INN commit: trunk (6 files)
INN Commit
Russ_Allbery at isc.org
Sun Dec 21 22:28:20 UTC 2008
Date: Sunday, December 21, 2008 @ 14:28:19
Author: iulius
Revision: 8247
Remove gpgverify because it uses the old attached signature
verification method, which doesn't work properly for
new-style GnuPG signatures that require Hash headers
for attached signatures.
23:21 news at trigofacile ~% gpgverify < checkgroups-1229673648.sig
zsh: exit 3 gpgverify < checkgroups-1229673648.sig
Note that pgpverify also handles GnuPG signatures, recognizes
their new-style, and is shipped with INN. For that checkgroups,
it answers "[GNUPG:] GOODSIG", etc.
Therefore, pgpverify should be used instead of gpgverify.
close #13
Modified:
trunk/LICENSE
trunk/MANIFEST
trunk/control/ (properties)
trunk/control/Makefile
trunk/support/mkmanifest
Deleted:
trunk/control/gpgverify.in
----------------------+
LICENSE | 7 -
MANIFEST | 1
control/Makefile | 3
control/gpgverify.in | 239 -------------------------------------------------
support/mkmanifest | 1
5 files changed, 4 insertions(+), 247 deletions(-)
Modified: LICENSE
===================================================================
--- LICENSE 2008-12-21 21:07:28 UTC (rev 8246)
+++ LICENSE 2008-12-21 22:28:19 UTC (rev 8247)
@@ -39,10 +39,9 @@
lib/snprintf.c may be used for any purpose as long as the author's
notice remains intact in all source code distributions.
- control/gpgverify.in, control/pgpverify.in and control/signcontrol.in
- are under a BSD-style license (with the advertising clause) with UUNET
- Technologies, Inc. as the copyright holder. See the end of those files
- for details.
+ control/pgpverify.in and control/signcontrol.in are under a BSD-style
+ license (with the advertising clause) with UUNET Technologies, Inc. as
+ the copyright holder. See the end of those files for details.
control/controlchan.in and control/modules/*.pl are covered by a
two-clause BSD-style license (no advertising clause). See the
Modified: MANIFEST
===================================================================
--- MANIFEST 2008-12-21 21:07:28 UTC (rev 8246)
+++ MANIFEST 2008-12-21 22:28:19 UTC (rev 8247)
@@ -110,7 +110,6 @@
control/controlbatch.in Batch program for controlchan
control/controlchan.in Channel program for control messages
control/docheckgroups.in Script to execute checkgroups
-control/gpgverify.in Verify control messages with GnuPG
control/modules Modules for controlchan (Directory)
control/modules/checkgroups.pl checkgroups controlchan handler
control/modules/ihave.pl ihave controlchan handler
Property changes on: trunk/control
___________________________________________________________________
Name: svn:ignore
- controlbatch
controlchan
docheckgroups
gpgverify
perl-nocem
pgpverify
signcontrol
+ controlbatch
controlchan
docheckgroups
perl-nocem
pgpverify
signcontrol
Modified: control/Makefile
===================================================================
--- control/Makefile 2008-12-21 21:07:28 UTC (rev 8246)
+++ control/Makefile 2008-12-21 22:28:19 UTC (rev 8247)
@@ -4,7 +4,7 @@
top = ..
-ALL = controlbatch controlchan docheckgroups gpgverify perl-nocem \
+ALL = controlbatch controlchan docheckgroups perl-nocem \
pgpverify signcontrol
MAN = ../doc/man/perl-nocem.8 ../doc/man/pgpverify.1
@@ -43,7 +43,6 @@
controlbatch: controlbatch.in $(FIX) ; $(FIX) controlbatch.in
controlchan: controlchan.in $(FIX) ; $(FIX) controlchan.in
docheckgroups: docheckgroups.in $(FIX) ; $(FIX) docheckgroups.in
-gpgverify: gpgverify.in $(FIX) ; $(FIX) gpgverify.in
perl-nocem: perl-nocem.in $(FIX) ; $(FIX) perl-nocem.in
pgpverify: pgpverify.in $(FIX) ; $(FIX) pgpverify.in
signcontrol: signcontrol.in $(FIX) ; $(FIX) -i signcontrol.in
Deleted: control/gpgverify.in
===================================================================
--- control/gpgverify.in 2008-12-21 21:07:28 UTC (rev 8246)
+++ control/gpgverify.in 2008-12-21 22:28:19 UTC (rev 8247)
@@ -1,239 +0,0 @@
-#! /usr/bin/perl -w
-# fixscript will replace this line with code to load INN::Config
-
-# written April 1996, <tale at isc.org> (David C Lawrence)
-# mostly rewritten 2001-03-21 by Marco d'Itri <md at linux.it>
-#
-# requirements:
-# - GnuPG
-# - perl 5.004_03 and working Sys::Syslog
-# - syslog daemon
-#
-# There is no locking because gpg is supposed to not need it and controlchan
-# will serialize control messages processing anyway.
