Changeset 550

Timestamp:

Oct 31, 2019, 9:13:12 PM (5 years ago)

Author:

katerina

Message:

Fix for ticket #442 (support for OpenBSD signify).

Location:

trunk

Files:

• Makefile.in (modified) (12 diffs)
• acconfig.h (modified) (1 diff)
• aclocal.m4 (modified) (1 diff)
• config.h.in (modified) (5 diffs)
• configure.ac (modified) (9 diffs)
• depend.dep (modified) (5 diffs)
• depend.sum (modified) (1 diff)
• docs/Changelog (modified) (3 diffs)
• include/sh_calls.h (modified) (1 diff)
• include/sh_gpg.h (deleted)
• include/sh_gpg_chksum.h (deleted)
• include/sh_sig.h (added)
• samhain-install.sh.in (modified) (2 diffs)
• scripts/samhainadmin-gpg.pl.in (added)
• scripts/samhainadmin-sig.pl.in (added)
• scripts/samhainadmin.pl.in (deleted)
• scripts/yuleadmin.pl.in (modified) (1 diff)
• src/depend-gen.c (modified) (1 diff)
• src/samhain.c (modified) (4 diffs)
• src/sh_calls.c (modified) (1 diff)
• src/sh_dbIO.c (modified) (4 diffs)
• src/sh_getopt.c (modified) (1 diff)
• src/sh_gpg.c (deleted)
• src/sh_hash.c (modified) (1 diff)
• src/sh_readconf.c (modified) (7 diffs)
• src/sh_sig.c (added)
• src/sh_tools.c (modified) (1 diff)
• src/sh_unix.c (modified) (5 diffs)
• test/gnupg (added)
• test/gnupg/public-key.asc (added)
• test/gnupg/pubring.gpg (added)
• test/gnupg/random_seed (added)
• test/gnupg/secret-key.asc (added)
• test/gnupg/secring.gpg (added)
• test/gnupg/trustdb.gpg (added)
• test/test.sh (modified) (5 diffs)
• test/test1i_file.sig (added)
• test/test1i_samhain.pub (added)
• test/testrc_1i.dyn (added)
• test/testrc_2.in.asc (added)
• test/testrun_1f.sh (added)
• test/testrun_1g.sh (added)
• test/testrun_1h.sh (added)
• test/testrun_1i.sh (added)
• test/testrun_2e.sh (added)
• test/testrun_2f.sh (added)
• test/testrun_2g.sh (added)

trunk/Makefile.in

@@ -118 +118 @@
         sh_mem.h sh_entropy.h sh_xfer.h sh_modules.h sh_utmp.h \
         sh_suidchk.h sh_srp.h sh_fifo.h sh_html.h sh_tools.h \
-        sh_gpg.h sh_cat.h sh_calls.h sh_extern.h sh_database.h sh_trace.h \
+        sh_sig.h sh_cat.h sh_calls.h sh_extern.h sh_database.h sh_trace.h \
         sh_schedule.h bignum.h trustfile.h slib.h zAVLTree.h \
         lzoconf.h minilzo.h rijndael-alg-fst.h rijndael-api-fst.h \
@@ -144 +144 @@
         $(srcsrc)/sh_suidchk.c $(srcsrc)/sh_srp.c \
         $(srcsrc)/sh_fifo.c $(srcsrc)/sh_tools.c \
-        $(srcsrc)/sh_html.c $(srcsrc)/sh_gpg.c \
+        $(srcsrc)/sh_html.c $(srcsrc)/sh_sig.c \
         $(srcsrc)/sh_cat.c $(srcsrc)/sh_calls.c \
         $(srcsrc)/sh_extern.c $(srcsrc)/sh_database.c \
@@ -184 +184 @@
         sh_entropy.o sh_modules.o sh_utmp.o \
         sh_xfer_client.o sh_xfer_server.o sh_xfer_syslog.o \
-        sh_suidchk.o sh_srp.o sh_fifo.o sh_tools.o sh_html.o sh_gpg.o \
+        sh_suidchk.o sh_srp.o sh_fifo.o sh_tools.o sh_html.o sh_sig.o \
         sh_cat.o sh_calls.o sh_extern.o sh_database.o sh_err_log.o \
         sh_err_console.o sh_err_syslog.o sh_schedule.o bignum.o \
@@ -205 +205 @@
         testtimesrv.sh \
         testext.sh testrc_1ext.in test_ext.c.in testrun_1d.sh \
-        testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh testrc_1 \
+        testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh \
+        testrc_1 testrc_1i.dyn test1i_file.sig test1i_samhain.pub \
+        testrun_1d.sh testrun_1e.sh testrun_1f.sh \
+        testrun_1g.sh testrun_1h.sh testrun_1i.sh \
         testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \
-        testrun_2c.sh testrun_2d.sh
+        testrun_2c.sh testrun_2d.sh testrun_2e.sh testrun_2f.sh \
+        testrun_2g.sh
 
