From: ticktock35 Date: Mon, 15 Dec 2008 05:16:36 +0000 (+0000) Subject: opkg: * Add opkg-key utility X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=968549573f2146ef6efa8abef722533b82716b2b;p=project%2Fopkg-lede.git opkg: * Add opkg-key utility * Move update-alternatives to utils directory * Update opkg_verify_file function to import keys from /etc/opkg git-svn-id: http://opkg.googlecode.com/svn/trunk@106 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358 --- diff --git a/Makefile.am b/Makefile.am index 8783593..1b38e26 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,4 @@ -SUBDIRS = libbb libopkg src tests +SUBDIRS = libbb libopkg src tests utils HOST_CPU=@host_cpu@ BUILD_CPU=@build_cpu@ @@ -9,7 +9,6 @@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libopkg.pc -bin_SCRIPTS = update-alternatives interceptdir = $(datadir)/opkg/intercept intercept_DATA = intercept/ldconfig intercept/depmod intercept/update-modules diff --git a/configure.ac b/configure.ac index e9b264d..e71a5be 100644 --- a/configure.ac +++ b/configure.ac @@ -137,5 +137,6 @@ AC_OUTPUT( tests/Makefile src/Makefile libbb/Makefile + utils/Makefile libopkg.pc ) diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index 6acdc32..1d882a1 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -233,27 +233,48 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) #ifdef HAVE_GPGME int status = -1; gpgme_ctx_t ctx; - gpgme_data_t sig, text; + gpgme_data_t sig, text, key; gpgme_error_t err = -1; gpgme_verify_result_t result; gpgme_signature_t s; + char *trusted_path = NULL; err = gpgme_new (&ctx); if (err) return -1; + sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg"); + err = gpgme_data_new_from_file (&key, trusted_path, 1); + free (trusted_path); + if (err) + { + return -1; + } + err = gpgme_op_import (ctx, key); + if (err) + { + gpgme_data_release (key); + return -1; + } + gpgme_data_release (key); + err = gpgme_data_new_from_file (&sig, sig_file, 1); if (err) + { + gpgme_release (ctx); return -1; + } err = gpgme_data_new_from_file (&text, text_file, 1); if (err) + { + gpgme_data_release (sig); + gpgme_release (ctx); return -1; + } err = gpgme_op_verify (ctx, sig, text, NULL); - if (err) - return -1; result = gpgme_op_verify_result (ctx); if (!result) @@ -269,6 +290,7 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) s = s->next; } + gpgme_data_release (sig); gpgme_data_release (text); gpgme_release (ctx); diff --git a/src/Makefile.am b/src/Makefile.am index 1fb3ec9..35aaa2a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,8 +1,9 @@ AM_CFLAGS = -I${top_srcdir}/libopkg ${ALL_CFLAGS} -bin_PROGRAMS = opkg-cl +bin_PROGRAMS = opkg-cl opkg-key opkg_cl_SOURCES = opkg-frontend.c opkg_cl_LDADD = $(top_builddir)/libopkg/libopkg.la \ $(top_builddir)/libbb/libbb.la - +opkg_key_SOURCES = opkg-key.c +opkg_key_LDADD = $(GPGME_LIBS) diff --git a/update-alternatives b/update-alternatives deleted file mode 100755 index 4983e19..0000000 --- a/update-alternatives +++ /dev/null @@ -1,189 +0,0 @@ -#!