On Sun, May 08, 2016 at 10:07:00AM -0700, Andrew Fresh wrote:
> On Sun, May 08, 2016 at 09:46:47AM +0200, Francesco Toscan wrote:
> > On Sat, May 07, 2016 at 08:08:25PM -0700, Andrew Fresh wrote:
> > > This minor addition to the patch keeps the existing tests working and
> > > adds tests that scalar context returns a filehandle.
> >
> > I'm unsure about /usr/src/usr.sbin/pkg_add/OpenBSD/PkgSign.pm.
> > At line 100 it calls OpenBSD::Temp::permanent_file (which returns
> > OpenBSD::MkTemp::mkstemp's value) in scalar context; at line 118 the
> > code expects a string, not a filehandle. I have no idea about line 101.
>
> I've CC'd espie as I am not positive either. I *think* the patch below
> works. Removing the scaler context call and seeking on the already
> open filehandle seems like a reasonable approach.
>
> Unfortunately I'm too lazy to sign my own packages usually so not
> entirely sure the patch below, or steps I used to sign it is right, but
> it seems to work.
>
> $ signify -G -p testkey.pub -s testkey.sec
> $ PERL5LIB=./ pkg_sign -i -v -s signify -s testkey.sec -D resign
> p5-Test-Most-0.34
> Resigning p5-Test-Most-0.34
> Signed p5-Test-Most-0.34: ok
> $ PERL5LIB=./ pkg_sign -i -v -s signify -s testkey.sec -D resign
> p5-Test-Most-0.34
> Signed p5-Test-Most-0.34: ok
> $ doas cp testkey.pub /etc/signify/
> $ doas pkg_add -D SIGNER=testkey,openbsd-59-pkg ./p5-Test-Most-0.34.tgz
> quirks-2.232 signed on 2016-05-08T10:34:16Z
> p5-Test-Most-0.34: ok
>
>
> > I'm sorry but I'm not skilled enough to understand that code.
>
> No worries, I too didn't think to look for places it was being used the
> way it used to work.
>
>
> Index: OpenBSD/PkgSign.pm
> ===================================================================
> RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PkgSign.pm,v
> retrieving revision 1.7
> diff -u -p -r1.7 PkgSign.pm
> --- OpenBSD/PkgSign.pm 11 Oct 2014 08:41:06 -0000 1.7
> +++ OpenBSD/PkgSign.pm 8 May 2016 16:50:33 -0000
> @@ -79,6 +79,7 @@ package OpenBSD::PkgSign;
> use OpenBSD::Temp;
> use OpenBSD::PackingList;
> use OpenBSD::PackageInfo;
> +use POSIX ();
>
> sub sign_existing_package
> {
> @@ -97,7 +98,7 @@ sub sign_existing_package
> $plist->set_infodir($dir);
> $state->add_signature($plist);
> $plist->save;
> - my $tmp = OpenBSD::Temp::permanent_file($output, "pkg");
> + my ($fh2, $tmp) = OpenBSD::Temp::permanent_file($output, "pkg");
> my $wrarc = $state->create_archive($tmp, ".");
>
> my $fh;
> @@ -115,7 +116,7 @@ sub sign_existing_package
> close($wrarc->{fh});
> delete $wrarc->{fh};
>
> - open(my $fh2, ">>", $tmp) or
> + $fh2->seek(POSIX::SEEK_END, 0) or
> $state->fatal("Can't append to #1", $tmp);
> require File::Copy;
> File::Copy::copy($fh, $fh2) or
You realize you guys thoroughly broke pkg signing, right ?
