summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teras <timo.teras@iki.fi>2009-07-17 14:29:02 +0300
committerTimo Teras <timo.teras@iki.fi>2009-07-17 14:29:02 +0300
commit0942832325f8e81d9e3cc7019cf1b1016d226533 (patch)
tree5074340668dcd9b184afa3f773e3b09de9139c49
parent65be7ade1d092a309d27056d6d55585bda54e8bd (diff)
downloadapk-tools-0942832325f8e81d9e3cc7019cf1b1016d226533.tar.gz
apk-tools-0942832325f8e81d9e3cc7019cf1b1016d226533.tar.bz2
apk-tools-0942832325f8e81d9e3cc7019cf1b1016d226533.tar.xz
apk-tools-0942832325f8e81d9e3cc7019cf1b1016d226533.zip
index: fix output file permissions, verify signed index (ref #46)
-rw-r--r--src/index.c4
-rw-r--r--src/package.c25
2 files changed, 20 insertions, 9 deletions
diff --git a/src/index.c b/src/index.c
index 12f21fe..c3124d8 100644
--- a/src/index.c
+++ b/src/index.c
@@ -169,14 +169,14 @@ static int index_main(void *ctx, int argc, char **argv)
if (ictx->method == APK_SIGN_GENERATE) {
memset(&fi, 0, sizeof(fi));
fi.name = "APKINDEX";
- fi.mode = 0755 | S_IFREG;
+ fi.mode = 0644 | S_IFREG;
os = apk_ostream_counter(&fi.size);
apk_db_index_write(&db, os);
os->close(os);
}
if (ictx->output != NULL)
- os = apk_ostream_to_file(ictx->output, 0755);
+ os = apk_ostream_to_file(ictx->output, 0644);
else
os = apk_ostream_to_fd(STDOUT_FILENO);
if (ictx->method == APK_SIGN_GENERATE) {
diff --git a/src/package.c b/src/package.c
index ea67c69..632e93e 100644
--- a/src/package.c
+++ b/src/package.c
@@ -391,13 +391,24 @@ int apk_sign_ctx_mpart_cb(void *ctx, EVP_MD_CTX *mdctx, int part)
break;
case APK_MPART_END:
if (sctx->action == APK_SIGN_VERIFY) {
- /* Check that data checksum matches */
- EVP_DigestFinal_ex(mdctx, calculated, NULL);
- if (sctx->has_data_checksum &&
- EVP_MD_CTX_size(mdctx) != 0 &&
- memcmp(calculated, sctx->data_checksum,
- EVP_MD_CTX_size(mdctx)) == 0)
- sctx->data_verified = 1;
+ if (sctx->has_data_checksum) {
+ /* Check that data checksum matches */
+ EVP_DigestFinal_ex(mdctx, calculated, NULL);
+ if (EVP_MD_CTX_size(mdctx) != 0 &&
+ memcmp(calculated, sctx->data_checksum,
+ EVP_MD_CTX_size(mdctx)) == 0)
+ sctx->data_verified = 1;
+ } else if (sctx->signature.pkey != NULL) {
+ /* Assume that the data is fully signed */
+ r = EVP_VerifyFinal(mdctx,
+ (unsigned char *) sctx->signature.data.ptr,
+ sctx->signature.data.len,
+ sctx->signature.pkey);
+ if (r == 1) {
+ sctx->control_verified = 1;
+ sctx->data_verified = 1;
+ }
+ }
} else if (!sctx->has_data_checksum) {
/* Package identity is checksum of all data */
sctx->identity.type = EVP_MD_CTX_size(mdctx);