 DIST_COMMON =  README COPYING LICENSE samhain.jpg \
@@ -374 +378 @@
 #
 
-DISTCLEANFILES = Makefile samhain.spec sh_gpg_checksum.h sh_gpg_fp.h \
+DISTCLEANFILES = Makefile samhain.spec sh_sig_checksum.h sh_gpg_fp.h \
         init/samhain.startLinux init/samhain.startGentoo init/samhain.startSystemd \
         init/samhain.startLSB init/samhain.startFreeBSD \
         init/samhain.startSolaris init/samhain.startHPUX \
         init/samhain.startIRIX init/samhain.startMACOSX \
-        deploy.sh sh_MK.h samhain-install.sh sh_gpg_chksum.h sh_gpg_fp.h \
+        deploy.sh sh_MK.h samhain-install.sh \
         rules.deb rules.deb-light src/CuTestMain.c \
+        scripts/samhainadmin-sig.pl scripts/samhainadmin-gpg.pl \
         scripts/samhainadmin.pl scripts/check_samhain.pl \
         scripts/samhain.ebuild scripts/samhain.ebuild-light \
@@ -1548 +1553 @@
 
 SCRIPTFILES=redhat_i386.client.spec check_samhain.pl samhainadmin.pl \
+samhainadmin-gpg.pl samhainadmin-sig.pl \
 yuleadmin.pl samhain.ebuild samhain.ebuild-light samhain.spec
 
@@ -1621 +1627 @@
 
 
-samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_xfer.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_sem.h sh_MK.h $(srcinc)/sh_schedule.h 
+
+samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_sig.h $(srcinc)/sh_mem.h $(srcinc)/sh_xfer.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_sem.h sh_MK.h $(srcinc)/sh_schedule.h 
 sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_restrict.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_sem.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/zAVLTree.h $(srcinc)/sh_subuid.h $(srcinc)/sh_ignore.h 
 sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h $(srcinc)/sh_pthread.h 
@@ -1627 +1634 @@
 sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_inotify.h $(srcinc)/zAVLTree.h $(srcinc)/sh_dbIO.h $(srcinc)/CuTest.h 
 sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbCheck.h $(srcinc)/sh_dbCreate.h $(srcinc)/sh_sem.h $(srcinc)/sh_extern.h 
-sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_xfer.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/sh_socket.h 
+sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_xfer.h $(srcinc)/sh_sig.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/sh_socket.h 
 sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h $(srcinc)/sh_checksum.h 
 sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h 
@@ -1633 +1640 @@
 sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h 
 sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h 
-sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_hash.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h 
+sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_hash.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_sig.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h 
 sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/sh_nmail.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h 
+sh_nmail.o: $(srcsrc)/sh_nmail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_string.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/zAVLTree.h 
 sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h 
 sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h 
-sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 
+sh_xfer_client.o: $(srcsrc)/sh_xfer_client.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h 
+sh_xfer_server.o: $(srcsrc)/sh_xfer_server.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/sh_guid.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 
+sh_xfer_syslog.o: $(srcsrc)/sh_xfer_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h 
 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h $(srcinc)/sh_registry.h $(srcinc)/sh_fInotify.h 
 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h 
-sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h 
+sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h 
 sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h $(srcinc)/zAVLTree.h 
 sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h 
@@ -1646 +1656 @@
 sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h 
 sh_html.o: $(srcsrc)/sh_html.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_xfer.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_html.h $(srcinc)/zAVLTree.h 
-sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h 
+sh_sig.o: $(srcsrc)/sh_sig.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_sig.h 
 sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h 
 sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h 
@@ -1675 +1685 @@
 sh_userfiles.o: $(srcsrc)/sh_userfiles.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_utils.h $(srcinc)/sh_schedule.h $(srcinc)/sh_error.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h 
 sh_prelude.o: $(srcsrc)/sh_prelude.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h 
-kern_head.o: $(srcsrc)/kern_head.c Makefile config.h $(srcinc)/kern_head.h $(srcinc)/kern_head.h 
 sh_prelink.o: $(srcsrc)/sh_prelink.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h 
 sh_static.o: $(srcsrc)/sh_static.c Makefile config_xor.h $(srcinc)/sh_pthread.h 
-sh_async.o: $(srcsrc)/sh_async.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h 
+sh_portcheck.o: $(srcsrc)/sh_portcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_mem.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/CuTest.h 
+sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h 
 sh_processcheck.o: $(srcsrc)/sh_processcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h 
-sh_portcheck.o: $(srcsrc)/sh_portcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_mem.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/CuTest.h 
+sh_filter.o: $(srcsrc)/sh_filter.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_filter.h 
 sh_pthread.o: $(srcsrc)/sh_pthread.c Makefile config_xor.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_modules.h 
 sh_string.o: $(srcsrc)/sh_string.c Makefile config_xor.h $(srcinc)/sh_string.h $(srcinc)/sh_mem.h $(srcinc)/CuTest.h 
-dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h 
-t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h 
-sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h 
 sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
 sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
+sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h 
+sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h 
 sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
 sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/zAVLTree.h 
-sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h 
-sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h 
-sh_nmail.o: $(srcsrc)/sh_nmail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_string.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/zAVLTree.h 
-sh_filter.o: $(srcsrc)/sh_filter.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_filter.h 
-sh_inotify.o: $(srcsrc)/sh_inotify.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/slib.h $(srcinc)/zAVLTree.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/CuTest.h 
 sh_log_correlate.o: $(srcsrc)/sh_log_correlate.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h 
 sh_log_mark.o: $(srcsrc)/sh_log_mark.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_string.h $(srcinc)/sh_error_min.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h 
+sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h 
+dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h 
+sh_inotify.o: $(srcsrc)/sh_inotify.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/slib.h $(srcinc)/zAVLTree.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/CuTest.h 
 sh_log_repeat.o: $(srcsrc)/sh_log_repeat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h 
-sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h 
-sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h 
 sh_audit.o: $(srcsrc)/sh_audit.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h 
 sh_registry.o: $(srcsrc)/sh_registry.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_modules.h $(srcinc)/sh_hash.h $(srcinc)/sh_tiger.h 
@@ -1709 +1714 @@
 sh_checksum.o: $(srcsrc)/sh_checksum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_checksum.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h 
 sh_guid.o: $(srcsrc)/sh_guid.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h 
-sh_dbIO.o: $(srcsrc)/sh_dbIO.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_gpg.h $(srcinc)/sh_tiger.h $(srcinc)/sh_xfer.h $(srcinc)/sh_pthread.h $(srcinc)/sh_socket.h $(srcinc)/sh_files.h $(srcinc)/zAVLTree.h 
+sh_sem.o: $(srcsrc)/sh_sem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_sem.h $(srcinc)/sh_error_min.h 
+sh_dbIO.o: $(srcsrc)/sh_dbIO.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_sig.h $(srcinc)/sh_tiger.h $(srcinc)/sh_xfer.h $(srcinc)/sh_pthread.h $(srcinc)/sh_socket.h $(srcinc)/sh_files.h $(srcinc)/zAVLTree.h 
 sh_dbCheck.o: $(srcsrc)/sh_dbCheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_pthread.h 
 sh_dbCreate.o: $(srcsrc)/sh_dbCreate.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_pthread.h $(srcinc)/sh_guid.h 
-sh_xfer_client.o: $(srcsrc)/sh_xfer_client.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h 
-sh_xfer_server.o: $(srcsrc)/sh_xfer_server.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/sh_guid.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 
-sh_xfer_syslog.o: $(srcsrc)/sh_xfer_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h 
-sh_xload_client.o: $(srcsrc)/sh_xload_client.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_guid.h 
-sh_sem.o: $(srcsrc)/sh_sem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_sem.h $(srcinc)/sh_error_min.h 
 sh_subuid.o: $(srcsrc)/sh_subuid.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_unix.h 
+t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h 

