From 5375efac1af6488f8af5063fab243fe844334f05 Mon Sep 17 00:00:00 2001
From: Timo Teras <timo.teras@iki.fi>
Date: Wed, 22 Jul 2009 16:06:34 +0300
Subject: apk: allow-untrusted option

to not make hard error of untrusted or missing signatures
---
 src/apk.c         |  5 +++++
 src/apk_defines.h |  1 +
 src/package.c     | 25 +++++++++++++++----------
 3 files changed, 21 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/apk.c b/src/apk.c
index e77d13f..5266158 100644
--- a/src/apk.c
+++ b/src/apk.c
@@ -43,6 +43,8 @@ static struct apk_option generic_options[] = {
 	{ 0x101, "progress",	"Show a progress bar" },
 	{ 0x102, "clean-protected", "Do not create .apk-new files to "
 				"configuration dirs" },
+	{ 0x103, "allow-untrusted", "Blindly install packages with untrusted "
+				"signatures or no signature at all" },
 	{ 0x104, "simulate",	"Show what would be done without actually "
 				"doing it" },
 	{ 0x105, "wait",	"Wait for TIME seconds to get an exclusive "
@@ -351,6 +353,9 @@ int main(int argc, char **argv)
 		case 0x102:
 			apk_flags |= APK_CLEAN_PROTECTED;
 			break;
+		case 0x103:
+			apk_flags |= APK_ALLOW_UNTRUSTED;
+			break;
 		case 0x104:
 			apk_flags |= APK_SIMULATE;
 			break;
diff --git a/src/apk_defines.h b/src/apk_defines.h
index 8cfb62b..7e66ada 100644
--- a/src/apk_defines.h
+++ b/src/apk_defines.h
@@ -59,6 +59,7 @@ extern unsigned int apk_flags;
 #define APK_RECURSIVE		0x0020
 #define APK_PREFER_AVAILABLE	0x0040
 #define APK_UPDATE_CACHE	0x0080
+#define APK_ALLOW_UNTRUSTED	0x0100
 
 #define apk_error(args...)	do { apk_log("ERROR: ", args); } while (0)
 #define apk_warning(args...)	do { if (apk_verbosity > 0) { apk_log("WARNING: ", args); } } while (0)
diff --git a/src/package.c b/src/package.c
index e480c6f..5e4a3d2 100644
--- a/src/package.c
+++ b/src/package.c
@@ -453,16 +453,20 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 			return 0;
 
 		/* Verify the signature if we have public key */
-		if (sctx->action == APK_SIGN_VERIFY &&
-		    sctx->signature.pkey != NULL) {
-			r = EVP_VerifyFinal(&sctx->mdctx,
-					   (unsigned char *) sctx->signature.data.ptr,
-					   sctx->signature.data.len,
-					   sctx->signature.pkey);
-			if (r != 1)
-				return -EKEYREJECTED;
+		if (sctx->action == APK_SIGN_VERIFY) {
+			if (sctx->signature.pkey == NULL) {
+				if (!(apk_flags & APK_ALLOW_UNTRUSTED))
+					return -ENOKEY;
+			} else {
+				r = EVP_VerifyFinal(&sctx->mdctx,
+						(unsigned char *) sctx->signature.data.ptr,
+						sctx->signature.data.len,
+						sctx->signature.pkey);
+				if (r != 1)
+					return -EKEYREJECTED;
 
-			sctx->control_verified = 1;
+				sctx->control_verified = 1;
+			}
 			EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
 			return 0;
 		} else if (sctx->action == APK_SIGN_GENERATE) {
@@ -492,7 +496,8 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 			           EVP_MD_CTX_size(&sctx->mdctx)) != 0)
 				return -EKEYREJECTED;
 			sctx->data_verified = 1;
-			if (!sctx->control_verified)
+			if (!(apk_flags & APK_ALLOW_UNTRUSTED) &&
+			    !sctx->control_verified)
 				return -ENOKEY;
 		} else if (sctx->action == APK_SIGN_VERIFY) {
 			if (sctx->signature.pkey == NULL)
-- 
cgit v1.2.3-70-g09d2