chiark / gitweb /
Ian Jackson [Thu, 30 Dec 2021 12:54:07 +0000 (12:54 +0000)]
credits: Make debian/copyright be a symlink
This reduces the number of places to edit to two.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 12:52:51 +0000 (12:52 +0000)]
credits: Add missing credit re python argparse extension
See argparseactionnoyes.py.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 12:50:05 +0000 (12:50 +0000)]
CREDITS, copyright: Promote Joey Hess's packaging credit
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 12:49:11 +0000 (12:49 +0000)]
legal: Move legal information into its own file
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 11:52:34 +0000 (11:52 +0000)]
copyright: Add notice to random-fake-userv
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 02:54:40 +0000 (02:54 +0000)]
test-example/null-fake-userv: New test utility script
This doesn't get used by anything yet. We will want it for certian
tests, eg the autopkgtest I am working on.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 02:05:52 +0000 (02:05 +0000)]
example.conf: Add mtu-target
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 01:59:38 +0000 (01:59 +0000)]
example.conf: Add a commented-out mobile site setting
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 01:16:38 +0000 (01:16 +0000)]
example.conf: Improve syntax by deleting one of the two map examples
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:58:20 +0000 (00:58 +0000)]
example.conf: Comment out some tuning overrides
Not setting these is better.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:54:36 +0000 (00:54 +0000)]
test-example/common.conf: Fix a reference to the sites file
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:22:51 +0000 (00:22 +0000)]
init script: source /lib/lsb/init-functions
As per lintian.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:22:28 +0000 (00:22 +0000)]
debian/control: Add missing Pre-Depends
As per lintian.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:19:44 +0000 (00:19 +0000)]
debian: Add some lintian overrides
(INSTALL contains setup instructions too.)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:19:22 +0000 (00:19 +0000)]
debian/control: Adjust priority (as per modern policy and lintian)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:19:19 +0000 (00:19 +0000)]
Description: expand
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:15:11 +0000 (00:15 +0000)]
Description: expand
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 00:07:30 +0000 (00:07 +0000)]
README, copyright: add missing credits for base91
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 02:23:14 +0000 (02:23 +0000)]
site: promote creation of st->scratch
Without this, peer keyset loading does not work after restart!
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 13:36:14 +0000 (13:36 +0000)]
comprehensive-test: Actually allow OLD_SECNET_DIR set to ''
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 30 Dec 2021 13:14:27 +0000 (13:14 +0000)]
Dir.sd.mk: Prevent builtin make rule overwriting conffile.c
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 29 Dec 2021 23:58:10 +0000 (23:58 +0000)]
debian/rules: Use dh sequencer
Resulting changes:
* We now provide debug symbols in the new Debian way
* The way the prerm stops secnet accords with modern practice
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 29 Dec 2021 23:50:38 +0000 (23:50 +0000)]
debhelper compat: bump to 12 (stretch-backports)
According to debdiff --controlfiles ALL the only change is a change to
the postinst, which now sometimes restarts rather than starts the
daemon.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 29 Dec 2021 23:51:57 +0000 (23:51 +0000)]
debian/rules: Use dh_prep instead of deprecated dh_clean -k
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 29 Dec 2021 23:46:39 +0000 (23:46 +0000)]
changelog: start 0.6.2
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 23 Dec 2021 11:27:29 +0000 (11:27 +0000)]
configure: bug reporting address
The correct address is the secnet-discuss list.
Reported-by: Colin Watson <cjwatson@debian.org>
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Colin Watson [Sun, 15 Aug 2021 05:04:02 +0000 (05:04 +0000)]
comm-common.h: Remove unused `notify' variable
This only needs to declare the `comm_notify_list' type, and declaring
the variable here without `extern' causes a multiple-definition link
failure on bullseye.
Ian Jackson [Sun, 24 May 2020 21:14:34 +0000 (22:14 +0100)]
changelog: finalise 0.6.1
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 21:13:37 +0000 (22:13 +0100)]
changelog: document changes since 0.6.0
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Mon, 30 Mar 2020 17:12:00 +0000 (18:12 +0100)]
Use CLOCK_MONOTONIC for all our timing needs, when possible
Otherwise we can malfunction if the clock warps.
