Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add the ability to use a repository that is in a database protected by the [http://www.hwaci.com/sw/sqlite/see.html|SQLite Encryption Extension (SEE)]. SEE is proprietary code and is not included in this tree, but if a user has a copy of SEE, with this change she can compile a version of Fossil that uses it. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
ed871fb5fabd163534279dbc68add79c |
| User & Date: | drh 2016-04-22 18:08:55.054 |
Context
|
2016-04-22
| ||
| 18:33 | Add an entry to the ignore-glob setting to help prevent the SEE-enabled SQLite source file from being added to this public repository by mistake. ... (check-in: fa3e672aec user: drh tags: trunk) | |
| 18:08 | Add the ability to use a repository that is in a database protected by the [http://www.hwaci.com/sw/sqlite/see.html|SQLite Encryption Extension (SEE)]. SEE is proprietary code and is not included in this tree, but if a user has a copy of SEE, with this change she can compile a version of Fossil that uses it. ... (check-in: ed871fb5fa user: drh tags: trunk) | |
| 18:03 | Avoid reprompting for the encryption key on every HTTP request when running "fossil ui" on an encrypted repository. ... (Closed-Leaf check-in: a7563f08db user: drh tags: see) | |
|
2016-04-19
| ||
| 17:44 | Use retry logic for SSL read/write as described in the OpenSSL docs. ... (check-in: 4abf607937 user: mistachkin tags: trunk) | |
Changes
Changes to Makefile.in.
| ︙ | ︙ | |||
39 40 41 42 43 44 45 46 47 48 49 50 51 | TCLSH = tclsh LIB = @LDFLAGS@ @EXTRA_LDFLAGS@ @LIBS@ TCCFLAGS = @EXTRA_CFLAGS@ @CPPFLAGS@ @CFLAGS@ -DHAVE_AUTOCONFIG_H -D_HAVE_SQLITE_CONFIG_H INSTALLDIR = $(DESTDIR)@prefix@/bin USE_SYSTEM_SQLITE = @USE_SYSTEM_SQLITE@ USE_LINENOISE = @USE_LINENOISE@ FOSSIL_ENABLE_MINIZ = @FOSSIL_ENABLE_MINIZ@ include $(SRCDIR)/main.mk distclean: clean rm -f autoconfig.h config.log Makefile | > | 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | TCLSH = tclsh LIB = @LDFLAGS@ @EXTRA_LDFLAGS@ @LIBS@ TCCFLAGS = @EXTRA_CFLAGS@ @CPPFLAGS@ @CFLAGS@ -DHAVE_AUTOCONFIG_H -D_HAVE_SQLITE_CONFIG_H INSTALLDIR = $(DESTDIR)@prefix@/bin USE_SYSTEM_SQLITE = @USE_SYSTEM_SQLITE@ USE_LINENOISE = @USE_LINENOISE@ USE_SEE = @USE_SEE@ FOSSIL_ENABLE_MINIZ = @FOSSIL_ENABLE_MINIZ@ include $(SRCDIR)/main.mk distclean: clean rm -f autoconfig.h config.log Makefile |
Changes to auto.def.
| ︙ | ︙ | |||
13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
with-legacy-mv-rm=0 => {Enable legacy behavior for mv/rm (skip checkout files)}
with-th1-docs=0 => {Enable TH1 for embedded documentation pages}
with-th1-hooks=0 => {Enable TH1 hooks for commands and web pages}
with-tcl:path => {Enable Tcl integration, with Tcl in the specified path}
with-tcl-stubs=0 => {Enable Tcl integration via stubs library mechanism}
with-tcl-private-stubs=0
=> {Enable Tcl integration via private stubs mechanism}
internal-sqlite=1 => {Don't use the internal SQLite, use the system one}
static=0 => {Link a static executable}
fusefs=1 => {Disable the Fuse Filesystem}
fossil-debug=0 => {Build with fossil debugging enabled}
json=0 => {Build with fossil JSON API enabled}
}
| > | 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
with-legacy-mv-rm=0 => {Enable legacy behavior for mv/rm (skip checkout files)}
with-th1-docs=0 => {Enable TH1 for embedded documentation pages}
with-th1-hooks=0 => {Enable TH1 hooks for commands and web pages}
with-tcl:path => {Enable Tcl integration, with Tcl in the specified path}
with-tcl-stubs=0 => {Enable Tcl integration via stubs library mechanism}
with-tcl-private-stubs=0
=> {Enable Tcl integration via private stubs mechanism}
with-see=0 => {Enable the SQLite Encryption Extension (SEE)}
internal-sqlite=1 => {Don't use the internal SQLite, use the system one}
static=0 => {Link a static executable}
fusefs=1 => {Disable the Fuse Filesystem}
fossil-debug=0 => {Build with fossil debugging enabled}
json=0 => {Build with fossil JSON API enabled}
}
|
| ︙ | ︙ | |||
36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
cc-check-progs tclsh
define EXTRA_CFLAGS ""
define EXTRA_LDFLAGS ""
