tMake pack verification optionnal - repo - list/download/sync packs with remote repositories
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit ebc4a2bd4e1b087652ee804241fd982a2592d82b
(DIR) parent d3a89dc9b29fb289077b2f9c6c5e46a7f420b8dc
(HTM) Author: z3bra <contactatz3bradotorg>
Date: Tue, 16 May 2017 20:03:12 +0200
Make pack verification optionnal
Pack verification can now be disabled using the -u flag (for untrusted).
This allow caching packs even if there is no signature or if we don't
have the public key.
Diffstat:
M config.mk | 2 +-
M parse.y | 14 ++++++++++----
M repo.1 | 2 ++
M repo.c | 119 +++++++++++++++++--------------
M repo.h | 2 +-
5 files changed, 81 insertions(+), 58 deletions(-)
---
(DIR) diff --git a/config.mk b/config.mk
t@@ -7,7 +7,7 @@ YACC = yacc
PREFIX = /usr/local
MANDIR = ${PREFIX}/man
-CPPFLAGS = -DVERSION=\"${VERSION}\" -DCHECKSIG
+CPPFLAGS = -DVERSION=\"${VERSION}\"
CFLAGS = ${CPPFLAGS} -Wall -Wextra -pedantic -g
LDFLAGS =
LIBS = -lcurl -lssl -lcrypto -ldl -lz -lpthread
(DIR) diff --git a/parse.y b/parse.y
t@@ -50,6 +50,7 @@ static int findeol(void);
static struct repos *repos = NULL;
static char *local = NULL;
+static int *verify = NULL;
typedef struct {
union {
t@@ -60,7 +61,7 @@ typedef struct {
} YYSTYPE;
%}
-%token REPO LOCAL ERROR
+%token REPO LOCAL VERIFY ERROR
%token <v.string> STRING
%token <v.number> NUMBER
%%
t@@ -79,6 +80,9 @@ main : REPO STRING {
| LOCAL STRING {
strncpy(local, $2, PATH_MAX);
}
+ | VERIFY NUMBER {
+ *verify = !$2;
+ }
;
%%
t@@ -113,8 +117,9 @@ lookup(char *s)
{
/* this has to be sorted always */
static const struct keywords keywords[] = {
- { "local", LOCAL },
- { "repo", REPO }
+ { "local", LOCAL },
+ { "repo", REPO },
+ { "verify", VERIFY }
};
const struct keywords *p;
t@@ -375,7 +380,7 @@ popfile(void)
}
int
-parseconf(struct repos *rlist, char *localrepo, const char *filename)
+parseconf(struct repos *rlist, char *localrepo, int *untrust, const char *filename)
{
int errors = 0;
t@@ -387,6 +392,7 @@ parseconf(struct repos *rlist, char *localrepo, const char *filename)
repos = rlist;
local = localrepo;
+ verify = untrust;
yyparse();
errors = file->errors;
(DIR) diff --git a/repo.1 b/repo.1
t@@ -33,6 +33,8 @@ in the local filesystem.
List packs available for downloads in all the repositories.
.It Fl s
Retrieve the pack list from the remote repositories.