This depends on an unreleased adns feature, so the warning is
currently not actually printed.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 17:36:10 +0000 (18:36 +0100)]
autoconf: Check for adns_if_monotonic and define USE_MONOTONIC
Nothing uses this yet. Split out into its own commit for clarity.
This flag is not yet in any released version of adns but as adns
upstream I promise this is how it will be. for my convenience I am
making secnet check for it ahead of its existence in public adns....
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 17:36:26 +0000 (18:36 +0100)]
resolver: Break out adns_initflags value as variable
This provides a single place to add flags, which we'll do in a moment.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 19:46:00 +0000 (20:46 +0100)]
config parsing: When closure is of wrong type, report how
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 19:45:22 +0000 (20:45 +0100)]
Closures: Provide closure_type_name
This will be used in error reporting.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 19:34:01 +0000 (20:34 +0100)]
config parsing: site: Use cfgfatal_cl_type for transform
Minor improvement to the message. We are going to improve
cfgfatal_cl_type.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 19:33:26 +0000 (20:33 +0100)]
config parsing: Break out cfgfatal_cl_type
No functional change. We are going to reuse and improve this.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 19:32:05 +0000 (20:32 +0100)]
example.conf: Fix "transform" syntax
These global closure names need to be invoked.
This was broken in
5b5f297f9a9d47ee
site: support multiple transforms
(first released in 0.3.0)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 17:35:42 +0000 (18:35 +0100)]
rsa: Print errno value if we fail to open key file
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 12:42:09 +0000 (13:42 +0100)]
rsa: Do not crash with -j if key file does not exist
This was messed up by
58913a3b93a6
rsa1: Break rsa_loadpriv_core out of rsapriv_apply
where the early exit path should have been handled in both places but
wasn't.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 12:41:04 +0000 (13:41 +0100)]
log: Set log level for early logging
Unless ->level is set, logging is just a no-op. We must set this
twice, because the system log is used to report command line parsing
errors, but the command line might increase the log level.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 24 May 2020 18:11:09 +0000 (19:11 +0100)]
example.conf: Use new name-prefixed format
Otherwise it won't work at all.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 18:44:37 +0000 (18:44 +0000)]
stest: No longer use localhost addresses
This will make testing polypath stuff more sensible.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 18:30:30 +0000 (18:30 +0000)]
mtest/t-userv: Check lack of optional group in fragment
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 18:26:16 +0000 (18:26 +0000)]
make-secnet-sites: Tolerate missing group in userv sites file
When processing a sites file fragment via userv, the group in the
provided file is supposed to be optional. This was accidentally
regressed in
19482a2958fa
make-secnet-sites: Do not write out unchecked output in sites
The additional call to w[2].groupname ought to have been conditional.
Now we have precisely the right code in OpBase, so simply call it.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 17:55:58 +0000 (17:55 +0000)]
mtest/t-userv: Test that output conf file is correct
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 17:55:19 +0000 (17:55 +0000)]
mtest/t-userv: Test that updated sites file is readable.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 18:00:57 +0000 (18:00 +0000)]
make-secnet-sites: Tolerate unused group in additions to location
When processing a sites file other than via userv, the group (if
specified) is not of any interest.
But since tainting, we need to bless it for re-output. (This is
necessary even in modes where we don't actually write anything out,
like .conf generation.)
The correct place to do this is in OpConf's base class.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 17:54:39 +0000 (17:54 +0000)]
mtest: Break out diff-mss-sites-conf
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 18:16:18 +0000 (18:16 +0000)]
mtest/t-userv: Check that user in wrong group is rejected
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 10 Mar 2020 18:16:44 +0000 (18:16 +0000)]
make-secnet-sites: Fix error handling if caller is in wrong group
We would crash with an unbound variable error, instead of the right
error message.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 18:06:23 +0000 (18:06 +0000)]
Makefiles: Use Final.sd.mk to implementing RECHECK_RM
This is now read by make after all the other makefiles. This allows
us to move the addition of {stest,mtest}/d-* to RECHECK_RM from
Dir.sd.mk into test-common.sd.mk, where it belongs.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 18:45:25 +0000 (18:45 +0000)]
Merge subdirmk 0.4
git subtree pull. Fix up test-example/Dir.sd.mk for the incompatible
change (`&${' needs to become `&{').