define USE_SYSTEM_SQLITE 0
define USE_LINENOISE 0
define FOSSIL_ENABLE_MINIZ 0
# This procedure is a customized version of "cc-check-function-in-lib",
# that does not modify the LIBS variable. Its use prevents prematurely
# pulling in libraries that will be added later anyhow (e.g. "-ldl").
proc check-function-in-lib {function libs {otherlibs {}}} {
if {[string length $otherlibs]} {
msg-checking "Checking for $function in $libs with $otherlibs..."
| > | 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
cc-check-progs tclsh
define EXTRA_CFLAGS ""
define EXTRA_LDFLAGS ""
define USE_SYSTEM_SQLITE 0
define USE_LINENOISE 0
define FOSSIL_ENABLE_MINIZ 0
define USE_SEE 0
# This procedure is a customized version of "cc-check-function-in-lib",
# that does not modify the LIBS variable. Its use prevents prematurely
# pulling in libraries that will be added later anyhow (e.g. "-ldl").
proc check-function-in-lib {function libs {otherlibs {}}} {
if {[string length $otherlibs]} {
msg-checking "Checking for $function in $libs with $otherlibs..."
|
| ︙ | ︙ | |||
130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
define-append EXTRA_CFLAGS {-D_XOPEN_SOURCE=500 -D__EXTENSIONS__}
}
if {[opt-bool fossil-debug]} {
define-append EXTRA_CFLAGS -DFOSSIL_DEBUG
msg-result "Debugging support enabled"
}
if {[opt-bool json]} {
# Reminder/FIXME (stephan): FOSSIL_ENABLE_JSON
# is required in the CFLAGS because json*.c
# have #ifdef guards around the whole file without
# reading config.h first.
define-append EXTRA_CFLAGS -DFOSSIL_ENABLE_JSON
| > > > > > | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
define-append EXTRA_CFLAGS {-D_XOPEN_SOURCE=500 -D__EXTENSIONS__}
}
if {[opt-bool fossil-debug]} {
define-append EXTRA_CFLAGS -DFOSSIL_DEBUG
msg-result "Debugging support enabled"
}
if {[opt-bool with-see]} {
define USE_SEE 1
msg-result "Enabling encryption support"
}
if {[opt-bool json]} {
# Reminder/FIXME (stephan): FOSSIL_ENABLE_JSON
# is required in the CFLAGS because json*.c
# have #ifdef guards around the whole file without
# reading config.h first.
define-append EXTRA_CFLAGS -DFOSSIL_ENABLE_JSON
|
| ︙ | ︙ |
Changes to src/db.c.
| ︙ | ︙ | |||
868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 |
db_now_function, 0, 0);
sqlite3_create_function(db, "toLocal", 0, SQLITE_UTF8, 0,
db_tolocal_function, 0, 0);
sqlite3_create_function(db, "fromLocal", 0, SQLITE_UTF8, 0,
db_fromlocal_function, 0, 0);
