pkg, db: fix signature checking for files without control part
Also clean up handling of signature failures for index files.cute-signatures
Timo Teräs
parent
0f89565099
commit
304dc4a692
|
|
@ -127,7 +127,7 @@ struct apk_database {
|
|||
const char *cache_dir;
|
||||
char *cache_remount_dir;
|
||||
apk_blob_t *arch;
|
||||
unsigned int local_repos;
|
||||
unsigned int local_repos, bad_repos;
|
||||
int performing_self_update : 1;
|
||||
int permanent : 1;
|
||||
int compat_newfeatures : 1;
|
||||
|
|
|
|||
|
|
@ -1138,7 +1138,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
|
|||
struct apk_bstream *bs;
|
||||
struct statfs stfs;
|
||||
apk_blob_t blob;
|
||||
int r, fd, rr = 0;
|
||||
int r, fd;
|
||||
|
||||
memset(db, 0, sizeof(*db));
|
||||
if (apk_flags & APK_SIMULATE) {
|
||||
|
|
@ -1293,25 +1293,23 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
|
|||
}
|
||||
|
||||
if (!(dbopts->open_flags & APK_OPENF_NO_SYS_REPOS)) {
|
||||
list_for_each_entry(repo, &dbopts->repository_list, list) {
|
||||
r = apk_db_add_repository(db, APK_BLOB_STR(repo->url));
|
||||
rr = r ?: rr;
|
||||
}
|
||||
list_for_each_entry(repo, &dbopts->repository_list, list)
|
||||
apk_db_add_repository(db, APK_BLOB_STR(repo->url));
|
||||
blob = apk_blob_from_file(
|
||||
db->root_fd,
|
||||
dbopts->repositories_file ?: "etc/apk/repositories");
|
||||
if (!APK_BLOB_IS_NULL(blob)) {
|
||||
r = apk_blob_for_each_segment(
|
||||
apk_blob_for_each_segment(
|
||||
blob, "\n",
|
||||
apk_db_add_repository, db);
|
||||
rr = r ?: rr;
|
||||
free(blob.ptr);
|
||||
}
|
||||
if (apk_flags & APK_UPDATE_CACHE)
|
||||
apk_db_index_write_nr_cache(db);
|
||||
}
|
||||
if (rr != 0) {
|
||||
r = rr;
|
||||
if (db->bad_repos && !(apk_flags & APK_FORCE)) {
|
||||
apk_error("Aborting due to some repositories failed to load. Use --force to ignore this error.");
|
||||
r = -EBADMSG;
|
||||
goto ret_r;
|
||||
}
|
||||
|
||||
|
|
@ -1322,7 +1320,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
|
|||
"might not function properly");
|
||||
}
|
||||
|
||||
return rr;
|
||||
return 0;
|
||||
|
||||
ret_errno:
|
||||
r = -errno;
|
||||
|
|
@ -1641,7 +1639,7 @@ struct apk_repository *apk_db_select_repo(struct apk_database *db,
|
|||
0xf5,0xa7,0x0a,0x7c,0x17,0x26,0x69,0xb0,0x05,0x38 },
|
||||
.csum.type = APK_CHECKSUM_SHA1,
|
||||
};
|
||||
unsigned int repos = pkg->repos;
|
||||
unsigned int repos = pkg->repos & ~(db->bad_repos);
|
||||
int i;
|
||||
|
||||
/* Always prefer local repositories */
|
||||
|
|
@ -1737,7 +1735,8 @@ static int load_index(struct apk_database *db, struct apk_bstream *bs,
|
|||
r = apk_tar_parse(is, load_apkindex, &ctx, FALSE, &db->id_cache);
|
||||
is->close(is);
|
||||
apk_sign_ctx_free(&ctx.sctx);
|
||||
if (ctx.found == 0)
|
||||
|
||||
if (r >= 0 && ctx.found == 0)
|
||||
r = -ENOMSG;
|
||||
} else {
|
||||
bs = apk_bstream_from_istream(apk_bstream_gunzip(bs));
|
||||
|
|
@ -1799,16 +1798,20 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t _repository)
|
|||
db->local_repos |= BIT(r);
|
||||
bs = apk_repo_file_open(repo, db->arch, apkindex_tar_gz, buf, sizeof(buf));
|
||||
}
|
||||
db->repo_tags[tag_id].allowed_repos |= BIT(r);
|
||||
if (bs == NULL) {
|
||||
apk_warning("%s: index failed to open", buf);
|
||||
return 0;
|
||||
if (bs != NULL)
|
||||
r = load_index(db, bs, targz, r);
|
||||
else
|
||||
r = -ENOENT;
|
||||
|
||||
if (r != 0) {
|
||||
apk_warning("Ignoring %s: %s", buf, apk_error_str(r));
|
||||
db->bad_repos |= BIT(r);
|
||||
r = 0;
|
||||
} else {
|
||||
db->repo_tags[tag_id].allowed_repos |= BIT(r);
|
||||
}
|
||||
|
||||
r = load_index(db, bs, targz, r);
|
||||
if (r != 0)
|
||||
apk_error("%s: BAD signature", buf);
|
||||
return r;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void extract_cb(void *_ctx, size_t progress)
|
||||
|
|
|
|||
|
|
@ -449,10 +449,26 @@ void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
|
|||
EVP_MD_CTX_cleanup(&ctx->mdctx);
|
||||
}
|
||||
|
||||
static int check_signing_key_trust(struct apk_sign_ctx *sctx)
|
||||
{
|
||||
switch (sctx->action) {
|
||||
case APK_SIGN_VERIFY:
|
||||
case APK_SIGN_VERIFY_AND_GENERATE:
|
||||
if (sctx->signature.pkey == NULL) {
|
||||
if (apk_flags & APK_ALLOW_UNTRUSTED)
|
||||
break;
|
||||
return -ENOKEY;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
|
||||
const struct apk_file_info *fi,
|
||||
struct apk_istream *is)
|
||||
{
|
||||
int r;
|
||||
|
||||
if (ctx->data_started)
|
||||
return 1;
|
||||
|
||||
|
|
@ -465,6 +481,9 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
|
|||
return -ENOMSG;
|
||||
ctx->data_started = 1;
|
||||
ctx->control_started = 1;
|
||||
r = check_signing_key_trust(ctx);
|
||||
if (r < 0)
|
||||
return r;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -491,7 +510,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
|
|||
if (strncmp(&fi->name[6], "RSA.", 4) == 0 ||
|
||||
strncmp(&fi->name[6], "DSA.", 4) == 0) {
|
||||
int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC);
|
||||
BIO *bio;
|
||||
BIO *bio;
|
||||
|
||||
if (fd < 0)
|
||||
return 0;
|
||||
|
|
@ -604,15 +623,13 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
|
|||
return 0;
|
||||
}
|
||||
|
||||
r = check_signing_key_trust(sctx);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
switch (sctx->action) {
|
||||
case APK_SIGN_VERIFY:
|
||||
case APK_SIGN_VERIFY_AND_GENERATE:
|
||||
if (sctx->signature.pkey == NULL) {
|
||||
if (apk_flags & APK_ALLOW_UNTRUSTED)
|
||||
break;
|
||||
return -ENOKEY;
|
||||
}
|
||||
|
||||
r = EVP_VerifyFinal(&sctx->mdctx,
|
||||
(unsigned char *) sctx->signature.data.ptr,
|
||||
sctx->signature.data.len,
|
||||
|
|
|
|||
Loading…
Reference in New Issue