index : pacman | |
Archlinux32 fork of pacman | gitolite user |
summaryrefslogtreecommitdiff |
author | Dan McGee <dan@archlinux.org> | 2011-04-21 19:25:44 -0500 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2011-04-24 10:48:33 -0500 |
commit | 225acbbff176e52a88eb6b8030d331a599a7ef06 (patch) | |
tree | d6785a982dbdf022c7bd54d0993e385267e20cfd /lib | |
parent | 31e55b8049ed001a993441f3efc8ffebdf360061 (diff) |
-rw-r--r-- | lib/libalpm/alpm.h | 3 | ||||
-rw-r--r-- | lib/libalpm/be_sync.c | 2 | ||||
-rw-r--r-- | lib/libalpm/package.c | 41 | ||||
-rw-r--r-- | lib/libalpm/package.h | 3 | ||||
-rw-r--r-- | lib/libalpm/signing.c | 63 | ||||
-rw-r--r-- | lib/libalpm/signing.h | 12 | ||||
-rw-r--r-- | lib/libalpm/sync.c | 3 |
diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 6818cb29..8d58b7c4 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -76,7 +76,6 @@ typedef enum _pgp_verify_t { typedef struct __pmdb_t pmdb_t; typedef struct __pmpkg_t pmpkg_t; -typedef struct __pmpgpsig_t pmpgpsig_t; typedef struct __pmdelta_t pmdelta_t; typedef struct __pmgrp_t pmgrp_t; typedef struct __pmtrans_t pmtrans_t; @@ -476,8 +475,6 @@ const char *alpm_pkg_get_packager(pmpkg_t *pkg); */ const char *alpm_pkg_get_md5sum(pmpkg_t *pkg); -const pmpgpsig_t *alpm_pkg_get_pgpsig(pmpkg_t *pkg); - /** Returns the architecture for which the package was built. * @param pkg a pointer to package * @return a reference to an internal string diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 3dfea144..591747da 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -456,7 +456,7 @@ static int sync_db_read(pmdb_t *db, struct archive *archive, /* we don't do anything with this value right now */ READ_NEXT(line); } else if(strcmp(line, "%PGPSIG%") == 0) { - READ_AND_STORE(pkg->pgpsig.base64_data); + READ_AND_STORE(pkg->base64_sig); } else if(strcmp(line, "%REPLACES%") == 0) { READ_AND_STORE_ALL(pkg->replaces); } else if(strcmp(line, "%DEPENDS%") == 0) { diff --git a/lib/libalpm/package.c b/lib/libalpm/package.c index 8c927c11..393dae00 100644 --- a/lib/libalpm/package.c +++ b/lib/libalpm/package.c @@ -36,7 +36,6 @@ #include "delta.h" #include "handle.h" #include "deps.h" -#include "base64.h" /** \addtogroup alpm_packages Package Functions * @brief Functions to manipulate libalpm packages @@ -197,43 +196,6 @@ const char SYMEXPORT *alpm_pkg_get_md5sum(pmpkg_t *pkg) return pkg->ops->get_md5sum(pkg); } -static int decode_pgpsig(pmpkg_t *pkg) { - const int len = strlen(pkg->pgpsig.base64_data); - const unsigned char *usline = (const unsigned char *)pkg->pgpsig.base64_data; - int ret, destlen = 0; - /* get the necessary size for the buffer by passing 0 */ - ret = base64_decode(NULL, &destlen, usline, len); - /* alloc our memory and repeat the call to decode */ - MALLOC(pkg->pgpsig.data, (size_t)destlen, goto error); - ret = base64_decode(pkg->pgpsig.data, &destlen, usline, len); - pkg->pgpsig.len = destlen; - if(ret != 0) { - goto error; - } - - /* we no longer have a need for this */ - FREE(pkg->pgpsig.base64_data); - return 0; - -error: - FREE(pkg->pgpsig.data); - pkg->pgpsig.len = 0; - return 1; -} - -const pmpgpsig_t SYMEXPORT *alpm_pkg_get_pgpsig(pmpkg_t *pkg) -{ - ALPM_LOG_FUNC; - - /* Sanity checks */ - ASSERT(pkg != NULL, RET_ERR(PM_ERR_WRONG_ARGS, NULL)); - - if(pkg->pgpsig.data == NULL && pkg->pgpsig.base64_data != NULL) { - decode_pgpsig(pkg); - } - return &(pkg->pgpsig); -} - const char SYMEXPORT *alpm_pkg_get_arch(pmpkg_t *pkg) { return pkg->ops->get_arch(pkg); @@ -468,8 +430,7 @@ void _alpm_pkg_free(pmpkg_t *pkg) FREE(pkg->url); FREE(pkg->packager); FREE(pkg->md5sum); - FREE(pkg->pgpsig.base64_data); - FREE(pkg->pgpsig.data); + FREE(pkg->base64_sig); FREE(pkg->arch); FREELIST(pkg->licenses); FREELIST(pkg->replaces); diff --git a/lib/libalpm/package.h b/lib/libalpm/package.h index c84e2221..390dcd95 100644 --- a/lib/libalpm/package.h +++ b/lib/libalpm/package.h @@ -97,10 +97,9 @@ struct __pmpkg_t { char *url; char *packager; char *md5sum; + char *base64_sig; char *arch; - pmpgpsig_t pgpsig; - time_t builddate; time_t installdate; diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 28b7ad98..d69fd52e 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -28,6 +28,7 @@ /* libalpm */ #include "signing.h" #include "package.h" +#include "base64.h" #include "util.h" #include "log.h" #include "alpm.h" @@ -92,13 +93,48 @@ error: } /** + * Decode a loaded signature in base64 form. + * @param base64_data the signature to attempt to decode + * @param data the decoded data; must be freed by the caller + * @param data_len the length of the returned data + * @return 0 on success, 1 on failure to properly decode + */ +static int decode_signature(const char *base64_data, + unsigned char **data, int *data_len) { + unsigned char *usline; + int len; + + len = strlen(base64_data); + usline = (unsigned char *)base64_data; + int ret, destlen = 0; + /* get the necessary size for the buffer by passing 0 */ + ret = base64_decode(NULL, &destlen, usline, len); + if(ret != 0 || ret != