archive: make apk_tar_parse check and close input stream
simplifies other code quite a bitcute-signatures
Timo Teräs
parent
1de9ef422c
commit
f123d77e0b
|
|
@ -138,6 +138,8 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
|
|||
apk_blob_t pax = APK_BLOB_NULL, longname = APK_BLOB_NULL;
|
||||
char filename[sizeof buf.name + sizeof buf.prefix + 2];
|
||||
|
||||
if (IS_ERR_OR_NULL(is)) return PTR_ERR(is) ?: -EINVAL;
|
||||
|
||||
memset(&entry, 0, sizeof(entry));
|
||||
entry.name = buf.name;
|
||||
while ((r = apk_istream_read(is, &buf, 512)) == 512) {
|
||||
|
|
@ -262,6 +264,7 @@ ok:
|
|||
free(pax.ptr);
|
||||
free(longname.ptr);
|
||||
apk_fileinfo_free(&entry);
|
||||
apk_istream_close(is);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -652,10 +652,7 @@ int apk_cache_download(struct apk_database *db, struct apk_repository *repo,
|
|||
is = apk_istream_from_url_if_modified(url, st.st_mtime);
|
||||
is = apk_istream_tee(is, db->cache_fd, tmpcacheitem, !autoupdate, cb, cb_ctx);
|
||||
is = apk_istream_gunzip_mpart(is, apk_sign_ctx_mpart_cb, &sctx);
|
||||
if (!IS_ERR_OR_NULL(is))
|
||||
r = apk_tar_parse(is, apk_sign_ctx_verify_tar, &sctx, &db->id_cache);
|
||||
else
|
||||
r = PTR_ERR(is) ?: -EIO;
|
||||
r = apk_tar_parse(is, apk_sign_ctx_verify_tar, &sctx, &db->id_cache);
|
||||
apk_sign_ctx_free(&sctx);
|
||||
} else {
|
||||
is = apk_istream_from_url_if_modified(url, st.st_mtime);
|
||||
|
|
@ -673,8 +670,8 @@ int apk_cache_download(struct apk_database *db, struct apk_repository *repo,
|
|||
}
|
||||
close(fd);
|
||||
}
|
||||
if (!IS_ERR_OR_NULL(is)) apk_istream_close(is);
|
||||
}
|
||||
if (!IS_ERR_OR_NULL(is)) apk_istream_close(is);
|
||||
if (r == -EALREADY) {
|
||||
if (autoupdate) utimensat(db->cache_fd, cacheitem, NULL, 0);
|
||||
return r;
|
||||
|
|
@ -1148,7 +1145,6 @@ static void apk_db_triggers_read(struct apk_database *db, struct apk_istream *is
|
|||
|
||||
static int apk_db_read_state(struct apk_database *db, int flags)
|
||||
{
|
||||
struct apk_istream *is;
|
||||
apk_blob_t blob, world;
|
||||
int r;
|
||||
|
||||
|
|
@ -1173,12 +1169,8 @@ static int apk_db_read_state(struct apk_database *db, int flags)
|
|||
}
|
||||
|
||||
if (!(flags & APK_OPENF_NO_SCRIPTS)) {
|
||||
is = apk_istream_from_file(db->root_fd, apk_scripts_file);
|
||||
if (!IS_ERR_OR_NULL(is)) {
|
||||
apk_tar_parse(is, apk_read_script_archive_entry, db,
|
||||
&db->id_cache);
|
||||
apk_istream_close(is);
|
||||
}
|
||||
apk_tar_parse(apk_istream_from_file(db->root_fd, apk_scripts_file),
|
||||
apk_read_script_archive_entry, db, &db->id_cache);
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
@ -2189,9 +2181,7 @@ static int load_index(struct apk_database *db, struct apk_istream *is,
