Add variable to control how packages are installed. VERIFIED_INSTALLATION supports: never (default): print signature, but don't care about it. always: check for valid signature, abort otherwise trusted: ask for packages without valid signature interactive: always ask before installationdiff -r1.70.4.4 -r1.70.4.5 pkgsrc/pkgtools/pkg_install/files/add/perform.c
(joerg)
@@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
1 | /* $NetBSD: perform.c,v 1.70.4.4 2008/05/12 15:44:17 joerg Exp $ */ | 1 | /* $NetBSD: perform.c,v 1.70.4.5 2008/05/19 10:42:41 joerg Exp $ */ | |
2 | #if HAVE_CONFIG_H | 2 | #if HAVE_CONFIG_H | |
3 | #include "config.h" | 3 | #include "config.h" | |
4 | #endif | 4 | #endif | |
5 | #include <nbcompat.h> | 5 | #include <nbcompat.h> | |
6 | #if HAVE_SYS_CDEFS_H | 6 | #if HAVE_SYS_CDEFS_H | |
7 | #include <sys/cdefs.h> | 7 | #include <sys/cdefs.h> | |
8 | #endif | 8 | #endif | |
9 | __RCSID("$NetBSD: perform.c,v 1.70.4.4 2008/05/12 15:44:17 joerg Exp $"); | 9 | __RCSID("$NetBSD: perform.c,v 1.70.4.5 2008/05/19 10:42:41 joerg Exp $"); | |
10 | 10 | |||
11 | /*- | 11 | /*- | |
12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | 12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | |
13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | 13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | |
14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | 14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | |
15 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org> | 15 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org> | |
16 | * All rights reserved. | 16 | * All rights reserved. | |
17 | * | 17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | 18 | * Redistribution and use in source and binary forms, with or without | |
19 | * modification, are permitted provided that the following conditions | 19 | * modification, are permitted provided that the following conditions | |
20 | * are met: | 20 | * are met: | |
21 | * | 21 | * | |
22 | * 1. Redistributions of source code must retain the above copyright | 22 | * 1. Redistributions of source code must retain the above copyright | |
@@ -1054,60 +1054,123 @@ start_replacing(struct pkg_task *pkg) | @@ -1054,60 +1054,123 @@ start_replacing(struct pkg_task *pkg) | |||
1054 | printf("%s/pkg_delete -K %s -p %s '%s'\n", | 1054 | printf("%s/pkg_delete -K %s -p %s '%s'\n", | |
1055 | BINDIR, _pkgdb_getPKGDB_DIR(), pkg->install_prefix, | 1055 | BINDIR, _pkgdb_getPKGDB_DIR(), pkg->install_prefix, | |
1056 | pkg->other_version); | 1056 | pkg->other_version); | |
1057 | } | 1057 | } | |
1058 | if (!Fake) | 1058 | if (!Fake) | |
1059 | fexec(BINDIR "/pkg_delete", "-K", _pkgdb_getPKGDB_DIR(), | 1059 | fexec(BINDIR "/pkg_delete", "-K", _pkgdb_getPKGDB_DIR(), | |
1060 | "-p", pkg->install_prefix, | 1060 | "-p", pkg->install_prefix, | |
1061 | pkg->other_version, NULL); | 1061 | pkg->other_version, NULL); | |
1062 | 1062 | |||
1063 | /* XXX Check return value and do what? */ | 1063 | /* XXX Check return value and do what? */ | |
1064 | return 0; | 1064 | return 0; | |
1065 | } | 1065 | } | |
1066 | 1066 | |||
1067 | static int check_input(const char *line, size_t len) | |||
1068 | { | |||
1069 | if (line == NULL || len == 0) | |||
1070 | return 1; | |||
1071 | switch (*line) { | |||
1072 | case 'Y': | |||