trunk/acconfig.h

@@ -231 +231 @@
 /* The full path to GnuPG                     */
 #undef DEFAULT_GPG_PATH
-
-/* Define if using the gpg/pgp checksum.      */
-#undef HAVE_GPG_CHECKSUM
-
-/* The tiger checksum of the gpg/pgp binary.  */
-#undef GPG_HASH
 
 /* Define if you want to compile in the       */

trunk/aclocal.m4

@@ -410 +410 @@
 DESTDIR=
 SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid"
-SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file"
+SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file"
 
 # Installation directory options.

trunk/config.h.in

@@ -232 +232 @@
 #undef DEFAULT_GPG_PATH
 
-/* Define if using the gpg/pgp checksum.      */
-#undef HAVE_GPG_CHECKSUM
-
-/* The tiger checksum of the gpg/pgp binary.  */
-#undef GPG_HASH
-
 /* Define if you want to compile in the       */
 /* public key fingerprint.                    */
@@ -440 +434 @@
 #undef AC_APPLE_UNIVERSAL_BUILD
 
+/* Define as path to signing binary */
+#undef DEFAULT_SIG_PATH
+
 /* Debug dnmalloc */
 #undef DNMALLOC_CHECKS
@@ -798 +795 @@
 #undef HAVE_SETUTENT
 
+/* Define if signing binary checksum available. */
+#undef HAVE_SIG_CHECKSUM
+
+/* Define if signing binary checksum available. */
+#undef HAVE_SIG_KEY_HASH
+
 /* Define if you have SI_USER */
 #undef HAVE_SI_USER
@@ -1034 +1037 @@
 #undef SH_USE_PROCESSCHECK
 
+/* Define as the signing binary TIGER192 checksum. */
+#undef SIG_HASH
+
+/* Define as the signify public key checksum. */
+#undef SIG_KEY_HASH
+
 /* The size of `char *', as computed by sizeof. */
 #undef SIZEOF_CHAR_P
@@ -1090 +1099 @@
 /* Define if you want extended attributes support. */
 #undef USE_XATTR
+
+/* Define if signature checking is supported. */
+#undef WITH_SIG
+
+/* Define if using OpenBSD signify for signature checking. */
+#undef WITH_SIGNIFY
 