|
|||
ctx.repo = repo;
|
||||
ctx.found = 0;
|
||||
apk_sign_ctx_init(&ctx.sctx, APK_SIGN_VERIFY, NULL, db->keys_fd);
|
||||
is = apk_istream_gunzip_mpart(is, apk_sign_ctx_mpart_cb, &ctx.sctx);
|
||||
r = apk_tar_parse(is, load_apkindex, &ctx, &db->id_cache);
|
||||
apk_istream_close(is);
|
||||
r = apk_tar_parse(apk_istream_gunzip_mpart(is, apk_sign_ctx_mpart_cb, &ctx.sctx), load_apkindex, &ctx, &db->id_cache);
|
||||
apk_sign_ctx_free(&ctx.sctx);
|
||||
|
||||
if (r >= 0 && ctx.found == 0)
|
||||
|
|
@ -2753,7 +2743,7 @@ static int apk_db_unpack_pkg(struct apk_database *db,
|
|||
char **script_args)
|
||||
{
|
||||
struct install_ctx ctx;
|
||||
struct apk_istream *is = NULL, *cache_is, *tar;
|
||||
struct apk_istream *is = NULL, *cache_is;
|
||||
struct apk_repository *repo;
|
||||
struct apk_package *pkg = ipkg->pkg;
|
||||
char file[PATH_MAX];
|
||||
|
|
@ -2811,10 +2801,8 @@ static int apk_db_unpack_pkg(struct apk_database *db,
|
|||
.cb_ctx = cb_ctx,
|
||||
};
|
||||
apk_sign_ctx_init(&ctx.sctx, APK_SIGN_VERIFY_IDENTITY, &pkg->csum, db->keys_fd);
|
||||
tar = apk_istream_gunzip_mpart(is, apk_sign_ctx_mpart_cb, &ctx.sctx);
|
||||
r = apk_tar_parse(tar, apk_db_install_archive_entry, &ctx, &db->id_cache);
|
||||
r = apk_tar_parse(apk_istream_gunzip_mpart(is, apk_sign_ctx_mpart_cb, &ctx.sctx), apk_db_install_archive_entry, &ctx, &db->id_cache);
|
||||
apk_sign_ctx_free(&ctx.sctx);
|
||||
apk_istream_close(tar);
|
||||
|
||||
if (need_copy) {
|
||||
if (r == 0) {
|
||||
|
|
|
|||
|
|
@ -87,20 +87,15 @@ static int read_file_entry(void *ctx, const struct apk_file_info *ae,
|
|||
static void process_file(struct apk_database *db, const char *match)
|
||||
{
|
||||
struct apk_sign_ctx sctx;
|
||||
struct apk_istream *is;
|
||||
struct manifest_file_ctx ctx = {match, &sctx};
|
||||
int r;
|
||||
|
||||
apk_sign_ctx_init(&sctx, APK_SIGN_VERIFY, NULL, db->keys_fd);
|
||||
is = apk_istream_gunzip_mpart(apk_istream_from_file(AT_FDCWD, match),
|
||||
apk_sign_ctx_mpart_cb, &sctx);
|
||||
|
||||
if (IS_ERR_OR_NULL(is)) {
|
||||
apk_error("%s: %s", match, strerror(errno));
|
||||
return;
|
||||
}
|
||||
|
||||
(void) apk_tar_parse(is, read_file_entry, &ctx, &db->id_cache);
|
||||
apk_istream_close(is);
|
||||
r = apk_tar_parse(
|
||||
apk_istream_gunzip_mpart(apk_istream_from_file(AT_FDCWD, match), apk_sign_ctx_mpart_cb, &sctx),
|
||||
read_file_entry, &ctx, &db->id_cache);
|
||||
apk_sign_ctx_free(&sctx);
|
||||
if (r < 0) apk_error("%s: %s", match, apk_error_str(r));
|
||||
}
|
||||
|
||||
static void process_match(struct apk_database *db, const char *match, struct apk_name *name, void *ctx)
|
||||
|
|
|
|||
|
|