1073 | case 'y': | |||
1074 | case 'T': | |||
1075 | case 't': | |||
1076 | case '1': | |||
1077 | return 0; | |||
1078 | default: | |||
1079 | return 1; | |||
1080 | } | |||
1081 | } | |||
1082 | ||||
1083 | static int | |||
1084 | check_signature(struct pkg_task *pkg, void *signature_cookie, int invalid_sig) | |||
1085 | { | |||
1086 | char *line; | |||
1087 | size_t len; | |||
1088 | ||||
1089 | if (strcasecmp(verified_installation, "never") == 0) | |||
1090 | return 0; | |||
1091 | if (strcasecmp(verified_installation, "always") == 0) { | |||
1092 | if (invalid_sig) | |||
1093 | warnx("No valid signature found, rejected"); | |||
1094 | return invalid_sig; | |||
1095 | } | |||
1096 | if (strcasecmp(verified_installation, "trusted") == 0) { | |||
1097 | if (!invalid_sig) | |||
1098 | return 0; | |||
1099 | fprintf(stderr, "No valid signature found for %s.\n", | |||
1100 | pkg->pkgname); | |||
1101 | fprintf(stderr, | |||
1102 | "Do you want to proceed with the installation [y/n]?\n"); | |||
1103 | line = fgetln(stdin, &len); | |||
1104 | if (check_input(line, len)) { | |||
1105 | fprintf(stderr, "Cancelling installation\n"); | |||
1106 | return 1; | |||
1107 | } | |||
1108 | return 0; | |||
1109 | } | |||
1110 | if (strcasecmp(verified_installation, "interactive") == 0) { | |||
1111 | fprintf(stderr, "Do you want to proceed with " | |||
1112 | "the installation of %s [y/n]?\n", pkg->pkgname); | |||
1113 | line = fgetln(stdin, &len); | |||
1114 | if (check_input(line, len)) { | |||
1115 | fprintf(stderr, "Cancelling installation\n"); | |||
1116 | return 1; | |||
1117 | } | |||
1118 | return 0; | |||
1119 | } | |||
1120 | warnx("Unknown value of configuration variable VERIFIED_INSTALLATION"); | |||
1121 | return 1; | |||
1122 | } | |||
1123 | ||||
1067 | /* | 1124 | /* | |
1068 | * Install a single package. | 1125 | * Install a single package. | |
1069 | */ | 1126 | */ | |
1070 | static int | 1127 | static int | |
1071 | pkg_do(const char *pkgpath, int mark_automatic) | 1128 | pkg_do(const char *pkgpath, int mark_automatic) | |
1072 | { | 1129 | { | |
1073 | int status; | 1130 | int status, invalid_sig; | |
1074 | void *archive_cookie; | 1131 | void *archive_cookie; | |
1075 | #ifdef HAVE_SSL | 1132 | #ifdef HAVE_SSL | |
1076 | void*signature_cookie; | 1133 | void *signature_cookie; | |
1077 | #endif | 1134 | #endif | |
1078 | struct pkg_task *pkg; | 1135 | struct pkg_task *pkg; | |
1079 | 1136 | |||
1080 | if ((pkg = calloc(1, sizeof(*pkg))) == NULL) | 1137 | if ((pkg = calloc(1, sizeof(*pkg))) == NULL) | |
1081 | err(2, "malloc failed"); | 1138 | err(2, "malloc failed"); | |
1082 | 1139 | |||
1083 | status = -1; | 1140 | status = -1; | |
1084 | 1141 | |||
1085 | if ((pkg->archive = find_archive(pkgpath, &archive_cookie)) == NULL) { | 1142 | if ((pkg->archive = find_archive(pkgpath, &archive_cookie)) == NULL) { | |
1086 | warnx("no pkg found for '%s', sorry.", pkgpath); | 1143 | warnx("no pkg found for '%s', sorry.", pkgpath); | |
1087 | goto clean_find_archive; | 1144 | goto clean_find_archive; | |
1088 | } | 1145 | } | |
1146 | ||||
1089 | #ifdef HAVE_SSL | 1147 | #ifdef HAVE_SSL | |
1090 | if (pkg_verify_signature(&pkg->archive, &pkg->entry, &pkg->pkgname, | 1148 | invalid_sig = pkg_verify_signature(&pkg->archive, &pkg->entry, | |
