From joshua@classic.sc.biz.nttdata.co.jp  Thu Jan 31 23:34:00 2002
Return-Path: <joshua@classic.sc.biz.nttdata.co.jp>
Received: from ms1.nttdata.co.jp (ms1.nttdata.co.jp [163.135.193.232])
	by hub.freebsd.org (Postfix) with ESMTP id ED7BA37B402
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 31 Jan 2002 23:33:58 -0800 (PST)
Received: from mail0.nttdata.co.jp ([163.135.10.20])
	by ms1.nttdata.co.jp (8.9.3/3.7W-NTTDATA-TOP-11/07/01) with ESMTP id QAA29629
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 1 Feb 2002 16:33:45 +0900 (JST)
Received: from norisuke.sc.biz.nttdata.co.jp (localhost [127.0.0.1])
	by mail0.nttdata.co.jp (8.9.3/3.7W-NTTDmx/01110714) with ESMTP id QAA03452
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 1 Feb 2002 16:30:51 +0900 (JST)
Received: by norisuke.sc.biz.nttdata.co.jp (Postfix, from userid 0)
	id 2698A15B80; Fri,  1 Feb 2002 16:33:56 +0900 (JST)
Received: from taiko.sc.biz.nttdata.co.jp (localhost [127.0.0.1])
	by norisuke.sc.biz.nttdata.co.jp (Postfix) with ESMTP
	id B8AD733EA9; Fri,  1 Feb 2002 16:33:55 +0900 (JST)
Received: from namihei.sc.biz.nttdata.co.jp (namihei.sc.biz.nttdata.co.jp [10.41.133.36])
	by taiko.sc.biz.nttdata.co.jp (8.12.1/8.12.1/taiko-20011211) with ESMTP id g117Xs0m006213;
	Fri, 1 Feb 2002 16:33:55 +0900 (JST)
Received: from classic.sc.biz.nttdata.co.jp (classic.sc.biz.nttdata.co.jp [10.41.132.81])
	by namihei.sc.biz.nttdata.co.jp (Postfix) with ESMTP
	id AC78E2F8CE; Fri,  1 Feb 2002 16:33:54 +0900 (JST)
Received: (from joshua@localhost)
	by classic.sc.biz.nttdata.co.jp (8.11.6/8.11.6) id g117XrI01476;
	Fri, 1 Feb 2002 16:33:53 +0900 (JST)
	(envelope-from joshua)
Message-Id: <200202010733.g117XrI01476@classic.sc.biz.nttdata.co.jp>
Date: Fri, 1 Feb 2002 16:33:53 +0900 (JST)
From: SHIMIZU Yoshiaki <shimizuysa@nttdata.co.jp>
Reply-To: SHIMIZU Yoshiaki <shimizuysa@nttdata.co.jp>
To: FreeBSD-gnats-submit@freebsd.org
Cc: shimizuysa@nttdata.co.jp
Subject: pkg_check(8) does not return exit code >0 if verifing in case of PKG_UNSIGNED or PKG_SIGUNKNOWN
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         34519
>Category:       bin
>Synopsis:       pkg_check(8) does not return exit code >0 if verifing in case of PKG_UNSIGNED or PKG_SIGUNKNOWN
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 31 23:40:00 PST 2002
>Closed-Date:    Mon Mar 31 12:46:03 UTC 2008
>Last-Modified:  Mon Mar 31 12:46:03 UTC 2008
>Originator:     SHIMIZU Yoshiaki
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
NTT Data CORPORATION
>Environment:
System: FreeBSD classic.sc.biz.nttdata.co.jp 4.5-STABLE FreeBSD 4.5-STABLE #0: Thu Jan 31 16:31:05 JST 2002 joshua@classic.sc.biz.nttdata.co.jp:/usr/obj/usr/src/sys/CLASSIC i386

	
>Description:
DIAGNOSTICS of pkg_check(8) manpage says :
     pkg_sign and pkg_check return with an exit code >0 if anything went wrong
     for any file.  For pkg_check, this usually indicates that the package is
     not signed, or that the signature is forged.

However, when verifying non-signed or non-gziped file (both PKG_UNSIGNED case), 
pkg_check(8) returns exit code =0 with warnning message. 
I use only `-t x509' option-type, but Maybe using `-t sha-1' option-type 
`PKG_UNKNOWN' case is looks same.

It's makes problem, when detecting package integrity mismatch in shell-scripts.

	
>How-To-Repeat:

# pkg_check -t x509 -k VALID_CRT PKG_UNSIGNED.tar.gz
File UNSIGNED.tar.gz is not a signed gzip file
# echo $?
0

	
>Fix:
/* $FreeBSD: src/usr.sbin/pkg_install/sign/main.c,v 1.1.2.1 2001/03/05 03:43:53 wes Exp $ */
======
--- src/usr.sbin/pkg_install/sign/main.c.orig	Mon Mar  5 12:43:53 2001
+++ src/usr.sbin/pkg_install/sign/main.c	Tue Jan 29 20:30:00 2002
@@ -83,7 +83,7 @@
 	}
 	result = check_signature(file, userid, envp, filename);
 	if (fclose(file) == 0) {
-		if (result == PKG_BADSIG || result == PKG_SIGERROR)
+		if (result == PKG_BADSIG || result == PKG_UNSIGNED || result == PKG_SIGERROR || result == PKG_UNKNOWN)
 			return 0;
 		else
 			return 1;

	
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: flz 
State-Changed-When: Lun 31 mar 2008 12:46:02 UTC 
State-Changed-Why:  
pkg_sign has been removed from the base system. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=34519 
>Unformatted:
