Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 1f126f9
move rsa signing to the library move repository compressing to the library while here use struct packing
Baptiste Daroussin committed 15 years ago
commit 1f126f9a99325b1da7090e34e0ad7346706c8fdd
parent 7c253e6
3 files changed +78 -114
modified libpkg/pkg.h
@@ -2,6 +2,7 @@
#define _PKG_H



#include <sys/types.h>
+ 
#include <openssl/pem.h>



struct pkg;

struct pkg_file;
@@ -380,7 +381,8 @@ const char *pkg_option_value(struct pkg_option *);
 * @param data A pointer which is passed to the callback.

 * @param sum An 65 long char array to receive the sha256 sum

 */
- 
int pkg_create_repo(char *path, void (*callback)(struct pkg *, void *), void *, char [65]);
+ 
int pkg_create_repo(char *path, void (*callback)(struct pkg *, void *), void *);
+ 
int pkg_finish_repo(char *patj, pem_password_cb *cb, char *rsa_key_path);



/**

 * Open the local package database.
modified libpkg/pkg_repo.c
@@ -8,7 +8,10 @@
#include <unistd.h>

#include <stdio.h>

#include <string.h>
- 
#include <sha256.h>
+
+ 
#include <openssl/rsa.h>
+ 
#include <openssl/err.h>
+ 
#include <openssl/ssl.h>



#include "pkg.h"

#include "pkg_error.h"
@@ -16,7 +19,7 @@
#include "pkg_util.h"



int
- 
pkg_create_repo(char *path, void (progress)(struct pkg *pkg, void *data), void *data, char sum[65])
+ 
pkg_create_repo(char *path, void (progress)(struct pkg *pkg, void *data), void *data)

{

	FTS *fts = NULL;

	FTSENT *ent = NULL;
@@ -32,6 +35,7 @@ pkg_create_repo(char *path, void (progress)(struct pkg *pkg, void *data), void *
	char *errmsg = NULL;

	int retcode = EPKG_OK;

	char *pkg_path;
+ 
	char sum[65];



	int i;
@@ -215,11 +219,72 @@ pkg_create_repo(char *path, void (progress)(struct pkg *pkg, void *data), void *
	if (errmsg != NULL)

		sqlite3_free(errmsg);
- 
	if (retcode == EPKG_OK)
- 
		/* TODO: error checking */
- 
		sha256_file(repodb, sum);
- 
	else
- 
		sum[0] = '\0';
- 


	return (retcode);

}
+
+ 
static RSA *
+ 
load_rsa_private_key(char *rsa_key_path, pem_password_cb *password_cb)
+ 
{
+ 
	FILE *fp;
+ 
	RSA *rsa = NULL;
+
+ 
	if ((fp = fopen(rsa_key_path, "r")) == 0)
+ 
		return (NULL);
+
+ 
	if ((rsa = RSA_new()) == NULL) {
+ 
		fclose(fp);
+ 
		return (NULL);
+ 
	}
+
+ 
	if ((rsa = PEM_read_RSAPrivateKey(fp, 0, password_cb, rsa_key_path)) == NULL) {
+ 
		fclose(fp);
+ 
		return (NULL);
+ 
	}
+
+ 
	fclose(fp);
+ 
	return (rsa);
+ 
}
+
+ 
int
+ 
pkg_finish_repo(char *path, pem_password_cb *password_cb, char *rsa_key_path)
+ 
{
+ 
	char repo_path[MAXPATHLEN];
+ 
	char repo_archive[MAXPATHLEN];
+ 
	struct packing *pack;
+ 
	int max_len = 0;
+ 
	unsigned char *sigret = NULL;
+ 
	int siglen = 0;
+ 
	RSA *rsa = NULL;
+ 
	char sha256[65];
+
+ 
	snprintf(repo_path, MAXPATHLEN, "%s/repo.sqlite", path);
+ 
	snprintf(repo_archive, MAXPATHLEN, "%s/repo", path);
+
+ 
	packing_init(&pack, repo_archive, TXZ);
+ 
	if (rsa_key_path != NULL) {
+ 
		SSL_load_error_strings();
+
+ 
		OpenSSL_add_all_algorithms();
+ 
		OpenSSL_add_all_ciphers();
+
+ 
		rsa = load_rsa_private_key(rsa_key_path, password_cb);
+ 
		max_len = RSA_size(rsa);
+ 
		sigret = malloc(max_len + 1);
+ 
		memset(sigret, 0, max_len);
+
+ 
		sha256_file(repo_path, sha256);
+
+ 
		if (RSA_sign(NID_sha1, sha256, 65, sigret, &siglen, rsa) == 0)
+ 
			return pkg_error_set(EPKG_FATAL, "Unable to sign the repository");
+
+ 
		packing_append_buffer(pack, sigret, "signature", max_len);
+
+ 
		free(sigret);
+ 
		RSA_free(rsa);
+ 
		ERR_free_strings();
+ 
	}
+ 
	packing_append_file(pack, repo_path, "repo.sqlite");
+ 
	packing_finish(pack);
+
+ 
	return (EPKG_OK);
+ 
}
modified pkg/repo.c
@@ -6,13 +6,6 @@


#include <pkg.h>
- 
#include <openssl/rsa.h>
- 
#include <openssl/err.h>
- 
#include <openssl/ssl.h>
-
- 
#include <archive.h>
- 
#include <archive_entry.h>
- 


#include <fcntl.h>



#include "repo.h"
@@ -67,51 +60,11 @@ password_cb(char *buf, int size, int rwflag, void *key)
	return len;

}
- 
static RSA *
- 
load_rsa_private_key(char *rsa_key_path)
- 
{
- 
	FILE *fp;
- 
	RSA *rsa = NULL;
-
- 
	fp = fopen(rsa_key_path, "r");
- 
	if (fp == 0) {
- 
		return NULL;
- 
	}
-
- 
	rsa = RSA_new();
- 
	if (rsa == NULL) {
- 
		fclose(fp);
- 
		return NULL;
- 
	}
-
- 
	rsa = PEM_read_RSAPrivateKey(fp, 0, password_cb, rsa_key_path);
- 
	if (rsa == NULL) {
-
- 
		fclose(fp);
- 
		return NULL;
- 
	}
-
- 
	fclose(fp);
- 
	return rsa;
- 
}
- 


int

exec_repo(int argc, char **argv)

{

	int ret;
- 
	RSA *rsa = NULL;
- 
	char sha256[65];
- 
	char db_path[MAXPATHLEN];
- 
	char repo_data_path[MAXPATHLEN];
- 
	int max_len = 0;
- 
	unsigned char *sigret = NULL;
- 
	int siglen = 0;
- 
	struct archive_entry *entry;
- 
	int fd;
- 
	size_t len;
- 
	char buf[BUFSIZ];
- 
	struct archive *ar, *repo_archive;

	int pos = 0;
@@ -121,70 +74,14 @@ exec_repo(int argc, char **argv)
	}



	printf("Generating repo.sqlite in %s:  ", argv[1]);
- 
	ret = pkg_create_repo(argv[1], progress, &pos, sha256);
+ 
	ret = pkg_create_repo(argv[1], progress, &pos);



	if (ret != EPKG_OK)

		pkg_error_warn("can not create repository");

	else

		printf("\bDone!\n");
- 
	SSL_load_error_strings();
-
- 
	OpenSSL_add_all_algorithms();
- 
	OpenSSL_add_all_ciphers();
-
-
- 
	rsa = load_rsa_private_key( argv[2] );
-
- 
	snprintf(db_path, MAXPATHLEN, "%s/repo.sqlite", argv[1]);
-
- 
	max_len = RSA_size(rsa);
- 
	sigret = malloc(max_len + 1);
- 
	memset(sigret, 0, max_len);
-
- 
	if (RSA_sign(NID_sha1, sha256, 65, sigret, &siglen, rsa) == 0) {
- 
		return -1;
- 
	}
-
- 
	snprintf(repo_data_path, MAXPATHLEN, "%s/repo.txz", argv[1]);
-
- 
	ar = archive_read_disk_new();
- 
	repo_archive = archive_write_new();
- 
	archive_write_set_compression_xz(repo_archive);
- 
	archive_write_set_format_pax(repo_archive);
- 
	archive_write_open_filename(repo_archive, repo_data_path);
-
- 
	archive_read_disk_set_standard_lookup(ar);
-
- 
	entry = archive_entry_new();
- 
	archive_entry_clear(entry);
- 
	archive_entry_set_filetype(entry, AE_IFREG);
- 
	archive_entry_set_pathname(entry, "signature");
- 
	archive_entry_set_size(entry, max_len);
- 
	archive_write_header(repo_archive, entry);
- 
	archive_write_data(repo_archive, sigret, max_len);
- 
	archive_entry_clear(entry);
-
- 
	archive_entry_copy_sourcepath(entry, db_path);
- 
	archive_read_disk_entry_from_file(ar, entry, -1, 0);
- 
	archive_entry_set_pathname(entry, "repo.sqlite");
-
- 
	archive_write_header(repo_archive, entry);
- 
	fd = open(db_path, O_RDONLY);
- 
	if (fd != -1) {
- 
		while ( (len = read(fd, buf, sizeof(buf))) > 0)
- 
			archive_write_data(repo_archive, buf, len);
- 
		close(fd);
- 
	}
-
- 
	archive_entry_free(entry);
- 
	archive_read_finish(ar);
-
- 
	archive_write_close(repo_archive);
- 
	archive_write_finish(repo_archive);
+ 
	pkg_finish_repo(argv[1], password_cb, argv[2]);
- 
	free(sigret);
- 
	RSA_free( rsa );
- 
	ERR_free_strings();

	return (ret);

}