-
-require 5.004_03;
-use strict;
-
-# if you keep your keyring somewhere that is not the default used by gpg,
-# change the location below.
-my $keyring;
-if ($INN::Config::newsetc && -d "$INN::Config::newsetc/pgp") {
- $keyring = $INN::Config::newsetc . '/pgp/pubring.gpg';
-}
-
-# If you have INN and the script is able to successfully include your
-# INN::Config module, the value of the next two variables will be
-# overridden.
-my $tmpdir = '/var/log/news/';
-my $syslog_facility = 'news';
-
-# 1: print PGP output
-my $debug = 0;
-#$debug = 1 if -t 1;
-
-### Exit value:
-### 0 good signature
-### 1 no signature
-### 2 unknown signature
-### 3 bad signature
-### 255 problem not directly related to gpg analysis of signature
-
-##############################################################################
-################ NO USER SERVICEABLE PARTS BELOW THIS COMMENT ################
-##############################################################################
-my $tmp = ($INN::Config::pathtmp ? $INN::Config::pathtmp : $tmpdir) . "/pgp$$";
-$syslog_facility = $INN::Config::syslog_facility if $INN::Config::syslog_facility;
-
-my $nntp_format = 0;
-$0 =~ s#^.*/##; # trim /path/to/prog to prog
-
-die "Usage: $0 < message\n" if $#ARGV != -1;
-
-# Path to gpg binary
-my $gpg;
-if ($INN::Config::gpgv) {
- $gpg = $INN::Config::gpgv;
-} else {
- foreach (split(/:/, $ENV{PATH}), qw(/usr/local/bin /opt/gnu/bin)) {
- if (-x "$_/gpgv") {
- $gpg = "$_/gpgv"; last;
- }
- }
-}
-fail('cannot find the gpgv binary') if not $gpg;
-
-# this is, by design, case-sensitive with regards to the headers it checks.
-# it's also insistent about the colon-space rule.
-my ($label, $value, %dup, %header);
-while (<STDIN>) {
- # if a header line ends with \r\n, this article is in the encoding
- # it would be in during an NNTP session. some article storage
- # managers keep them this way for efficiency.
- $nntp_format = /\r\n$/ if $. == 1;
- s/\r?\n$//;
-
- last if /^$/;
- if (/^(\S+):[ \t](.+)/) {
- ($label, $value) = ($1, $2);
- $dup{$label} = 1 if $header{$label};
- $header{$label} = $value;
- } elsif (/^\s/) {
- fail("non-header at line $.: $_") unless $label;
- $header{$label} .= "\n$_";
- } else {
- fail("non-header at line $.: $_");
- }
-}
-
-my $pgpheader = 'X-PGP-Sig';
-$_ = $header{$pgpheader};
-exit 1 if not $_; # no signature
-
-# the $sep value means the separator between the radix64 signature lines
-# can have any amount of spaces or tabs, but must have at least one space
-# or tab, if there is a newline then the space or tab has to follow the
-# newline. any number of newlines can appear as long as each is followed
-# by at least one space or tab. *phew*
-my $sep = "[ \t]*(\n?[ \t]+)+";
-# match all of the characters in a radix64 string
-my $r64 = '[a-zA-Z0-9+/]';
-fail("$pgpheader not in expected format")
- unless /^(\S+)$sep(\S+)(($sep$r64{64})+$sep$r64+=?=?$sep=$r64{4})$/;
-
-my ($version, $signed_headers, $signature) = ($1, $3, $4);
-$signature =~ s/$sep/\n/g;
-
-my $message = "-----BEGIN PGP SIGNED MESSAGE-----\n\n"
- . "X-Signed-Headers: $signed_headers\n";
-
-foreach $label (split(',', $signed_headers)) {
- fail("duplicate signed $label header, can't verify") if $dup{$label};
- $message .= "$label: ";
- $message .= $header{$label} if $header{$label};
- $message .= "\n";
-}
-$message .= "\n"; # end of headers
-
-while (<STDIN>) { # read body lines
- if ($nntp_format) {
- # check for end of article; some news servers (eg, Highwind's
- # "Breeze") include the dot-CRLF of the NNTP protocol in the
- # article data passed to this script
- last if $_ eq ".\r\n";
-
- # remove NNTP encoding
- s/^\.\./\./;
- s/\r\n$/\n/;
- }
-
- s/^-/- -/; # pgp quote ("ASCII armor") dashes
- $message .= $_;
-}
-
-$message .=
- "\n-----BEGIN PGP SIGNATURE-----\n" .
