 @@ -1,22 +1,22 @@
-/*	$NetBSD: perform.c,v 1.70.4.4 2008/05/12 15:44:17 joerg Exp $	*/
+/*	$NetBSD: perform.c,v 1.70.4.5 2008/05/19 10:42:41 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.70.4.4 2008/05/12 15:44:17 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.70.4.5 2008/05/19 10:42:41 joerg Exp $");
 /*-
  * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org>
  * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org>
  * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org>
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
 @@ -1054,60 +1054,123 @@ start_replacing(struct pkg_task *pkg)
 		printf("%s/pkg_delete -K %s -p %s '%s'\n",
 			BINDIR, _pkgdb_getPKGDB_DIR(), pkg->install_prefix,
 			pkg->other_version);
+	}
 	if (!Fake)
 		fexec(BINDIR "/pkg_delete", "-K", _pkgdb_getPKGDB_DIR(),
 		    "-p", pkg->install_prefix,
 		    pkg->other_version, NULL);
 	/* XXX Check return value and do what? */
 	return 0;
+}
 static int check_input(const char *line, size_t len)
+{
 	if (line == NULL || len == 0)
 		return 1;
 	switch (*line) {
 	case 'Y':
 	case 'y':
 	case 'T':
 	case 't':
 	case '1':
 		return 0;
 	default:
 		return 1;
+	}
+}
 static int
 check_signature(struct pkg_task *pkg, void *signature_cookie, int invalid_sig)
+{
 	char *line;
 	size_t len;
 	if (strcasecmp(verified_installation, "never") == 0)
 		return 0;
 	if (strcasecmp(verified_installation, "always") == 0) {
 		if (invalid_sig)
 			warnx("No valid signature found, rejected");
 		return invalid_sig;
+	}
 	if (strcasecmp(verified_installation, "trusted") == 0) {
 		if (!invalid_sig)
 			return 0;
 		fprintf(stderr, "No valid signature found for %s.\n",
 		    pkg->pkgname);
 		fprintf(stderr,
 		    "Do you want to proceed with the installation [y/n]?\n");
 		line = fgetln(stdin, &len);
 		if (check_input(line, len)) {
 			fprintf(stderr, "Cancelling installation\n");
 			return 1;
+		}
 		return 0;
+	}
 	if (strcasecmp(verified_installation, "interactive") == 0) {
 		fprintf(stderr, "Do you want to proceed with "
 		    "the installation of %s [y/n]?\n", pkg->pkgname);
 		line = fgetln(stdin, &len);
 		if (check_input(line, len)) {
 			fprintf(stderr, "Cancelling installation\n");
 			return 1;
+		}
 		return 0;
+	}
 	warnx("Unknown value of configuration variable VERIFIED_INSTALLATION");
 	return 1;
+}
 /*
  * Install a single package.
  */
 static int
 pkg_do(const char *pkgpath, int mark_automatic)
+{
-	int status;
+	int status, invalid_sig;
 	void *archive_cookie;
 #ifdef HAVE_SSL
-	void*signature_cookie;
+	void *signature_cookie;
 #endif
 	struct pkg_task *pkg;
 	if ((pkg = calloc(1, sizeof(*pkg))) == NULL)
 		err(2, "malloc failed");
 	status = -1;
 	if ((pkg->archive = find_archive(pkgpath, &archive_cookie)) == NULL) {
 		warnx("no pkg found for '%s', sorry.", pkgpath);
 		goto clean_find_archive;
+	}
 #ifdef HAVE_SSL
-	if (pkg_verify_signature(&pkg->archive, &pkg->entry, &pkg->pkgname,
+	invalid_sig = pkg_verify_signature(&pkg->archive, &pkg->entry,
-	    &signature_cookie))
+	    &pkg->pkgname, &signature_cookie);
-		goto clean_memory;
+#else
 	invalid_sig = 1;
 #endif
 	if (read_meta_data(pkg))
 		goto clean_memory;
 	/* Parse PLIST early, so that messages can use real package name. */
 	if (pkg_parse_plist(pkg))
 		goto clean_memory;
 	if (check_signature(pkg, &signature_cookie, invalid_sig))
 		goto clean_memory;
 	if (pkg->meta_data.meta_mtree != NULL)
 		warnx("mtree specification in pkg `%s' ignored", pkg->pkgname);
 	if (pkg->meta_data.meta_views != NULL) {
 		if ((pkg->logdir = strdup(pkg->install_prefix)) == NULL)
 			err(EXIT_FAILURE, "strdup failed");
 		_pkgdb_setPKGDB_DIR(dirname_of(pkg->logdir));
 	} else {
 		if (asprintf(&pkg->logdir, "%s/%s", _pkgdb_getPKGDB_DIR(),
 			     pkg->pkgname) == -1)
 			err(EXIT_FAILURE, "asprintf failed");
+	}

