apk: allow-untrusted option

to not make hard error of untrusted or missing signatures
2009-07-22 16:06:34 +03:00 · 2009-07-22 16:06:34 +03:00 · 5375efac1a
parent 23582a0ec5
commit 5375efac1a
3 changed files with 21 additions and 10 deletions
--- a/src/apk.c
+++ b/src/apk.c
@ -43,6 +43,8 @@ static struct apk_option generic_options[] = {
 	{ 0x101, "progress",	"Show a progress bar" },
 	{ 0x102, "clean-protected", "Do not create .apk-new files to "
 				"configuration dirs" },
+	{ 0x103, "allow-untrusted", "Blindly install packages with untrusted "
+				"signatures or no signature at all" },
 	{ 0x104, "simulate",	"Show what would be done without actually "
 				"doing it" },
 	{ 0x105, "wait",	"Wait for TIME seconds to get an exclusive "
@ -351,6 +353,9 @@ int main(int argc, char **argv)
 		case 0x102:
 			apk_flags |= APK_CLEAN_PROTECTED;
 			break;
+		case 0x103:
+			apk_flags |= APK_ALLOW_UNTRUSTED;
+			break;
 		case 0x104:
 			apk_flags |= APK_SIMULATE;
 			break;
--- a/src/apk_defines.h
+++ b/src/apk_defines.h
@ -59,6 +59,7 @@ extern unsigned int apk_flags;
 #define APK_RECURSIVE		0x0020
 #define APK_PREFER_AVAILABLE	0x0040
 #define APK_UPDATE_CACHE	0x0080
+#define APK_ALLOW_UNTRUSTED	0x0100

 #define apk_error(args...)	do { apk_log("ERROR: ", args); } while (0)
 #define apk_warning(args...)	do { if (apk_verbosity > 0) { apk_log("WARNING: ", args); } } while (0)
--- a/src/package.c
+++ b/src/package.c
@ -453,16 +453,20 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 			return 0;

 		/* Verify the signature if we have public key */
-		if (sctx->action == APK_SIGN_VERIFY &&
-		    sctx->signature.pkey != NULL) {
-			r = EVP_VerifyFinal(&sctx->mdctx,
-					   (unsigned char *) sctx->signature.data.ptr,
-					   sctx->signature.data.len,
-					   sctx->signature.pkey);
-			if (r != 1)
-				return -EKEYREJECTED;
+		if (sctx->action == APK_SIGN_VERIFY) {
+			if (sctx->signature.pkey == NULL) {
+				if (!(apk_flags & APK_ALLOW_UNTRUSTED))
+					return -ENOKEY;
+			} else {
+				r = EVP_VerifyFinal(&sctx->mdctx,
+						(unsigned char *) sctx->signature.data.ptr,
+						sctx->signature.data.len,
+						sctx->signature.pkey);
+				if (r != 1)
+					return -EKEYREJECTED;

-			sctx->control_verified = 1;
+				sctx->control_verified = 1;
+			}
 			EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
 			return 0;
 		} else if (sctx->action == APK_SIGN_GENERATE) {
@ -492,7 +496,8 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 			           EVP_MD_CTX_size(&sctx->mdctx)) != 0)
 				return -EKEYREJECTED;
 			sctx->data_verified = 1;
-			if (!sctx->control_verified)
+			if (!(apk_flags & APK_ALLOW_UNTRUSTED) &&
+			    !sctx->control_verified)
 				return -ENOKEY;
 		} else if (sctx->action == APK_SIGN_VERIFY) {
 			if (sctx->signature.pkey == NULL)