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 18:39:51 +0000 (18:39 +0000)]
README: Update copyright date
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 17:29:52 +0000 (17:29 +0000)]
README: Fix documentation errors relating to &{ etc.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 15:06:34 +0000 (15:06 +0000)]
logging: site: Log state on PHASE_RUN entry instead of initially
site_startup calls enter_state_run which would print a message, but
logging is not set up that early. The result is a message printed to
stderr before daemonisation.
We can distinguish this situation from other calls to enter_state_run
because the old state is SITE_STOP, which only occurs between config
reading (closure invocation) and site_startup being called.
So we can suppress this message.
But it did serve a purpose: it would only be printed if the site was
listed in `sites'; otherwise site_startup wouldn't be called and the
`entering state RUN' message would be absent.
So instead we provide a more explicit way to tell: on entering
PHASE_RUN, site_startup has either been called, or not. And logging
is set up. state is then STOP or RUN.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 15:06:00 +0000 (15:06 +0000)]
site: Rename site_phase_hook to site_phase_shutdown_hook
This is misnamed. And we are going to add yet another phase hook.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 14:47:24 +0000 (14:47 +0000)]
logging: Move "starting" message earlier
We are going to add some log messages to PHASE_RUN hooks. We want the
overall startup message to come first. Doing this right after
PHASE_DAEMONIZE makes sense as PHASE_DAEMONIZE now sets up logging,
too.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 14:23:24 +0000 (14:23 +0000)]
site: Change site->control(bool_t) to site->startup()
This is only ever called with run=True. We are going to want to rely
on this property.
If we ever do more runtime reconfig that will be done differently.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 14:18:49 +0000 (14:18 +0000)]
logging; site: Do not log transport_peers_clear if already clear
This suppresses a pointles message at startup.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 14:21:09 +0000 (14:21 +0000)]
logging: site: Introduce transport_peers_init which doesn't log
This eliminates some spurious startup messages. It also allows
transport_peers_clear to read *peers, since it doesn't have to do
initialisation.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 14:42:31 +0000 (14:42 +0000)]
logging: start rather earlier
This moves some messages printed by by early netlink and polypath
setup to the proper logfile / syslog directly, rather than having them
captured by the stderr capture from daemonize.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 13:21:00 +0000 (13:21 +0000)]
startup: Break out start_sites
We were going to want to change when this happens. But actually it
seems that is not right. Keep the commit anyway, as I think it
improves clarity a bit.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 13:00:49 +0000 (13:00 +0000)]
changelog: Start 0.6.1
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 12:48:27 +0000 (12:48 +0000)]
Finalise 0.6.0
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 12:39:39 +0000 (12:39 +0000)]
configure[.ac]: Arrange to cope with jessie's gcc
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 12:40:51 +0000 (12:40 +0000)]
Revert "site, pubkeys: Avoid for (int a=..."
This reverts commit
983e0900816ece898f3d53a530fe0f2c73932bbc.
Ian Jackson [Sun, 16 Feb 2020 12:11:34 +0000 (12:11 +0000)]
site, pubkeys: Avoid for (int a=...
In jessie, gcc hates this unless you pass -std=gnu11 or something.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 12:10:50 +0000 (12:10 +0000)]
make-secnet-sites: Do ascii conversion after % format
In Python 3.4 (jessie) the % operator cannot take a bytes format.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 16 Feb 2020 11:27:43 +0000 (11:27 +0000)]
changelog: Fix typo
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 15 Feb 2020 22:05:52 +0000 (22:05 +0000)]
pretest-to-tested: Do not descend into subtree histories
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Fri, 14 Feb 2020 20:45:23 +0000 (20:45 +0000)]
changelog: tidy up changes since 0.5.1
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Fri, 14 Feb 2020 19:13:37 +0000 (19:13 +0000)]
changelog: tidy up changes since 0.5.1
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Fri, 14 Feb 2020 18:30:05 +0000 (18:30 +0000)]
changelog: add notes about changes since 0.5.1
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Fri, 14 Feb 2020 15:52:11 +0000 (15:52 +0000)]
changelog: work on documentation of changes since
ea31544cc33a
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 13 Feb 2020 17:13:11 +0000 (17:13 +0000)]
sig: Abolish sethash and defhash everywhere
The only consumer of this wrongheaded interface was rsa1, which has
been updated. Delete it all.
