From: ticktock35 Date: Sun, 28 Dec 2008 07:53:44 +0000 (+0000) Subject: adding check_signature config X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopkg-lede.git;a=commitdiff_plain;h=fb70577757cf49404fc6e837bd94d4f7d1f81f61 adding check_signature config default if off you can turn that on via adding one line in /etc/opkg/opkg.conf file + option check_signature 1 git-svn-id: http://opkg.googlecode.com/svn/trunk@193 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358 --- diff --git a/libopkg/opkg.c b/libopkg/opkg.c index d69721b..11b5ee7 100644 --- a/libopkg/opkg.c +++ b/libopkg/opkg.c @@ -850,42 +850,44 @@ opkg_update_package_lists (opkg_t *opkg, opkg_progress_callback_t progress_callb free (url); #ifdef HAVE_GPGME - char *sig_file_name; - /* download detached signitures to verify the package lists */ - /* get the url for the sig file */ - if (src->extra_data) /* debian style? */ - sprintf_alloc (&url, "%s/%s/%s", src->value, src->extra_data, - "Packages.sig"); - else - sprintf_alloc (&url, "%s/%s", src->value, "Packages.sig"); + if ( opkg->conf->check_signature ) { + char *sig_file_name; + /* download detached signitures to verify the package lists */ + /* get the url for the sig file */ + if (src->extra_data) /* debian style? */ + sprintf_alloc (&url, "%s/%s/%s", src->value, src->extra_data, + "Packages.sig"); + else + sprintf_alloc (&url, "%s/%s", src->value, "Packages.sig"); - /* create filename for signature */ - sprintf_alloc (&sig_file_name, "%s/%s.sig", lists_dir, src->name); + /* create filename for signature */ + sprintf_alloc (&sig_file_name, "%s/%s.sig", lists_dir, src->name); - /* make sure there is no existing signature file */ - unlink (sig_file_name); + /* make sure there is no existing signature file */ + unlink (sig_file_name); - err = opkg_download (opkg->conf, url, sig_file_name, NULL, NULL); - if (err) - { - /* XXX: Warning: Download failed */ - } - else - { - int err; - err = opkg_verify_file (opkg->conf, list_file_name, sig_file_name); - if (err == 0) - { - /* XXX: Notice: Signature check passed */ - } - else - { - /* XXX: Warning: Signature check failed */ - } + err = opkg_download (opkg->conf, url, sig_file_name, NULL, NULL); + if (err) + { + /* XXX: Warning: Download failed */ + } + else + { + int err; + err = opkg_verify_file (opkg->conf, list_file_name, sig_file_name); + if (err == 0) + { + /* XXX: Notice: Signature check passed */ + } + else + { + /* XXX: Warning: Signature check failed */ + } + } + free (sig_file_name); + free (list_file_name); + free (url); } - free (sig_file_name); - free (list_file_name); - free (url); #else /* XXX: Note: Signature check for %s skipped because GPG support was not * enabled in this build diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c index 411bb72..043536c 100644 --- a/libopkg/opkg_cmd.c +++ b/libopkg/opkg_cmd.c @@ -261,34 +261,36 @@ static int opkg_update_cmd(opkg_conf_t *conf, int argc, char **argv) free(url); #ifdef HAVE_GPGME - /* download detached signitures to verify the package lists */ - /* get the url for the sig file */ - if (src->extra_data) /* debian style? */ - sprintf_alloc(&url, "%s/%s/%s", src->value, src->extra_data, - "Packages.sig"); - else - sprintf_alloc(&url, "%s/%s", src->value, "Packages.sig"); - - /* create temporary file for it */ - char *tmp_file_name; - - sprintf_alloc (&tmp_file_name, "%s/%s", tmp, "Packages.sig"); - - err = opkg_download(conf, url, tmp_file_name, NULL, NULL); - if (err) { - failures++; - opkg_message (conf, OPKG_NOTICE, "Signature check failed\n"); - } else { - int err; - err = opkg_verify_file (conf, list_file_name, tmp_file_name); - if (err == 0) - opkg_message (conf, OPKG_NOTICE, "Signature check passed\n"); - else - opkg_message (conf, OPKG_NOTICE, "Signature check failed\n"); - } - unlink (tmp_file_name); - free (tmp_file_name); - free (url); + if (conf->check_signature) { + /* download detached signitures to verify the package lists */ + /* get the url for the sig file */ + if (src->extra_data) /* debian style? */ + sprintf_alloc(&url, "%s/%s/%s", src->value, src->extra_data, + "Packages.sig"); + else + sprintf_alloc(&url, "%s/%s", src->value, "Packages.sig"); + + /* create temporary file for it */ + char *tmp_file_name; + + sprintf_alloc (&tmp_file_name, "%s/%s", tmp, "Packages.sig"); + + err = opkg_download(conf, url, tmp_file_name, NULL, NULL); + if (err) { + failures++; + opkg_message (conf, OPKG_NOTICE, "Signature check failed\n"); + } else { + int err; + err = opkg_verify_file (conf, list_file_name, tmp_file_name); + if (err == 0) + opkg_message (conf, OPKG_NOTICE, "Signature check passed\n"); + else + opkg_message (conf, OPKG_NOTICE, "Signature check failed\n"); + } + unlink (tmp_file_name); + free (tmp_file_name); + free (url); + } #else // Do nothing #endif diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c index d722a0d..ac785c8 100644 --- a/libopkg/opkg_conf.c +++ b/libopkg/opkg_conf.c @@ -56,6 +56,7 @@ int opkg_init_options_array(const opkg_conf_t *conf, opkg_option_t **options) { "force_downgrade", OPKG_OPT_TYPE_BOOL, &conf->force_downgrade }, { "force_reinstall", OPKG_OPT_TYPE_BOOL, &conf->force_reinstall }, { "force_space", OPKG_OPT_TYPE_BOOL, &conf->force_space }, + { "check_signature", OPKG_OPT_TYPE_INT, &conf->check_signature }, { "ftp_proxy", OPKG_OPT_TYPE_STRING, &conf->ftp_proxy }, { "http_proxy", OPKG_OPT_TYPE_STRING, &conf->http_proxy }, { "no_proxy", OPKG_OPT_TYPE_STRING, &conf->no_proxy }, diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h index 407c8de..c2f9015 100644 --- a/libopkg/opkg_conf.h +++ b/libopkg/opkg_conf.h @@ -63,6 +63,7 @@ struct opkg_conf int force_space; int force_removal_of_dependent_packages; int force_removal_of_essential_packages; + int check_signature; int nodeps; /* do not follow dependences */ char *offline_root; char *offline_root_path; diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index 93b5084..a212969 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -304,6 +304,8 @@ int opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) { #ifdef HAVE_GPGME + if (conf->check_signature == 0 ) + return 0; int status = -1; gpgme_ctx_t ctx; gpgme_data_t sig, text, key; diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c index 5f154a5..50cdabb 100644 --- a/libopkg/opkg_install.c +++ b/libopkg/opkg_install.c @@ -832,7 +832,7 @@ int opkg_install_pkg(opkg_conf_t *conf, pkg_t *pkg, int from_upgrade) char *list_file_name, *sig_file_name, *lists_dir; /* check to ensure the package has come from a repository */ - if (pkg->src) + if (conf->check_signature && pkg->src) { sprintf_alloc (&lists_dir, "%s", (conf->restrict_to_default_dest)