Hi Ivan. Think I know who you are, and can guess why.
This seems misguided. We have a horrible program called "file", but
in general people identify what a file is what what purpose it serves
not just by the filename, but also by how it starts. The "untrusted
comment" has become the way to identify a signify file. It has become
colloquial.
Yes, there is a magic number immediately after that, but it is at
unknown byte offset. It isn't a offset-addressed file like gzip. So
your proposal doesn't actually help solve anything, in fact it
increases the ambiguity.
So why not consider that call it a day, and leave it alone?
> At the moment signify(1) requires sigfiles to begin with 'untrusted
> comment: '. Sometimes one wants to have no comments and just signature
> itself.
>
> Index: signify.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/signify/signify.c,v
> retrieving revision 1.126
> diff -u -p -r1.126 signify.c
> --- signify.c 6 Oct 2016 22:38:25 -0000 1.126
> +++ signify.c 11 Oct 2016 00:19:35 -0000
> @@ -125,27 +125,33 @@ static size_t
> parseb64file(const char *filename, char *b64, void *buf, size_t buflen,
> char *comment)
> {
> - char *commentend, *b64end;
> + char *linebegin, *lineend;
>
> - commentend = strchr(b64, '\n');
> - if (!commentend || commentend - b64 <= COMMENTHDRLEN ||
> - memcmp(b64, COMMENTHDR, COMMENTHDRLEN) != 0)
> - errx(1, "invalid comment in %s; must start with '%s'",
> - filename, COMMENTHDR);
> - *commentend = '\0';
> - if (comment) {
> - if (strlcpy(comment, b64 + COMMENTHDRLEN,
> - COMMENTMAXLEN) >= COMMENTMAXLEN)
> - errx(1, "comment too long");
> + linebegin = b64;
> + lineend = strchr(linebegin, '\n');
> + if (!lineend) {
> + errx(1, "not enough lines in %s", filename);
> }
> - if (!(b64end = strchr(commentend + 1, '\n')))
> - errx(1, "missing new line after base64 in %s", filename);
> - *b64end = '\0';
> - if (b64_pton(commentend + 1, buf, buflen) != buflen)
> - errx(1, "invalid base64 encoding in %s", filename);
> + if (lineend - linebegin > COMMENTHDRLEN &&
> + memcmp(b64, COMMENTHDR, COMMENTHDRLEN) == 0) {
> + *lineend = '\0';
> + if (comment) {
> + if (strlcpy(comment, b64 + COMMENTHDRLEN,
> + COMMENTMAXLEN) >= COMMENTMAXLEN)
> + errx(1, "comment too long");
> + }
> + linebegin = lineend + 1;
> +
> + if (!(lineend = strchr(linebegin, '\n')))
> + errx(1, "missing new line after base64 in %s",
> filename);
> + }
> +
> + *lineend = '\0';
> + if (b64_pton(linebegin, buf, buflen) != buflen)
> + errx(1, "invalid base64 encoding or corrupted comment in
> %s", filename);
> if (memcmp(buf, PKALG, 2) != 0)
> errx(1, "unsupported file %s", filename);
> - return b64end - b64 + 1;
> + return lineend - b64 + 1;
> }
>
> static void
>
