From owner-svn-src-head@freebsd.org Wed Jun 20 09:27:48 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24EA7100DB93; Wed, 20 Jun 2018 09:27:48 +0000 (UTC) (envelope-from hackagadget@gmail.com) Received: from mail-ot0-x241.google.com (mail-ot0-x241.google.com [IPv6:2607:f8b0:4003:c0f::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AB05672BEC; Wed, 20 Jun 2018 09:27:47 +0000 (UTC) (envelope-from hackagadget@gmail.com) Received: by mail-ot0-x241.google.com with SMTP id p95-v6so2966801ota.5; Wed, 20 Jun 2018 02:27:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VcoSmBC4x8/2E8zfmfSguD8MRvEpJF8gxvN/zXItAJ0=; b=QxvZwomEhnlMvHItL7+ktMimtE/TekqvND/Xz8I0HT10C3dCXUWy+YO0YCqh8aR2rY wRT+njrkBy7XKOlTITLFxuDps5Y64Oy0+xo5SwQlxtQIe0w24+vMjKbnKFSVr1TcBMWm yVT1czxIfzAdR4B0s7xBvlO6lMynT0/0tbxEkiyNdopMfJ2Gt6aP72asAZX0PRooJWCC l1OBqaS0CokqzUfs4EaO4+T0qPuI/D5pvykYN+urDobgO2nEbY/VINZ8Ud+wCpEe7YUb 35RaJ06pBYQnVWbGe9VwIDbsf9giwFOpFQPvBJvXA+jUlRRI0hgHRChjkpx/lSxNdkBg Fgdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VcoSmBC4x8/2E8zfmfSguD8MRvEpJF8gxvN/zXItAJ0=; b=KX8wBAYevbRxCCNjp463fy92Xqh70gcUEOgRBtSeAG7AlwmD5MjKYqwrgLoh0oY//s hwb3yxiwavQpTLLpJ5wJdvk26VCIn1X5X2JTqVLZtSEPY8Sj1M01xnSHcW//Ep7X1NJk KHAe8QNGvVz2dOAQsTf3Nmp0PWprodQw/QUYxzAcNSNBl4xVJIbnmN630Q+r3T5/IIMs ZFfokLlMfXx5Od136y8p0BCdJcwG8EpBDCtMWwqQV2VT4Vaj6ZPQG3I9kYlf0jT7mzs4 QwiKnXtERklmg8ZJhcElTAOkn1nJ1h2SMXb5Iyzn4r1T1Eh+n6f0WFroD8YuBO/fKocE EbRg== X-Gm-Message-State: APt69E3B46Cb4Bx8X5OapiEk/L0xMUwIox+/gM1Jg71gXS+W0JF8W3fp d0m1utPSyj+vn13pTatTScVnthl3wIxdAuSeFXc= X-Google-Smtp-Source: ADUXVKIZBvX5KRwMetewl74tLeQpBpEpzVLt8setQ1DLsSyBgMwQz9E8hxIE+D71GFqbn9vqh2p65z2z/UZ7nBLChi0= X-Received: by 2002:a9d:2106:: with SMTP id i6-v6mr11637472otb.222.1529486867109; Wed, 20 Jun 2018 02:27:47 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:1918:0:0:0:0:0 with HTTP; Wed, 20 Jun 2018 02:27:46 -0700 (PDT) In-Reply-To: <96021.1529475664@kaos.jnpr.net> References: <201806200108.w5K18sIR050132@repo.freebsd.org> <96021.1529475664@kaos.jnpr.net> From: Stephen Kiernan Date: Wed, 20 Jun 2018 02:27:46 -0700 Message-ID: Subject: Re: svn commit: r335402 - head/sbin/veriexecctl To: "Simon J. Gerraty" Cc: cem@freebsd.org, src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2018 09:27:48 -0000 On Tue, Jun 19, 2018 at 11:21 PM, Simon J. Gerraty wrote: > Conrad Meyer wrote: > > > As a corollary to the above, the name "signature file" is used > > repeatedly in the code, which is misleading. The file contains hashes > > (digests), not signatures (MACs). The file itself is unsigned. > > Nothing about this has signatures. > I think you mean "signature". I belive the only place that says "signature file" is the veriexecctl. And that was in the original sources from NetBSD. For example, see the currentl veriexecctl in NetBSD and it still uses the terminology "signature file". http://cvsweb.netbsd.org/bsdweb.cgi/src/sbin/veriexecctl/veriexecctl.c?rev=1.40 But yes, I agree that it's the wrong term that they're using there. > NetBSD refers to the hashes as fingerprints - AFAIK that terminology is > retained. > > If the term signature is used to refer to anything other than the signed > manifests that should be fixed. > That was in the veriexec that was the basis for the MAC conversion. I know I had corrected some before, but probably missed the fact that it was used in some other places. Easy to happen when you've seen the same code for a number of years.