 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most

trunk/configure.ac

@@ -12 +12 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 4.3.3)
+AM_INIT_AUTOMAKE(samhain, 4.4.0)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST
@@ -2220 +2220 @@
 
 dnl
-dnl  GPG/PGP options
+dnl  Signify/GnuPG options
 dnl 
+
+AC_ARG_WITH(signify,
+        [  --with-signify=PATH          use OpenBSD signify to verify database/config [[no]]],
+        [
+        if test "x${withval}" != "xno"; then
+          if test "x${cross_compiling}" = xyes; then
+                mysignify="${withval}"
+          else
+                if test -f "${withval}"; then
+                  mysignify="${withval}"
+                  mychk0=`gpg --load-extension tiger --print-md TIGER192 ${withval} 2>/dev/null`
+                  if test "x$?" != "x0"; then
+                    mychktest=no
+                    for sam_pre in ./samhain ./yule /usr/local/sbin/samhain /usr/local/bin/samhain /usr/bin/samhain /usr/sbin/samhain /usr/local/sbin/yule /usr/local/bin/yule /usr/bin/yule /usr/sbin/yule; do
+                      if test x"${mychktest}" = xyes
+                      then
+                        :
+                      else
+                        if test -f ${sam_pre}
+                        then
+                          echo "use existing ${sam_pre} for signify checksum"
+                          mychk0=`${sam_pre} -H ${withval} 2>/dev/null`
+                          if test "x$?" != "x0"; then
+                            if test "x${nocl_code}" != "x"; then
+                               mychk0=`echo -H ${withval} | ${sam_pre} ${nocl_code} 2>/dev/null`
+                               if test "x$?" != "x0"; then
+                                  :
+                               else
+                                  mychk="${mychk0}"
+                                  mychktest=yes
+                               fi 
+                            fi
+                          else
+                            mychk="${mychk0}"
+                            mychktest=yes
+                          fi
+                        fi
+                      fi
+                    done
+                    if test x${mychktest} = xno; then
+                      AC_MSG_WARN([--with-signify: cannot determine TIGER192 checksum of ${withval}])
+                      echo "-------------------------------------------------------------"
+                      echo " I cannot find an existing GnuPG or samhain binary to use."
+                      echo " You can:"
+                      echo "   (a) run make to compile a samhain binary, then repeat"
+                      echo "       ./configure and make"
+                      echo "   (b) ignore the failure. The checksum of the signify binary"
+                      echo "       will not get compiled in, thus allowing an attacker"
+                      echo "       to replace signify with a trojan and subverting the"
+                      echo "       signature verification of configure and database files."
+                      echo
+                      echo " PLEASE IGNORE THIS MESSAGE IF YOU ALSO USE --with-checksum"
+                      echo "-------------------------------------------------------------"
+                    fi
+                  else
+                    mychk="${mychk0}"
+                  fi
+                else
+                  AC_MSG_ERROR([--with-signify: cannot find signify PATH=${withval}])
+                fi
+          fi
+          AC_DEFINE([WITH_SIG], 1, [Define if signature checking is supported.])
+          AC_DEFINE([WITH_SIGNIFY], 1, [Define if using OpenBSD signify for signature checking.])
+          AC_DEFINE_UNQUOTED([DEFAULT_SIG_PATH], _("${mysignify}"), [Define as path to signing binary])
+          AC_SUBST(mysignify)
+        fi
+        ]
+)
+
+AC_ARG_WITH(pubkey-checksum,
+        [  --with-pubkey-checksum=CHKSUM        compile in TIGER192 checksum of signify public key [[no]]],
+        [
+        if test "x${withval}" != "xno"; then
+                if test "x${withval}" == "xyes"; then
+                        AC_MSG_ERROR([Option --with-pubkey-checksum=CHKSUM: checksum CHKSUM of signify public key not specified.])
+                else
+                        if test "x${withval}" = "x"; then
+                                AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the signify public key not specified.])
+                        fi
+                fi
+                AC_DEFINE([HAVE_SIG_KEY_HASH], 1, [Define if signing binary checksum available.])
+                AC_DEFINE_UNQUOTED([SIG_KEY_HASH], _("${withval}"), [Define as the signify public key checksum.] )
+        fi
+        ]
+)
+
 
 AC_ARG_WITH(gpg,
         [  --with-gpg=PATH              use GnuPG to verify database/config [[no]]],
         [
+        if test "x${mysignify}" != "x"; then
+           AC_MSG_ERROR([--with-gpg: already using --with-signify])
+        fi
         if test "x${withval}" != "xno"; then
           if test "x${cross_compiling}" = xyes; then
@@ -2284 +2373 @@
                 fi
           fi
+          AC_DEFINE([WITH_SIG], 1, [Define if signature checking is supported.])
           AC_DEFINE(WITH_GPG)
-          AC_DEFINE_UNQUOTED(DEFAULT_GPG_PATH, _("${mygpg}") )
+          AC_DEFINE_UNQUOTED([DEFAULT_SIG_PATH], _("${mygpg}"), [Define as path to signing binary])
           AC_SUBST(mygpg)
         fi
@@ -2312 +2402 @@
 )
 