@ -904,7 +904,6 @@ int apk_pkg_read(struct apk_database *db, const char *file,
|
|||
{
|
||||
struct read_info_ctx ctx;
|
||||
struct apk_file_info fi;
|
||||
struct apk_istream *is, *tar;
|
||||
int r;
|
||||
|
||||
r = apk_fileinfo_get(AT_FDCWD, file, APK_CHECKSUM_NONE, &fi);
|
||||
|
|
@ -912,23 +911,18 @@ int apk_pkg_read(struct apk_database *db, const char *file,
|
|||
return r;
|
||||
|
||||
memset(&ctx, 0, sizeof(ctx));
|
||||
ctx.db = db;
|
||||
ctx.sctx = sctx;
|
||||
ctx.pkg = apk_pkg_new();
|
||||
r = -ENOMEM;
|
||||
if (ctx.pkg == NULL)
|
||||
goto err;
|
||||
is = apk_istream_from_file(AT_FDCWD, file);
|
||||
if (IS_ERR_OR_NULL(is)) {
|
||||
r = PTR_ERR(is) ?: -EIO;
|
||||
goto err;
|
||||
}
|
||||
|
||||
ctx.db = db;
|
||||
ctx.pkg->size = fi.size;
|
||||
|
||||
tar = apk_istream_gunzip_mpart(is, apk_sign_ctx_mpart_cb, sctx);
|
||||
r = apk_tar_parse(tar, read_info_entry, &ctx, &db->id_cache);
|
||||
apk_istream_close(tar);
|
||||
r = apk_tar_parse(
|
||||
apk_istream_gunzip_mpart(apk_istream_from_file(AT_FDCWD, file), apk_sign_ctx_mpart_cb, sctx),
|
||||
read_info_entry, &ctx, &db->id_cache);
|
||||
if (r < 0 && r != -ECANCELED)
|
||||
goto err;
|
||||
if (ctx.pkg->name == NULL || ctx.pkg->uninstallable) {
|
||||
|
|
|
|||
20
src/verify.c
20
src/verify.c
|
|
@ -20,34 +20,26 @@
|
|||
static int verify_main(void *ctx, struct apk_database *db, struct apk_string_array *args)
|
||||
{
|
||||
struct apk_sign_ctx sctx;
|
||||
struct apk_istream *is;
|
||||
char **parg;
|
||||
int r, ok, rc = 0;
|
||||
|
||||
foreach_array_item(parg, args) {
|
||||
apk_sign_ctx_init(&sctx, APK_SIGN_VERIFY, NULL, db->keys_fd);
|
||||
is = apk_istream_gunzip_mpart(apk_istream_from_file(AT_FDCWD, *parg),
|
||||
apk_sign_ctx_mpart_cb, &sctx);
|
||||
if (IS_ERR_OR_NULL(is)) {
|
||||
if (apk_verbosity >= 1)
|
||||
apk_error("%s: %s", *parg, strerror(errno));
|
||||
else
|
||||
printf("%s\n", *parg);
|
||||
apk_sign_ctx_free(&sctx);
|
||||
rc++;
|
||||
continue;
|
||||
}
|
||||
r = apk_tar_parse(is, apk_sign_ctx_verify_tar, &sctx, &db->id_cache);
|
||||
apk_istream_close(is);
|
||||
r = apk_tar_parse(
|
||||
apk_istream_gunzip_mpart(apk_istream_from_file(AT_FDCWD, *parg),
|
||||
apk_sign_ctx_mpart_cb, &sctx),
|
||||
apk_sign_ctx_verify_tar, &sctx, &db->id_cache);
|
||||
ok = sctx.control_verified && sctx.data_verified;
|
||||
if (apk_verbosity >= 1)
|
||||
apk_message("%s: %d - %s", *parg, r,
|
||||
r < 0 ? apk_error_str(r) :
|
||||
ok ? "OK" :
|
||||
!sctx.control_verified ? "UNTRUSTED" : "FAILED");
|
||||
else if (!ok)
|
||||
printf("%s\n", *parg);
|
||||
if (!ok)
|
||||
rc++;
|
||||
|
||||
apk_sign_ctx_free(&sctx);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue