On Tue, Jul 05, 2022 at 10:16:13PM +0200, Stefan Sperling wrote:
> On Tue, Jul 05, 2022 at 03:12:19PM -0400, Josh Rickmar wrote:
> > -----------------------------------------------
> > commit 24b0007a1fd9c963f5e1e243919476e449b5c8dc (linux_pipe)
> > from: Josh Rickmar <jrick@zettaport.com>
> > date: Tue Jul  5 19:07:51 2022 UTC
> >  
> >  use correct pipe ends on linux
> >  
> >  Fixes fdopen errors opening the pipe fds to read ssh-keygen stdout.
> > 
> >  Reported by abieber@
> 
> This does not seem to fix the issue properly for me.
> 
> While creation of a signed tag now apparently succeeds, 'got cat' shows
> no signature on the tag object and verification with got tag -V fails.
> I am testing on Ubuntu.
> 
> 

The problem seems to be use of fdopen(3) on a pipe.

With this patch signatures show up in tag objects signed on linux.
The verification part also uses fdopen and must still be fixed in
the same way:


diff /home/stsp/src/got-portable
commit - a8fa2ba8469e013475c403304989843b7fc17ae8
path + /home/stsp/src/got-portable
blob - bf1781172c3214c0f7cefd4f0294c39c9e986cc0
file + lib/object_create.c
--- lib/object_create.c
+++ lib/object_create.c
@@ -688,11 +688,12 @@ got_object_tag_create(struct got_object_id **id,
 		msg++;
 
 	if (signer_id) {
-		FILE *out;
 		pid_t pid;
 		size_t len;
 		int in_fd, out_fd;
 		int status;
+		unsigned char out[8192];
+		ssize_t r;
 
 		err = buf_alloc(&buf, 0);
 		if (err)
@@ -743,16 +744,19 @@ got_object_tag_create(struct got_object_id **id,
 			goto done;
 		}
 
-		out = fdopen(out_fd, "r");
-		if (out == NULL) {
-			err = got_error_from_errno("fdopen");
-			goto done;
-		}
 		buf_empty(buf);
-		err = buf_load(&buf, out);
-		if (err)
-			goto done;
-		sig_len = buf_len(buf) + 1;
+		do {
+			r = read(out_fd, out, sizeof(out));
+			if (r == -1) {
+				err = got_error_from_errno("read");
+				goto done;
+			}
+			if (r > 0) {
+				err = buf_append(&sig_len, buf, out, r);
+				if (err)
+					goto done;
+			}
+		} while (r > 0);
 		err = buf_putc(buf, '\0');
 		if (err)
 			goto done;