db, pkg: fix package verification during installation
some hooks to package verification code were missing causing the verification to not be done (causing pre-script to be not run). fixes #124, #126.cute-signatures
parent
a120a96db4
commit
bc93eaffb0
|
@ -1431,6 +1431,9 @@ static int apk_db_install_archive_entry(void *_ctx,
|
|||
const char *p;
|
||||
int r = 0, type = APK_SCRIPT_INVALID;
|
||||
|
||||
if (apk_sign_ctx_process_file(&ctx->sctx, ae, is) == 0)
|
||||
return 0;
|
||||
|
||||
/* Package metainfo and script processing */
|
||||
if (ae->name[0] == '.') {
|
||||
/* APK 2.0 format */
|
||||
|
|
|
@ -346,15 +346,16 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action,
|
|||
}
|
||||
EVP_MD_CTX_init(&ctx->mdctx);
|
||||
EVP_DigestInit_ex(&ctx->mdctx, ctx->md, NULL);
|
||||
EVP_MD_CTX_set_flags(&ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
|
||||
}
|
||||
|
||||
|
||||
void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
|
||||
{
|
||||
if (ctx->signature.data.ptr != NULL)
|
||||
free(ctx->signature.data.ptr);
|
||||
if (ctx->signature.pkey != NULL)
|
||||
EVP_PKEY_free(ctx->signature.pkey);
|
||||
EVP_MD_CTX_cleanup(&ctx->mdctx);
|
||||
}
|
||||
|
||||
int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
|
||||
|
@ -468,15 +469,19 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
|
|||
goto update_digest;
|
||||
|
||||
/* Still in signature blocks? */
|
||||
if (!sctx->control_started)
|
||||
if (!sctx->control_started) {
|
||||
if (part == APK_MPART_END)
|
||||
return -EKEYREJECTED;
|
||||
goto reset_digest;
|
||||
}
|
||||
|
||||
/* Grab state and mark all remaining block as data */
|
||||
end_of_control = (sctx->data_started == 0);
|
||||
sctx->data_started = 1;
|
||||
|
||||
/* End of control-block and control does not have data checksum? */
|
||||
if (sctx->has_data_checksum == 0 && end_of_control)
|
||||
if (sctx->has_data_checksum == 0 && end_of_control &&
|
||||
part != APK_MPART_END)
|
||||
goto update_digest;
|
||||
|
||||
/* Drool in the remaining of the digest block now, we will finish
|
||||
|
@ -542,7 +547,6 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
|
|||
sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
|
||||
EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
|
||||
}
|
||||
|
||||
reset_digest:
|
||||
EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
|
||||
EVP_MD_CTX_set_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
|
||||
|
|
Loading…
Reference in New Issue