index: fix output file permissions, verify signed index (ref #46)
parent
65be7ade1d
commit
0942832325
|
@ -169,14 +169,14 @@ static int index_main(void *ctx, int argc, char **argv)
|
||||||
if (ictx->method == APK_SIGN_GENERATE) {
|
if (ictx->method == APK_SIGN_GENERATE) {
|
||||||
memset(&fi, 0, sizeof(fi));
|
memset(&fi, 0, sizeof(fi));
|
||||||
fi.name = "APKINDEX";
|
fi.name = "APKINDEX";
|
||||||
fi.mode = 0755 | S_IFREG;
|
fi.mode = 0644 | S_IFREG;
|
||||||
os = apk_ostream_counter(&fi.size);
|
os = apk_ostream_counter(&fi.size);
|
||||||
apk_db_index_write(&db, os);
|
apk_db_index_write(&db, os);
|
||||||
os->close(os);
|
os->close(os);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ictx->output != NULL)
|
if (ictx->output != NULL)
|
||||||
os = apk_ostream_to_file(ictx->output, 0755);
|
os = apk_ostream_to_file(ictx->output, 0644);
|
||||||
else
|
else
|
||||||
os = apk_ostream_to_fd(STDOUT_FILENO);
|
os = apk_ostream_to_fd(STDOUT_FILENO);
|
||||||
if (ictx->method == APK_SIGN_GENERATE) {
|
if (ictx->method == APK_SIGN_GENERATE) {
|
||||||
|
|
|
@ -391,13 +391,24 @@ int apk_sign_ctx_mpart_cb(void *ctx, EVP_MD_CTX *mdctx, int part)
|
||||||
break;
|
break;
|
||||||
case APK_MPART_END:
|
case APK_MPART_END:
|
||||||
if (sctx->action == APK_SIGN_VERIFY) {
|
if (sctx->action == APK_SIGN_VERIFY) {
|
||||||
/* Check that data checksum matches */
|
if (sctx->has_data_checksum) {
|
||||||
EVP_DigestFinal_ex(mdctx, calculated, NULL);
|
/* Check that data checksum matches */
|
||||||
if (sctx->has_data_checksum &&
|
EVP_DigestFinal_ex(mdctx, calculated, NULL);
|
||||||
EVP_MD_CTX_size(mdctx) != 0 &&
|
if (EVP_MD_CTX_size(mdctx) != 0 &&
|
||||||
memcmp(calculated, sctx->data_checksum,
|
memcmp(calculated, sctx->data_checksum,
|
||||||
EVP_MD_CTX_size(mdctx)) == 0)
|
EVP_MD_CTX_size(mdctx)) == 0)
|
||||||
sctx->data_verified = 1;
|
sctx->data_verified = 1;
|
||||||
|
} else if (sctx->signature.pkey != NULL) {
|
||||||
|
/* Assume that the data is fully signed */
|
||||||
|
r = EVP_VerifyFinal(mdctx,
|
||||||
|
(unsigned char *) sctx->signature.data.ptr,
|
||||||
|
sctx->signature.data.len,
|
||||||
|
sctx->signature.pkey);
|
||||||
|
if (r == 1) {
|
||||||
|
sctx->control_verified = 1;
|
||||||
|
sctx->data_verified = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
} else if (!sctx->has_data_checksum) {
|
} else if (!sctx->has_data_checksum) {
|
||||||
/* Package identity is checksum of all data */
|
/* Package identity is checksum of all data */
|
||||||
sctx->identity.type = EVP_MD_CTX_size(mdctx);
|
sctx->identity.type = EVP_MD_CTX_size(mdctx);
|
||||||
|
|
Loading…
Reference in New Issue