db: don't run pre-install until control data is verified

to make sure the scripts have not been altered.
cute-signatures
Timo Teras 2009-07-21 14:06:35 +03:00
parent 84e3786e05
commit 1339b14365
1 changed files with 30 additions and 9 deletions

View File

@ -37,6 +37,7 @@ struct install_ctx {
struct apk_package *pkg;
int script;
int script_pending : 1;
struct apk_db_dir_instance *diri;
struct apk_checksum data_csum;
struct apk_sign_ctx sctx;
@ -1233,6 +1234,24 @@ static void extract_cb(void *_ctx, size_t progress)
}
}
static int apk_db_run_pending_script(struct install_ctx *ctx)
{
int r;
if (!ctx->script_pending)
return 0;
if (!ctx->sctx.control_verified)
return 0;
ctx->script_pending = FALSE;
r = apk_pkg_run_script(ctx->pkg, ctx->db->root_fd, ctx->script);
if (r != 0)
apk_error("%s-%s: Failed to execute "
"pre-install/upgrade script",
ctx->pkg->name->name, ctx->pkg->version);
return r;
}
static int apk_db_install_archive_entry(void *_ctx,
const struct apk_file_info *ae,
struct apk_istream *is)
@ -1275,17 +1294,16 @@ static int apk_db_install_archive_entry(void *_ctx,
/* Handle script */
if (type != APK_SCRIPT_INVALID) {
apk_pkg_add_script(pkg, is, type, ae->size);
if (type == ctx->script) {
r = apk_pkg_run_script(pkg, db->root_fd, ctx->script);
if (r != 0)
apk_error("%s-%s: Failed to execute pre-install/upgrade script",
pkg->name->name, pkg->version);
}
return r;
if (type == ctx->script)
ctx->script_pending = TRUE;
return apk_db_run_pending_script(ctx);
}
r = apk_db_run_pending_script(ctx);
if (r != 0)
return r;
/* Show progress */
if (ctx->cb) {
size_t size = ctx->installed_size;
@ -1501,6 +1519,9 @@ static int apk_db_unpack_pkg(struct apk_database *db,
newpkg->name->name, newpkg->version);
return -1;
}
r = apk_db_run_pending_script(&ctx);
if (r != 0)
return r;
if (need_copy) {
char file2[256];