Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 6f7e273
Parse FreeBSD OS version and forbid to install too new packages
Baptiste Daroussin committed 8 years ago
commit 6f7e273cd6eeccea3a7a6440e59b4f06accec202
parent 6687b1c
4 files changed +41 -0
modified libpkg/pkg_add.c
@@ -836,6 +836,10 @@ pkg_add_check_pkg_archive(struct pkgdb *db, struct pkg *pkg,
		return (EPKG_FATAL);

	}
+ 
	if (!is_valid_os_version(pkg) && (flags & PKG_ADD_FORCE) == 0) {
+ 
		return (EPKG_FATAL);
+ 
	}
+ 


	/* XX check */

	ret = pkg_try_installed(db, pkg->name, &pkg_inst, PKG_LOAD_BASIC);

	if (ret == EPKG_OK) {
modified libpkg/private/utils.h
@@ -79,6 +79,7 @@ int rsa_verify_cert(unsigned char *cert,


bool check_for_hardlink(hardlinks_t *hl, struct stat *st);

bool is_valid_abi(const char *arch, bool emit_error);
+ 
bool is_valid_os_version(struct pkg *pkg);



struct dns_srvinfo *

	dns_getsrvinfo(const char *zone);
modified libpkg/repo/binary/update.c
@@ -395,6 +395,12 @@ pkg_repo_binary_add_from_manifest(char *buf, sqlite3 *sqlite, size_t len,
			repo->name, abi);

		goto cleanup;

	}
+ 
	if (!is_valid_os_version(pkg)) {
+ 
		rc = EPKG_FATAL;
+ 
		pkg_emit_error("repository %s contains packages for wrong OS "
+ 
		    "version: %s", repo->name, abi);
+ 
		goto cleanup;
+ 
	}



	free(pkg->reponame);

	pkg->reponame = xstrdup(repo->name);
modified libpkg/utils.c
@@ -51,6 +51,7 @@
#include "pkg.h"

#include "private/event.h"

#include "private/utils.h"
+ 
#include "private/pkg.h"

#include "xmalloc.h"



int
@@ -343,6 +344,35 @@ is_valid_abi(const char *arch, bool emit_error) {
	return (true);

}
+ 
bool
+ 
is_valid_os_version(struct pkg *pkg)
+ 
{
+ 
#ifdef __FreeBSD__
+ 
	const char *fbsd_version;
+ 
	const char *errstr = NULL;
+ 
	int fbsdver;
+
+ 
	if ((fbsd_version = pkg_kv_get(&pkg->annotations, "freebsd_version")) != NULL) {
+ 
		fbsdver = strtonum(fbsd_version, 1, INT_MAX, &errstr);
+ 
		if (errstr != NULL) {
+ 
			pkg_emit_error("Invalid FreeBSD version %s for package %s",
+ 
			    fbsd_version, pkg->name);
+ 
			return (false);
+ 
		}
+ 
		if (fbsdver > getosreldate()) {
+ 
			pkg_emit_error("Newer FreeBSD version for package %s:\n"
+ 
			    "- package: %d\n- running kernel: %d", pkg->name,
+ 
			    fbsdver, getosreldate());
+ 
			return (false);
+ 
		}
+ 
	}
+ 
	return (true);
+ 
#else
+ 
	return (true);
+ 
#endif
+
+ 
}
+ 


void

set_nonblocking(int fd)

{