1091 | &signature_cookie)) | 1149 | &pkg->pkgname, &signature_cookie); | |
1092 | goto clean_memory; | 1150 | #else | |
1151 | invalid_sig = 1; | |||
1093 | #endif | 1152 | #endif | |
1153 | ||||
1094 | if (read_meta_data(pkg)) | 1154 | if (read_meta_data(pkg)) | |
1095 | goto clean_memory; | 1155 | goto clean_memory; | |
1096 | 1156 | |||
1097 | /* Parse PLIST early, so that messages can use real package name. */ | 1157 | /* Parse PLIST early, so that messages can use real package name. */ | |
1098 | if (pkg_parse_plist(pkg)) | 1158 | if (pkg_parse_plist(pkg)) | |
1099 | goto clean_memory; | 1159 | goto clean_memory; | |
1100 | 1160 | |||
1161 | if (check_signature(pkg, &signature_cookie, invalid_sig)) | |||
1162 | goto clean_memory; | |||
1163 | ||||
1101 | if (pkg->meta_data.meta_mtree != NULL) | 1164 | if (pkg->meta_data.meta_mtree != NULL) | |
1102 | warnx("mtree specification in pkg `%s' ignored", pkg->pkgname); | 1165 | warnx("mtree specification in pkg `%s' ignored", pkg->pkgname); | |
1103 | 1166 | |||
1104 | if (pkg->meta_data.meta_views != NULL) { | 1167 | if (pkg->meta_data.meta_views != NULL) { | |
1105 | if ((pkg->logdir = strdup(pkg->install_prefix)) == NULL) | 1168 | if ((pkg->logdir = strdup(pkg->install_prefix)) == NULL) | |
1106 | err(EXIT_FAILURE, "strdup failed"); | 1169 | err(EXIT_FAILURE, "strdup failed"); | |
1107 | _pkgdb_setPKGDB_DIR(dirname_of(pkg->logdir)); | 1170 | _pkgdb_setPKGDB_DIR(dirname_of(pkg->logdir)); | |
1108 | } else { | 1171 | } else { | |
1109 | if (asprintf(&pkg->logdir, "%s/%s", _pkgdb_getPKGDB_DIR(), | 1172 | if (asprintf(&pkg->logdir, "%s/%s", _pkgdb_getPKGDB_DIR(), | |
1110 | pkg->pkgname) == -1) | 1173 | pkg->pkgname) == -1) | |
1111 | err(EXIT_FAILURE, "asprintf failed"); | 1174 | err(EXIT_FAILURE, "asprintf failed"); | |
1112 | } | 1175 | } | |
1113 | 1176 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: lib.h,v 1.42.2.4 2008/05/12 12:12:07 joerg Exp $ */ | 1 | /* $NetBSD: lib.h,v 1.42.2.5 2008/05/19 10:42:41 joerg Exp $ */ | |
2 | 2 | |||
3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | 3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * FreeBSD install - a package for the installation and maintainance | 6 | * FreeBSD install - a package for the installation and maintainance | |
7 | * of non-core utilities. | 7 | * of non-core utilities. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -390,22 +390,23 @@ int easy_pkcs7_verify(const char *, size | @@ -390,22 +390,23 @@ int easy_pkcs7_verify(const char *, size | |||
390 | const char *); | 390 | const char *); | |
391 | int easy_pkcs7_sign(const char *, size_t, char **, size_t *, const char *, | 391 | int easy_pkcs7_sign(const char *, size_t, char **, size_t *, const char *, | |
392 | const char *); | 392 | const char *); | |
393 | #endif | 393 | #endif | |
394 | 394 | |||
395 | /* Externs */ | 395 | /* Externs */ | |
396 | extern Boolean Verbose; | 396 | extern Boolean Verbose; | |
397 | extern Boolean Fake; | 397 | extern Boolean Fake; | |
398 | extern Boolean Force; | 398 | extern Boolean Force; | |
399 | extern const char *cert_chain_file; | 399 | extern const char *cert_chain_file; | |
400 | extern const char *certs_packages; | 400 | extern const char *certs_packages; | |
401 | extern const char *certs_pkg_vulnerabilities; | 401 | extern const char *certs_pkg_vulnerabilities; | |
