Introduction
odfsig is an Open Document Format (ODF) digital signatures tool: currently can verify already created signatures.
The latest version is v24.8, released on 2024-08-01. See the release notes.
Description
odfsig verifies the digital signatures in an ODF document.
Dependencies
Build-time
Runtime
Platforms
odfsig has been used on a variety of platforms:
- Linux
- Windows
- macOS
Resources
License
Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
Download
From GitHub.
Development notes
Coding style
-
Memory management: no manual delete. Use an
std::default_delete<>
template specialization when it comes to releasing resources with C library calls. -
No conditional compilation at a C preprocessor level (
#ifdef
). If something like that is needed, create interfaces, create multiple implementations of that interface and implement a factory function multiple times. Use the build system to ensure that only one of the factory implementations are compiled. -
Error handling: no exceptions. Return errors when dealing with user input, or use
assert()
to find bugs in the code. -
Naming: type names (classes, etc.) should start with an upper-case letter (e.g. ZipVerifier). Other names should be camel case, and start with a lower case letter (e.g. openZip()). Class members are prefixed with an underscore (
_
). -
Whitespace formatting: install the git hook in
git-hooks/
to letclang-format
handle formatting for you.
Checklist before release
Ideally CI checks everything before a commit hits master, but here are a few things which are not part of CI:
- using system libraries: this works on latest stable openSUSE (Leap 15.3 currently):
scripts/build.sh
NOTE: the lack of --internal-libs
is the point of this exercise
- version check of libraries:
scripts/extern.py
- fuzzing:
workdir/bin/odfsigfuzz -max_len=16384 tests/data/
NOTE: This requires a --fuzz
build.
Changelog
24.8
- Maintenance release with up to date dependencies
- the macOS port is now deprecated, CI & release binary will be removed in the next release
7.3
- Update bundled externals, including nss to fix https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/.
7.2
- Fix a missing include
- Update bundled externals
- Use
IMPORTED_LOCATION_<CONFIG>
instead of patching for the zlib and googletest externals
7.1
- Link bundled nss statically, which provides a self-contained executable on Linux and macOS
7.0
- Update bundled googletest, libxml2, libxmlsec, libzip, nss and xmlsec to latest versions
6.0
- Don't crash on directory argument
5.0
- Can validate multiple files in one go
4.0
- Initial XAdES certificate hash verify support
- Automatic packaging on all platforms
- Fix a crash found with fuzzing
3.0
- Runs on macOS
- Don't silently ignore unrecognized arguments
2.0
- First release with multiple backends (MS CNG next to NSS)
- Runs on Windows
1.0
- Initial release
- Runs on Linux
- Can detect digest mismatches in signatures
- Can detect certificate validation problems