}
/*
** Open a database file. Return a pointer to the new database
** connection. An error results in process abort.
*/
LOCAL sqlite3 *db_open(const char *zDbName){
int rc;
sqlite3 *db;
if( g.fSqlTrace ) fossil_trace("-- sqlite3_open: [%s]\n", zDbName);
rc = sqlite3_open_v2(
zDbName, &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
g.zVfsName
);
if( rc!=SQLITE_OK ){
db_err("[%s]: %s", zDbName, sqlite3_errmsg(db));
}
sqlite3_busy_timeout(db, 5000);
sqlite3_wal_autocheckpoint(db, 1); /* Set to checkpoint frequently */
sqlite3_create_function(db, "user", 0, SQLITE_UTF8, 0, db_sql_user, 0, 0);
sqlite3_create_function(db, "cgi", 1, SQLITE_UTF8, 0, db_sql_cgi, 0, 0);
sqlite3_create_function(db, "cgi", 2, SQLITE_UTF8, 0, db_sql_cgi, 0, 0);
sqlite3_create_function(db, "print", -1, SQLITE_UTF8, 0,db_sql_print,0,0);
sqlite3_create_function(
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 |
db_now_function, 0, 0);
sqlite3_create_function(db, "toLocal", 0, SQLITE_UTF8, 0,
db_tolocal_function, 0, 0);
sqlite3_create_function(db, "fromLocal", 0, SQLITE_UTF8, 0,
db_fromlocal_function, 0, 0);
}
/*
** If the database file zDbFile has a name that suggests that it is
** encrypted, then prompt for the encryption key and return it in the
** blob *pKey. Or, if the encryption key has previously been requested,
** just return a copy of the previous result.
*/
static void db_encryption_key(
const char *zDbFile, /* Name of the database file */
Blob *pKey /* Put the encryption key here */
){
blob_init(pKey, 0, 0);
if( sqlite3_strglob("*efossil", zDbFile)==0 ){
static char *zSavedKey = 0;
if( zSavedKey ){
blob_set(pKey, zSavedKey);
}else{
char *zPrompt = mprintf("\rencryption key for '%s': ", zDbFile);
prompt_for_password(zPrompt, pKey, 0);
fossil_free(zPrompt);
zSavedKey = fossil_strdup(blob_str(pKey));
}
}
}
/*
** Open a database file. Return a pointer to the new database
** connection. An error results in process abort.
*/
LOCAL sqlite3 *db_open(const char *zDbName){
int rc;
sqlite3 *db;
Blob key;
if( g.fSqlTrace ) fossil_trace("-- sqlite3_open: [%s]\n", zDbName);
rc = sqlite3_open_v2(
zDbName, &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
g.zVfsName
);
if( rc!=SQLITE_OK ){
db_err("[%s]: %s", zDbName, sqlite3_errmsg(db));
}
db_encryption_key(zDbName, &key);
if( blob_size(&key)>0 ){
char *zCmd = sqlite3_mprintf("PRAGMA key(%Q)", blob_str(&key));
sqlite3_exec(db, zCmd, 0, 0, 0);
sqlite3_free(zCmd);
}
blob_reset(&key);
sqlite3_busy_timeout(db, 5000);
sqlite3_wal_autocheckpoint(db, 1); /* Set to checkpoint frequently */
sqlite3_create_function(db, "user", 0, SQLITE_UTF8, 0, db_sql_user, 0, 0);
sqlite3_create_function(db, "cgi", 1, SQLITE_UTF8, 0, db_sql_cgi, 0, 0);
sqlite3_create_function(db, "cgi", 2, SQLITE_UTF8, 0, db_sql_cgi, 0, 0);
sqlite3_create_function(db, "print", -1, SQLITE_UTF8, 0,db_sql_print,0,0);
sqlite3_create_function(
|
| ︙ | ︙ | |||
919 920 921 922 923 924 925 |
}
/*
** zDbName is the name of a database file. Attach zDbName using
** the name zLabel.
*/
void db_attach(const char *zDbName, const char *zLabel){
| > > | > > | 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 |
}
/*
** zDbName is the name of a database file. Attach zDbName using
** the name zLabel.
*/
void db_attach(const char *zDbName, const char *zLabel){
Blob key;
db_encryption_key(zDbName, &key);
db_multi_exec("ATTACH DATABASE %Q AS %Q KEY %Q",
zDbName, zLabel, blob_str(&key));
blob_reset(&key);
}
/*
** zDbName is the name of a database file. If no other database
** file is open, then open this one. If another database file is
** already open, then attach zDbName using the name zLabel.
*/
|
| ︙ | ︙ |
Changes to src/main.mk.
