From 968549573f2146ef6efa8abef722533b82716b2b Mon Sep 17 00:00:00 2001
From: ticktock35 <ticktock35@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358>
Date: Mon, 15 Dec 2008 05:16:36 +0000
Subject: [PATCH] opkg: * Add opkg-key utility       * Move update-alternatives
 to utils directory       * Update opkg_verify_file function to import keys
 from /etc/opkg

git-svn-id: http://opkg.googlecode.com/svn/trunk@106 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358
---
 Makefile.am                                   |  3 +-
 configure.ac                                  |  1 +
 libopkg/opkg_download.c                       | 28 ++++++-
 src/Makefile.am                               |  5 +-
 utils/Makefile.am                             |  1 +
 utils/opkg-key                                | 74 +++++++++++++++++++
 .../update-alternatives                       |  0
 7 files changed, 105 insertions(+), 7 deletions(-)
 create mode 100644 utils/Makefile.am
 create mode 100755 utils/opkg-key
 rename update-alternatives => utils/update-alternatives (100%)

diff --git a/Makefile.am b/Makefile.am
index 8783593..1b38e26 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,4 +1,4 @@
-SUBDIRS = libbb libopkg src tests
+SUBDIRS = libbb libopkg src tests utils
 
 HOST_CPU=@host_cpu@
 BUILD_CPU=@build_cpu@
@@ -9,7 +9,6 @@ pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libopkg.pc
 
 
-bin_SCRIPTS = update-alternatives
 
 interceptdir = $(datadir)/opkg/intercept
 intercept_DATA = intercept/ldconfig intercept/depmod intercept/update-modules
diff --git a/configure.ac b/configure.ac
index e9b264d..e71a5be 100644
--- a/configure.ac
+++ b/configure.ac
@@ -137,5 +137,6 @@ AC_OUTPUT(
     tests/Makefile
     src/Makefile
     libbb/Makefile
+    utils/Makefile
     libopkg.pc
     )
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index 6acdc32..1d882a1 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -233,27 +233,48 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file)
 #ifdef HAVE_GPGME
     int status = -1;
     gpgme_ctx_t ctx;
-    gpgme_data_t sig, text;
+    gpgme_data_t sig, text, key;
     gpgme_error_t err = -1;
     gpgme_verify_result_t result;
     gpgme_signature_t s;
+    char *trusted_path = NULL;
     
     err = gpgme_new (&ctx);
 
     if (err)
 	return -1;
 
+    sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg");
+    err = gpgme_data_new_from_file (&key, trusted_path, 1); 
+    free (trusted_path);
+    if (err)
+    {
+      return -1;
+    }
+    err = gpgme_op_import (ctx, key);
+    if (err)
+    {
+      gpgme_data_release (key);
+      return -1;
+    }
+    gpgme_data_release (key);
+
     err = gpgme_data_new_from_file (&sig, sig_file, 1); 
     if (err)
+    {
+	gpgme_release (ctx);
 	return -1;
+    }
 
     err = gpgme_data_new_from_file (&text, text_file, 1); 
     if (err)
+    {
+        gpgme_data_release (sig);
+	gpgme_release (ctx);
 	return -1;
+    }
 
     err = gpgme_op_verify (ctx, sig, text, NULL);
-    if (err)
-	return -1;
 
     result = gpgme_op_verify_result (ctx);
     if (!result)
@@ -269,6 +290,7 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file)
 	s = s->next;
     }
 
+
     gpgme_data_release (sig);
     gpgme_data_release (text);
     gpgme_release (ctx);
diff --git a/src/Makefile.am b/src/Makefile.am
index 1fb3ec9..35aaa2a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,8 +1,9 @@
 AM_CFLAGS = -I${top_srcdir}/libopkg ${ALL_CFLAGS}
-bin_PROGRAMS = opkg-cl
+bin_PROGRAMS = opkg-cl opkg-key
 
 opkg_cl_SOURCES = opkg-frontend.c
 opkg_cl_LDADD = $(top_builddir)/libopkg/libopkg.la \
                 $(top_builddir)/libbb/libbb.la 
 
-
+opkg_key_SOURCES = opkg-key.c
+opkg_key_LDADD = $(GPGME_LIBS) 
diff --git a/utils/Makefile.am b/utils/Makefile.am
new file mode 100644
index 0000000..7019e4b
--- /dev/null
+++ b/utils/Makefile.am
@@ -0,0 +1 @@
+bin_SCRIPTS = update-alternatives opkg-key
diff --git a/utils/opkg-key b/utils/opkg-key
new file mode 100755
index 0000000..266bb66
--- /dev/null
+++ b/utils/opkg-key
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+# Based on apt-key from apt-0.6.25
+# Licensed under GPL Version 2
+
+set -e
+
+usage() {
+    echo "Usage: opkg-key [options] command [arguments]"
+    echo
+    echo "Manage opkg's list of trusted keys"
+    echo
+    echo "  opkg-key add <file>          - add the key contained in <file> ('-' for stdin)"
+    echo "  opkg-key del <keyid>         - remove the key <keyid>"
+    echo "  opkg-key list                - list keys"
+    echo
+    echo "Options:"
+    echo "  -o <root>  Use <root> as the offline root directory"
+    echo
+}
+
+if [ "$1" = "-o" ]; then
+  ROOT=$2
+  shift 2
+  echo "Note: using \"$ROOT\" as root path"
+else
+  ROOT=""
+fi
+
+command="$1"
+if [ -z "$command" ]; then
+    usage
+    exit 1
+fi
+shift
+
+if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
+    echo >&2 "Warning: gnupg does not seem to be installed."
+    echo >&2 "Warning: opkg-key requires gnupg for most operations."
+    echo >&2
+fi
+
+# We don't use a secret keyring, of course, but gpg panics and
+# implodes if there isn't one available
+
+GPG="gpg --no-options --no-default-keyring --keyring $ROOT/etc/opkg/trusted.gpg --secret-keyring $ROOT/etc/opkg/secring.gpg --trustdb-name $ROOT/etc/opkg/trustdb.gpg"
+
+case "$command" in
+    add)
+        $GPG --quiet --batch --import "$1"
+        echo "OK"
+        ;;
+    del|rm|remove)
+        $GPG --quiet --batch --delete-key --yes "$1"
+        echo "OK"
+        ;;
+    list)
+        $GPG --batch --list-keys
+        ;;
+    finger*)
+        $GPG --batch --fingerprint
+        ;;
+    adv*)
+        echo "Executing: $GPG $*"
+        $GPG $*
+        ;;
+    help)
+        usage
+        ;;
+    *)
+        usage
+        exit 1
+        ;;
+esac
diff --git a/update-alternatives b/utils/update-alternatives
similarity index 100%
rename from update-alternatives
rename to utils/update-alternatives
-- 
2.25.1