4d77ca4 Check for archiving and sign errors in repo cmd. — HardenedBSD-pkg

HardenedBSD Package Manager

Check for archiving and sign errors in repo cmd.

Vsevolod Stakhov committed 13 years ago

commit 4d77ca424546d24fe45b681bc68f287ca4789d11
parent 8072a3cb6fbce0bce267f3febcb15cca28f472e3

2 files changed +40 -11

modified libpkg/packing.c

@@ -103,6 +103,7 @@ packing_append_buffer(struct packing *pack, const char *buffer,

     const char *path, int size)
 {
 	struct archive_entry *entry;
 	int ret = EPKG_OK;
 	entry = archive_entry_new();
 	archive_entry_clear(entry);

@@ -112,12 +113,21 @@ packing_append_buffer(struct packing *pack, const char *buffer,

 	archive_entry_set_uname(entry, "root");
 	archive_entry_set_pathname(entry, path);
 	archive_entry_set_size(entry, size);
 	archive_write_header(pack->awrite, entry);
 	archive_write_data(pack->awrite, buffer, size);
 	if (archive_write_header(pack->awrite, entry) == -1) {
 		pkg_emit_errno("archive_write_header", path);
 		ret = EPKG_FATAL;
 		goto cleanup;
 	}
 	if (archive_write_data(pack->awrite, buffer, size) == -1) {
 		pkg_emit_errno("archive_write_data", path);
 		ret = EPKG_FATAL;
 	}
 cleanup:
 	archive_entry_free(entry);
 	return (EPKG_OK);
 	return (ret);
 }
 int

modified libpkg/pkg_repo.c

@@ -972,7 +972,7 @@ read_pkg_file(void *data)

 	pthread_mutex_unlock(&d->results_m);
 }
 static void
 static int
 pack_db(const char *name, const char *archive, char *path,
     char *rsa_key_path, pem_password_cb *password_cb)
 {

@@ -980,17 +980,28 @@ pack_db(const char *name, const char *archive, char *path,

 	unsigned char *sigret = NULL;
 	unsigned int siglen = 0;
 	packing_init(&pack, archive, TXZ);
 	if (packing_init(&pack, archive, TXZ) != EPKG_OK)
 		return (EPKG_FATAL);
 	if (rsa_key_path != NULL) {
 		rsa_sign(path, password_cb, rsa_key_path, &sigret, &siglen);
 		if (rsa_sign(path, password_cb, rsa_key_path, &sigret, &siglen) != EPKG_OK) {
 			packing_finish(pack);
 			return (EPKG_FATAL);
 		}
 		packing_append_buffer(pack, sigret, "signature", siglen + 1);
 		if (packing_append_buffer(pack, sigret, "signature", siglen + 1) != EPKG_OK) {
 			free(sigret);
 			return (EPKG_FATAL);
 		}
 		free(sigret);
 	}
 	packing_append_file_attr(pack, path, name, "root", "wheel", 0644);
 	unlink(path);
 	packing_finish(pack);
 	return (EPKG_OK);
 }
 int

@@ -1006,19 +1017,27 @@ pkg_finish_repo(char *path, pem_password_cb *password_cb, char *rsa_key_path)

 	snprintf(repo_path, sizeof(repo_path), "%s/packagesite.yaml", path);
 	snprintf(repo_archive, sizeof(repo_archive), "%s/packagesite", path);
 	pack_db("packagesite.yaml", repo_archive, repo_path, rsa_key_path, password_cb);
 	if (pack_db("packagesite.yaml", repo_archive, repo_path,
 			rsa_key_path, password_cb) != EPKG_OK)
 		return (EPKG_FATAL);
 	snprintf(repo_path, sizeof(repo_path), "%s/repo.sqlite", path);
 	snprintf(repo_archive, sizeof(repo_archive), "%s/repo", path);
 	pack_db("repo.sqlite", repo_archive, repo_path, rsa_key_path, password_cb);
 	if (pack_db("repo.sqlite", repo_archive, repo_path,
 			rsa_key_path, password_cb) != EPKG_OK)
 		return (EPKG_FATAL);
 	snprintf(repo_path, sizeof(repo_path), "%s/filesite.yaml", path);
 	snprintf(repo_archive, sizeof(repo_archive), "%s/filesite", path);
 	pack_db("filesite.yaml", repo_archive, repo_path, rsa_key_path, password_cb);
 	if (pack_db("filesite.yaml", repo_archive, repo_path,
 			rsa_key_path, password_cb) != EPKG_OK)
 		return (EPKG_FATAL);
 	snprintf(repo_path, sizeof(repo_path), "%s/digests", path);
 	snprintf(repo_archive, sizeof(repo_archive), "%s/digests", path);
 	pack_db("digests", repo_archive, repo_path, rsa_key_path, password_cb);
 	if (pack_db("digests", repo_archive, repo_path,
 			rsa_key_path, password_cb) != EPKG_OK)
 		return (EPKG_FATAL);
 	return (EPKG_OK);
 }