| ︙ | ︙ | |||
527 528 529 530 531 532 533 534 535 536 537 538 539 540 | LINENOISE_DEF.0 = LINENOISE_DEF.1 = -DHAVE_LINENOISE LINENOISE_DEF. = $(LINENOISE_DEF.0) LINENOISE_OBJ.0 = LINENOISE_OBJ.1 = $(OBJDIR)/linenoise.o LINENOISE_OBJ. = $(LINENOISE_OBJ.0) EXTRAOBJ = \ $(SQLITE3_OBJ.$(USE_SYSTEM_SQLITE)) \ $(MINIZ_OBJ.$(FOSSIL_ENABLE_MINIZ)) \ $(LINENOISE_OBJ.$(USE_LINENOISE)) \ $(OBJDIR)/shell.o \ $(OBJDIR)/th.o \ | > > > > > > > > > > > > > | 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 | LINENOISE_DEF.0 = LINENOISE_DEF.1 = -DHAVE_LINENOISE LINENOISE_DEF. = $(LINENOISE_DEF.0) LINENOISE_OBJ.0 = LINENOISE_OBJ.1 = $(OBJDIR)/linenoise.o LINENOISE_OBJ. = $(LINENOISE_OBJ.0) # The USE_SEE variable may be undefined, 0 or 1. If undefined or # 0, ordinary SQLite is used. If 1, then sqlite3-see.c (not part of # the source tree) is used and extra flags are provided to enable # the SQLite Encryption Extension. SQLITE3_SRC.1 = sqlite3-see.c SQLITE3_SRC.0 = sqlite3.c SQLITE3_SRC. = sqlite3.c SQLITE3_SRC = $(SRCDIR)/$(SQLITE3_SRC.$(USE_SEE)) SEE_FLAGS.1 = -DSQLITE_HAS_CODEC SEE_FLAGS.0 = SEE_FLAGS. = SEE_FLAGS = $(SEE_FLAGS.$(USE_SEE)) EXTRAOBJ = \ $(SQLITE3_OBJ.$(USE_SYSTEM_SQLITE)) \ $(MINIZ_OBJ.$(FOSSIL_ENABLE_MINIZ)) \ $(LINENOISE_OBJ.$(USE_LINENOISE)) \ $(OBJDIR)/shell.o \ $(OBJDIR)/th.o \ |
| ︙ | ︙ | |||
1638 1639 1640 1641 1642 1643 1644 | $(OBJDIR)/translate $(SRCDIR)/zip.c >$@ $(OBJDIR)/zip.o: $(OBJDIR)/zip_.c $(OBJDIR)/zip.h $(SRCDIR)/config.h $(XTCC) -o $(OBJDIR)/zip.o -c $(OBJDIR)/zip_.c $(OBJDIR)/zip.h: $(OBJDIR)/headers | | | | | 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 | $(OBJDIR)/translate $(SRCDIR)/zip.c >$@ $(OBJDIR)/zip.o: $(OBJDIR)/zip_.c $(OBJDIR)/zip.h $(SRCDIR)/config.h $(XTCC) -o $(OBJDIR)/zip.o -c $(OBJDIR)/zip_.c $(OBJDIR)/zip.h: $(OBJDIR)/headers $(OBJDIR)/sqlite3.o: $(SQLITE3_SRC) $(XTCC) $(SQLITE_OPTIONS) $(SQLITE_CFLAGS) $(SEE_FLAGS) \ -c $(SQLITE3_SRC) -o $@ $(OBJDIR)/shell.o: $(SRCDIR)/shell.c $(SRCDIR)/sqlite3.h $(XTCC) $(SHELL_OPTIONS) $(SHELL_CFLAGS) $(LINENOISE_DEF.$(USE_LINENOISE)) -c $(SRCDIR)/shell.c -o $@ $(OBJDIR)/linenoise.o: $(SRCDIR)/linenoise.c $(SRCDIR)/linenoise.h $(XTCC) -c $(SRCDIR)/linenoise.c -o $@ $(OBJDIR)/th.o: $(SRCDIR)/th.c |
| ︙ | ︙ |
Changes to src/makemake.tcl.
| ︙ | ︙ | |||
356 357 358 359 360 361 362 363 364 365 366 367 368 369 |
# the linenoise.o object.
LINENOISE_DEF.0 =
LINENOISE_DEF.1 = -DHAVE_LINENOISE
LINENOISE_DEF. = $(LINENOISE_DEF.0)
LINENOISE_OBJ.0 =
LINENOISE_OBJ.1 = $(OBJDIR)/linenoise.o
LINENOISE_OBJ. = $(LINENOISE_OBJ.0)
}]
writeln [string map [list <<<NEXT_LINE>>> \\] {
EXTRAOBJ = <<<NEXT_LINE>>>
$(SQLITE3_OBJ.$(USE_SYSTEM_SQLITE)) <<<NEXT_LINE>>>
$(MINIZ_OBJ.$(FOSSIL_ENABLE_MINIZ)) <<<NEXT_LINE>>>
$(LINENOISE_OBJ.$(USE_LINENOISE)) <<<NEXT_LINE>>>
| > > > > > > > > > > > > > | 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 |