- "Version: $version\n" .
- $signature .
- "\n-----END PGP SIGNATURE-----\n";
-
-open(TMP, ">$tmp") or fail("open $tmp: $!");
-print TMP $message;
-close TMP or errmsg("close $tmp: $!");
-
-my $opts = '--quiet --status-fd=1 --logger-fd=1';
-$opts .= " --keyring=$keyring" if $keyring;
-
-open(PGP, "$gpg $opts $tmp |") or fail("failed to execute $gpg: $!");
-
-undef $/;
-$_ = <PGP>;
-
-unlink $tmp or errmsg("unlink $tmp: $!");
-
-if (not close PGP) {
- if ($? >> 8) {
- my $status = $? >> 8;
- errmsg("gpg exited status $status") if $status > 1;
- } else {
- errmsg('gpg died on signal ' . ($? & 255));
- }
-}
-
-print STDERR $_ if $debug;
-
-my $ok = 255; # default exit status
-my $signer;
-if (/^\[GNUPG:\]\s+GOODSIG\s+\S+\s+(\S+)/m) {
- $ok = 0;
- $signer = $1;
-} elsif (/^\[GNUPG:\]\s+NODATA/m or /^\[GNUPG:\]\s+UNEXPECTED/m) {
- $ok = 1;
-} elsif (/^\[GNUPG:\]\s+NO_PUBKEY/m) {
- $ok = 2;
-} elsif (/^\[GNUPG:\]\s+BADSIG\s+/m) {
- $ok = 3;
-}
-
-print "$signer\n" if $signer;
-exit $ok;
-
-sub errmsg {
- my $msg = $_[0];
-
- eval 'use Sys::Syslog qw(:DEFAULT setlogsock)';
- die "$0: cannot use Sys::Syslog: $@ [$msg]\n" if $@;
-
- if ($Sys::Syslog::VERSION < 0.15) {
- eval "sub Sys::Syslog::_PATH_LOG { '/dev/log' }" if $^O eq 'dec_osf';
- Sys::Syslog::setlogsock('unix') if $^O =~ /linux|dec_osf|freebsd|darwin/;
- }
-
- $msg .= " processing $header{'Message-ID'}" if $header{'Message-ID'};
-
- openlog($0, 'pid', $syslog_facility);
- syslog('err', '%s', $msg);
- closelog();
-}
-
-sub fail {
- errmsg($_[0]);
- unlink $tmp;
- exit 255;
-}
-
-__END__
-
-# Copyright 2000 by Marco d'Itri
-
-# License of the original version distributed by David C. Lawrence:
-
-# Copyright (c) 1996 UUNET Technologies, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# 3. All advertising materials mentioning features or use of this software
-# must display the following acknowledgement:
-# This product includes software developed by UUNET Technologies, Inc.
-# 4. The name of UUNET Technologies ("UUNET") may not be used to endorse or
-# promote products derived from this software without specific prior
-# written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY UUNET ``AS IS'' AND ANY EXPRESS OR
-# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL UUNET BE LIABLE FOR ANY DIRECT,
-# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
Modified: support/mkmanifest
===================================================================
--- support/mkmanifest 2008-12-21 21:07:28 UTC (rev 8246)
+++ support/mkmanifest 2008-12-21 22:28:19 UTC (rev 8247)
@@ -131,7 +131,6 @@
control/controlbatch
control/controlchan
control/docheckgroups
-control/gpgverify
control/perl-nocem
control/pgpverify
control/signcontrol
More information about the inn-committers
mailing list