adding check_signature config

default if off
you can turn that on via adding one line in /etc/opkg/opkg.conf file
+ option check_signature 1

git-svn-id: http://opkg.googlecode.com/svn/trunk@193 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358

diff --git a/libopkg/opkg.c b/libopkg/opkg.c
index d69721b3cc5496b21c6f19b662ce548128b17783..11b5ee79a4e9a6639d95df99e45ce480bcdeda5f 100644 (file)
--- a/libopkg/opkg.c
+++ b/libopkg/opkg.c
@@ -850,42 +850,44 @@ opkg_update_package_lists (opkg_t *opkg, opkg_progress_callback_t progress_callb
     free (url);
 
 #ifdef HAVE_GPGME
-    char *sig_file_name;
-    /* download detached signitures to verify the package lists */
-    /* get the url for the sig file */
-    if (src->extra_data)  /* debian style? */
-      sprintf_alloc (&url, "%s/%s/%s", src->value, src->extra_data,
-                     "Packages.sig");
-    else
-      sprintf_alloc (&url, "%s/%s", src->value, "Packages.sig");
+    if ( opkg->conf->check_signature ) {
+        char *sig_file_name;
+        /* download detached signitures to verify the package lists */
+        /* get the url for the sig file */
+        if (src->extra_data)  /* debian style? */
+            sprintf_alloc (&url, "%s/%s/%s", src->value, src->extra_data,
+                    "Packages.sig");
+        else
+            sprintf_alloc (&url, "%s/%s", src->value, "Packages.sig");
 
-    /* create filename for signature */
-    sprintf_alloc (&sig_file_name, "%s/%s.sig", lists_dir, src->name);
+        /* create filename for signature */
+        sprintf_alloc (&sig_file_name, "%s/%s.sig", lists_dir, src->name);
 
-    /* make sure there is no existing signature file */
-    unlink (sig_file_name);
+        /* make sure there is no existing signature file */
+        unlink (sig_file_name);
 
-    err = opkg_download (opkg->conf, url, sig_file_name, NULL, NULL);
-    if (err)
-    {
-      /* XXX: Warning: Download failed */
-    }
-    else
-    {
-      int err;
-      err = opkg_verify_file (opkg->conf, list_file_name, sig_file_name);
-      if (err == 0)
-      {
-        /* XXX: Notice: Signature check passed */
-      }
-      else
-      {
-        /* XXX: Warning: Signature check failed */
-      }
+        err = opkg_download (opkg->conf, url, sig_file_name, NULL, NULL);
+        if (err)
+        {
+            /* XXX: Warning: Download failed */
+        }
+        else
+        {
+            int err;
+            err = opkg_verify_file (opkg->conf, list_file_name, sig_file_name);
+            if (err == 0)
+            {
+                /* XXX: Notice: Signature check passed */
+            }
+            else
+            {
+                /* XXX: Warning: Signature check failed */
+            }
+        }
+        free (sig_file_name);
+        free (list_file_name);
+        free (url);
     }
-    free (sig_file_name);
-    free (list_file_name);
-    free (url);
 #else
     /* XXX: Note: Signature check for %s skipped because GPG support was not
      * enabled in this build

diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c
index 411bb72a45795c05d603d106cf6b5978e4247c07..043536c025fdbc329ef959123cf83303af879068 100644 (file)
--- a/libopkg/opkg_cmd.c
+++ b/libopkg/opkg_cmd.c
@@ -261,34 +261,36 @@ static int opkg_update_cmd(opkg_conf_t *conf, int argc, char **argv)
          free(url);
 
