libopkg: add support for signature checking through usign
authorJo-Philipp Wich <jo@mein.io>
Fri, 10 Feb 2017 09:34:21 +0000 (10:34 +0100)
committerJo-Philipp Wich <jo@mein.io>
Fri, 10 Feb 2017 09:35:16 +0000 (10:35 +0100)
Adds a new configure switch "--enable-usign" which enables code to perform
package feed signature checking using an external "/usr/sbin/opkg-key" helper
program.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
configure.ac
libopkg/opkg.c
libopkg/opkg_cmd.c
libopkg/opkg_download.c
libopkg/opkg_install.c

index 996bf6a462390a2a3709030c79fb880c95dcecd1..967a4d5c6bac9a7f046d84a08488a36d7437018b 100644 (file)
@@ -169,6 +169,15 @@ if test "x$want_gpgme" = "xyes"; then
   fi
 fi
 
+AC_ARG_ENABLE(usign,
+    AC_HELP_STRING([--enable-usign], [Enable signature checking with usign
+      [[default=yes]] ]),
+    [want_usign="$enableval"], [want_usign="yes"])
+
+if test "x$want_usign" = "xyes"; then
+  AC_DEFINE(HAVE_USIGN, 1, [Define if you want usign support])
+fi
+
 AC_SUBST(GPGME_CFLAGS)
 AC_SUBST(GPGME_LIBS)
 
index dbb82fbb1c2c4b74045368d9153a1fa054c6c8d3..dbb904a7be6123abc954ed239c571582b439328d 100644 (file)
@@ -599,7 +599,7 @@ opkg_update_package_lists(opkg_progress_callback_t progress_callback,
                }
                free(url);
 
-#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL)
+#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN)
                if (conf->check_signature) {
                        char *sig_file_name;
                        /* download detached signitures to verify the package lists */
index d1e91cbeae54bfdad58b0dfcedfcb63f79d0e065..c30e34dc226c8c397bc5c8bb9c33a5a85986dc30 100644 (file)
@@ -169,7 +169,7 @@ opkg_update_cmd(int argc, char **argv)
                            list_file_name);
          }
          free(url);
-#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL)
+#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN)
           if (conf->check_signature) {
               /* download detached signitures to verify the package lists */
               /* get the url for the sig file */
index 4a8b2a2b9d4c854fd2ea7a75fe20b19f83bf58d3..97e1a84e5be8238e1f3a1395779a6330cd0e4eef 100644 (file)
@@ -19,6 +19,7 @@
 
 #include "config.h"
 
+#include <sys/wait.h>
 #include <stdio.h>
 #include <unistd.h>
 #include <libgen.h>
@@ -342,7 +343,28 @@ opkg_prepare_url_for_install(const char *url, char **namep)
 int
 opkg_verify_file (char *text_file, char *sig_file)
 {
-#if defined HAVE_GPGME
+#if defined HAVE_USIGN
+       int status = -1;
+       int pid;
+
+    if (conf->check_signature == 0 )
+        return 0;
+
+       pid = fork();
+       if (pid < 0)
+               return -1;
+
+       if (!pid) {
+               execl("/usr/sbin/opkg-key", "opkg-key", "verify", sig_file, text_file, NULL);
+               exit(255);
+       }
+
+       waitpid(pid, &status, 0);
+       if (!WIFEXITED(status) || WEXITSTATUS(status))
+               return -1;
+
+       return 0;
+#elif defined HAVE_GPGME
     if (conf->check_signature == 0 )
         return 0;
     int status = -1;
index 1b6866cd97b9582d3bb782b891597aafea2f6723..7e0e17e8262768e9b6025d65108e27c47009768f 100644 (file)
@@ -1288,7 +1288,7 @@ opkg_install_pkg(pkg_t *pkg, int from_upgrade)
      }
 
      /* check that the repository is valid */
-     #if defined(HAVE_GPGME) || defined(HAVE_OPENSSL)
+     #if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN)
      char *list_file_name, *sig_file_name, *lists_dir;
 
      /* check to ensure the package has come from a repository */