# the linenoise.o object.
LINENOISE_DEF.0 =
LINENOISE_DEF.1 = -DHAVE_LINENOISE
LINENOISE_DEF. = $(LINENOISE_DEF.0)
LINENOISE_OBJ.0 =
LINENOISE_OBJ.1 = $(OBJDIR)/linenoise.o
LINENOISE_OBJ. = $(LINENOISE_OBJ.0)
# The USE_SEE variable may be undefined, 0 or 1. If undefined or
# 0, ordinary SQLite is used. If 1, then sqlite3-see.c (not part of
# the source tree) is used and extra flags are provided to enable
# the SQLite Encryption Extension.
SQLITE3_SRC.1 = sqlite3-see.c
SQLITE3_SRC.0 = sqlite3.c
SQLITE3_SRC. = sqlite3.c
SQLITE3_SRC = $(SRCDIR)/$(SQLITE3_SRC.$(USE_SEE))
SEE_FLAGS.1 = -DSQLITE_HAS_CODEC
SEE_FLAGS.0 =
SEE_FLAGS. =
SEE_FLAGS = $(SEE_FLAGS.$(USE_SEE))
}]
writeln [string map [list <<<NEXT_LINE>>> \\] {
EXTRAOBJ = <<<NEXT_LINE>>>
$(SQLITE3_OBJ.$(USE_SYSTEM_SQLITE)) <<<NEXT_LINE>>>
$(MINIZ_OBJ.$(FOSSIL_ENABLE_MINIZ)) <<<NEXT_LINE>>>
$(LINENOISE_OBJ.$(USE_LINENOISE)) <<<NEXT_LINE>>>
|
| ︙ | ︙ | |||
419 420 421 422 423 424 425 |
writeln "\$(OBJDIR)/${s}_.c:\t\$(SRCDIR)/$s.c \$(OBJDIR)/translate"
writeln "\t\$(OBJDIR)/translate \$(SRCDIR)/$s.c >\$@\n"
writeln "\$(OBJDIR)/$s.o:\t\$(OBJDIR)/${s}_.c \$(OBJDIR)/$s.h$extra_h($s)\$(SRCDIR)/config.h"
writeln "\t\$(XTCC) -o \$(OBJDIR)/$s.o -c \$(OBJDIR)/${s}_.c\n"
writeln "\$(OBJDIR)/$s.h:\t\$(OBJDIR)/headers\n"
}
| | | > | 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 |
writeln "\$(OBJDIR)/${s}_.c:\t\$(SRCDIR)/$s.c \$(OBJDIR)/translate"
writeln "\t\$(OBJDIR)/translate \$(SRCDIR)/$s.c >\$@\n"
writeln "\$(OBJDIR)/$s.o:\t\$(OBJDIR)/${s}_.c \$(OBJDIR)/$s.h$extra_h($s)\$(SRCDIR)/config.h"
writeln "\t\$(XTCC) -o \$(OBJDIR)/$s.o -c \$(OBJDIR)/${s}_.c\n"
writeln "\$(OBJDIR)/$s.h:\t\$(OBJDIR)/headers\n"
}
writeln "\$(OBJDIR)/sqlite3.o:\t\$(SQLITE3_SRC)"
writeln "\t\$(XTCC) \$(SQLITE_OPTIONS) \$(SQLITE_CFLAGS) \$(SEE_FLAGS) \\"
writeln "\t\t-c \$(SQLITE3_SRC) -o $@"
writeln "\$(OBJDIR)/shell.o:\t\$(SRCDIR)/shell.c \$(SRCDIR)/sqlite3.h"
writeln "\t\$(XTCC) \$(SHELL_OPTIONS) \$(SHELL_CFLAGS) \$(LINENOISE_DEF.\$(USE_LINENOISE)) -c \$(SRCDIR)/shell.c -o \$@\n"
writeln "\$(OBJDIR)/linenoise.o:\t\$(SRCDIR)/linenoise.c \$(SRCDIR)/linenoise.h"
writeln "\t\$(XTCC) -c \$(SRCDIR)/linenoise.c -o \$@\n"
|
| ︙ | ︙ |