[pacman-dev] [PATCH 0/3] Signature checks for local packages
These patches fix the way local packages have their signatures checked by libalpm. Rémy Oudompheng (3): libalpm: correctly load signatures for package files libalpm: add a public function to get signature contents sync.c: check signatures for local package files when available lib/libalpm/alpm.h | 1 + lib/libalpm/be_package.c | 18 +++++------------- lib/libalpm/signing.c | 6 ++++++ lib/libalpm/sync.c | 19 ++++++++++++++----- 4 files changed, 26 insertions(+), 18 deletions(-) -- 1.7.4.4
A duplicate _alpm_pkg_new() call made libalpm load the signature in a separate pmpkg_t that was leaked forever afterwards. Signed-off-by: Rémy Oudompheng <remy@archlinux.org> --- This patch make the signatures for local files load correctly. On branch 'master' lib/libalpm/be_package.c | 18 +++++------------- 1 files changed, 5 insertions(+), 13 deletions(-) diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index a693247..d87d539 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -251,15 +251,16 @@ static pmpkg_t *pkg_load(const char *pkgfile, int full) RET_ERR(PM_ERR_WRONG_ARGS, NULL); } + newpkg = _alpm_pkg_new(); + if(newpkg == NULL) { + RET_ERR(PM_ERR_MEMORY, NULL); + } + /* attempt to stat the package file, ensure it exists */ if(stat(pkgfile, &st) == 0) { char *pgpfile; int sig_ret; - newpkg = _alpm_pkg_new(); - if(newpkg == NULL) { - RET_ERR(PM_ERR_MEMORY, NULL); - } newpkg->filename = strdup(pkgfile); newpkg->size = st.st_size; @@ -289,15 +290,6 @@ static pmpkg_t *pkg_load(const char *pkgfile, int full) RET_ERR(PM_ERR_PKG_OPEN, NULL); } - newpkg = _alpm_pkg_new(); - if(newpkg == NULL) { - archive_read_finish(archive); - RET_ERR(PM_ERR_MEMORY, NULL); - } - - newpkg->filename = strdup(pkgfile); - newpkg->size = st.st_size; - _alpm_log(PM_LOG_DEBUG, "starting package load for %s\n", pkgfile); /* If full is false, only read through the archive until we find our needed -- 1.7.4.4
We currently don't have a way to retrieve the signature of a package outside of libalpm. Currnetly the public API allows to retrieve the pmpgpsig_t structure but cannot do anything with it. Signed-off-by: Rémy Oudompheng <remy@archlinux.org> --- lib/libalpm/alpm.h | 1 + lib/libalpm/signing.c | 6 ++++++ 2 files changed, 7 insertions(+), 0 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index e837cbb..11b581c 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -563,6 +563,7 @@ alpm_list_t *alpm_pkg_unused_deltas(pmpkg_t *pkg); int alpm_pkg_check_pgp_signature(pmpkg_t *pkg); int alpm_db_check_pgp_signature(pmdb_t *db); +const char *alpm_pgpsig_get_raw(const pmpgpsig_t *sig, size_t *len); /* GPG signature verification option */ typedef enum _pgp_verify_t { diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index c30650b..cc4b89f 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -276,5 +276,11 @@ int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db) _alpm_db_pgpsig(db)); } +const char SYMEXPORT *alpm_pgpsig_get_raw(const pmpgpsig_t *sig, size_t *length) +{ + ASSERT(sig != NULL, return(NULL)); + *length = sig->rawlen; + return sig->rawdata; +} /* vim: set ts=2 sw=2 noet: */ -- 1.7.4.4
Signed-off-by: Rémy Oudompheng <remy@archlinux.org> --- Note that no global option exists to control whether this check is optional or not. On branch 'master' lib/libalpm/sync.c | 19 ++++++++++++++----- 1 files changed, 14 insertions(+), 5 deletions(-) diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index 5428e40..a97a67b 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -828,16 +828,25 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) for(i = trans->add; i; i = i->next, current++) { pmpkg_t *spkg = i->data; int percent = (current * 100) / numtargs; - if(spkg->origin == PKG_FROM_FILE) { - continue; /* pkg_load() has been already called, this package is valid */ - } + const char *filename = alpm_pkg_get_filename(spkg); + const pmpgpsig_t *pgpsig = alpm_pkg_get_pgpsig(spkg); PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", percent, numtargs, current); - const char *filename = alpm_pkg_get_filename(spkg); + if(spkg->origin == PKG_FROM_FILE) { + if (!pgpsig->encdata && !pgpsig->rawdata) + continue; + int ret = _alpm_file_checksig(filename, pgpsig); + if (ret != 0) { + errors++; + *data = alpm_list_add(*data, strdup(filename)); + } + /* no checksum verification for package files */ + continue; + } + char *filepath = _alpm_filecache_find(filename); const char *md5sum = alpm_pkg_get_md5sum(spkg); - const pmpgpsig_t *pgpsig = alpm_pkg_get_pgpsig(spkg); /* check md5sum first */ if(test_md5sum(trans, filepath, md5sum) != 0) { -- 1.7.4.4
On Sun, Apr 10, 2011 at 6:25 AM, Rémy Oudompheng <remyoudompheng@gmail.com> wrote:
A duplicate _alpm_pkg_new() call made libalpm load the signature in a separate pmpkg_t that was leaked forever afterwards.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org> --- This patch make the signatures for local files load correctly.
And now leaks an empty pmpkg_t object if the file could not be stat-ed and we return early, no? I think all we need to do is remove the now erroneous second call to pkg_new; given this was a 2008 patch retrofitted to 2011 code, there is no surprise Allan or I messed up slightly on the rebase.
On branch 'master'
lib/libalpm/be_package.c | 18 +++++------------- 1 files changed, 5 insertions(+), 13 deletions(-)
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index a693247..d87d539 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -251,15 +251,16 @@ static pmpkg_t *pkg_load(const char *pkgfile, int full) RET_ERR(PM_ERR_WRONG_ARGS, NULL); }
+ newpkg = _alpm_pkg_new(); + if(newpkg == NULL) { + RET_ERR(PM_ERR_MEMORY, NULL); + } + /* attempt to stat the package file, ensure it exists */ if(stat(pkgfile, &st) == 0) { char *pgpfile; int sig_ret;
- newpkg = _alpm_pkg_new(); - if(newpkg == NULL) { - RET_ERR(PM_ERR_MEMORY, NULL); - } newpkg->filename = strdup(pkgfile); newpkg->size = st.st_size;
@@ -289,15 +290,6 @@ static pmpkg_t *pkg_load(const char *pkgfile, int full) RET_ERR(PM_ERR_PKG_OPEN, NULL); }
- newpkg = _alpm_pkg_new(); - if(newpkg == NULL) { - archive_read_finish(archive); - RET_ERR(PM_ERR_MEMORY, NULL); - } - - newpkg->filename = strdup(pkgfile); - newpkg->size = st.st_size; - _alpm_log(PM_LOG_DEBUG, "starting package load for %s\n", pkgfile);
/* If full is false, only read through the archive until we find our needed -- 1.7.4.4
participants (2)
-
Dan McGee
-
Rémy Oudompheng