402 | extern const char *config_file; | 402 | extern const char *config_file; | |
403 | extern const char *verified_installation; | |||
403 | extern const char *gpg_cmd; | 404 | extern const char *gpg_cmd; | |
404 | 405 | |||
405 | extern const char *pkg_vulnerabilities_dir; | 406 | extern const char *pkg_vulnerabilities_dir; | |
406 | extern const char *pkg_vulnerabilities_file; | 407 | extern const char *pkg_vulnerabilities_file; | |
407 | extern const char *pkg_vulnerabilities_url; | 408 | extern const char *pkg_vulnerabilities_url; | |
408 | extern const char *ignore_advisories; | 409 | extern const char *ignore_advisories; | |
409 | extern const char tnf_vulnerability_base[]; | 410 | extern const char tnf_vulnerability_base[]; | |
410 | 411 | |||
411 | #endif /* _INST_LIB_LIB_H_ */ | 412 | #endif /* _INST_LIB_LIB_H_ */ |
@@ -1,24 +1,24 @@ | @@ -1,24 +1,24 @@ | |||
1 | /* $NetBSD: parse-config.c,v 1.1.2.2 2008/05/11 20:20:38 joerg Exp $ */ | 1 | /* $NetBSD: parse-config.c,v 1.1.2.3 2008/05/19 10:42:41 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | #ifndef lint | 10 | #ifndef lint | |
11 | __RCSID("$NetBSD: parse-config.c,v 1.1.2.2 2008/05/11 20:20:38 joerg Exp $"); | 11 | __RCSID("$NetBSD: parse-config.c,v 1.1.2.3 2008/05/19 10:42:41 joerg Exp $"); | |
12 | #endif | 12 | #endif | |
13 | 13 | |||
14 | /*- | 14 | /*- | |
15 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 15 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
16 | * All rights reserved. | 16 | * All rights reserved. | |
17 | * | 17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | 18 | * Redistribution and use in source and binary forms, with or without | |
19 | * modification, are permitted provided that the following conditions | 19 | * modification, are permitted provided that the following conditions | |
20 | * are met: | 20 | * are met: | |
21 | * | 21 | * | |
22 | * 1. Redistributions of source code must retain the above copyright | 22 | * 1. Redistributions of source code must retain the above copyright | |
23 | * notice, this list of conditions and the following disclaimer. | 23 | * notice, this list of conditions and the following disclaimer. | |
24 | * 2. Redistributions in binary form must reproduce the above copyright | 24 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -44,44 +44,47 @@ __RCSID("$NetBSD: parse-config.c,v 1.1.2 | @@ -44,44 +44,47 @@ __RCSID("$NetBSD: parse-config.c,v 1.1.2 | |||
44 | #include <err.h> | 44 | #include <err.h> | |
45 | #endif | 45 | #endif | |
46 | #if HAVE_STRING_H | 46 | #if HAVE_STRING_H | |
47 | #include <string.h> | 47 | #include <string.h> | |
48 | #endif | 48 | #endif | |
49 | 49 | |||
50 | #include "lib.h" | 50 | #include "lib.h" | |
51 | 51 | |||
52 | const char *config_file = SYSCONFDIR"/pkg_install.conf"; | 52 | const char *config_file = SYSCONFDIR"/pkg_install.conf"; | |
53 | 53 | |||
54 | const char *cert_chain_file; | 54 | const char *cert_chain_file; | |
55 | const char *certs_packages; | 55 | const char *certs_packages; | |
56 | const char *certs_pkg_vulnerabilities; | 56 | const char *certs_pkg_vulnerabilities; | |
57 | const char *verified_installation; | |||
57 | const char *gpg_cmd; | 58 | const char *gpg_cmd; | |
58 | const char *pkg_vulnerabilities_dir; | 59 | const char *pkg_vulnerabilities_dir; | |
