[pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files Add variab...

[joerg <joerg%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4b062a4ec498
branches:  pkg_install-renovation
changeset: 541542:4b062a4ec498
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Mon May 19 10:42:41 2008 +0000

description:
Add variable to control how packages are installed.
VERIFIED_INSTALLATION supports:
never (default): print signature, but don't care about it.
always: check for valid signature, abort otherwise
trusted: ask for packages without valid signature
interactive: always ask before installation

diffstat:

 pkgtools/pkg_install/files/add/perform.c       |  77 +++++++++++++++++++++++--
 pkgtools/pkg_install/files/lib/lib.h           |   3 +-
 pkgtools/pkg_install/files/lib/parse-config.c  |   9 ++-
 pkgtools/pkg_install/files/lib/pkg_signature.c |   6 +-
 4 files changed, 82 insertions(+), 13 deletions(-)

diffs (215 lines):

diff -r 0f296cbda2eb -r 4b062a4ec498 pkgtools/pkg_install/files/add/perform.c
--- a/pkgtools/pkg_install/files/add/perform.c  Mon May 12 15:44:17 2008 +0000
+++ b/pkgtools/pkg_install/files/add/perform.c  Mon May 19 10:42:41 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: perform.c,v 1.70.4.4 2008/05/12 15:44:17 joerg Exp $   */
+/*     $NetBSD: perform.c,v 1.70.4.5 2008/05/19 10:42:41 joerg Exp $   */
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -6,7 +6,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.70.4.4 2008/05/12 15:44:17 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.70.4.5 2008/05/19 10:42:41 joerg Exp $");
 
 /*-
  * Copyright (c) 2003 Grant Beattie <grant%NetBSD.org@localhost>
@@ -1064,16 +1064,73 @@
        return 0;
 }
 
+static int check_input(const char *line, size_t len)
+{
+       if (line == NULL || len == 0)
+               return 1;
+       switch (*line) {
+       case 'Y':
+       case 'y':
+       case 'T':
+       case 't':
+       case '1':
+               return 0;
+       default:
+               return 1;
+       }
+}
+
+static int
+check_signature(struct pkg_task *pkg, void *signature_cookie, int invalid_sig)
+{
+       char *line;
+       size_t len;
+
+       if (strcasecmp(verified_installation, "never") == 0)
+               return 0;
+       if (strcasecmp(verified_installation, "always") == 0) {
+               if (invalid_sig)
+                       warnx("No valid signature found, rejected");
+               return invalid_sig;
+       }
+       if (strcasecmp(verified_installation, "trusted") == 0) {
+               if (!invalid_sig)
+                       return 0;
+               fprintf(stderr, "No valid signature found for %s.\n",
+                   pkg->pkgname);
+               fprintf(stderr,
+                   "Do you want to proceed with the installation [y/n]?\n");
+               line = fgetln(stdin, &len);
+               if (check_input(line, len)) {
+                       fprintf(stderr, "Cancelling installation\n");
+                       return 1;
+               }
+               return 0;
+       }
+       if (strcasecmp(verified_installation, "interactive") == 0) {
+               fprintf(stderr, "Do you want to proceed with "
+                   "the installation of %s [y/n]?\n", pkg->pkgname);
+               line = fgetln(stdin, &len);
+               if (check_input(line, len)) {
+                       fprintf(stderr, "Cancelling installation\n");
+                       return 1;
+               }
+               return 0;
+       }
+       warnx("Unknown value of configuration variable VERIFIED_INSTALLATION");
+       return 1;
+}
+
 /*
  * Install a single package.
  */
 static int
 pkg_do(const char *pkgpath, int mark_automatic)
 {
-       int status;
+       int status, invalid_sig;
        void *archive_cookie;
 #ifdef HAVE_SSL
-       void*signature_cookie;
+       void *signature_cookie;
 #endif
        struct pkg_task *pkg;
 
@@ -1086,11 +1143,14 @@
                warnx("no pkg found for '%s', sorry.", pkgpath);
                goto clean_find_archive;
        }
+
 #ifdef HAVE_SSL
-       if (pkg_verify_signature(&pkg->archive, &pkg->entry, &pkg->pkgname,
-           &signature_cookie))
-               goto clean_memory;
+       invalid_sig = pkg_verify_signature(&pkg->archive, &pkg->entry,
+           &pkg->pkgname, &signature_cookie);
+#else
+       invalid_sig = 1;
 #endif
+
        if (read_meta_data(pkg))
                goto clean_memory;
 
