The OpenJDK 7 recently introduced the UNUSED() macro in their jni_md.h
header file, which is included from <jni.h>. This causes a
compile-error if "constants.h", which defines our own UNUSED() macro, is
included as well as <jni.h>.
The OpenJDK UNUSED() macro is unsuitable for our own use, because it
prefixes the unused identifier with "UNUSED_" whereas we depend on the
parameter name remaining unchanged.
I have reported this as a Request for Enhancement with Oracle Java,
asking them to remove the UNUSED() macro, since it is not used by any
JNI or Java extension header files. Review ID: JI-9013689.
In the meantime, constants.h now undefines UNUSED before defining it, so
including <jni.h> before "constants.h" will avoid a compile error.
Now the keyring is opened and seeded before the server daemon process is
forked, and any keyring error prevents the server from starting
No longer necessary to pass a (cli_parsed*) argument to server()
If no instance directory specified, then use paths like
/etc/serval/serval.conf
/var/cache/serval
/var/log/serval
/var/run/serval
etc. for files, instead of all in a single directory.
Log all directory creation as INFO messages.
Interpretation of log.file.directory_path has changed slightly.
Updated servald configuration tech doc.
Refactor a lot of Rhizome bundle storage code to use the new "enum
rhizome_payload_status" instead of mysterious int values to represent
the outcome of the operation.
New UNUSED(param) macro suppresses the warning for a specific parameter
In some cases, removed the unused parameters. In others, used the
parameter in a DEBUGF() or assert() statement to document the intent.
Remove two redundant calls to rhizome_retrieve_manifest() in meshms.c,
revealed by an assert() in the stricter manifest parsing code
Fix header files included by socket.h
Replaced 'int has_author' manifest element with new 'enum authorship'
element to record the result of author authentication, to avoid
repeating expensive crypto operations.
Separated the handling of bundle secret arguments from author lookup and
authentication. The new rhizome_apply_bundle_secret(m,bsk) is now
called at the top level to set the manifest secret key (if it
validates), and thereafter there is no need to pass the 'bsk' argument
to any other functions, as they can simply check the 'haveSecret' field
of the manifest.
Removed rhizome_extract_privatekey() which combined author lookup and
bundle secret validation, and replaced it with functions that only deal
with the author: rhizome_lookup_author() and rhizome_authenticate_author().
Renamed other functions to make their purpose and effect clearer.
Formalised the semantics of only storing AUTHENTICATED author SIDs in
the 'author' column of the MANIFESTS table, which necessitated a change
to a 'rhizomeops' test case: when adding a file using a BK-less
manifest, the author column is set to null, so the Rhizome list output
does not show the bundle as ".fromhere" and does not give an author for
that bundle.
Remove stowSid() at last
Change API of tohex() and strbuf_tohex(), to pass string length instead of
binary byte count. This allows odd numbers of hex digits to be produced.
Remove alloca_tohex_sid(); replace with alloca_tohex_sid_t()
New alloca_tohex_sid_t_trunc() macro
Rename to SERVALD_...
Interpret SERVALD_KEYRING_PATH relative to instance dir unless absolute.
Explicitly unset them in setup_servald() test defs function
To support release signing operations without having to copy the release
keyring from its USB stick (into an instance directory), and reducing
the risk of corrupting the release keyring file while using it in-place.
Sometimes, when adding a PIN to a keyring (eg, when opening a keyring
file), a SEGV would be caused while trying to validate the MAC for an
entry which apparently had zero keypair entries.
Changed some keyring struct 'int' fields to 'unsigned int', to ensure
that comparison logic behaves as expected.
Refactored some keyring code for more clarity and code maintenance
safety.
Added TODO comment about keyring file format non-back-compatibility.