Append option for detached signatures:

Chris Strasburg cstras at ameslab.gov
Thu Feb 3 21:20:10 CET 2011 

Hi all,

I'm new to this list, but have been using (and promoting) GPG for a few
years now.

A few people at our laboratory are interested in electronic document
signing and forms routing (e.g. multiple people signing a document in
order, after verifying preceding signatures), and I've been pushing to
use GPG for this task.

One piece which would streamline this process for us would be the
ability to detach-sign *and* append said signature to the detached file
in a single step.

I implemented the changes below (against the 2.0.17 source), to give an
idea of what we are looking for.

I wasn't trying to make this robust or directly implementable, but I am
interested in feedback on whether this is the right approach to take.
I'm happy to spend some time putting a real update together if it makes
sense to do that.

If anyone has suggestions, either toward something that could be
officially included, or a different approach altogether, that
would be really helpful!

Thanks,

Chris

===

diff -Naur gnupg-2.0.17/common/iobuf.c
gnupg-2.0.17-detachappend/common/iobuf.c
--- gnupg-2.0.17/common/iobuf.c	2011-01-09 16:06:15.000000000 -0600
+++ gnupg-2.0.17-detachappend/common/iobuf.c	2011-02-03
14:05:00.000000000 -0600
@@ -325,6 +325,11 @@
         return INVALID_FP;
       oflag = O_WRONLY | O_CREAT | O_TRUNC;
     }
+    else if ( strchr (mode, 'a') ) { // Open as append file
+      if(fd_cache_invalidate (fname))
+        return INVALID_FP;
+      oflag = O_WRONLY | O_CREAT | O_APPEND;
+    }
   else
     {
       oflag = O_RDONLY;
@@ -1440,7 +1445,6 @@
  * cannot be used for stdout.
  * Note: This is not used.
  */
-#if 0				/* not used */
 iobuf_t
 iobuf_append (const char *fname)
 {
@@ -1454,10 +1458,10 @@
   else if (!(fp = my_fopen (fname, "ab")))
     return NULL;
   a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
-  fcx = m_alloc (sizeof *fcx + strlen (fname));
+  fcx = xmalloc (sizeof *fcx + strlen (fname));
   fcx->fp = fp;
   strcpy (fcx->fname, fname);
-  a->real_fname = m_strdup (fname);
+  a->real_fname = xstrdup (fname);
   a->filter = file_filter;
   a->filter_ov = fcx;
   file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
@@ -1468,7 +1472,6 @@

   return a;
 }
-#endif

 iobuf_t
 iobuf_openrw (const char *fname)
diff -Naur gnupg-2.0.17/g10/main.h gnupg-2.0.17-detachappend/g10/main.h
--- gnupg-2.0.17/g10/main.h	2011-01-09 16:06:16.000000000 -0600
+++ gnupg-2.0.17-detachappend/g10/main.h	2011-02-03 13:50:14.000000000 -0600
@@ -242,6 +242,7 @@

 /*-- openfile.c --*/
 int overwrite_filep( const char *fname );
+int append_filep( const char *fname );
 char *make_outfile_name( const char *iname );
 char *ask_outfile_name( const char *name, size_t namelen );
 int   open_outfile( const char *iname, int mode, iobuf_t *a );
diff -Naur gnupg-2.0.17/g10/openfile.c
gnupg-2.0.17-detachappend/g10/openfile.c
--- gnupg-2.0.17/g10/openfile.c	2011-01-09 16:06:16.000000000 -0600
+++ gnupg-2.0.17-detachappend/g10/openfile.c	2011-02-03
13:50:14.000000000 -0600
@@ -95,6 +95,44 @@
     return 0;
 }

+/****************
+ * Check whether FNAME exists and ask if it's okay to append to the
+ * existing one.
+ * Returns: 2: it's okay to append or the file does not exist
+ *	    0: Do not append
+ */
+int
+append_filep( const char *fname )
+{
+    if( iobuf_is_pipe_filename (fname) )
+	return 0; /* Cannot append to stdout */
+
+    if( access( fname, F_OK ) )
+	return 2; /* does not exist; same as create */
+
+#ifndef HAVE_DOSISH_SYSTEM
+    if ( !strcmp ( fname, "/dev/null" ) )
+        return 2; /* does not do any harm */
+#endif
+#ifdef HAVE_W32_SYSTEM
+    if ( !strcmp ( fname, "nul" ) )
+        return 2;
+#endif
+
+    if( opt.answer_yes )
+	return 2;
+    if( opt.answer_no || opt.batch )
+	return 0;  /* do not append */
+
+    tty_printf(_("File `%s' exists. "), fname);
+    if( cpr_enabled () )
+        tty_printf ("\n");
+    if( cpr_get_answer_is_yes("openfile.append.okay",
+			       _("Append to file? (y/N) ")) )
+	return 2;
+    return 0;
+}
+

 /****************
  * Strip known extensions from iname and return a newly allocated
@@ -183,6 +221,7 @@
 open_outfile( const char *iname, int mode, IOBUF *a )
 {
   int rc = 0;
+  int modify;

   *a = NULL;
   if( iobuf_is_pipe_filename (iname) && !opt.outfile ) {
@@ -247,7 +286,8 @@
     }

     rc = 0;
-    while( !overwrite_filep (name) )
+    modify = 0; // Remember answer to append/overwrite
+    while( !( ((mode == 2) && (modify = append_filep(name))) || (modify
= overwrite_filep (name))))
       {
         char *tmp = ask_outfile_name (NULL, 0);
         if ( !tmp || !*tmp )
@@ -267,12 +307,14 @@
             *a = NULL;
             errno = EPERM;
           }
+        else if (modify == 2)
+          *a = iobuf_append( name );
         else
           *a = iobuf_create( name );
         if( !*a )
           {
             rc = gpg_error_from_syserror ();
-            log_error(_("can't create `%s': %s\n"), name,
strerror(errno) );
+            log_error(_("can't create/append `%s': %s\n"), name,
strerror(errno) );
           }
         else if( opt.verbose )
           log_info(_("writing to `%s'\n"), name );

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110203/9e79ec31/attachment.pgp>

More information about the Gnupg-devel mailing list