-dnl AC_ARG_WITH(pgp,
-dnl        [  --with-pgp=PATH           Use PGP to verify database/config (no).],
-dnl         [myppg="$withval"
-dnl     AC_DEFINE(WITH_PGP)
-dnl     AC_DEFINE_UNQUOTED(DEFAULT_PGP_PATH, _("${myppg}") )
-dnl     ])
-
 AC_ARG_WITH(checksum,
-        [  --with-checksum=CHKSUM       compile in gpg/pgp checksum [[yes]]],
+        [  --with-checksum=CHKSUM       compile in checksum of signing binary (e.g. gpg) [[yes]]],
         [
         if test "x${withval}" != "xno"; then
@@ -2326 +2409 @@
                         if test "x${mychk}" != "x"; then
                                 if test "x${mychk}" != "x${withval}"; then
-                                        AC_MSG_WARN([--with-checksum: possible gpg CHKSUM problem])
+                                        AC_MSG_WARN([--with-checksum: possible signing binary CHKSUM problem])
                                         AC_MSG_WARN([--with-checksum: CHKSUM=${withval}])
                                         AC_MSG_WARN([--with-checksum: autodetected=${mychk}])
@@ -2334 +2417 @@
                 else
                         if test "x${mychk}" = "x"; then
-                                AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the gpg binary not specified.])
+                                AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the signing binary not specified.])
                         fi
                 fi
-                AC_DEFINE(HAVE_GPG_CHECKSUM)
-                AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") )
-                echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h 
+                AC_DEFINE([HAVE_SIG_CHECKSUM], 1, [Define if signing binary checksum available.])
+                AC_DEFINE_UNQUOTED([SIG_HASH], _("${mychk}"), [Define as the signing binary TIGER192 checksum.] )
+                echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char sigchk[50];"; for (i=1; i <= m; i++) printf "sigchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "sigchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_sig_chksum.h 
         fi
         ],
         [
-        if test "x${mygpg}" != "x"; then
+        if test "x${mygpg}" != "x" || test "x${mysignify}" != "x"
+        then
                 if test "x${mychk}" != "x"; then
-                        AC_DEFINE(HAVE_GPG_CHECKSUM)
-                        AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") )
-                        echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h 
+                        AC_DEFINE([HAVE_SIG_CHECKSUM], 1, [Define if signing binary checksum available.])
+                        AC_DEFINE_UNQUOTED([SIG_HASH], _("${mychk}"), [Define as the signing binary TIGER192 checksum.] )
+                        echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char sigchk[50];"; for (i=1; i <= m; i++) printf "sigchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "sigchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_sig_chksum.h 
                 fi
         fi
@@ -2710 +2794 @@
 scripts/samhain.ebuild
 scripts/samhain.ebuild-light
-scripts/samhainadmin.pl
+scripts/samhainadmin-gpg.pl
+scripts/samhainadmin-sig.pl
 scripts/yuleadmin.pl
 scripts/check_samhain.pl
@@ -2718 +2803 @@
 echo timestamp > stamp-h
 chmod +x samhain-install.sh
-chmod +x scripts/samhainadmin.pl
+chmod +x scripts/samhainadmin-gpg.pl
+chmod +x scripts/samhainadmin-sig.pl
 chmod +x scripts/yuleadmin.pl
 chmod +x scripts/check_samhain.pl
@@ -2725 +2811 @@
 
 chmod +x deploy.sh
+
+if test "x${mysignify}" != x
+then
+        cp -a scripts/samhainadmin-sig.pl scripts/samhainadmin.pl
+fi 
+if test "x${mygpg}" != x
+then
+        cp -a scripts/samhainadmin-gpg.pl scripts/samhainadmin.pl
+fi 
+
 
 if test "x${cross_compiling}" = xyes

trunk/depend.dep

@@ -1 +1 @@
 
 # DO NOT DELETE THIS LINE
-samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_xfer.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_sem.h sh_MK.h $(srcinc)/sh_schedule.h 
+samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_sig.h $(srcinc)/sh_mem.h $(srcinc)/sh_xfer.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_sem.h sh_MK.h $(srcinc)/sh_schedule.h 
 sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_restrict.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_sem.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/zAVLTree.h $(srcinc)/sh_subuid.h $(srcinc)/sh_ignore.h 
 sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h $(srcinc)/sh_pthread.h 
@@ -7 +7 @@
 sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_inotify.h $(srcinc)/zAVLTree.h $(srcinc)/sh_dbIO.h $(srcinc)/CuTest.h 
 sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbCheck.h $(srcinc)/sh_dbCreate.h $(srcinc)/sh_sem.h $(srcinc)/sh_extern.h 
-sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_xfer.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/sh_socket.h 
+sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_xfer.h $(srcinc)/sh_sig.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/sh_socket.h 
 sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h $(srcinc)/sh_checksum.h 
 sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h 
@@ -13 +13 @@
 sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h 
 sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h 
-sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_hash.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h 
+sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_hash.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_sig.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h 
 sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/sh_nmail.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h 
 sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h 
@@ -92 +92 @@
 sh_checksum.o: $(srcsrc)/sh_checksum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_checksum.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h 
 sh_guid.o: $(srcsrc)/sh_guid.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h 
-sh_dbIO.o: $(srcsrc)/sh_dbIO.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_gpg.h $(srcinc)/sh_tiger.h $(srcinc)/sh_xfer.h $(srcinc)/sh_pthread.h $(srcinc)/sh_socket.h $(srcinc)/sh_files.h $(srcinc)/zAVLTree.h 
+sh_dbIO.o: $(srcsrc)/sh_dbIO.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_sig.h $(srcinc)/sh_tiger.h $(srcinc)/sh_xfer.h $(srcinc)/sh_pthread.h $(srcinc)/sh_socket.h $(srcinc)/sh_files.h $(srcinc)/zAVLTree.h 
 sh_dbCheck.o: $(srcsrc)/sh_dbCheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_pthread.h 
 sh_dbCreate.o: $(srcsrc)/sh_dbCreate.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_pthread.h $(srcinc)/sh_guid.h 
@@ -101 +101 @@
 sh_sem.o: $(srcsrc)/sh_sem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_sem.h $(srcinc)/sh_error_min.h 
 sh_subuid.o: $(srcsrc)/sh_subuid.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_unix.h 
+sh_sig.o: $(srcsrc)/sh_sig.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_sig.h 

