[pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files Make pkg_v...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files Make pkg_v...
From: joerg <joerg%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 06:04:25 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/8c76530f9621
branches:  pkg_install-renovation
changeset: 541563:8c76530f9621
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Fri Jul 18 19:10:55 2008 +0000

description:
Make pkg_verify_signature return with modified arguments if it can find
a signed package, but couldn't validate the signature.
Make pkg_info try to validate the signature. It will print an error to
stderr if it can't validate the signature, but otherwise continue.

diffstat:

 pkgtools/pkg_install/files/info/perform.c      |  33 ++++++++++++++++++++++---
 pkgtools/pkg_install/files/lib/pkg_signature.c |  16 ++++-------
 2 files changed, 34 insertions(+), 15 deletions(-)

diffs (126 lines):

diff -r cc01cb0c14d0 -r 8c76530f9621 pkgtools/pkg_install/files/info/perform.c
--- a/pkgtools/pkg_install/files/info/perform.c Fri Jul 18 18:40:50 2008 +0000
+++ b/pkgtools/pkg_install/files/info/perform.c Fri Jul 18 19:10:55 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: perform.c,v 1.46.2.2 2008/05/23 15:36:48 joerg Exp $   */
+/*     $NetBSD: perform.c,v 1.46.2.3 2008/07/18 19:10:55 joerg Exp $   */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -17,7 +17,7 @@
 #if 0
 static const char *rcsid = "from FreeBSD Id: perform.c,v 1.23 1997/10/13 15:03:53 jkh Exp";
 #else
-__RCSID("$NetBSD: perform.c,v 1.46.2.2 2008/05/23 15:36:48 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.46.2.3 2008/07/18 19:10:55 joerg Exp $");
 #endif
 #endif
 
@@ -174,10 +174,10 @@
 
 #ifndef BOOTSTRAP
 static struct pkg_meta *
-read_meta_data_from_archive(struct archive *archive)
+read_meta_data_from_archive(struct archive *archive,
+    struct archive_entry *entry)
 {
        struct pkg_meta *meta;
-       struct archive_entry *entry;
        const char *fname;
        const struct pkg_meta_desc *descr, *last_descr;
        char **target;
@@ -192,7 +192,11 @@
        memset(meta, 0, sizeof(*meta));
 
        last_descr = 0;
+       if (entry != NULL)
+               goto has_entry;
+
        while ((r = archive_read_next_header(archive, &entry)) == ARCHIVE_OK) {
+has_entry:
                fname = archive_entry_pathname(entry);
 
                for (descr = pkg_meta_descriptors; descr->entry_filename;
@@ -308,11 +312,30 @@
 #else
                struct archive *archive;
                void *archive_cookie;
+#  ifdef HAVE_SSL
+               void *signature_cookie;
+#  endif
+               struct archive_entry *entry;
+               char *pkgname;
 
                archive = open_archive(pkg, &archive_cookie);
+               if (archive == NULL) {
+                       warnx("can't find package `%s', skipped", pkg);
+                       return -1;
+               }
+               pkgname = NULL;
+               entry = NULL;
+#  ifdef HAVE_SSL
+               pkg_verify_signature(&archive, &entry, &pkgname,
+                   &signature_cookie);
+#  endif
+               free(pkgname);
 
-               meta = read_meta_data_from_archive(archive);
+               meta = read_meta_data_from_archive(archive, entry);
                close_archive(archive_cookie);
+#  ifdef HAVE_SSL
+               pkg_free_signature(signature_cookie);
+#  endif
                if (!IS_URL(pkg))
                        binpkgfile = pkg;
 #endif
diff -r cc01cb0c14d0 -r 8c76530f9621 pkgtools/pkg_install/files/lib/pkg_signature.c
--- a/pkgtools/pkg_install/files/lib/pkg_signature.c    Fri Jul 18 18:40:50 2008 +0000
+++ b/pkgtools/pkg_install/files/lib/pkg_signature.c    Fri Jul 18 19:10:55 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pkg_signature.c,v 1.1.2.3 2008/07/05 17:26:40 joerg Exp $      */
+/*     $NetBSD: pkg_signature.c,v 1.1.2.4 2008/07/18 19:10:55 joerg Exp $      */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: pkg_signature.c,v 1.1.2.3 2008/07/05 17:26:40 joerg Exp $");
+__RCSID("$NetBSD: pkg_signature.c,v 1.1.2.4 2008/07/18 19:10:55 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -322,7 +322,7 @@
        struct archive *a;
        char *hash_file, *signature_file;
        size_t hash_len, signature_len;
-       int r;
+       int r, has_sig;
 
        *pkgname = NULL;
        *cookie = NULL;
@@ -355,12 +355,8 @@
        if (parse_hash_file(hash_file, pkgname, state))
                goto no_valid_signature;
 
-       if (easy_pkcs7_verify(hash_file, hash_len, signature_file,
-           signature_len, certs_packages, 1)) {
-               free(signature_file);
-               free_signature_int(state);
-               goto no_valid_signature;
-       }
+       has_sig = !easy_pkcs7_verify(hash_file, hash_len, signature_file,
+           signature_len, certs_packages, 1);
 
        free(signature_file);
 
@@ -393,7 +389,7 @@
        *entry = NULL;
        *cookie = state;
 
-       return 0;
+       return has_sig ? 0 : -1;
 
 no_valid_signature:
        return -1;

Prev by Date: [pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/lib Forgot...
Next by Date: [pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/add Bump d...
Previous by Thread: [pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/lib Forgot...
Next by Thread: [pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/add Bump d...
Indexes:

Home | Main Index | Thread Index | Old Index