There is nothing to delete in the documentation, mostly because much
of this wasn't documented when we introduced it.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 13 Feb 2020 17:10:56 +0000 (17:10 +0000)]
rsa: Bring hash selection in-house
In
13b8fbf4548f3457b02afd36e9284d39839d6f85
sig: Move hashing into algorithm
we introduced a scheme were for rsa1 the hash function is stored
in the signature scheme's key structure, but provided by the caller.
The intent was to allow defaulting, with context-specific overrides.
However, this does not work correctly. In particular, most sites
have a single "local-key" setting at the top level in the main config,
but take "hash" keys from the sites file.
The result is that as the various sites are initialised, ->sethash is
called multiple times, once for each site. Possibly with different
hash_if's. I did not foresee this and it is clearly wrong.
If all the hash_if's are sha1 then this is harmless. However, they
might not be, in particular if certain site(s) or vpn(s) in the sites
file(s) specify a different hash. Such a configuration would be
rather wrong, because it would imply reuse of the same raw RSA key
material with a different hash function. (Also since the default hash
is sha1 and historically the only alternative was md5, this is surely
wrong simply because it implies md5 is being used somewhere.)
But it has come to my attention that such installations exist. Even a
non-operational, vestigial, use of a different hash, can cause
lossage.
To fix this properly and allow hash-agility with a single private key,
we would have to have call sites continue to look up the hash, but to
pass in into the signature function. This is too annoying,
particularly when it is in support only of unreasonable and very old
configurations.
Instead, change the semantics so that the two rsa closure verbs nail
down their hash at key load time, defaulting to sha1. The "hash"
config key is now looked up sort of implicitly in the context. This
is slightly odd, but it has roughly the right effect with sites.conf
files generated by make-secnet-sites. And it is contained within the
rsa1 signature scheme which is a thing we should be replacing anyway.
This change makes it more clearly impossible (as it has, in fact, been
since 0.4.x) to use the same loaded private key with different hashes.
Installations which are only using sha1 with their rsa1 will just keep
working an all is well.
Installations which are using md5 everywhere can be made to work by
adding a global config hash= setting in every instance.
Installations which are using a mixture have a more complicated task
to keep things working (maybe loading the key twice, or propagating
hash information in sites files, or something), if they don't want a
flag day transition to sha1.
In the future for rsa1, what hash a site is using becomes a property
which should be carried with public key; so a non-sha1 hash must be
specified in the config file (alongside `local-key') and also
documented in the sites file entry.
For forthcoming non-rsa1 algorithms hash choice will be handled within
the signature scheme in a less irregular way, and this "hash" key will
thereby become obsolete.
Reported-by: Matthew Vernon <matthewv@chiark.greenend.org.uk>
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 13 Feb 2020 17:02:57 +0000 (17:02 +0000)]
config: Reject rather than silently ignoring wrong closure values
find_cl_if(...,fail_if_invalid=False,,..) is only called in places
where a particular closure, or nothing, is expected.
It is really not a good idea for this function to silently ignore
config keys of the wrongn type. It should behave more like
dict_read_number and dict_read_bool.
There are possible compatibility implications, but they can be solved
by deleting the wrong (currently-ignored) information from the config
file(s).
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 13 Feb 2020 16:55:51 +0000 (16:55 +0000)]
sha1: Provide sha1_hash_if
This will be useful in a moment.
As a side effect, the sha1 st is statically allocated now.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 13 Feb 2020 16:48:37 +0000 (16:48 +0000)]
rsa: Provide dict context argument in load_ctx
This is going to be used to make the old rsa-public and rsa-private
names honour a "hash" dictionary key in the context.
The new generic privcache and keyset machinery will use a fixed hash
so does not pass the dictionary.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 2 Feb 2020 12:22:57 +0000 (12:22 +0000)]
mobile sites: Do not ever expire peer addresses
For mobile sites, peer addresses come from our config or DNS name
lookup. Ones that are not working now may work later in a different
network environment. The mobile end is in charge of public path
selection so it needs to retain the information to try these
currently-non-working addresses.
In practice, this change allows me to switch backwards and forwards
between the FOSDEM v6-only wifi, and my v4-only USB stick.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Mon, 30 Dec 2019 12:02:26 +0000 (12:02 +0000)]
test-example: Use subdirmk's new &:macro feature
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 14 Dec 2019 15:19:32 +0000 (15:19 +0000)]
site: Always advertise all capabilities
The first version that can cope with this is 0.3.0 which is already
quite old (September 2013). All older versions are quite badly
broken: eg, they use the serpent256-cbc transform.
