[pacman-dev] [PATCH 0/8] Package file validation using mtree data
This patchset still has a bit of polish needed (there are a few TODOs scattered throughout). But it is now working quite well, so I think a bit of a review would be useful. The following fields are checked for each file: Directory: uid, gid, mode File: uid, gid, mode, size, (m)time Symbolic Link: uid, gid, mode, link, (m)time The main issus so far is that libarchive does not read any checksums from the mtree file. I will approach the libarchive devs to see how we can improve this situation. Allan McRae (8): makepkg: add mtree file into package Extract .MTREE file into local package database Add internal functions for reading mtree file from local db Add public functions for accessing mtree data Move check function into its own file Separate checking a files existence into a function Basic running of pacman -Qkk to check mtree files Perform full checking of files with -Qkk lib/libalpm/add.c | 5 + lib/libalpm/alpm.h | 12 ++ lib/libalpm/be_local.c | 57 ++++++++++ lib/libalpm/package.c | 44 ++++++++ lib/libalpm/package.h | 8 ++ scripts/makepkg.sh.in | 10 +- src/pacman/Makefile.am | 1 + src/pacman/check.c | 285 ++++++++++++++++++++++++++++++++++++++++++++++++ src/pacman/check.h | 30 +++++ src/pacman/pacman.c | 2 +- src/pacman/query.c | 62 +---------- 11 files changed, 457 insertions(+), 59 deletions(-) create mode 100644 src/pacman/check.c create mode 100644 src/pacman/check.h -- 1.7.10.1
Add an mtree file to the package with all file information. This
can be added to the local pacman database on install allowing full
package verification.
Signed-off-by: Allan McRae
Signed-off-by: Allan McRae
Signed-off-by: Allan McRae
Signed-off-by: Allan McRae
There is going to be a lot of overlap in the code for the quick
and full checks that can be abstracted into their own functions.
Also many other file checking functions will be needed for the
full check. Put all these in a separate source file.
Signed-off-by: Allan McRae
Signed-off-by: Allan McRae
If a package has an mtree file, using pacman -Qkk will read that
file and use it to perform more in depth package checking.
Currently this only checks for file presence.
Signed-off-by: Allan McRae
The follow fields are checked:
Directory: uid, gid, mode
File: uid, gid, mode, size, time
Symbolic Link: uid, gid, mode, link, time
Signed-off-by: Allan McRae
participants (1)
-
Allan McRae