Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3956

Timestamp:

01/25/08 18:16:24 (5 years ago)

Author:

thomas

Message:

opkg: initial implementation of package list signature verification

Location:

trunk/src/target/opkg

Files:

: 3 edited

opkg_cmd.c (modified) (1 diff)
opkg_download.c (modified) (4 diffs)
opkg_download.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/target/opkg/opkg_cmd.c

-                      r3934
+                      r3956
+          }
           free(url);
+          /* download detached signitures to verify the package lists */
+          /* get the url for the sig file */
+          if (src->extra_data)  /* debian style? */
+              sprintf_alloc(&url, "%s/%s/%s", src->value, src->extra_data,
+                            "Packages.sig");
+          else
+              sprintf_alloc(&url, "%s/%s", src->value, "Packages.sig");
+          /* create temporary dir for it */
+          char *tmp, *tmp_file_name;
+          tmp = strdup ("/tmp/opkg.XXXXXX");
+          if (mkdtemp (tmp) == NULL) {
+                perror ("mkdtemp");
+                failures++;
+                continue;
+          }
+          sprintf_alloc (&tmp_file_name, "%s/%s", tmp, "Packages.sig");
+          err = opkg_download(conf, url, tmp_file_name);
+          if (err) {
+            failures++;
+          } else {
+            int err;
+            err = opkg_verify_file (list_file_name, tmp_file_name);
+            if (err == 0)
+                opkg_message (conf, OPKG_NOTICE, "Signature check passed\n");
+            else
+                opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
+          }
+          unlink (tmp_file_name);
+          free (tmp_file_name);
+          free (url);
           free(list_file_name);
+     }

trunk/src/target/opkg/opkg_download.c

-                      r3933
+                      r3956
 #include <curl/curl.h>
+#include <gpgme.h>
 #include "opkg.h"
 …
         curl_easy_setopt (curl, CURLOPT_PROGRESSDATA, src);
         curl_easy_setopt (curl, CURLOPT_PROGRESSFUNCTION, curl_progress_func);
+        curl_easy_setopt (curl, CURLOPT_FAILONERROR, 1);
         if (conf->http_proxy || conf->ftp_proxy)
+        {
 …
         curl_easy_cleanup (curl);
         fclose (file);
+        if (res)
+            return res;
+    }
 …
      return 0;
+}
+int
+opkg_verify_file (char *text_file, char *sig_file)
+{
+    int status = -1;
+    gpgme_ctx_t ctx;
+    gpgme_data_t sig, text;
+    gpgme_error_t err = -1;
+    gpgme_verify_result_t result;
+    gpgme_signature_t s;
+    err = gpgme_new (&ctx);
+    if (err)
+        return -1;
+    err = gpgme_data_new_from_file (&sig, sig_file, 1);
+    if (err)
+        return -1;
+    err = gpgme_data_new_from_file (&text, text_file, 1);
+    if (err)
+        return -1;
+    err = gpgme_op_verify (ctx, sig, text, NULL);
+    result = gpgme_op_verify_result (ctx);
+    /* see if any of the signitures matched */
+    s = result->signatures;
+    while (s)
+    {
+        status = gpg_err_code (s->status);
+        if (status == GPG_ERR_NO_ERROR)
+            break;
+        s = s->next;
+    }
+    gpgme_data_release (sig);
+    gpgme_data_release (text);
+    gpgme_release (ctx);
+    return status;
+}

trunk/src/target/opkg/opkg_download.h

r3880	r3956
28	28	int opkg_prepare_url_for_install(opkg_conf_t conf, const char url, char **namep);
29	29
	30	int opkg_verify_file (char text_file, char sig_file);
30	31	#endif

Note: See TracChangeset for help on using the changeset viewer.