trunk/depend.sum

@@ -1 @@
-3024561571
+3600310821

trunk/docs/Changelog

@@ +1 @@
+4.4.0:
+        * support for OpenBSD signify as alternative to GnuPG
+
 4.3.3:
         * fix broken 'make deb' makefile target
         * eliminate obsolete 'sstrip' utility
-        * systemd support 
+        * systemd support
         * fix broken rpm specfile (patch by Franky Van L.)
         * fix broken mysql init script
@@ -52 +55 @@
         * fix build issue with musl libc (report & patch by A. Kuster)
         * fix case sensitivity (tcp vs TCP, udp vs UDP) in portcheck
-        directives (reported by Anton H.)
+        directives (reported by A. Hofland)
         * fix documentation typo ('make deploy-install' ->
         'make install-deploy', reported by Ben)
@@ -72 +75 @@
         as uint16, e.g. FreeBSD).
         * add portcheck option 'PortCheckDevice = device' to monitor a
-        device regardless of address assigned to it (patch by Anton H., plus
+        device regardless of address assigned to it (patch by A. Hofland, plus
         some additions)
         * fix case sensitivity of severity/class options (issue raised by
-        Anton H.).
+        A. Hofland).
         * clarify restrictions for ProcessCheckPSArg (user manual)
 

trunk/include/sh_calls.h

@@ -76 +76 @@
 long int retry_aud_dup2    (const char * file, int line, int fd, int fd2);
 long int retry_aud_execve  (const char * file, int line, 
-                            const  char *dateiname, char * argv[],
-                            char *envp[]);
+                            const  char *dateiname, char *const argv[],
+                            char *const envp[]);
 long int retry_aud_dup     (const char * file, int line, 
                             int fd);

trunk/samhain-install.sh.in

@@ -1339 +1339 @@
 
     GPGPATH=@mygpg@
+    SIGNIFY_PATH=@mysignify@
     TARGETKEYID=@mykeyid@
     KEYTAG=@mykeytag@
@@ -1416 +1417 @@
             cp ${RCFILE} samhainrc.pre
         fi
+    elif test x"${SIGNIFY_PATH}" != x
+    then
+        echo
+        echo "You need to sign the config file now"
+        echo
+        test -z "$verbose" || echo "  ${SIGNIFY_PATH} -Se -s ~/.signify/samhain.sec -m $RCFILE"
+        if test x"${NTEST}" = "x-DSH_WITH_SERVER"
+        then
+            myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\
+                  grep "^${samhain}:" | awk -F: '{ print $3; }'`
+            if test x"${myident_uid}" != x
+            then
+                DOT_SIGNIFY=`eval echo ~${samhain}/.signify`
+                test -z "$verbose" || echo "  using home directory ${DOT_SIGNIFY}"
+                ${SIGNIFY_PATH} -Se -s ${DOT_GNUPG}/samhain.sec $RCFILE
+            else
+                ${SIGNIFY_PATH} -Se -s  ~/.signify/samhain.sec -m $RCFILE
+            fi
+        else
+            ${SIGNIFY_PATH} -Se -s  ~/.signify/samhain.sec -m $RCFILE
+        fi
+
+        if test -f ${RCFILE}.sig
+        then
+            test -z "$verbose" || echo "  mv -f ${RCFILE}.sig samhainrc.pre"
+            mv -f ${RCFILE}.sig samhainrc.pre
+        else
+            echo "**********************************************************"
+            echo
+            echo "${0}: ERROR: cannot find signed file ${RCFILE}.sig"
+            echo
+            echo "   --- You need to sign the configuration file ---"
+            echo
+            echo "**********************************************************"
+            cp ${RCFILE} samhainrc.pre
+        fi
     else
         test -z "$verbose" || echo "  cp $RCFILE samhainrc.pre"

trunk/scripts/yuleadmin.pl.in

@@ -38 +38 @@
 my $base = basename($0);
 
-#my $cfgfile  = "yulerc";
-#my $yule     = "./yule";
-#my $gpg      = "/usr/bin/gpg";
-
 my $cfgfile  = "@myconffile@";
 my $yule     = "@sbindir@/@install_name@";
-my $gpg      = "@mygpg@";
 
 $cfgfile  =~ s/^REQ_FROM_SERVER//;
-
-$gpg = "gpg" if ($gpg eq "");
 
 sub usage() {

trunk/src/depend-gen.c

@@ -245 +245 @@
            *
            **************************************************/
-          if (0 == strcmp(p, "sh_gpg_chksum.h") ||
+          if (0 == strcmp(p, "sh_sig_chksum.h") ||
               0 == strcmp(p, "sh_gpg_fp.h"))
             {

trunk/src/samhain.c

@@ -77 +77 @@
 
 #include "sh_tiger.h"
-#include "sh_gpg.h"
+#include "sh_sig.h"
 #include "sh_mem.h"
 #include "sh_xfer.h"
@@ -1907 +1907 @@
 #if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT)
 
