index : pacman | |
Archlinux32 fork of pacman | gitolite user |
summaryrefslogtreecommitdiff |
-rw-r--r-- | lib/libalpm/be_package.c | 66 | ||||
-rw-r--r-- | lib/libalpm/package.h | 3 | ||||
-rw-r--r-- | lib/libalpm/sync.c | 3 |
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index deec0c45..2566574d 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -276,19 +276,17 @@ static alpm_file_t *files_msort(alpm_file_t *files, size_t n) * Load a package and create the corresponding alpm_pkg_t struct. * @param handle the context handle * @param pkgfile path to the package file + * @param syncpkg package object to load verification data from (md5sum, + * sha256sum, and/or base64 signature) * @param full whether to stop the load after metadata is read or continue * through the full archive - * @param md5sum the expected md5sum of the package file if known - * @param sha256sum the expected sha256sum of the package file if known - * @param base64_sig the encoded signature of the package file if known * @param level the required level of signature verification * @return An information filled alpm_pkg_t struct */ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle, const char *pkgfile, - int full, const char *md5sum, const char *sha256sum, const char *base64_sig, - alpm_siglevel_t level) + alpm_pkg_t *syncpkg, int full, alpm_siglevel_t level) { - int ret, skip_checksums, config = 0; + int ret, use_sig, config = 0; struct archive *archive; struct archive_entry *entry; alpm_pkg_t *newpkg = NULL; @@ -314,45 +312,49 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle, const char *pkgfile, } /* can we get away with skipping checksums? */ - skip_checksums = 0; + use_sig = 0; if(level & ALPM_SIG_PACKAGE) { - if(base64_sig) { - skip_checksums = 1; + if(syncpkg && syncpkg->base64_sig) { + use_sig = 1; } else { char *sigpath = _alpm_sigpath(handle, pkgfile); if(sigpath && !_alpm_access(handle, NULL, sigpath, R_OK)) { - skip_checksums = 1; + use_sig = 1; } free(sigpath); } } - _alpm_log(handle, ALPM_LOG_DEBUG, "md5sum: %s\n", md5sum); - if(!skip_checksums && md5sum && !sha256sum) { - _alpm_log(handle, ALPM_LOG_DEBUG, "checking md5sum for %s\n", pkgfile); - if(_alpm_test_checksum(pkgfile, md5sum, ALPM_CSUM_MD5) != 0) { - alpm_pkg_free(newpkg); - RET_ERR(handle, ALPM_ERR_PKG_INVALID_CHECKSUM, NULL); + if(syncpkg && !use_sig) { + if(syncpkg->md5sum && !syncpkg->sha256sum) { + _alpm_log(handle, ALPM_LOG_DEBUG, "md5sum: %s\n", syncpkg->md5sum); + _alpm_log(handle, ALPM_LOG_DEBUG, "checking md5sum for %s\n", pkgfile); + if(_alpm_test_checksum(pkgfile, syncpkg->md5sum, ALPM_CSUM_MD5) != 0) { + alpm_pkg_free(newpkg); + RET_ERR(handle, ALPM_ERR_PKG_INVALID_CHECKSUM, NULL); + } } - } - _alpm_log(handle, ALPM_LOG_DEBUG, "sha256sum: %s\n", sha256sum); - if(!skip_checksums && sha256sum) { - _alpm_log(handle, ALPM_LOG_DEBUG, "checking sha256sum for %s\n", pkgfile); - if(_alpm_test_checksum(pkgfile, sha256sum, ALPM_CSUM_SHA256) != 0) { - alpm_pkg_free(newpkg); - RET_ERR(handle, ALPM_ERR_PKG_INVALID_CHECKSUM, NULL); + if(syncpkg->sha256sum) { + _alpm_log(handle, ALPM_LOG_DEBUG, "sha256sum: %s\n", syncpkg->sha256sum); + _alpm_log(handle, ALPM_LOG_DEBUG, "checking sha256sum for %s\n", pkgfile); + if(_alpm_test_checksum(pkgfile, syncpkg->sha256sum, ALPM_CSUM_SHA256) != 0) { + alpm_pkg_free(newpkg); + RET_ERR(handle, ALPM_ERR_PKG_INVALID_CHECKSUM, NULL); + } } } - _alpm_log(handle, ALPM_LOG_DEBUG, "base64_sig: %s\n", base64_sig); - if(level & ALPM_SIG_PACKAGE && - _alpm_check_pgp_helper(handle, pkgfile, base64_sig, - level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, - level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) { - handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG; - _alpm_pkg_free(newpkg); - return NULL; + if(use_sig) { + const char *sig = syncpkg ? syncpkg->base64_sig : NULL; + _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>"); + if(_alpm_check_pgp_helper(handle, pkgfile, sig, + level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, + level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) { + handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG; + _alpm_pkg_free(newpkg); + return NULL; + } } /* next- try to create an archive object to read in the package */ @@ -487,7 +489,7 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful CHECK_HANDLE(handle, return -1); ASSERT(pkg != NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1)); - *pkg = _alpm_pkg_load_internal(handle, filename, full, NULL, NULL, NULL, level); + *pkg = _alpm_pkg_load_internal(handle, filename, NULL, full, level); if(*pkg == NULL) { /* pm_errno is set by pkg_load */ return -1; diff --git a/lib/libalpm/package.h b/lib/libalpm/package.h index 25d1b1a6..707405dd 100644 --- a/lib/libalpm/package.h +++ b/lib/libalpm/package.h @@ -150,8 +150,7 @@ void _alpm_pkg_free_trans(alpm_pkg_t *pkg); alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle, const char *pkgfile, - int full, const char *md5sum, const char *sha256sum, const char *base64_sig, - alpm_siglevel_t level); + alpm_pkg_t *syncpkg, int full, alpm_siglevel_t level); int _alpm_pkg_cmp(const void *p1, const void *p2); int _alpm_pkg_compare_versions(alpm_pkg_t *local_pkg, alpm_pkg_t *pkg); diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index 3b31899a..19038b49 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -938,8 +938,7 @@ int _alpm_sync_commit(alpm_handle_t *handle, alpm_list_t **data) _alpm_log(handle, ALPM_LOG_DEBUG, "replacing pkgcache entry with package file for target %s\n", spkg->name); - alpm_pkg_t *pkgfile =_alpm_pkg_load_internal(handle, filepath, 1, spkg->md5sum, - spkg->sha256sum, spkg->base64_sig, level); + alpm_pkg_t *pkgfile =_alpm_pkg_load_internal(handle, filepath, spkg, 1, level); if(!pkgfile) { prompt_to_delete(trans, filepath, handle->pm_errno); errors++; |