Fossil SCM

More robust test for the ssh case, minor refactoring.

danield 2025-01-04 23:18 ssh-signing

Commit d2bfab5888ba0e04e679e6782d3028bc355ef9b36c999a135519e9f22f4390e0

Parent b25a0eff1ffff8d…

2 files changed +5 -5 +17

M src/clearsign.c

+5 -5

		--- src/clearsign.c
		+++ src/clearsign.c
		@@ -29,21 +29,21 @@
29	29	int clearsign(Blob pIn, Blob pOut){
30	30	char *zRand;
31	31	char *zIn;
32	32	char *zOut;
33	33	char *zBase = db_get("pgp-command", "gpg --clearsign -o ");
34		- const char *zTail;
	34	+ int useSsh = 0;
35	35	char *zCmd;
36	36	int rc;
37	37	if( is_false(zBase) ){
38	38	return 0;
39	39	}
40	40	zRand = db_text(0, "SELECT hex(randomblob(10))");
41	41	zOut = mprintf("out-%s", zRand);
42	42	blob_write_to_file(pIn, zOut);
43		- zTail = command_tail(zBase);
44		- if( fossil_strncmp(zTail, "ssh", 3)==0 ){
	43	+ useSsh = (fossil_strncmp(command_basename(zBase), "ssh", 3)==0);
	44	+ if( useSsh ){
45	45	zIn = mprintf("out-%s.sig", zRand);
46	46	zCmd = mprintf("%s %s", zBase, zOut);
47	47	}else{
48	48	zIn = mprintf("in-%z", zRand);
49	49	zCmd = mprintf("%s %s %s", zBase, zIn, zOut);
		@@ -53,12 +53,12 @@
53	53	if( rc==0 ){
54	54	if( pOut==pIn ){
55	55	blob_reset(pIn);
56	56	}
57	57	blob_zero(pOut);
58		- if( fossil_strncmp(zTail, "ssh", 3)==0 ){
59		- /* SSH cannot currently (2024) create non-detached SSH signatures */
	58	+ if( useSsh ){
	59	+ /* As of 2025, SSH cannot create non-detached SSH signatures */
60	60	/* We put one together */
61	61	Blob tmpBlob;
62	62	blob_zero(&tmpBlob);
63	63	blob_read_from_file(&tmpBlob, zOut, ExtFILE);
64	64	/* Add armor header line and manifest */
65	65

	--- src/clearsign.c
	+++ src/clearsign.c
	@@ -29,21 +29,21 @@
29	int clearsign(Blob pIn, Blob pOut){
30	char *zRand;
31	char *zIn;
32	char *zOut;
33	char *zBase = db_get("pgp-command", "gpg --clearsign -o ");
34	const char *zTail;
35	char *zCmd;
36	int rc;
37	if( is_false(zBase) ){
38	return 0;
39	}
40	zRand = db_text(0, "SELECT hex(randomblob(10))");
41	zOut = mprintf("out-%s", zRand);
42	blob_write_to_file(pIn, zOut);
43	zTail = command_tail(zBase);
44	if( fossil_strncmp(zTail, "ssh", 3)==0 ){
45	zIn = mprintf("out-%s.sig", zRand);
46	zCmd = mprintf("%s %s", zBase, zOut);
47	}else{
48	zIn = mprintf("in-%z", zRand);
49	zCmd = mprintf("%s %s %s", zBase, zIn, zOut);
	@@ -53,12 +53,12 @@
53	if( rc==0 ){
54	if( pOut==pIn ){
55	blob_reset(pIn);
56	}
57	blob_zero(pOut);
58	if( fossil_strncmp(zTail, "ssh", 3)==0 ){
59	/* SSH cannot currently (2024) create non-detached SSH signatures */
60	/* We put one together */
61	Blob tmpBlob;
62	blob_zero(&tmpBlob);
63	blob_read_from_file(&tmpBlob, zOut, ExtFILE);
64	/* Add armor header line and manifest */
65

