summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teras <timo.teras@iki.fi>2009-07-22 16:06:34 +0300
committerTimo Teras <timo.teras@iki.fi>2009-07-22 16:06:34 +0300
commit5375efac1af6488f8af5063fab243fe844334f05 (patch)
tree70d3a4c22f45f4960276de6261e967fe8b5d1045
parent23582a0ec5e52489c22c15a1a77f32de514cf5d9 (diff)
downloadapk-tools-5375efac1af6488f8af5063fab243fe844334f05.tar.gz
apk-tools-5375efac1af6488f8af5063fab243fe844334f05.tar.bz2
apk-tools-5375efac1af6488f8af5063fab243fe844334f05.tar.xz
apk-tools-5375efac1af6488f8af5063fab243fe844334f05.zip
apk: allow-untrusted option
to not make hard error of untrusted or missing signatures
-rw-r--r--src/apk.c5
-rw-r--r--src/apk_defines.h1
-rw-r--r--src/package.c25
3 files changed, 21 insertions, 10 deletions
diff --git a/src/apk.c b/src/apk.c
index e77d13f..5266158 100644
--- a/src/apk.c
+++ b/src/apk.c
@@ -43,6 +43,8 @@ static struct apk_option generic_options[] = {
{ 0x101, "progress", "Show a progress bar" },
{ 0x102, "clean-protected", "Do not create .apk-new files to "
"configuration dirs" },
+ { 0x103, "allow-untrusted", "Blindly install packages with untrusted "
+ "signatures or no signature at all" },
{ 0x104, "simulate", "Show what would be done without actually "
"doing it" },
{ 0x105, "wait", "Wait for TIME seconds to get an exclusive "
@@ -351,6 +353,9 @@ int main(int argc, char **argv)
case 0x102:
apk_flags |= APK_CLEAN_PROTECTED;
break;
+ case 0x103:
+ apk_flags |= APK_ALLOW_UNTRUSTED;
+ break;
case 0x104:
apk_flags |= APK_SIMULATE;
break;
diff --git a/src/apk_defines.h b/src/apk_defines.h
index 8cfb62b..7e66ada 100644
--- a/src/apk_defines.h
+++ b/src/apk_defines.h
@@ -59,6 +59,7 @@ extern unsigned int apk_flags;
#define APK_RECURSIVE 0x0020
#define APK_PREFER_AVAILABLE 0x0040
#define APK_UPDATE_CACHE 0x0080
+#define APK_ALLOW_UNTRUSTED 0x0100
#define apk_error(args...) do { apk_log("ERROR: ", args); } while (0)
#define apk_warning(args...) do { if (apk_verbosity > 0) { apk_log("WARNING: ", args); } } while (0)
diff --git a/src/package.c b/src/package.c
index e480c6f..5e4a3d2 100644
--- a/src/package.c
+++ b/src/package.c
@@ -453,16 +453,20 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
return 0;
/* Verify the signature if we have public key */
- if (sctx->action == APK_SIGN_VERIFY &&
- sctx->signature.pkey != NULL) {
- r = EVP_VerifyFinal(&sctx->mdctx,
- (unsigned char *) sctx->signature.data.ptr,
- sctx->signature.data.len,
- sctx->signature.pkey);
- if (r != 1)
- return -EKEYREJECTED;
+ if (sctx->action == APK_SIGN_VERIFY) {
+ if (sctx->signature.pkey == NULL) {
+ if (!(apk_flags & APK_ALLOW_UNTRUSTED))
+ return -ENOKEY;
+ } else {
+ r = EVP_VerifyFinal(&sctx->mdctx,
+ (unsigned char *) sctx->signature.data.ptr,
+ sctx->signature.data.len,
+ sctx->signature.pkey);
+ if (r != 1)
+ return -EKEYREJECTED;
- sctx->control_verified = 1;
+ sctx->control_verified = 1;
+ }
EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
return 0;
} else if (sctx->action == APK_SIGN_GENERATE) {
@@ -492,7 +496,8 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
EVP_MD_CTX_size(&sctx->mdctx)) != 0)
return -EKEYREJECTED;
sctx->data_verified = 1;
- if (!sctx->control_verified)
+ if (!(apk_flags & APK_ALLOW_UNTRUSTED) &&
+ !sctx->control_verified)
return -ENOKEY;
} else if (sctx->action == APK_SIGN_VERIFY) {
if (sctx->signature.pkey == NULL)