signify: -z implies -q

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

signify: -z implies -q

Mike Burns
Poking around signify and learned that `verifyzdata` calls `verifymsg`
with `1` hardcoded in the `quiet` parameter.

I do appreciate that there is a distinction between case 'z' setting
`quiet = 1` vs `verifyzdata` passing `1` as an argument, so maybe this
diff doesn't quiet capture a truth:

Index: signify.1
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.1,v
retrieving revision 1.47
diff -u -p -r1.47 signify.1
--- signify.1 8 May 2019 17:55:41 -0000 1.47
+++ signify.1 26 Jul 2019 02:56:10 -0000
@@ -129,7 +129,8 @@ Sign and verify
 archives, where the signing data
 is embedded in the
 .Xr gzip 1
-header.
+header. Implies
+.Fl q .
 .El
 .Pp
 The key and signature files created by

Reply | Threaded
Open this post in threaded view
|

Re: signify: -z implies -q

Mike Burns
On 2019-07-26 03.02.43 +0000, Mike Burns wrote:
> Poking around signify and learned that `verifyzdata` calls `verifymsg`
> with `1` hardcoded in the `quiet` parameter.
>
> I do appreciate that there is a distinction between case 'z' setting
> `quiet = 1` vs `verifyzdata` passing `1` as an argument, so maybe this
> diff doesn't quiet capture a truth:

Now that I've played with signify more, it's clear that mentioning -q is
quite far from from a complete statement of what -z is all about, Forget
about this diff, apologies.

Reply | Threaded
Open this post in threaded view
|

Re: signify: -z implies -q

Marc Espie-2
On Fri, Jul 26, 2019 at 05:08:06AM +0000, Mike Burns wrote:

> On 2019-07-26 03.02.43 +0000, Mike Burns wrote:
> > Poking around signify and learned that `verifyzdata` calls `verifymsg`
> > with `1` hardcoded in the `quiet` parameter.
> >
> > I do appreciate that there is a distinction between case 'z' setting
> > `quiet = 1` vs `verifyzdata` passing `1` as an argument, so maybe this
> > diff doesn't quiet capture a truth:
>
> Now that I've played with signify more, it's clear that mentioning -q is
> quite far from from a complete statement of what -z is all about, Forget
> about this diff, apologies.

Yep. The verify part specifically only passes the gzip through if it's
properly signed, and the signature is block-by-block... so it wouldn't
be able to say anything positive until you reach the end of the
file anyway.