[Pkg-privacy-commits] [Git][pkg-privacy-team/monkeysphere][master] 4 commits: agent-transfer: invoke gpgconf --list-dirs without needing a pipe
Daniel Kahn Gillmor
dkg at debian.org
Mon May 20 00:26:35 BST 2019
Daniel Kahn Gillmor pushed to branch master at Privacy Maintainers / monkeysphere
Commits:
b36df8ae by Daniel Kahn Gillmor at 2019-05-19T18:24:07Z
agent-transfer: invoke gpgconf --list-dirs without needing a pipe
Since at least 2.1.16 (maybe earlier), "gpgconf --list-dirs $foo"
works just as well as "gpgconf --list-dirs | grep ^$foo: | cut -f2 -d:"
So we go with the simpler option. It would be even better to avoid
the shell that popen() invokes for future improvement, but this is a
win anyway.
- - - - -
94bc40e8 by Daniel Kahn Gillmor at 2019-05-19T22:24:27Z
agent-transfer: avoid the shell when invoking gpgconf --list-dirs
This commit cuts out one unnecessary shell execution that happens in
popen, at the cost of having to maintain our own error handling for
the pipe back from gpgconf.
- - - - -
0dac450f by Daniel Kahn Gillmor at 2019-05-19T23:04:59Z
prepare for 0.44 release
- - - - -
b9b40ce1 by Daniel Kahn Gillmor at 2019-05-19T23:12:02Z
clean up release documentation
- - - - -
4 changed files:
- Changelog
- Makefile
- src/agent-transfer/main.c
- utils/preparing-release
Changes:
=====================================
Changelog
=====================================
@@ -1,3 +1,17 @@
+monkeysphere (0.44) unstable; urgency=medium
+
+ * Drop all direct use of perl (for now, we still ship
+ keytrans/openpgp2ssh/ssh2openpgp/pem2openpgp for others who
+ want it. It will be removed in a future version, though)
+ * Use gpg's --quick-* interface (Increase GnuPG dependency
+ to >= 2.1.17, where this interface was stabilized)
+ * Drop unused keytrans subcommands
+ * Avoid risky uses of chown
+ * monkeysphere-host import can now handle ed25519 host keys
+ * Avoid a shell invocation in agent-transfer
+
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net> Sun, 19 May 2019 19:03:04 -0400
+
monkeysphere (0.43) unstable; urgency=medium
* Depend on a modern version of GnuPG (>= 2.1.11) for --export-ssh-key
=====================================
Makefile
=====================================
@@ -102,7 +102,7 @@ installman: $(REPLACED_COMPRESSED_MANPAGES)
# this target depends on you having the monkeysphere-docs
# repo checked out as a peer of your monkeysphere repo.
releasenote:
- ../monkeysphere-docs/utils/build-releasenote
+ ../monkeysphere-docs/util/build-releasenote
test: test-keytrans test-basic test-ed25519
=====================================
src/agent-transfer/main.c
=====================================
@@ -4,6 +4,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
+#include <sys/wait.h>
#include <pwd.h>
#include <gcrypt.h>
#include <ctype.h>
@@ -100,20 +101,66 @@ char* gpg_agent_sockname () {
FILE *f;
size_t bytecount, pos;
char buf[BUFSIZE];
+ int pipefd[2], wstatus;
+ pid_t pid, waited = 0;
- f = popen("gpgconf --list-dirs | grep ^agent-socket: | cut -f2 -d:", "r");
- if (!f)
+ if (pipe(pipefd)) {
+ fprintf (stderr, "Could not pipe (%d) %s\n", errno, strerror (errno));
return NULL;
+ }
+ pid = fork();
+ if (pid == 0) {
+ if (dup2 (pipefd[1], 1) == -1) {
+ fprintf (stderr, "failed to dup2 (%d) %s", errno, strerror (errno));
+ exit (1);
+ }
+ close (pipefd[0]);
+ /* FIXME: should we close other open file descriptors? gpgconf is
+ supposed to do that for us, but if we wanted to be defensive we
+ might want to do it here too. */
+ if (execlp ("gpgconf", "gpgconf", "--list-dirs", "agent-socket", NULL)) {
+ fprintf (stderr, "failed to execl (%d) %s", errno, strerror (errno));
+ exit (1);
+ }
+ }
+ close (pipefd[1]);
+ waited = waitpid (pid, &wstatus, 0);
+ if (waited != pid) {
+ fprintf (stderr, "waitpid failed (%d) %s\n", errno, strerror (errno));
+ close (pipefd[0]);
+ return NULL;
+ }
+ if (!WIFEXITED(wstatus)) {
+ fprintf (stderr, "'gpgconf --list-dirs agent-socket' did not exit cleanly!\n");
+ close (pipefd[0]);
+ return NULL;
+ }
+ if (WEXITSTATUS(wstatus)) {
+ fprintf (stderr, "'gpgconf --list-dirs agent-socket' exited with non-zero return code %d\n", WEXITSTATUS(wstatus));
+ close (pipefd[0]);
+ return NULL;
+ }
+ f = fdopen (pipefd[0], "r");
+ if (f == NULL) {
+ fprintf (stderr, "failed to get readable pipe (%d) %s\n", errno, strerror (errno));
+ close (pipefd[0]);
+ return NULL;
+ }
pos = 0;
while (!feof(f))
{
bytecount = fread(buf + pos, 1, sizeof(buf) - pos, f);
- if (ferror(f))
+ if (ferror(f)) {
+ fclose (f);
return NULL;
+ }
pos += bytecount;
- if (pos >= sizeof(buf)) /* too much data! */
+ if (pos >= sizeof(buf)) {/* too much data! */
+ fclose (f);
return NULL;
+ }
}
+ fclose (f);
buf[pos] = '\0';
return trim_and_unescape(buf);
}
@@ -706,6 +753,10 @@ int main (int argc, const char* argv[]) {
return 1;
}
gpg_agent_socket = gpg_agent_sockname();
+ if (gpg_agent_socket == NULL) {
+ fprintf (stderr, "failed to get gpg-agent socket name!\n");
+ return 1;
+ }
/* launch gpg-agent if it is not already connected */
err = assuan_socket_connect (e.ctx, gpg_agent_socket,
=====================================
utils/preparing-release
=====================================
@@ -11,7 +11,7 @@
* create debian-specific version tag:
- git tag -s -m "Tagging Monkeysphere $version-1" monkeysphere_$version-1 debian/master
+ git tag -s -m "Tagging Monkeysphere $version-1" monkeysphere_debian/$version-1 debian/master
* make releasenote
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/1d6dc18b29414404613f037d9c26c6ab0bf01008...b9b40ce1eb2f1a8c8092f15b13d486f1342d0a7b
--
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/1d6dc18b29414404613f037d9c26c6ab0bf01008...b9b40ce1eb2f1a8c8092f15b13d486f1342d0a7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20190519/725eef30/attachment-0001.html>
More information about the Pkg-privacy-commits
mailing list