 #ifdef HAVE_GPGME
-         /* download detached signitures to verify the package lists */
-         /* get the url for the sig file */
-         if (src->extra_data)  /* debian style? */
-             sprintf_alloc(&url, "%s/%s/%s", src->value, src->extra_data,
-                           "Packages.sig");
-         else
-             sprintf_alloc(&url, "%s/%s", src->value, "Packages.sig");
-
-         /* create temporary file for it */
-         char *tmp_file_name;
-
-         sprintf_alloc (&tmp_file_name, "%s/%s", tmp, "Packages.sig");
-
-         err = opkg_download(conf, url, tmp_file_name, NULL, NULL);
-         if (err) {
-           failures++;
-               opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
-         } else {
-           int err;
-           err = opkg_verify_file (conf, list_file_name, tmp_file_name);
-           if (err == 0)
-               opkg_message (conf, OPKG_NOTICE, "Signature check passed\n");
-           else
-               opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
-         }
-         unlink (tmp_file_name);
-         free (tmp_file_name);
-         free (url);
+          if (conf->check_signature) {
+              /* download detached signitures to verify the package lists */
+              /* get the url for the sig file */
+              if (src->extra_data)     /* debian style? */
+                  sprintf_alloc(&url, "%s/%s/%s", src->value, src->extra_data,
+                          "Packages.sig");
+              else
+                  sprintf_alloc(&url, "%s/%s", src->value, "Packages.sig");
+
+              /* create temporary file for it */
+              char *tmp_file_name;
+
+              sprintf_alloc (&tmp_file_name, "%s/%s", tmp, "Packages.sig");
+
+              err = opkg_download(conf, url, tmp_file_name, NULL, NULL);
+              if (err) {
+                  failures++;
+                  opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
+              } else {
+                  int err;
+                  err = opkg_verify_file (conf, list_file_name, tmp_file_name);
+                  if (err == 0)
+                      opkg_message (conf, OPKG_NOTICE, "Signature check passed\n");
+                  else
+                      opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
+              }
+              unlink (tmp_file_name);
+              free (tmp_file_name);
+              free (url);
+          }
 #else
           // Do nothing
 #endif

diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
index d722a0dd5f3d38c034443361b6cbfef26665a9eb..ac785c8b805733bfb86e11065432c15508832ff1 100644 (file)
--- a/libopkg/opkg_conf.c
+++ b/libopkg/opkg_conf.c
@@ -56,6 +56,7 @@ int opkg_init_options_array(const opkg_conf_t *conf, opkg_option_t **options)
          { "force_downgrade", OPKG_OPT_TYPE_BOOL, &conf->force_downgrade },
          { "force_reinstall", OPKG_OPT_TYPE_BOOL, &conf->force_reinstall },
          { "force_space", OPKG_OPT_TYPE_BOOL, &conf->force_space },
+          { "check_signature", OPKG_OPT_TYPE_INT, &conf->check_signature }, 
          { "ftp_proxy", OPKG_OPT_TYPE_STRING, &conf->ftp_proxy },
          { "http_proxy", OPKG_OPT_TYPE_STRING, &conf->http_proxy },
          { "no_proxy", OPKG_OPT_TYPE_STRING, &conf->no_proxy },

diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index 407c8dea424a836b39be26b9c0d5e2b7bda7ca6c..c2f9015b1a327d9547729e5a0ed0177bc8840f1f 100644 (file)
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -63,6 +63,7 @@ struct opkg_conf
      int force_space;
      int force_removal_of_dependent_packages;
      int force_removal_of_essential_packages;
+     int check_signature;
      int nodeps; /* do not follow dependences */
      char *offline_root;
      char *offline_root_path;

diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index 93b5084b7f15e7a36220cda787fa942cadcd9208..a2129698115933c934b16a76964d995c8a6c8d79 100644 (file)
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -304,6 +304,8 @@ int
 opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file)
 {
 #ifdef HAVE_GPGME
+    if (conf->check_signature == 0 )
+        return 0;
     int status = -1;
     gpgme_ctx_t ctx;
     gpgme_data_t sig, text, key;

diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c
index 5f154a5128f0179edf0dfc39090dce097618222a..50cdabbcf549b78ad6a90614850e1b452ef54878 100644 (file)
--- a/libopkg/opkg_install.c
+++ b/libopkg/opkg_install.c
@@ -832,7 +832,7 @@ int opkg_install_pkg(opkg_conf_t *conf, pkg_t *pkg, int from_upgrade)
      char *list_file_name, *sig_file_name, *lists_dir;
 
      /* check to ensure the package has come from a repository */
-     if (pkg->src)
+     if (conf->check_signature && pkg->src)
      {
        sprintf_alloc (&lists_dir, "%s",
                      (conf->restrict_to_default_dest)