summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2012-01-31 15:49:04 +0200
committerTimo Teräs <timo.teras@iki.fi>2012-01-31 15:49:04 +0200
commit304dc4a69234b4161e8b34b34dc92ebfa9beac25 (patch)
tree84f74be85455435c42f569ddf094584900f36270 /src
parent0f895650996a2565c0dc59d3c94f861145b42c05 (diff)
downloadapk-tools-304dc4a69234b4161e8b34b34dc92ebfa9beac25.tar.gz
apk-tools-304dc4a69234b4161e8b34b34dc92ebfa9beac25.tar.bz2
apk-tools-304dc4a69234b4161e8b34b34dc92ebfa9beac25.tar.xz
apk-tools-304dc4a69234b4161e8b34b34dc92ebfa9beac25.zip
pkg, db: fix signature checking for files without control part
Also clean up handling of signature failures for index files.
Diffstat (limited to 'src')
-rw-r--r--src/apk_database.h2
-rw-r--r--src/database.c43
-rw-r--r--src/package.c31
3 files changed, 48 insertions, 28 deletions
diff --git a/src/apk_database.h b/src/apk_database.h
index ef3aa65..b7e87e9 100644
--- a/src/apk_database.h
+++ b/src/apk_database.h
@@ -127,7 +127,7 @@ struct apk_database {
const char *cache_dir;
char *cache_remount_dir;
apk_blob_t *arch;
- unsigned int local_repos;
+ unsigned int local_repos, bad_repos;
int performing_self_update : 1;
int permanent : 1;
int compat_newfeatures : 1;
diff --git a/src/database.c b/src/database.c
index be88156..e2961df 100644
--- a/src/database.c
+++ b/src/database.c
@@ -1138,7 +1138,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
struct apk_bstream *bs;
struct statfs stfs;
apk_blob_t blob;
- int r, fd, rr = 0;
+ int r, fd;
memset(db, 0, sizeof(*db));
if (apk_flags & APK_SIMULATE) {
@@ -1293,25 +1293,23 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
}
if (!(dbopts->open_flags & APK_OPENF_NO_SYS_REPOS)) {
- list_for_each_entry(repo, &dbopts->repository_list, list) {
- r = apk_db_add_repository(db, APK_BLOB_STR(repo->url));
- rr = r ?: rr;
- }
+ list_for_each_entry(repo, &dbopts->repository_list, list)
+ apk_db_add_repository(db, APK_BLOB_STR(repo->url));
blob = apk_blob_from_file(
db->root_fd,
dbopts->repositories_file ?: "etc/apk/repositories");
if (!APK_BLOB_IS_NULL(blob)) {
- r = apk_blob_for_each_segment(
+ apk_blob_for_each_segment(
blob, "\n",
apk_db_add_repository, db);
- rr = r ?: rr;
free(blob.ptr);
}
if (apk_flags & APK_UPDATE_CACHE)
apk_db_index_write_nr_cache(db);
}
- if (rr != 0) {
- r = rr;
+ if (db->bad_repos && !(apk_flags & APK_FORCE)) {
+ apk_error("Aborting due to some repositories failed to load. Use --force to ignore this error.");
+ r = -EBADMSG;
goto ret_r;
}
@@ -1322,7 +1320,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
"might not function properly");
}
- return rr;
+ return 0;
ret_errno:
r = -errno;
@@ -1641,7 +1639,7 @@ struct apk_repository *apk_db_select_repo(struct apk_database *db,
0xf5,0xa7,0x0a,0x7c,0x17,0x26,0x69,0xb0,0x05,0x38 },
.csum.type = APK_CHECKSUM_SHA1,
};
- unsigned int repos = pkg->repos;
+ unsigned int repos = pkg->repos & ~(db->bad_repos);
int i;
/* Always prefer local repositories */
@@ -1737,7 +1735,8 @@ static int load_index(struct apk_database *db, struct apk_bstream *bs,
r = apk_tar_parse(is, load_apkindex, &ctx, FALSE, &db->id_cache);
is->close(is);
apk_sign_ctx_free(&ctx.sctx);
- if (ctx.found == 0)
+
+ if (r >= 0 && ctx.found == 0)
r = -ENOMSG;
} else {
bs = apk_bstream_from_istream(apk_bstream_gunzip(bs));
@@ -1799,16 +1798,20 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t _repository)
db->local_repos |= BIT(r);
bs = apk_repo_file_open(repo, db->arch, apkindex_tar_gz, buf, sizeof(buf));
}
- db->repo_tags[tag_id].allowed_repos |= BIT(r);
- if (bs == NULL) {
- apk_warning("%s: index failed to open", buf);
- return 0;
+ if (bs != NULL)
+ r = load_index(db, bs, targz, r);
+ else
+ r = -ENOENT;
+
+ if (r != 0) {
+ apk_warning("Ignoring %s: %s", buf, apk_error_str(r));
+ db->bad_repos |= BIT(r);
+ r = 0;
+ } else {
+ db->repo_tags[tag_id].allowed_repos |= BIT(r);
}
- r = load_index(db, bs, targz, r);
- if (r != 0)
- apk_error("%s: BAD signature", buf);
- return r;
+ return 0;
}
static void extract_cb(void *_ctx, size_t progress)
diff --git a/src/package.c b/src/package.c
index 1cd85dd..32d4564 100644
--- a/src/package.c
+++ b/src/package.c
@@ -449,10 +449,26 @@ void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
EVP_MD_CTX_cleanup(&ctx->mdctx);
}
+static int check_signing_key_trust(struct apk_sign_ctx *sctx)
+{
+ switch (sctx->action) {
+ case APK_SIGN_VERIFY:
+ case APK_SIGN_VERIFY_AND_GENERATE:
+ if (sctx->signature.pkey == NULL) {
+ if (apk_flags & APK_ALLOW_UNTRUSTED)
+ break;
+ return -ENOKEY;
+ }
+ }
+ return 0;
+}
+
int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
const struct apk_file_info *fi,
struct apk_istream *is)
{
+ int r;
+
if (ctx->data_started)
return 1;
@@ -465,6 +481,9 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
return -ENOMSG;
ctx->data_started = 1;
ctx->control_started = 1;
+ r = check_signing_key_trust(ctx);
+ if (r < 0)
+ return r;
return 1;
}
@@ -491,7 +510,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
if (strncmp(&fi->name[6], "RSA.", 4) == 0 ||
strncmp(&fi->name[6], "DSA.", 4) == 0) {
int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC);
- BIO *bio;
+ BIO *bio;
if (fd < 0)
return 0;
@@ -604,15 +623,13 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
return 0;
}
+ r = check_signing_key_trust(sctx);
+ if (r < 0)
+ return r;
+
switch (sctx->action) {
case APK_SIGN_VERIFY:
case APK_SIGN_VERIFY_AND_GENERATE:
- if (sctx->signature.pkey == NULL) {
- if (apk_flags & APK_ALLOW_UNTRUSTED)
- break;
- return -ENOKEY;
- }
-
r = EVP_VerifyFinal(&sctx->mdctx,
(unsigned char *) sctx->signature.data.ptr,
sctx->signature.data.len,