	--- src/clearsign.c
	+++ src/clearsign.c
	@@ -29,21 +29,21 @@
29	int clearsign(Blob pIn, Blob pOut){
30	char *zRand;
31	char *zIn;
32	char *zOut;
33	char *zBase = db_get("pgp-command", "gpg --clearsign -o ");
34	int useSsh = 0;
35	char *zCmd;
36	int rc;
37	if( is_false(zBase) ){
38	return 0;
39	}
40	zRand = db_text(0, "SELECT hex(randomblob(10))");
41	zOut = mprintf("out-%s", zRand);
42	blob_write_to_file(pIn, zOut);
43	useSsh = (fossil_strncmp(command_basename(zBase), "ssh", 3)==0);
44	if( useSsh ){
45	zIn = mprintf("out-%s.sig", zRand);
46	zCmd = mprintf("%s %s", zBase, zOut);
47	}else{
48	zIn = mprintf("in-%z", zRand);
49	zCmd = mprintf("%s %s %s", zBase, zIn, zOut);
	@@ -53,12 +53,12 @@
53	if( rc==0 ){
54	if( pOut==pIn ){
55	blob_reset(pIn);
56	}
57	blob_zero(pOut);
58	if( useSsh ){
59	/* As of 2025, SSH cannot create non-detached SSH signatures */
60	/* We put one together */
61	Blob tmpBlob;
62	blob_zero(&tmpBlob);
63	blob_read_from_file(&tmpBlob, zOut, ExtFILE);
64	/* Add armor header line and manifest */
65

M src/file.c

+17

		--- src/file.c
		+++ src/file.c
		@@ -588,10 +588,27 @@
588	588	return mprintf("%.*s", (int)(zTail-z-1), z);
589	589	}else{
590	590	return 0;
591	591	}
592	592	}
	593	+
	594	+/*
	595	+** Return the basename of the putative executable in a command (w/o arguments).
	596	+** The returned memory should be freed via fossil_free().
	597	+*/
	598	+char command_basename(const char z){
	599	+ const char *zTail = command_tail(z);
	600	+ const char *zEnd = zTail;
	601	+ while( zEnd[0] && !fossil_isspace(zEnd[0]) && zEnd[0]!='"' && zEnd[0]!='\'' ){
	602	+ zEnd++;
	603	+ }
	604	+ if( zEnd ){
	605	+ return mprintf("%.*s", (int)(zEnd-zTail), zTail);
	606	+ }else{
	607	+ return 0;
	608	+ }
	609	+}
593	610
594	611	/* SQL Function: file_dirname(NAME)
595	612	**
596	613	** Return the directory for NAME
597	614	*/
598	615

	--- src/file.c
	+++ src/file.c
	@@ -588,10 +588,27 @@
588	return mprintf("%.*s", (int)(zTail-z-1), z);
589	}else{
590	return 0;
591	}
592	}

















593
594	/* SQL Function: file_dirname(NAME)
595	**
596	** Return the directory for NAME
597	*/
598

	--- src/file.c
	+++ src/file.c
	@@ -588,10 +588,27 @@
588	return mprintf("%.*s", (int)(zTail-z-1), z);
589	}else{
590	return 0;
591	}
592	}
593
594	/*
595	** Return the basename of the putative executable in a command (w/o arguments).
596	** The returned memory should be freed via fossil_free().
597	*/
598	char command_basename(const char z){
599	const char *zTail = command_tail(z);
600	const char *zEnd = zTail;
601	while( zEnd[0] && !fossil_isspace(zEnd[0]) && zEnd[0]!='"' && zEnd[0]!='\'' ){
602	zEnd++;
603	}
604	if( zEnd ){
605	return mprintf("%.*s", (int)(zEnd-zTail), zTail);
606	}else{
607	return 0;
608	}
609	}
610
611	/* SQL Function: file_dirname(NAME)
612	**
613	** Return the directory for NAME
614	*/
615