@@ -1098,6 +1158,9 @@
        if (pkg_parse_plist(pkg))
                goto clean_memory;
 
+       if (check_signature(pkg, &signature_cookie, invalid_sig))
+               goto clean_memory;
+
        if (pkg->meta_data.meta_mtree != NULL)
                warnx("mtree specification in pkg `%s' ignored", pkg->pkgname);
 
diff -r 0f296cbda2eb -r 4b062a4ec498 pkgtools/pkg_install/files/lib/lib.h
--- a/pkgtools/pkg_install/files/lib/lib.h      Mon May 12 15:44:17 2008 +0000
+++ b/pkgtools/pkg_install/files/lib/lib.h      Mon May 19 10:42:41 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.42.2.4 2008/05/12 12:12:07 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.42.2.5 2008/05/19 10:42:41 joerg Exp $ */
 
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 
@@ -400,6 +400,7 @@
 extern const char *certs_packages;
 extern const char *certs_pkg_vulnerabilities;
 extern const char *config_file;
+extern const char *verified_installation;
 extern const char *gpg_cmd;
 
 extern const char *pkg_vulnerabilities_dir;
diff -r 0f296cbda2eb -r 4b062a4ec498 pkgtools/pkg_install/files/lib/parse-config.c
--- a/pkgtools/pkg_install/files/lib/parse-config.c     Mon May 12 15:44:17 2008 +0000
+++ b/pkgtools/pkg_install/files/lib/parse-config.c     Mon May 19 10:42:41 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: parse-config.c,v 1.1.2.2 2008/05/11 20:20:38 joerg Exp $       */
+/*     $NetBSD: parse-config.c,v 1.1.2.3 2008/05/19 10:42:41 joerg Exp $       */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: parse-config.c,v 1.1.2.2 2008/05/11 20:20:38 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.1.2.3 2008/05/19 10:42:41 joerg Exp $");
 #endif
 
 /*-
@@ -54,11 +54,13 @@
 const char *cert_chain_file;
 const char *certs_packages;
 const char *certs_pkg_vulnerabilities;
+const char *verified_installation;
 const char *gpg_cmd;
 const char *pkg_vulnerabilities_dir;
 const char *pkg_vulnerabilities_file;
 const char *pkg_vulnerabilities_url;
 const char *ignore_advisories = NULL;
+
 const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns";;
 
 static struct config_variable {
@@ -72,6 +74,7 @@
        { "PKGVULNDIR", &pkg_vulnerabilities_dir },
        { "PKGVULNURL", &pkg_vulnerabilities_url },
        { "IGNORE_URL", &ignore_advisories },
+       { "VERIFIED_INSTALLATION", &verified_installation },
        { NULL, NULL }
 };
 
@@ -101,6 +104,8 @@
                if (ret == -1)
                        err(EXIT_FAILURE, "asprintf failed");
        }
+       if (verified_installation == NULL)
+               verified_installation = "never";
 }
 
 void
diff -r 0f296cbda2eb -r 4b062a4ec498 pkgtools/pkg_install/files/lib/pkg_signature.c
--- a/pkgtools/pkg_install/files/lib/pkg_signature.c    Mon May 12 15:44:17 2008 +0000
+++ b/pkgtools/pkg_install/files/lib/pkg_signature.c    Mon May 19 10:42:41 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pkg_signature.c,v 1.1.2.1 2008/05/11 20:20:38 joerg Exp $      */
+/*     $NetBSD: pkg_signature.c,v 1.1.2.2 2008/05/19 10:42:41 joerg Exp $      */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: pkg_signature.c,v 1.1.2.1 2008/05/11 20:20:38 joerg Exp $");
+__RCSID("$NetBSD: pkg_signature.c,v 1.1.2.2 2008/05/19 10:42:41 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -396,7 +396,7 @@
        return 0;
 
 no_valid_signature:
-       return 0;
+       return -1;
 }
 
 int