+.It Fl u
+Allow installtin untrusted packs (disable signature verification)
.El
.Sh SEE ALSO
.Xr pack 5 ,
(DIR) diff --git a/repo.c b/repo.c
t@@ -18,19 +18,18 @@
void usage(char *);
int download(char *, FILE *);
-int cachepack(char *, char *, struct packs *);
+int checkpack(char *, char *);
+int cachepack(char *, char *, struct packs *, int);
int verbose = 0;
-int fflag, lflag, sflag;
+int fflag, lflag, sflag, uflag;
-#ifdef CHECKSIG
char *sickexec[] = { "sick", "-a", NULL };
-#endif
void
usage(char *name)
{
- fprintf(stderr, "usage: %s [-c FILE] [-fls] [-r URL] [PACK..]\n", name);
+ fprintf(stderr, "usage: %s [-c FILE] [-flsu] [-r URL] [PACK..]\n", name);
exit(1);
}
t@@ -147,17 +146,56 @@ download(char *url, FILE *fd)
return 0;
}
+int
+checkpack(char fn[PATH_MAX], char *url)
+{
+ FILE *f;
+ int fd[2], out, status;
+ pipe(fd);
+ if (!fork()) {
+ close(0);
+ close(1);
+ close(fd[1]);
+ dup2(fd[0], 0);
+
+ if ((out = open(fn, O_WRONLY|O_CREAT|O_TRUNC, 0644)) < 0) {
+ perror(fn);
+ return -1;
+ }
+ dup2(out, 1);
+ execvp(sickexec[0], sickexec);
+ perror(sickexec[0]);
+ }
+
+ close(fd[0]);
+ f = fdopen(fd[1], "w");
+ if (!f) {
+ perror("pipe");
+ exit(1);
+ }
+
+ download(url, f);
+ fflush(f);
+ fclose(f);
+
+ wait(&status);
+ if (status) {
+ fprintf(stderr, "%s: Pack verification failed\n", basename(fn));
+ unlink(fn);
+ return -1;
+ }
+ return 0;
+}
+
int
-cachepack(char *name, char *localrepo, struct packs *plist)
+cachepack(char *name, char *localrepo, struct packs *plist, int untrust)
{
+ int ret = 0;
FILE *f;
char fn[PATH_MAX];;
struct pack *p = NULL;
struct stat sb;
-#ifdef CHECKSIG
- int fd[2], out, status;
-#endif
TAILQ_FOREACH(p, plist, entries) {
if (!strncmp(p->name, name, PATH_MAX)) {
t@@ -167,53 +205,27 @@ cachepack(char *name, char *localrepo, struct packs *plist)
continue;
}
-#ifdef CHECKSIG
- pipe(fd);
- if (!fork()) {
- close(0);
- close(1);
- close(fd[1]);
- dup2(fd[0], 0);
-
- if ((out = open(fn, O_WRONLY|O_CREAT|O_TRUNC, 0644)) < 0) {
- perror(fn);
- return -1;
- }
- dup2(out, 1);
- execvp(sickexec[0], sickexec);
- perror(sickexec[0]);
+ if (untrust) {
+ f = fopen(fn, "w");
+ if (!f) {
+ perror(fn);
+ exit(1);
+ }
+ download(p->url, f);
+ fflush(f);
+ fclose(f);
+ } else {
+ if (checkpack(fn, p->url)) {
+ ret++;
+ continue;
+ }
}
- close(fd[0]);
- f = fdopen(fd[1], "a");
- if (!f) {
- perror("pipe");
- exit(1);
- }
-#else
- f = fopen(fn, "a");
- if (!f) {
- perror(fn);
- exit(1);
- }
-#endif
- download(p->url, f);
- fflush(f);
- fclose(f);
-
-#ifdef CHECKSIG
- wait(&status);
- if (status) {
- fprintf(stderr, "%s: Pack verification failed\n", basename(fn));
- unlink(fn);
- continue;
- }
-#endif
puts(fn);
break;
}
}
- return 0;
+ return ret;
}
int
t@@ -248,6 +260,9 @@ main (int argc, char *argv[])
case 's':
sflag = 1;
break;
+ case 'u':
+ uflag = 1;
+ break;
case 'l':
lflag = 1;
break;
t@@ -259,7 +274,7 @@ main (int argc, char *argv[])
}ARGEND;
if (!stat(cfgfile, &sb))
- parseconf(&rlist, localrepo, cfgfile);
+ parseconf(&rlist, localrepo, &uflag, cfgfile);
if (sflag) {
snprintf(fn, PATH_MAX, "%s/%s", localrepo, DEFLISTFILE);
t@@ -287,7 +302,7 @@ main (int argc, char *argv[])
}
while ((n = *(argv++)))
- cachepack(n, localrepo, &plist);
+ cachepack(n, localrepo, &plist, uflag);
return 0;
}
(DIR) diff --git a/repo.h b/repo.h
t@@ -22,4 +22,4 @@ TAILQ_HEAD(repos, repo);
struct pack *addpack(struct packs *, char *, char *, char *);
struct repo *addrepo(struct repos *, char *);
int repolist(struct packs *, char *);
-int parseconf(struct repos *, char *, const char *);
+int parseconf(struct repos *, char *, int *, const char *);