-#if (defined(WITH_GPG) || defined(WITH_PGP))
+#if defined(WITH_GPG)
   /* log startup */
-  sh_gpg_log_startup ();
+  sh_sig_log_startup ();
 #else
   sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H,
@@ -1930 +1930 @@
   if (sh.flag.checkSum == SH_CHECK_CHECK) 
     {
-#if (defined(WITH_GPG) || defined(WITH_PGP))
+#if defined(WITH_GPG)
       /* log startup */
-      sh_gpg_log_startup ();
+      sh_sig_log_startup ();
 #else
       sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_2H,
@@ -1942 +1942 @@
   else
     {
-#if (defined(WITH_GPG) || defined(WITH_PGP))
+#if defined(WITH_GPG)
       /* log startup */
-      sh_gpg_log_startup ();
+      sh_sig_log_startup ();
 #else
       sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H,

trunk/src/sh_calls.c

@@ -533 +533 @@
 
 long int retry_aud_execve  (const char * file, int line, 
-                            const  char *dateiname, char * argv[],
-                            char * envp[])
+                            const  char *dateiname, char *const argv[],
+                            char *const envp[])
 {
   uid_t a = geteuid();

trunk/src/sh_dbIO.c

@@ -31 +31 @@
 #include "sh_hash.h"
 #include "sh_dbIO.h"
-#include "sh_gpg.h"
+#include "sh_sig.h"
 #include "sh_tiger.h"
 #include "sh_xfer.h"
@@ -852 +852 @@
 static SL_TICKET verify_data (SL_TICKET fd)
 {
-#if defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(WITH_SIG)
   SL_TICKET fdTmp;
 
   /* extract the data and copy to temporary file
    */
-  fdTmp = sh_gpg_extract_signed(fd);
+  fdTmp = sh_sig_extract_signed(fd);
 
   if (sig_termfast == 1)  /* SIGTERM */
@@ -871 +871 @@
   /* Validate signature of open file.
    */
-  if (0 != sh_gpg_check_sign (fd, SIG_DATA))
+  if (0 != sh_sig_check_signature (fd, SIG_DATA))
     {
       sl_close(fd);
@@ -877 +877 @@
     }
   sl_rewind (fd);
+
+  fdTmp = sh_sig_extract_signed_data(fd);
+  sl_close(fd);
+  fd = fdTmp;  
 #endif
 

trunk/src/sh_getopt.c

@@ -481 +481 @@
 #ifdef WITH_GPG
   if (num > 0) fputc ('\n', stdout);
-  printf (_(" GnuPG signatures (%s)"), DEFAULT_GPG_PATH); ++num;
-#ifdef HAVE_GPG_CHECKSUM
-  if (num > 0) fputc ('\n', stdout);
-  printf (_("   -- GnuPG checksum:  %s"), GPG_HASH); ++num;
+  printf (_(" GnuPG signatures (%s)"), DEFAULT_SIG_PATH); ++num;
+#ifdef HAVE_SIG_CHECKSUM
+  if (num > 0) fputc ('\n', stdout);
+  printf (_("   -- GnuPG checksum:  %s"), SIG_HASH); ++num;
 #endif
 #ifdef USE_FINGERPRINT

trunk/src/sh_hash.c

@@ -54 +54 @@
 #include "sh_error.h"
 #include "sh_tiger.h"
-#include "sh_gpg.h"
+#include "sh_sig.h"
 #include "sh_unix.h"
 #include "sh_files.h"

trunk/src/sh_readconf.c

@@ -34 +34 @@
 #include "sh_files.h"
 #include "sh_xfer.h"
-#include "sh_gpg.h"
+#include "sh_sig.h"
 #include "sh_hash.h"
 #include "sh_dbIO.h"
@@ -352 +352 @@
   SL_TICKET    fdTmp = -1;
 #endif
-#if defined(WITH_GPG) || defined(WITH_PGP)
-  SL_TICKET    fdGpg = -1;
+#if defined(WITH_SIG) 
+  SL_TICKET    fdSIG = -1;
 #endif
   char * tmp;
@@ -369 +369 @@
   char   local_flag = 'R';
 
-#if defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(WITH_SIG)
   int    signed_content = S_FALSE;
   int    true_content   = S_FALSE;
@@ -470 +470 @@
         sl_write_line(fdTmp, line_in, sl_strlen(line_in));
       }
-#if defined(WITH_GPG) || defined(WITH_PGP)
-    if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25))
+#if defined(WITH_SIG)
+    if (S_TRUE == sh_sig_data_end(line_in))
       break;
 #else
@@ -485 +485 @@
 #endif
 
-#if defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(WITH_SIG)
 
   /* extract the data and copy to temporary file
    */
-  fdGpg = sh_gpg_extract_signed(fd);
+  fdSIG = sh_sig_extract_signed(fd);
 
   sl_close(fd);
-  fd = fdGpg;
+  fd = fdSIG;
 
