Author: bdrewery (ports committer)
Date: Sat Oct 26 03:47:49 2013
New Revision: 257149
URL: http://svnweb.freebsd.org/changeset/base/257149
Log:
Add support to check the signature of a local pkg.txz file being
added with "pkg add". If the pkg.conf is configured to check for
signature, then the pkg.txz.sig file will be expected and validated
per r257147
Approved by: bapt
MFC after: 2 days
Modified:
head/usr.sbin/pkg/pkg.c
Modified: head/usr.sbin/pkg/pkg.c
==============================================================================
--- head/usr.sbin/pkg/pkg.c Sat Oct 26 03:44:08 2013 (r257148)
+++ head/usr.sbin/pkg/pkg.c Sat Oct 26 03:47:49 2013 (r257149)
@@ -135,7 +135,7 @@ cleanup:
}
static int
-install_pkg_static(char *path, char *pkgpath)
+install_pkg_static(const char *path, const char *pkgpath)
{
int pstat;
pid_t pid;
@@ -864,13 +864,54 @@ pkg_query_yes_no(void)
return (ret);
}
+static int
+bootstrap_pkg_local(const char *pkgpath)
+{
+ char path[MAXPATHLEN];
+ char pkgstatic[MAXPATHLEN];
+ const char *signature_type;
+ int fd_pkg, fd_sig, ret;
+
+ fd_sig = -1;
+ ret = -1;
+
+ fd_pkg = open(pkgpath, O_RDONLY);
+ if (fd_pkg == -1)
+ err(EXIT_FAILURE, "Unable to open %s", pkgpath);
+
+ if (config_string(SIGNATURE_TYPE, &signature_type) != 0) {
+ warnx("Error looking up SIGNATURE_TYPE");
+ return (-1);
+ }
+ if (signature_type != NULL &&
+ strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+ snprintf(path, sizeof(path), "%s.sig", pkgpath);
+
+ if ((fd_sig = open(path, O_RDONLY)) == -1) {
+ fprintf(stderr, "Signature for pkg not available.\n");
+ goto cleanup;
+ }
+
+ if (verify_signature(fd_pkg, fd_sig) == false)
+ goto cleanup;
+ }
+
+ if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
+ ret = install_pkg_static(pkgstatic, pkgpath);
+
+cleanup:
+ close(fd_pkg);
+ if (fd_sig != -1)
+ close(fd_sig);
+
+ return (ret);
+}
+
int
main(__unused int argc, char *argv[])
{
char pkgpath[MAXPATHLEN];
- char pkgstatic[MAXPATHLEN];
bool yes = false;
- int fd, ret;
snprintf(pkgpath, MAXPATHLEN, "%s/sbin/pkg",
getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE);
@@ -884,16 +925,11 @@ main(__unused int argc, char *argv[])
if (argv[1] != NULL && strcmp(argv[1], "-N") == 0)
errx(EXIT_FAILURE, "pkg is not installed");
+ config_init();
+
if (argc > 2 && strcmp(argv[1], "add") == 0 &&
access(argv[2], R_OK) == 0) {
- fd = open(argv[2], O_RDONLY);
- if (fd == -1)
- err(EXIT_FAILURE, "Unable to open %s", argv[2]);
-
- if ((ret = extract_pkg_static(fd, pkgstatic,
MAXPATHLEN)) == 0)
- ret = install_pkg_static(pkgstatic, argv[2]);
- close(fd);
- if (ret != 0)
+ if (bootstrap_pkg_local(argv[2]) != 0)
exit(EXIT_FAILURE);
exit(EXIT_SUCCESS);
}
@@ -902,7 +938,6 @@ main(__unused int argc, char *argv[])
* not tty. Check the environment to see if user has answer
* tucked in there already.
*/
- config_init();
config_bool(ASSUME_ALWAYS_YES, &yes);
if (!yes) {
printf("%s", confirmation_message);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
