diff options
| author | Timo Teras <timo.teras@iki.fi> | 2009-08-10 08:47:05 +0300 |
|---|---|---|
| committer | Timo Teras <timo.teras@iki.fi> | 2009-08-10 08:47:05 +0300 |
| commit | bc93eaffb0fe5dcb053364244f660e78199987e1 (patch) | |
| tree | e96523e645aef659eda68e09432f7f8c29430ea9 | |
| parent | a120a96db4c821f51dff953a3fc0475b4870a5c3 (diff) | |
| download | apk-tools-bc93eaffb0fe5dcb053364244f660e78199987e1.tar.gz apk-tools-bc93eaffb0fe5dcb053364244f660e78199987e1.tar.bz2 apk-tools-bc93eaffb0fe5dcb053364244f660e78199987e1.tar.xz apk-tools-bc93eaffb0fe5dcb053364244f660e78199987e1.zip | |
db, pkg: fix package verification during installation
some hooks to package verification code were missing causing the
verification to not be done (causing pre-script to be not run).
fixes #124, #126.
| -rw-r--r-- | src/database.c | 3 | ||||
| -rw-r--r-- | src/package.c | 12 |
2 files changed, 11 insertions, 4 deletions
diff --git a/src/database.c b/src/database.c index 425fb46..0f40ca5 100644 --- a/src/database.c +++ b/src/database.c @@ -1431,6 +1431,9 @@ static int apk_db_install_archive_entry(void *_ctx, const char *p; int r = 0, type = APK_SCRIPT_INVALID; + if (apk_sign_ctx_process_file(&ctx->sctx, ae, is) == 0) + return 0; + /* Package metainfo and script processing */ if (ae->name[0] == '.') { /* APK 2.0 format */ diff --git a/src/package.c b/src/package.c index 43018d7..3123834 100644 --- a/src/package.c +++ b/src/package.c @@ -346,15 +346,16 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action, } EVP_MD_CTX_init(&ctx->mdctx); EVP_DigestInit_ex(&ctx->mdctx, ctx->md, NULL); + EVP_MD_CTX_set_flags(&ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT); } - void apk_sign_ctx_free(struct apk_sign_ctx *ctx) { if (ctx->signature.data.ptr != NULL) free(ctx->signature.data.ptr); if (ctx->signature.pkey != NULL) EVP_PKEY_free(ctx->signature.pkey); + EVP_MD_CTX_cleanup(&ctx->mdctx); } int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, @@ -468,15 +469,19 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data) goto update_digest; /* Still in signature blocks? */ - if (!sctx->control_started) + if (!sctx->control_started) { + if (part == APK_MPART_END) + return -EKEYREJECTED; goto reset_digest; + } /* Grab state and mark all remaining block as data */ end_of_control = (sctx->data_started == 0); sctx->data_started = 1; /* End of control-block and control does not have data checksum? */ - if (sctx->has_data_checksum == 0 && end_of_control) + if (sctx->has_data_checksum == 0 && end_of_control && + part != APK_MPART_END) goto update_digest; /* Drool in the remaining of the digest block now, we will finish @@ -542,7 +547,6 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data) sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx); EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL); } - reset_digest: EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL); EVP_MD_CTX_set_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT); |