From 2e031ac7536ff110ff6a62298e43e1dbb0f5deac Mon Sep 17 00:00:00 2001
From: espie <espie@openbsd.org>
Date: Thu, 9 Jan 2014 10:36:52 +0000
Subject: [PATCH] tweak signing yet again. Have pkg_create automatically add
 signing identities every time, and make matching identities mandatory. e.g.,
 pkg_create and pkg_add must have matching -DSIGNER. by default, signer is
 derived from uname -r and role (pkg_add/fw_update), e.g., 54pkg, 54fw...

---
 usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm | 22 +++++++++++++++++++-
 usr.sbin/pkg_add/OpenBSD/Paths.pm           |  5 ++---
 usr.sbin/pkg_add/OpenBSD/PkgCreate.pm       |  9 ++++----
 usr.sbin/pkg_add/OpenBSD/signify.pm         | 23 ++++++++++++---------
 4 files changed, 41 insertions(+), 18 deletions(-)

diff --git a/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm b/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm
index 475a71ec2d0..3d7deb5f454 100644
--- a/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm
+++ b/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: AddCreateDelete.pm,v 1.17 2013/12/23 16:50:29 espie Exp $
+# $OpenBSD: AddCreateDelete.pm,v 1.18 2014/01/09 10:36:52 espie Exp $
 #
 # Copyright (c) 2007-2010 Marc Espie <espie@openbsd.org>
 #
@@ -106,6 +106,26 @@ sub ntogo_string
 	return $self->todo($offset // 0);
 }
 
+OpenBSD::Auto::cache(signer_list,
+	sub {
+		my $self = shift;
+		if ($self->defines('SIGNER')) {
+			return [split /,/, $self->{subst}->value('SIGNER')];
+		} else {
+			require OpenBSD::Paths;
+
+			my $cmd = OpenBSD::Paths->uname." -r";
+			my $value = `$cmd`;
+			$value =~ s/\.//;
+			chomp $value;
+			if ($self->defines('FW_UPDATE')) {
+				return [$value."fw"];
+			} else {
+				return [$value."pkg"];
+			}
+		}
+	});
+
 package OpenBSD::AddCreateDelete;
 use OpenBSD::Error;
 
diff --git a/usr.sbin/pkg_add/OpenBSD/Paths.pm b/usr.sbin/pkg_add/OpenBSD/Paths.pm
index 8d7281d4b22..831a612210a 100644
--- a/usr.sbin/pkg_add/OpenBSD/Paths.pm
+++ b/usr.sbin/pkg_add/OpenBSD/Paths.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: Paths.pm,v 1.24 2014/01/04 00:14:08 espie Exp $
+# $OpenBSD: Paths.pm,v 1.25 2014/01/09 10:36:52 espie Exp $
 #
 # Copyright (c) 2007 Marc Espie <espie@openbsd.org>
 #
@@ -33,8 +33,7 @@ sub sysctl() { '/sbin/sysctl' }
 sub openssl() { '/usr/sbin/openssl' }
 sub pkgca() { '/etc/ssl/pkgca.pem' }
 sub signify() { '/usr/bin/signify' }
-sub signifykey() { '/etc/signify/openbsd.pub' }
-sub signifyfwkey() { '/etc/signify/openbsd-fw.pub' }
+sub signifykey { my $s = $_[1]; "/etc/signify/$s.pub" }
 sub pkg_add() { '/usr/sbin/pkg_add' }
 sub chmod() { '/bin/chmod' }	# external command is used for symbolic modes.
 sub gzip() { '/usr/bin/gzip' }
diff --git a/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm b/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm
index 36dc23ac3d0..43aca07b6fd 100644
--- a/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm
+++ b/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm
@@ -1,6 +1,6 @@
 #! /usr/bin/perl
 # ex:ts=8 sw=4:
-# $OpenBSD: PkgCreate.pm,v 1.86 2014/01/07 11:51:15 espie Exp $
+# $OpenBSD: PkgCreate.pm,v 1.87 2014/01/09 10:36:52 espie Exp $
 #
 # Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org>
 #
@@ -1158,10 +1158,11 @@ sub add_signature
 		}
 	}
 
-	my $signer = $state->{subst}->value('SIGNER');
-	if (defined $signer) {
-		OpenBSD::PackingElement::Signer->add($plist, $signer);
+	my $list = $state->signer_list;
+	if (@$list != 1) {
+		$state->fatal("Ambiguous: single SIGNER identity required");
 	}
+	OpenBSD::PackingElement::Signer->add($plist, $list->[0]);
 
 	my $sig = $state->{signer}->new_sig;
 	$sig->add_object($plist);
diff --git a/usr.sbin/pkg_add/OpenBSD/signify.pm b/usr.sbin/pkg_add/OpenBSD/signify.pm
index 76be398b783..1a2810ebdb6 100644
--- a/usr.sbin/pkg_add/OpenBSD/signify.pm
+++ b/usr.sbin/pkg_add/OpenBSD/signify.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: signify.pm,v 1.5 2014/01/08 06:40:56 espie Exp $
+# $OpenBSD: signify.pm,v 1.6 2014/01/09 10:36:52 espie Exp $
 #
 # Copyright (c) 2013 Marc Espie <espie@openbsd.org>
 #
@@ -60,20 +60,23 @@ sub check_signature
 	print $fh2 $header, $sig->{b64sig}, "\n";
 	close $fh;
 	close $fh2;
-	my $pubkey;
 	
-	if ($state->defines('FW_UPDATE')) {
-		$pubkey = OpenBSD::Paths->signifyfwkey;
-	} else {
-		$pubkey = OpenBSD::Paths->signifykey;
+	if (!$plist->has('signer')) {
+		$state->errsay("Invalid signed plist: no \@signer");
+		return 0;
 	}
-	if ($plist->has('signer')) {
-		my $signer = $plist->get('signer')->name;
-		$pubkey = "/etc/signify/$signer.pub";
+	my $pubkey;
+	my $signer = $plist->get('signer')->name;
+	if (grep {$_ eq $signer} @{$state->signer_list}) {
+		$pubkey = OpenBSD::Paths->signifykey($signer);
 		if (!-f $pubkey) {
-			$state->say("Unknown signer #1", $signer);
+			$state->errsay("Can't find key #1 for signer #1", 
+			    $pubkey, $signer);
 			return 0;
 		}
+	} else {
+		$state->errsay("Package signed by untrusted party #1", $signer);
+		return 0;
 	}
 	if ($state->system(sub {
 	    open STDOUT, ">", "/dev/null";},
-- 
2.20.1