59 | const char *pkg_vulnerabilities_file; | 60 | const char *pkg_vulnerabilities_file; | |
60 | const char *pkg_vulnerabilities_url; | 61 | const char *pkg_vulnerabilities_url; | |
61 | const char *ignore_advisories = NULL; | 62 | const char *ignore_advisories = NULL; | |
63 | ||||
62 | const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns"; | 64 | const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns"; | |
63 | 65 | |||
64 | static struct config_variable { | 66 | static struct config_variable { | |
65 | const char *name; | 67 | const char *name; | |
66 | const char **var; | 68 | const char **var; | |
67 | } config_variables[] = { | 69 | } config_variables[] = { | |
68 | { "CERTIFICATE_ANCHOR_PKGS", &certs_packages }, | 70 | { "CERTIFICATE_ANCHOR_PKGS", &certs_packages }, | |
69 | { "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities }, | 71 | { "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities }, | |
70 | { "CERTIFICATE_CHAIN", &cert_chain_file }, | 72 | { "CERTIFICATE_CHAIN", &cert_chain_file }, | |
71 | { "GPG", &gpg_cmd }, | 73 | { "GPG", &gpg_cmd }, | |
72 | { "PKGVULNDIR", &pkg_vulnerabilities_dir }, | 74 | { "PKGVULNDIR", &pkg_vulnerabilities_dir }, | |
73 | { "PKGVULNURL", &pkg_vulnerabilities_url }, | 75 | { "PKGVULNURL", &pkg_vulnerabilities_url }, | |
74 | { "IGNORE_URL", &ignore_advisories }, | 76 | { "IGNORE_URL", &ignore_advisories }, | |
77 | { "VERIFIED_INSTALLATION", &verified_installation }, | |||
75 | { NULL, NULL } | 78 | { NULL, NULL } | |
76 | }; | 79 | }; | |
77 | 80 | |||
78 | void | 81 | void | |
79 | pkg_install_config(void) | 82 | pkg_install_config(void) | |
80 | { | 83 | { | |
81 | char *value; | 84 | char *value; | |
82 | int ret; | 85 | int ret; | |
83 | struct config_variable *var; | 86 | struct config_variable *var; | |
84 | 87 | |||
85 | for (var = config_variables; var->name != NULL; ++var) { | 88 | for (var = config_variables; var->name != NULL; ++var) { | |
86 | value = var_get(config_file, var->name); | 89 | value = var_get(config_file, var->name); | |
87 | if (value != NULL) | 90 | if (value != NULL) | |
@@ -91,26 +94,28 @@ pkg_install_config(void) | @@ -91,26 +94,28 @@ pkg_install_config(void) | |||
91 | if (pkg_vulnerabilities_dir == NULL) | 94 | if (pkg_vulnerabilities_dir == NULL) | |
92 | pkg_vulnerabilities_dir = _pkgdb_getPKGDB_DIR(); | 95 | pkg_vulnerabilities_dir = _pkgdb_getPKGDB_DIR(); | |
93 | ret = asprintf(&value, "%s/pkg-vulnerabilities", pkg_vulnerabilities_dir); | 96 | ret = asprintf(&value, "%s/pkg-vulnerabilities", pkg_vulnerabilities_dir); | |
94 | pkg_vulnerabilities_file = value; | 97 | pkg_vulnerabilities_file = value; | |
95 | if (ret == -1) | 98 | if (ret == -1) | |
96 | err(EXIT_FAILURE, "asprintf failed"); | 99 | err(EXIT_FAILURE, "asprintf failed"); | |
97 | if (pkg_vulnerabilities_url == NULL) { | 100 | if (pkg_vulnerabilities_url == NULL) { | |
98 | ret = asprintf(&value, "%s/pkg-vulnerabilities.gz", | 101 | ret = asprintf(&value, "%s/pkg-vulnerabilities.gz", | |
99 | tnf_vulnerability_base); | 102 | tnf_vulnerability_base); | |
100 | pkg_vulnerabilities_url = value; | 103 | pkg_vulnerabilities_url = value; | |
101 | if (ret == -1) | 104 | if (ret == -1) | |
102 | err(EXIT_FAILURE, "asprintf failed"); | 105 | err(EXIT_FAILURE, "asprintf failed"); | |
103 | } | 106 | } | |