 @@ -1,14 +1,14 @@
-/* $NetBSD: lib.h,v 1.42.2.4 2008/05/12 12:12:07 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.42.2.5 2008/05/19 10:42:41 joerg Exp $ */
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 /*
  * FreeBSD install - a package for the installation and maintainance
  * of non-core utilities.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -390,22 +390,23 @@ int easy_pkcs7_verify(const char *, size
     const char *);
 int easy_pkcs7_sign(const char *, size_t, char **, size_t *, const char *,
     const char *);
 #endif
 /* Externs */
 extern Boolean Verbose;
 extern Boolean Fake;
 extern Boolean Force;
 extern const char *cert_chain_file;
 extern const char *certs_packages;
 extern const char *certs_pkg_vulnerabilities;
 extern const char *config_file;
 extern const char *verified_installation;
 extern const char *gpg_cmd;
 extern const char *pkg_vulnerabilities_dir;
 extern const char *pkg_vulnerabilities_file;
 extern const char *pkg_vulnerabilities_url;
 extern const char *ignore_advisories;
 extern const char tnf_vulnerability_base[];
 #endif				/* _INST_LIB_LIB_H_ */

 @@ -1,24 +1,24 @@
-/*	$NetBSD: parse-config.c,v 1.1.2.2 2008/05/11 20:20:38 joerg Exp $	*/
+/*	$NetBSD: parse-config.c,v 1.1.2.3 2008/05/19 10:42:41 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: parse-config.c,v 1.1.2.2 2008/05/11 20:20:38 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.1.2.3 2008/05/19 10:42:41 joerg Exp $");
 #endif
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -44,44 +44,47 @@ __RCSID("$NetBSD: parse-config.c,v 1.1.2
 #include <err.h>
 #endif
 #if HAVE_STRING_H
 #include <string.h>
 #endif
 #include "lib.h"
 const char     *config_file = SYSCONFDIR"/pkg_install.conf";
 const char *cert_chain_file;
 const char *certs_packages;
 const char *certs_pkg_vulnerabilities;
 const char *verified_installation;
 const char *gpg_cmd;
 const char *pkg_vulnerabilities_dir;
 const char *pkg_vulnerabilities_file;
 const char *pkg_vulnerabilities_url;
 const char *ignore_advisories = NULL;
 const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns";
 static struct config_variable {
 	const char *name;
 	const char **var;
 } config_variables[] = {
 	{ "CERTIFICATE_ANCHOR_PKGS", &certs_packages },
 	{ "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities },
 	{ "CERTIFICATE_CHAIN", &cert_chain_file },
 	{ "GPG", &gpg_cmd },
 	{ "PKGVULNDIR", &pkg_vulnerabilities_dir },
 	{ "PKGVULNURL", &pkg_vulnerabilities_url },
 	{ "IGNORE_URL", &ignore_advisories },
 	{ "VERIFIED_INSTALLATION", &verified_installation },
 	{ NULL, NULL }
 };
 void
 pkg_install_config(void)
+{
 	char *value;
 	int ret;
 	struct config_variable *var;
 	for (var = config_variables; var->name != NULL; ++var) {
 		value = var_get(config_file, var->name);
 		if (value != NULL)
 @@ -91,26 +94,28 @@ pkg_install_config(void)
 	if (pkg_vulnerabilities_dir == NULL)
 		pkg_vulnerabilities_dir = _pkgdb_getPKGDB_DIR();
 	ret = asprintf(&value, "%s/pkg-vulnerabilities", pkg_vulnerabilities_dir);
 	pkg_vulnerabilities_file = value;
 	if (ret == -1)
 		err(EXIT_FAILURE, "asprintf failed");
 	if (pkg_vulnerabilities_url == NULL) {
 		ret = asprintf(&value, "%s/pkg-vulnerabilities.gz",
 		    tnf_vulnerability_base);
 		pkg_vulnerabilities_url = value;
 		if (ret == -1)
 			err(EXIT_FAILURE, "asprintf failed");
+	}
 	if (verified_installation == NULL)
 		verified_installation = "never";
+}
 void
 pkg_install_show_variable(const char *var_name)
+{
 	struct config_variable *var;
 	for (var = config_variables; var->name != NULL; ++var) {
 		if (strcmp(var->name, var_name) != 0)
 			continue;
 		if (*var->var != NULL)
 			puts(*var->var);
+	}

 @@ -1,23 +1,23 @@
-/*	$NetBSD: pkg_signature.c,v 1.1.2.1 2008/05/11 20:20:38 joerg Exp $	*/
+/*	$NetBSD: pkg_signature.c,v 1.1.2.2 2008/05/19 10:42:41 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: pkg_signature.c,v 1.1.2.1 2008/05/11 20:20:38 joerg Exp $");
+__RCSID("$NetBSD: pkg_signature.c,v 1.1.2.2 2008/05/19 10:42:41 joerg Exp $");
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
 @@ -386,27 +386,27 @@ pkg_verify_signature(struct archive **ar
 	if (archive_read_open(a, state, NULL, verify_signature_read_cb, NULL)) {
 		warnx("Can't open signed package file");
 		archive_read_finish(a);
 		free_signature_int(state);
 		goto no_valid_signature;
+	}
 	*archive = a;
 	*entry = NULL;
 	*cookie = state;
 	return 0;
 no_valid_signature:
-	return 0;
+	return -1;
+}
 int
 pkg_full_signature_check(struct archive *archive)
+{
 	struct archive_entry *entry = NULL;
 	char *pkgname;
 	void *cookie;
 	int r;
 	if (pkg_verify_signature(&archive, &entry, &pkgname, &cookie))
 		return -1;
 	if (pkgname == NULL)