From 1f9e56d8a4a0042816ea793c256101249541a8d1 Mon Sep 17 00:00:00 2001
From: Reid Rankin <reidrankin@gmail.com>
Date: Thu, 23 Jan 2020 16:04:01 +0000
Subject: manifest: fix package file processing

This change ensures that apk_sign_ctx_process_file() and
apk_sign_ctx_parse_pkginfo_line() are called during archive
processing, allowing discovery of signatures and the data section
checksum.

Fixes a bug uncovered by commit f123d77e.
---
 src/manifest.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/manifest.c b/src/manifest.c
index b967143..145714c 100644
--- a/src/manifest.c
+++ b/src/manifest.c
@@ -64,11 +64,14 @@ static int read_file_entry(void *ctx, const struct apk_file_info *ae,
 	struct manifest_file_ctx *mctx = ctx;
 	char csum_buf[(APK_CHECKSUM_SHA1 * 2) + 1];
 	apk_blob_t csum_blob = APK_BLOB_BUF(csum_buf);
+	int r;
 
-	if (ae->name[0] == '.') {
-		if (!strncmp(ae->name, ".PKGINFO", 8) || !strncmp(ae->name, ".SIGN.", 6))
-			return 0;
-	}
+	r = apk_sign_ctx_verify_tar(mctx->sctx, ae, is);
+	if (r != 0)
+		return r;
+
+	if (!mctx->sctx->data_started)
+		return 0;
 
 	if ((ae->mode & S_IFMT) != S_IFREG)
 		return 0;
-- 
cgit v1.2.3-70-g09d2