tmpBlob);
	66	+ blob_read_from_file(&tmpBlob, zIn, ExtFILE);
	67	+ /* Add signature - already armored by SSH */
	68	+ blob_appendf(pOut, "%s", blob_str(&tmpBlob));
	69	+ }else{
	70	+ /* Assume that the external command creates non-detached signatures */
	71	+ blob_read_from_file(pOut, zIn, ExtFILE);
	72	+ }
52	73	}else{
53	74	if( pOut!=pIn ){
54	75	blob_copy(pOut, pIn);
55	76	}
56	77	}
57	78

	--- src/clearsign.c
	+++ src/clearsign.c
	@@ -36,21 +36,42 @@
36	if( is_false(zBase) ){
37	return 0;
38	}
39	zRand = db_text(0, "SELECT hex(randomblob(10))");
40	zOut = mprintf("out-%s", zRand);
41	zIn = mprintf("in-%z", zRand);
42	blob_write_to_file(pIn, zOut);
43	zCmd = mprintf("%s %s %s", zBase, zIn, zOut);






44	rc = fossil_system(zCmd);
45	free(zCmd);
46	if( rc==0 ){
47	if( pOut==pIn ){
48	blob_reset(pIn);
49	}
50	blob_zero(pOut);
51	blob_read_from_file(pOut, zIn, ExtFILE);
















52	}else{
53	if( pOut!=pIn ){
54	blob_copy(pOut, pIn);
55	}
56	}
57

	--- src/clearsign.c
	+++ src/clearsign.c
	@@ -36,21 +36,42 @@
36	if( is_false(zBase) ){
37	return 0;
38	}
39	zRand = db_text(0, "SELECT hex(randomblob(10))");
40	zOut = mprintf("out-%s", zRand);

41	blob_write_to_file(pIn, zOut);
42	if( fossil_strncmp(zBase, "ssh", 3)==0 ){
43	zIn = mprintf("out-%s.sig", zRand);
44	zCmd = mprintf("%s %s", zBase, zOut);
45	}else{
46	zIn = mprintf("in-%z", zRand);
47	zCmd = mprintf("%s %s %s", zBase, zIn, zOut);
48	}
49	rc = fossil_system(zCmd);
50	free(zCmd);
51	if( rc==0 ){
52	if( pOut==pIn ){
53	blob_reset(pIn);
54	}
55	blob_zero(pOut);
56	if( fossil_strncmp(zBase, "ssh", 3)==0 ){
57	/* SSH cannot currently (2024) create non-detached SSH signatures */
58	/* We put one together */
59	Blob tmpBlob;
60	blob_zero(&tmpBlob);
61	blob_read_from_file(&tmpBlob, zOut, ExtFILE);
62	/* Add armor header line and manifest */
63	blob_appendf(pOut, "%s", "-----BEGIN SSH SIGNED MESSAGE-----\n\n");
64	blob_appendf(pOut, "%s", blob_str(&tmpBlob));
65	blob_zero(&tmpBlob);
66	blob_read_from_file(&tmpBlob, zIn, ExtFILE);
67	/* Add signature - already armored by SSH */
68	blob_appendf(pOut, "%s", blob_str(&tmpBlob));
69	}else{
70	/* Assume that the external command creates non-detached signatures */
71	blob_read_from_file(pOut, zIn, ExtFILE);
72	}
73	}else{
74	if( pOut!=pIn ){
75	blob_copy(pOut, pIn);
76	}
77	}
78