Add error messages in case of signature error

[oweals/opkg-lede.git] / libopkg / opkg_install.c

diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c
index 719090b2781e4af434dec26f5c2daa23452d85ec..8ced15aa36222a323726a2735909d2589e5cf144 100644 (file)
--- a/libopkg/opkg_install.c
+++ b/libopkg/opkg_install.c
@@ -766,6 +766,9 @@ int opkg_install_pkg(opkg_conf_t *conf, pkg_t *pkg, int from_upgrade)
      abstract_pkg_t *ab_pkg = NULL;
      int old_state_flag;
      char* file_md5;
+#ifdef HAVE_SHA256
+     char* file_sha256;
+#endif
      char *pkgid;
     
      if ( from_upgrade ) 
@@ -834,7 +837,7 @@ int opkg_install_pkg(opkg_conf_t *conf, pkg_t *pkg, int from_upgrade)
      }
 
      /* check that the repository is valid */
-     #if HAVE_GPGME
+     #if defined(HAVE_GPGME) || defined(HAVE_OPENSSL)
      char *list_file_name, *sig_file_name, *lists_dir;
 
      /* check to ensure the package has come from a repository */
@@ -849,8 +852,15 @@ int opkg_install_pkg(opkg_conf_t *conf, pkg_t *pkg, int from_upgrade)
 
        if (file_exists (sig_file_name))
        {
-         if (opkg_verify_file (conf, list_file_name, sig_file_name))
+         if (opkg_verify_file (conf, list_file_name, sig_file_name)){
+           opkg_message(conf, OPKG_ERROR, "Failed to verify the signature of: %s\n",
+                           list_file_name);
            return OPKG_INSTALL_ERR_SIGNATURE;
+         }
+       }else{
+         opkg_message(conf, OPKG_ERROR, "Signature file is missing. "
+                         "Perhaps you need to run 'opkg update'?\n");
+         return OPKG_INSTALL_ERR_SIGNATURE;
        }
 
        free (lists_dir);
@@ -874,6 +884,22 @@ int opkg_install_pkg(opkg_conf_t *conf, pkg_t *pkg, int from_upgrade)
          free(file_md5);
      }
 
+#ifdef HAVE_SHA256
+     /* Check for sha256 value */
+     if(pkg->sha256sum)
+     {
+         file_sha256 = file_sha256sum_alloc(pkg->local_filename);
+         if (strcmp(file_sha256, pkg->sha256sum))
+         {
+              opkg_message(conf, OPKG_ERROR,
+                           "Package %s sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.\n",
+                           pkg->name);
+              free(file_sha256);
+              return OPKG_INSTALL_ERR_SHA256;
+         }
+     }
+#endif
+
      if (pkg->tmp_unpack_dir == NULL) {
          unpack_pkg_control_files(conf, pkg);
      }
@@ -1590,18 +1616,20 @@ static int resolve_conffiles(opkg_conf_t *conf, pkg_t *pkg)
          cf_backup = backup_filename_alloc(root_filename);
 
 
-         if (file_exists(cf_backup)) {
- /* Let's compute md5 to test if files are changed */
-             md5sum = file_md5sum_alloc(cf_backup);
-               if (strcmp( cf->value,md5sum) != 0 ) {
-                 if (conf->force_defaults
-                     || user_prefers_old_conffile(cf->name, cf_backup) ) {
-                      rename(cf_backup, root_filename);
-                 }
-              }
-              unlink(cf_backup);
-              free(md5sum);
-         }
+          if (file_exists(cf_backup)) {
+              /* Let's compute md5 to test if files are changed */
+              md5sum = file_md5sum_alloc(cf_backup);
+              if (strcmp( cf->value,md5sum) != 0 ) {
+                  if (conf->force_maintainer) {
+                      opkg_message(conf, OPKG_NOTICE, "Conffile %s using maintainer's setting.\n", cf_backup);
+                  } else if (conf->force_defaults
+                          || user_prefers_old_conffile(cf->name, cf_backup) ) {
+                      rename(cf_backup, root_filename);
+                  }
+              }
+              unlink(cf_backup);
+              free(md5sum);
+          }
 
          free(cf_backup);
          free(root_filename);