Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 3f3adaf
Fix finding repo fingerprints when using rootdir support
Brad Davis committed 4 years ago
commit 3f3adaf1446f7bd13f9824508a3a5712f8974759
parent 0229b36
2 files changed +39 -11
modified libpkg/pkg_repo.c
@@ -1066,7 +1066,13 @@ pkg_repo_load_fingerprints(struct pkg_repo *repo)
	char path[MAXPATHLEN];

	struct stat st;
- 
	snprintf(path, sizeof(path), "%s/trusted", pkg_repo_fingerprints(repo));
+ 
	if (ctx.pkg_rootdir) {
+ 
		snprintf(path, sizeof(path), "%s/%s/trusted", ctx.pkg_rootdir, pkg_repo_fingerprints(repo));
+ 
	}
+ 
	else {
+ 
		snprintf(path, sizeof(path), "%s/trusted", pkg_repo_fingerprints(repo));
+ 
	}
+ 


	if ((pkg_repo_load_fingerprints_from_path(path, &repo->trusted_fp)) != EPKG_OK) {

		pkg_emit_error("Error loading trusted certificates");

		return (EPKG_FATAL);
@@ -1077,7 +1083,12 @@ pkg_repo_load_fingerprints(struct pkg_repo *repo)
		return (EPKG_FATAL);

	}
- 
	snprintf(path, sizeof(path), "%s/revoked", pkg_repo_fingerprints(repo));
+ 
	if (ctx.pkg_rootdir) {
+ 
		snprintf(path, sizeof(path), "%s/%s/revoked", ctx.pkg_rootdir, pkg_repo_fingerprints(repo));
+ 
	}
+ 
	else {
+ 
		snprintf(path, sizeof(path), "%s/revoked", pkg_repo_fingerprints(repo));
+ 
	}

	/* Absence of revoked certificates is not a fatal error */

	if (stat(path, &st) != -1) {

		if ((pkg_repo_load_fingerprints_from_path(path, &repo->revoked_fp)) != EPKG_OK) {
modified tests/frontend/fingerprint.sh
@@ -3,24 +3,26 @@
. $(atf_get_srcdir)/test_environment.sh



tests_init \
- 
	fingerprint
+ 
	fingerprint \
+ 
	fingerprint_rootdir
- 
fingerprint_body() {
+ 
setup() {
+ 
	local _root=$1

        atf_skip_on Darwin Test fails on Darwin

        atf_skip_on Linux Test fails on Linux



	atf_check -o ignore -e ignore \

		openssl genrsa -out repo.key 2048

	rm -rf ${TMPDIR}/keys || :
- 
	mkdir -p keys/trusted
- 
	mkdir -p keys/revoked
+ 
	mkdir -p ${_root}/keys/trusted
+ 
	mkdir -p ${_root}/keys/revoked

	chmod 0400 repo.key

	atf_check -o ignore -e ignore \

		openssl rsa -in repo.key -out repo.pub -pubout
- 
	echo "function: sha256" > keys/trusted/key
- 
	echo -n "fingerprint: " >> keys/trusted/key
- 
	openssl dgst -sha256 -hex repo.pub | sed 's/^.* //' >> keys/trusted/key
- 
	echo "" >> keys/trusted/key
+ 
	echo "function: sha256" > ${_root}/keys/trusted/key
+ 
	echo -n "fingerprint: " >> ${_root}/keys/trusted/key
+ 
	openssl dgst -sha256 -hex repo.pub | sed 's/^.* //' >> ${_root}/keys/trusted/key
+ 
	echo "" >> ${_root}/keys/trusted/key

	mkdir fakerepo



	cat >> sign.sh << EOF
@@ -47,12 +49,27 @@ local: {
	url: file:///${TMPDIR}/fakerepo

	enabled: true

	signature_type: FINGERPRINTS
- 
	fingerprints: ${TMPDIR}/keys
+ 
	fingerprints: keys

}

EOF
+ 
}
+
+ 
fingerprint_body() {
+ 
	setup "${TMPDIR}/."
+ 


	atf_check \

		-o ignore \

		-e match:".*extracting signature of repo.*" \

		pkg -dd -o REPOS_DIR="${TMPDIR}" \

		-o PKG_CACHEDIR="${TMPDIR}" update

}
+
+ 
fingerprint_rootdir_body() {
+ 
	setup "${TMPDIR}/rootdir"
+
+ 
	atf_check \
+ 
		-o ignore \
+ 
		-e match:".*extracting signature of repo.*" \
+ 
		pkg -dd -o REPOS_DIR="${TMPDIR}" \
+ 
		-o PKG_CACHEDIR="${TMPDIR}" -r "${TMPDIR}/rootdir" update
+ 
}