2 * Copyright (c) 1999 Marc Espie.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Marc Espie for the OpenBSD
17 * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS
18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD
21 * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 * $OpenBSD: pgp_sign.c,v 1.1 1999/10/04 21:46:29 espie Exp $
30 * $FreeBSD: src/usr.sbin/pkg_install/sign/pgp_sign.c,v 1.5 2004/06/29 19:06:42 eik Exp $
31 * $DragonFly: src/usr.sbin/pkg_install/sign/pgp_sign.c,v 1.4 2004/12/18 23:48:04 swildner Exp $
34 #include <sys/types.h>
49 pgpsign(fdin
, fdout
, userid
, envp
)
58 argv
[argc
++] = "+batchmode";
59 argv
[argc
++] = "+compress=off";
62 argv
[argc
++] = "-zAthlon";
66 argv
[argc
++] = (char *)userid
;
69 assert(argc
<= sizeof argv
/ sizeof(pchar
));
71 if (dup2(fdin
, fileno(stdin
)) == -1 ||
72 dup2(fdout
, fileno(stdout
)) == -1 ||
73 execve(PGP
, argv
, envp
) == -1)
77 static struct signature
*
79 struct signature
*old
;
83 n
= malloc(sizeof(*n
));
85 n
->data
= malloc(MAXPGPSIGNSIZE
);
86 if (n
->data
== NULL
) {
93 memcpy(n
->tag
, pgptag
, sizeof pgptag
);
99 retrieve_pgp_signature(filename
, sign
, userid
, envp
)
100 const char *filename
;
101 struct signature
**sign
;
105 int topgp
[2], frompgp
[2];
107 struct mygzip_header h
;
110 FILE *orig
, *dest
, *signin
;
111 struct signature
*old
;
113 orig
= fopen(filename
, "r");
116 if (gzip_read_header(orig
, &h
, &old
) == GZIP_NOT_GZIP
) {
117 warnx("File %s is not a gzip file\n", filename
);
122 if (pipe(topgp
) == -1) {
126 if (pipe(frompgp
) == -1) {
132 switch(pgpid
= fork()) {
136 pgpsign(topgp
[0], frompgp
[1], userid
, envp
);
150 dest
= fdopen(topgp
[1], "w");
159 if (gzip_write_header(dest
, &h
, old
) == 0)
164 while ((c
= fgetc(orig
)) != EOF
&& fputc(c
, dest
) != EOF
)
169 if (fclose(dest
) != 0)
172 if (fclose(orig
) != 0)
175 signin
= fdopen(frompgp
[0], "r");
176 if (signin
== NULL
) {
179 enum { NONE
, FIRST
, DONE
, COPY
} magic
= NONE
;
182 FILE *out
= fopen("dump", "w");
185 if ((*sign
= new_pgpsignature(old
)) == NULL
)
188 while ((c
= fgetc(signin
)) != EOF
&& magic
!= DONE
&&
189 (*sign
)->length
< MAXPGPSIGNSIZE
) {
192 (*sign
)->data
[(*sign
)->length
++] = c
;
193 if ((unsigned char)c
== (unsigned char)GZIP_MAGIC0
)
197 (*sign
)->data
[(*sign
)->length
++] = c
;
198 if ((unsigned char)c
== (unsigned char)GZIP_MAGIC1
)
204 else if ((unsigned char)c
!= (unsigned char)GZIP_MAGIC0
)
215 if ((*sign
)->length
== MAXPGPSIGNSIZE
)
217 (*sign
)->length
-= 2;
218 sign_fill_tag(*sign
);
230 handle_pgp_passphrase()
236 printf("Short-circuiting %s\n", __func__
);
239 /* Retrieve the pgp passphrase */
240 p
= getpass("Enter passphrase:");
243 * Somewhat kludgy code to get the passphrase to pgp, see
244 * pgp documentation for the gore
250 switch(pid
= fork()) {
258 * The child fills the pipe with copies of the passphrase.
259 * Expect violent death when father exits.
261 printf("Child process %d stuffing passphrase in pipe:\n", getpid());
264 write(fd
[1], p
, strlen(p
));
266 putchar('.'); fflush(stdout
);
275 sprintf(buf
, "%d", fd
[0]);
276 setenv("PGPPASSFD", buf
, 1);
277 printf("Parent process PGPPASSFD=%d.\n", fd
[0]);