index: fix output file permissions, verify signed index (ref #46)
parent
65be7ade1d
commit
0942832325
|
@ -169,14 +169,14 @@ static int index_main(void *ctx, int argc, char **argv)
|
|||
if (ictx->method == APK_SIGN_GENERATE) {
|
||||
memset(&fi, 0, sizeof(fi));
|
||||
fi.name = "APKINDEX";
|
||||
fi.mode = 0755 | S_IFREG;
|
||||
fi.mode = 0644 | S_IFREG;
|
||||
os = apk_ostream_counter(&fi.size);
|
||||
apk_db_index_write(&db, os);
|
||||
os->close(os);
|
||||
}
|
||||
|
||||
if (ictx->output != NULL)
|
||||
os = apk_ostream_to_file(ictx->output, 0755);
|
||||
os = apk_ostream_to_file(ictx->output, 0644);
|
||||
else
|
||||
os = apk_ostream_to_fd(STDOUT_FILENO);
|
||||
if (ictx->method == APK_SIGN_GENERATE) {
|
||||
|
|
|
@ -391,13 +391,24 @@ int apk_sign_ctx_mpart_cb(void *ctx, EVP_MD_CTX *mdctx, int part)
|
|||
break;
|
||||
case APK_MPART_END:
|
||||
if (sctx->action == APK_SIGN_VERIFY) {
|
||||
if (sctx->has_data_checksum) {
|
||||
/* Check that data checksum matches */
|
||||
EVP_DigestFinal_ex(mdctx, calculated, NULL);
|
||||
if (sctx->has_data_checksum &&
|
||||
EVP_MD_CTX_size(mdctx) != 0 &&
|
||||
if (EVP_MD_CTX_size(mdctx) != 0 &&
|
||||
memcmp(calculated, sctx->data_checksum,
|
||||
EVP_MD_CTX_size(mdctx)) == 0)
|
||||
sctx->data_verified = 1;
|
||||
} else if (sctx->signature.pkey != NULL) {
|
||||
/* Assume that the data is fully signed */
|
||||
r = EVP_VerifyFinal(mdctx,
|
||||
(unsigned char *) sctx->signature.data.ptr,
|
||||
sctx->signature.data.len,
|
||||
sctx->signature.pkey);
|
||||
if (r == 1) {
|
||||
sctx->control_verified = 1;
|
||||
sctx->data_verified = 1;
|
||||
}
|
||||
}
|
||||
} else if (!sctx->has_data_checksum) {
|
||||
/* Package identity is checksum of all data */
|
||||
sctx->identity.type = EVP_MD_CTX_size(mdctx);
|
||||
|
|
Loading…
Reference in New Issue