X-Git-Url: https://git.librecmc.org/?p=oweals%2Fucert.git;a=blobdiff_plain;f=usign-exec.c;h=22fdc14e7ebb956a7cd155f94c5992f9edff9248;hp=514de2a08968fa3f6f6670904e9e1b42e9005100;hb=38dcb1a6f12115e156aa4f36997bd4760347e821;hpb=321c9f9d42a1699d45d7ba486cfc9ce40286bdd8 diff --git a/usign-exec.c b/usign-exec.c index 514de2a..22fdc14 100644 --- a/usign-exec.c +++ b/usign-exec.c @@ -20,6 +20,12 @@ #include "usign.h" +#ifdef UCERT_HOST_BUILD +#define USIGN_EXEC "usign" +#else +#define USIGN_EXEC "/usr/bin/usign" +#endif + /* * check for revoker deadlink in pubkeydir * return true if a revoker exists, false otherwise @@ -37,6 +43,7 @@ int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) { return false; } +#ifdef UCERT_FULL /* * call usign -S ... * return WEXITSTATUS or -1 if fork or execv fails @@ -47,7 +54,7 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo const char *usign_argv[16] = {0}; unsigned int usign_argc = 0; - usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = USIGN_EXEC; usign_argv[usign_argc++] = "-S"; usign_argv[usign_argc++] = "-m"; usign_argv[usign_argc++] = msgfile; @@ -65,10 +72,10 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo return -1; case 0: - if (execv(usign_argv[0], usign_argv)) - return -1; - - break; + execvp(usign_argv[0], (char *const *)usign_argv); + if (!quiet) + perror("Failed to execute usign"); + _exit(1); default: waitpid(pid, &status, 0); @@ -77,12 +84,17 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo return -1; } +#else +int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) { + return -1; +}; +#endif /* * call usign -F ... and set fingerprint returned * return WEXITSTATUS or -1 if fork or execv fails */ -static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) { +static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile, bool quiet) { int fds[2]; pid_t pid; int status; @@ -92,7 +104,7 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey if (pipe(fds)) return -1; - usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = USIGN_EXEC; usign_argv[usign_argc++] = "-F"; if (pubkeyfile) { @@ -123,21 +135,27 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey close(fds[0]); close(fds[1]); - if (execv(usign_argv[0], usign_argv)) - return -1; - - break; + execvp(usign_argv[0], (char *const *)usign_argv); + if (!quiet) + perror("Failed to execute usign"); + _exit(1); default: waitpid(pid, &status, 0); + status = WEXITSTATUS(status); if (fingerprint && !WEXITSTATUS(status)) { - memset(fingerprint, 0, 16); - read(fds[0], fingerprint, 16); + ssize_t r; + memset(fingerprint, 0, 17); + r = read(fds[0], fingerprint, 17); + if (r < 16) + status = -1; + fingerprint[16] = '\0'; + } close(fds[0]); close(fds[1]); - return WEXITSTATUS(status); + return status; } return -1; @@ -146,22 +164,22 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey /* * call usign -F -p ... */ -int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) { - return usign_f(fingerprint, pubkeyfile, NULL, NULL); +int usign_f_pubkey(char *fingerprint, const char *pubkeyfile, bool quiet) { + return usign_f(fingerprint, pubkeyfile, NULL, NULL, quiet); } /* * call usign -F -s ... */ -int usign_f_seckey(char *fingerprint, const char *seckeyfile) { - return usign_f(fingerprint, NULL, seckeyfile, NULL); +int usign_f_seckey(char *fingerprint, const char *seckeyfile, bool quiet) { + return usign_f(fingerprint, NULL, seckeyfile, NULL, quiet); } /* * call usign -F -x ... */ -int usign_f_sig(char *fingerprint, const char *sigfile) { - return usign_f(fingerprint, NULL, NULL, sigfile); +int usign_f_sig(char *fingerprint, const char *sigfile, bool quiet) { + return usign_f(fingerprint, NULL, NULL, sigfile, quiet); } @@ -177,13 +195,18 @@ int usign_v(const char *msgfile, const char *pubkeyfile, unsigned int usign_argc = 0; char fingerprint[17]; - if (usign_f_sig(fingerprint, sigfile)) + if (usign_f_sig(fingerprint, sigfile, quiet)) { + if (!quiet) + fprintf(stderr, "cannot get signing key fingerprint\n"); return 1; + } - if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) + if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) { + if (!quiet) + fprintf(stderr, "key %s has been revoked!\n", fingerprint); return 1; - - usign_argv[usign_argc++] = "/usr/bin/usign"; + } + usign_argv[usign_argc++] = USIGN_EXEC; usign_argv[usign_argc++] = "-V"; usign_argv[usign_argc++] = "-m"; usign_argv[usign_argc++] = msgfile; @@ -212,10 +235,10 @@ int usign_v(const char *msgfile, const char *pubkeyfile, return -1; case 0: - if (execv(usign_argv[0], usign_argv)) - return -1; - - break; + execvp(usign_argv[0], (char *const *)usign_argv); + if (!quiet) + perror("Failed to execute usign"); + _exit(1); default: waitpid(pid, &status, 0);