   /* Validate signature of open file.
    */
-  if (0 != sh_gpg_check_sign (fd, SIG_CONF))
+  if (0 != sh_sig_check_signature (fd, SIG_CONF))
     {
       SH_FREE(line_in);
@@ -520 +520 @@
     /* Sun May 27 18:40:05 CEST 2001
      */
-#if defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(WITH_SIG)
     if (signed_content == S_FALSE)
       { 
-        if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
+        if (S_TRUE == sh_sig_msg_start(line))
           signed_content = S_TRUE;
         else 
           continue;
       }
-    else if (true_content == S_FALSE)
-      {
-        if (line[0] == '\n')
-          true_content = S_TRUE;
-        else
-          continue;
-      }
-    else if (signed_content == S_TRUE)
+    else /* if (signed_content == S_TRUE) */
       { 
-        if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----")))
+        if (S_TRUE == sh_sig_msg_end(line))
           break;
-        else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
+        else if (S_TRUE == sh_sig_msg_start(line))
           {
             sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
@@ -551 +544 @@
             aud_exit (FIL__, __LINE__,EXIT_FAILURE);
           }
+      }
+
+    if (true_content == S_FALSE) /* continue if in header */
+      {
+        if (S_TRUE == sh_sig_msg_startdata(line))
+          true_content = S_TRUE;
+        else
+          continue;
       }
 #endif

trunk/src/sh_tools.c

@@ -2075 +2075 @@
 #endif
 
-#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_SIG)
 
 /* --------- secure temporary file ------------ */

trunk/src/sh_unix.c

@@ -5407 +5407 @@
 {
   int                  add_off = 0, llen;
+  unsigned long        bread;
   static unsigned long off_data   = 0;
   static unsigned long max_data   = 0;
@@ -5454 +5455 @@
   /* --- Read one line. ---
    */
-  add_off   = hideout_hex_block(fd, (unsigned char *) str, len, &bytes_read);
-  off_data += add_off;
+  add_off   = hideout_hex_block(fd, (unsigned char *) str, len, &bread);
+  if (add_off > 0)
+    off_data += add_off;
+  bytes_read += bread;
+
+  if (bread == 0 || add_off <= 0) /* EOF */
+    str[0] = '\0';
 
   llen = sl_strlen(str);
@@ -5477 +5483 @@
   ASSERT_RET((len > 1), _("len > 1"), (0));
 
+  str[0] = '\0';
+  *bytes_read = 0;
   --len;
 
@@ -5494 +5502 @@
               do {
                 do {
+                  errno = 0;
                   num = sl_read (fd, &c, 1);
                 } while (num == 0 && errno == EINTR);
                 if (num > 0)
                   ++here;
-                else if (num == 0)
-                  SL_RETURN((0), _("hideout_hex_block"));
-                else 
+                else if (num == 0) {
                   SL_RETURN((-1), _("hideout_hex_block"));
+                }
+                else {
+                  SL_RETURN((-1), _("hideout_hex_block"));
+                }
               } while (c == '\n' || c == '\t' || c == '\r' || 
                        c == ' ');
@@ -5523 +5534 @@
   if (i != 0)
     str[i] = '\0';
+  else if (str[0] == '\n')
+    str[i+1] = '\0'; /* keep newline and terminate */
   else
-    str[i+1] = '\0'; /* keep newline and terminate */
+    str[0] = '\0';
   retval += here;
   *bytes_read += (bread/8);

trunk/test/test.sh

@@ -154 +154 @@
     echo "  ${S}test.sh 12${E}  -- CL create DeltaDB" 
     echo "  ${S}test.sh 13${E}  -- CL create/verify partial DB" 
+    echo "  ${S}test.sh 14${E}  -- Signify signed files" 
 
     echo "  ${S}test.sh 20${E}  -- Test c/s init/check      (testrc_2.in)"
@@ -171 +172 @@
     echo "  (5) testext.sh     (6) testtimesrv.sh  (7) testrun_1b.sh  (8) testrun_1c.sh" 
     echo "  (9) testrun_1d.sh (10) testrun_1e.sh  (11) testrun_1f.sh (12) testrun_1g.sh" 
-    echo " (13) testrun_1h.sh"
+    echo " (13) testrun_1h.sh (14) testrun_1i.sh"
     echo " (20) testrun_2.sh  (21) testrun_2a.sh  (22) testrun_2b.sh (23) testrun_2c.sh"
     echo " (24) testrun_2d.sh (25) testrun_2e.sh  (26) testrun_2f.sh (27) testrun_2g.sh"
@@ -657 +658 @@
     exit $?
 fi
+if test x$1 = x14; then
+    . ${SCRIPTDIR}/testrun_1i.sh
+    testrun1i
+    print_summary
+    exit $?
+fi
 if test x$1 = x20; then
     . ${SCRIPTDIR}/testrun_2.sh 
@@ -736 +743 @@
     . ${SCRIPTDIR}/testrun_1h.sh
     let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
+    . ${SCRIPTDIR}/testrun_1i.sh
+    let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
     . ${SCRIPTDIR}/testrun_2.sh
     let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null
@@ -809 +818 @@
     MAXTEST=${TEST_MAX}; export MAXTEST
     testrun1h
+    #
+    . ${SCRIPTDIR}/testrun_1i.sh
+    MAXTEST=${TEST_MAX}; export MAXTEST
+    testrun1i
     #
     . ${SCRIPTDIR}/testrun_2.sh