This is the next phase in eventually getting rid of the distinction
between early and late capabilities. When every running version of
secnet has this commit, we can declare every capability early since
every secnet will always advertise them early.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 14 Dec 2019 13:35:45 +0000 (13:35 +0000)]
build system: Fix race bug in recheck target
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 13:15:37 +0000 (13:15 +0000)]
dh: Fix mpz padding bug in use of write_mpbin
If the BN needs less than buflen bytes, write_mpbin would write only
the first len bytes. dh_makeshared wouldn't notice. The remaining
bytes will be left uninitialised.
In current code this is only called from site.c, where it so happens
right now that this buffer is always zero on entry. So the effect is
thst we pad the bignum with zeroes at the LS end, which is wrong.
We can't just change this because it's baked into the protocol.
So actually implement it properly.
We do this in the write_mpbin function, renaming it, because the old
API for write_mpbin invites precisely this error.
I don't think this is of an significant consequence
cryptographically. Perhaps we should introduce a non-anomalous
version of DH over prime fields. Or perhaps we should just leave it
as is and expect to switch to X448 or something.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 13:13:34 +0000 (13:13 +0000)]
dh: move write_mpbin in to dh.c
This function has a hazardous API. In fact, the one call site misuses
it, as we shall see in a moment.
If we wanted a thing like this with a less hazardous API we probably
wouldn't base it on mpz_get_str nowadays.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 13:04:01 +0000 (13:04 +0000)]
stest: Print spawn rune on a line by itself
Especially useful with SECNET_STEST_DIVERT_*=i...: now you can c&p the
whole line.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 12:56:16 +0000 (12:56 +0000)]
stest: Allow SECNET_STEST_DIVERT_*='i <some stuff>'
Eg,
SECNET_STEST_DIVERT_inside='i gdb --args'
which causes it to print something like this
spawn UDP_PRELOAD_DIR=./stest/d-nonnego-oo/s LD_PRELOAD=./stest/udp-preload.so:libgtk3-nocsd.so.0 gdb --args ./secnet -dvnc ./stest/d-nonnego-oo/inside.conf
which is convenient.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 12:51:40 +0000 (12:51 +0000)]
stest: Require SECNET_STEST_DIVERT_* paths to start / or ./
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 12:50:21 +0000 (12:50 +0000)]
stest: When SECNET_STEST_DIVERT_* set, print diverted command too
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 12:49:55 +0000 (12:49 +0000)]
stest: Move puts $argl into divert branches
We're going to want to do something slightly different in each one.
No functional change yet.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 12:46:11 +0000 (12:46 +0000)]
stest: Honour SECNET_STEST_TIMEOUT_MUL to multiply timeouts
This is handy, for example, when running under valgrind.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 11:24:39 +0000 (11:24 +0000)]
stest: Introduce adj-after
We are going to want this to do something more complicated.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 10:58:45 +0000 (10:58 +0000)]
parallel bisect scripts: Honour $1 as iteration count
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 02:15:48 +0000 (02:15 +0000)]
parallel bisect scripts: Better logging
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 02:07:02 +0000 (02:07 +0000)]
parallel bisect scripts: ad-hoc
This is as I just used to bisect a P(1/256) bug.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 10:19:19 +0000 (10:19 +0000)]
site: Move earlier all things needed for slog
Before this we actually read uninitialised memory!
But it was st->log_events which was generally all-bit-zero.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 10:19:02 +0000 (10:19 +0000)]
log: Remove a now-redundant conditional
system_log is always non-NULL now.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 10:17:27 +0000 (10:17 +0000)]
log: Provide system_log from the very start
It is just too inconvenient not to have this while reading the config.
Set up a default system_log which logs to stderr. When setup_log
is called, system_log will be overwritten and this struct is no
longer used.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 8 Dec 2019 10:16:55 +0000 (10:16 +0000)]
log: Break out logfile_file_init
We are going to reuse this.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 7 Dec 2019 16:05:37 +0000 (16:05 +0000)]
stest: Add test for load-private
The resulting interface for privkey() is a bit odd: it's either a list
of a string, and we look at both ends. Ah well, it's only test code.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>