107 | if (verified_installation == NULL) | |||
108 | verified_installation = "never"; | |||
104 | } | 109 | } | |
105 | 110 | |||
106 | void | 111 | void | |
107 | pkg_install_show_variable(const char *var_name) | 112 | pkg_install_show_variable(const char *var_name) | |
108 | { | 113 | { | |
109 | struct config_variable *var; | 114 | struct config_variable *var; | |
110 | 115 | |||
111 | for (var = config_variables; var->name != NULL; ++var) { | 116 | for (var = config_variables; var->name != NULL; ++var) { | |
112 | if (strcmp(var->name, var_name) != 0) | 117 | if (strcmp(var->name, var_name) != 0) | |
113 | continue; | 118 | continue; | |
114 | if (*var->var != NULL) | 119 | if (*var->var != NULL) | |
115 | puts(*var->var); | 120 | puts(*var->var); | |
116 | } | 121 | } |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: pkg_signature.c,v 1.1.2.1 2008/05/11 20:20:38 joerg Exp $ */ | 1 | /* $NetBSD: pkg_signature.c,v 1.1.2.2 2008/05/19 10:42:41 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: pkg_signature.c,v 1.1.2.1 2008/05/11 20:20:38 joerg Exp $"); | 10 | __RCSID("$NetBSD: pkg_signature.c,v 1.1.2.2 2008/05/19 10:42:41 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * Redistribution and use in source and binary forms, with or without | 16 | * Redistribution and use in source and binary forms, with or without | |
17 | * modification, are permitted provided that the following conditions | 17 | * modification, are permitted provided that the following conditions | |
18 | * are met: | 18 | * are met: | |
19 | * | 19 | * | |
20 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in | 23 | * notice, this list of conditions and the following disclaimer in | |
@@ -386,27 +386,27 @@ pkg_verify_signature(struct archive **ar | @@ -386,27 +386,27 @@ pkg_verify_signature(struct archive **ar | |||
386 | if (archive_read_open(a, state, NULL, verify_signature_read_cb, NULL)) { | 386 | if (archive_read_open(a, state, NULL, verify_signature_read_cb, NULL)) { | |
387 | warnx("Can't open signed package file"); | 387 | warnx("Can't open signed package file"); | |
388 | archive_read_finish(a); | 388 | archive_read_finish(a); | |
389 | free_signature_int(state); | 389 | free_signature_int(state); | |
390 | goto no_valid_signature; | 390 | goto no_valid_signature; | |
391 | } | 391 | } | |
392 | *archive = a; | 392 | *archive = a; | |
393 | *entry = NULL; | 393 | *entry = NULL; | |
394 | *cookie = state; | 394 | *cookie = state; | |
395 | 395 | |||
396 | return 0; | 396 | return 0; | |
397 | 397 | |||
398 | no_valid_signature: | 398 | no_valid_signature: | |
399 | return 0; | 399 | return -1; | |
400 | } | 400 | } | |
401 | 401 | |||
402 | int | 402 | int | |
403 | pkg_full_signature_check(struct archive *archive) | 403 | pkg_full_signature_check(struct archive *archive) | |
404 | { | 404 | { | |
405 | struct archive_entry *entry = NULL; | 405 | struct archive_entry *entry = NULL; | |
406 | char *pkgname; | 406 | char *pkgname; | |
407 | void *cookie; | 407 | void *cookie; | |
408 | int r; | 408 | int r; | |
409 | 409 | |||
410 | if (pkg_verify_signature(&archive, &entry, &pkgname, &cookie)) | 410 | if (pkg_verify_signature(&archive, &entry, &pkgname, &cookie)) | |
411 | return -1; | 411 | return -1; | |
412 | if (pkgname == NULL) | 412 | if (pkgname == NULL) |