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) { + goto error; + } + /* alloc our memory and repeat the call to decode */ + MALLOC(data, (size_t)destlen, goto error); + ret = base64_decode(*data, &destlen, usline, len); + if(ret != 0) { + goto error; + } + *data_len = destlen; + return 0; + +error: + *data = NULL; + *data_len = 0; + return 1; +} + +/** * Check the PGP signature for the given file. * @param path the full path to a file - * @param sig PGP signature data in raw form (already decoded); if NULL, expect - * a signature file next to 'path' + * @param base64_sig PGP signature data in base64 encoding; if NULL, expect a + * signature file next to 'path' * @return a int value : 0 (valid), 1 (invalid), -1 (an error occured) */ -int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig) +int _alpm_gpgme_checksig(const char *path, const char *base64_sig) { int ret = 0; gpgme_error_t err; @@ -107,6 +143,7 @@ int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig) gpgme_verify_result_t result; gpgme_signature_t gpgsig; char *sigpath = NULL; + unsigned char *decoded_sigdata = NULL; FILE *file = NULL, *sigfile = NULL; ALPM_LOG_FUNC; @@ -115,7 +152,7 @@ int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig) RET_ERR(PM_ERR_NOT_A_FILE, -1); } - if(!sig) { + if(!base64_sig) { size_t len = strlen(path) + 5; CALLOC(sigpath, len, sizeof(char), RET_ERR(PM_ERR_MEMORY, -1)); snprintf(sigpath, len, "%s.sig", path); @@ -124,8 +161,6 @@ int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig) FREE(sigpath); RET_ERR(PM_ERR_SIG_UNKNOWN, -1); } - } else if(!sig->data) { - RET_ERR(PM_ERR_SIG_UNKNOWN, -1); } if(gpgme_init()) { @@ -153,9 +188,17 @@ int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig) CHECK_ERR(); /* next create data object for the signature */ - if(sig) { + if(base64_sig) { /* memory-based, we loaded it from a sync DB */ - err = gpgme_data_new_from_mem(&sigdata, (char *)sig->data, sig->len, 0); + int data_len; + int decode_ret = decode_signature(base64_sig, + &decoded_sigdata, &data_len); + if(decode_ret) { + ret = -1; + goto error; + } + err = gpgme_data_new_from_mem(&sigdata, + (char *)decoded_sigdata, data_len, 0); } else { /* file-based, it is on disk */ sigfile = fopen(sigpath, "rb"); @@ -222,6 +265,7 @@ error: fclose(file); } FREE(sigpath); + FREE(decoded_sigdata); if(err != GPG_ERR_NO_ERROR) { _alpm_log(PM_LOG_ERROR, _("GPGME error: %s\n"), gpgme_strerror(err)); RET_ERR(PM_ERR_GPGME, -1); @@ -257,8 +301,7 @@ int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg) ALPM_LOG_FUNC; ASSERT(pkg != NULL, return 0); - return _alpm_gpgme_checksig(alpm_pkg_get_filename(pkg), - alpm_pkg_get_pgpsig(pkg)); + return _alpm_gpgme_checksig(alpm_pkg_get_filename(pkg), pkg->base64_sig); } /** diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h index 5976cf2a..8d8c1643 100644 --- a/lib/libalpm/signing.h +++ b/lib/libalpm/signing.h @@ -21,17 +21,7 @@ #include "alpm.h" -struct __pmpgpsig_t { - /* we will either store the encoded data or the raw data- - * this way we can decode on an as-needed basis since most - * operations won't require the overhead of base64 decodes - * on all packages in a sync repository. */ - char *base64_data; - unsigned char *data; - size_t len; -}; - -int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig); +int _alpm_gpgme_checksig(const char *path, const char *base64_sig); pgp_verify_t _alpm_db_get_sigverify_level(pmdb_t *db); #endif /* _ALPM_SIGNING_H */ diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index 4ce62e64..0ff0c79e 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -856,7 +856,6 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) const char *filename = alpm_pkg_get_filename(spkg); char *filepath = _alpm_filecache_find(filename); const char *md5sum = alpm_pkg_get_md5sum(spkg); - const pmpgpsig_t *pgpsig = alpm_pkg_get_pgpsig(spkg); pgp_verify_t check_sig; /* check md5sum first */ @@ -872,7 +871,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) check_sig = _alpm_db_get_sigverify_level(sdb); if(check_sig != PM_PGP_VERIFY_NEVER) { - int ret = _alpm_gpgme_checksig(filepath, pgpsig); + int ret = _alpm_gpgme_checksig(filepath, spkg->base64_sig); if((check_sig == PM_PGP_VERIFY_ALWAYS && ret != 0) || (check_sig == PM_PGP_VERIFY_OPTIONAL && ret == 1)) { errors++; |