/bin/sh -# update-alternatives -# -# Copyright (C) 2001 Carl D. Worth -# -# This program was inspired by the Debian update-alternatives program -# which is Copyright (C) 1995 Ian Jackson. This version of -# update-alternatives is command-line compatible with Debian's for a -# subset of the options, (only --install, --remove, and --help) -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -set -e - -# admin dir -ad="$OPKG_OFFLINE_ROOT/usr/lib/opkg/alternatives" - -usage() { - echo "update-alternatives: $* - -Usage: update-alternatives --install - update-alternatives --remove - update-alternatives --help - is the link pointing to the provided path (ie. /usr/bin/foo). - is the name in $ad/alternatives (ie. foo) - is the name referred to (ie. /usr/bin/foo-extra-spiffy) - is an integer; options with higher numbers are chosen. -" >&2 - exit 2 -} - -quit() { - echo "update-alternatives: $*" >&2 - exit 2 -} - -register_alt() { - [ $# -lt 2 ] && return 1 - local name="$1" - local link="$2" - - if [ ! -d $ad ]; then - mkdir -p $ad - fi - - if [ -e "$ad/$name" ]; then - local olink=`head -n 1 $ad/$name` - if [ "$link" != "$olink" ]; then - echo "update-alternatives: Error: cannot register alternative $name to $link since it is already registered to $olink" >&2 - return 1 - fi - else - echo "$link" > "$ad/$name" - fi - - return 0 -} - -protect_slashes() { - sed -e 's/\//\\\//g' -} - -remove_alt() { - [ $# -lt 2 ] && return 1 - local name="$1" - local path="$2" - - [ ! -f $ad/$name ] && return 0 - - path=`echo $path | protect_slashes` - sed -ne "/^$path\>.*/!p" $ad/$name > $ad/$name.new - mv $ad/$name.new $ad/$name -} - -add_alt() { - [ $# -lt 3 ] && return 1 - local name="$1" - local path="$2" - local priority="$3" - remove_alt $name $path - echo "$path $priority" >> $ad/$name -} - -find_best_alt() { - [ $# -lt 1 ] && return 1 - [ ! -f $ad/$name ] && return 0 - - link=$OPKG_OFFLINE_ROOT/`head -n 1 $ad/$name` - -## path=`sed -ne "1!p" $ad/$name | sort -nr -k2 | head -1 | sed 's/ .*//'` -## busybox safe: - path=`sed -ne "1!p" $ad/$name | sed -e "s/\(.*\) \(.*\)/\2 \1/g" | sort -nr | head -n 1 | sed 's/[^ ]* //'` - if [ -z "$path" ]; then - echo "update-alternatives: removing $link as no more alternatives exist for it" - rm $ad/$name - if [ -L $link ]; then - rm $link - fi - return 0 - fi - - if [ ! -e $link -o -L $link ]; then - local link_dir=`dirname $link` - if [ ! -d $link_dir ]; then - mkdir -p $link_dir - fi - ln -sf $path $link - echo "update-alternatives: Linking $link to $path" - else - echo "update-alternatives: Error: not linking $link to $path since $link exists and is not a link" - return 1 - fi - - return 0 -} - -do_install() { - if [ $# -lt 4 ]; then - usage "--install needs " - fi - local link="$1" - local name="$2" - local path="$3" - local priority="$4" - - path=`echo $path | sed 's|/\+|/|g'` - - # This is a bad hack, but I haven't thought of a cleaner solution yet... - [ -n "$OPKG_OFFLINE_ROOT" ] && path=`echo $path | sed "s|^$OPKG_OFFLINE_ROOT/*|/|"` - - register_alt $name $link - add_alt $name $path $priority - find_best_alt $name -} - -do_remove() { - if [ $# -lt 2 ]; then - usage "--remove needs " - fi - local name="$1" - local path="$2" - - path=`echo $path | sed 's|/\+|/|g'` - - # This is a bad hack, but I haven't thought of a cleaner solution yet... - [ -n "$OPKG_OFFLINE_ROOT" ] && path=`echo $path | sed "s|^$OPKG_OFFLINE_ROOT/*|/|"` - - remove_alt $name $path - find_best_alt $name -} - -### -# update-alternatives "main" -### - -while [ $# -gt 0 ]; do - arg="$1" - shift - - case $arg in - --help) - usage "help:" - exit 0 - ;; - --install) - do_install $* - exit $? - ;; - --remove) - do_remove $* - exit $? - ;; - *) - usage "unknown argument \`$arg'" - ;; - esac -done - -usage "at least one of --install or --remove must appear" - -exit 0 diff --git a/utils/Makefile.am b/utils/Makefile.am new file mode 100644 index 0000000..7019e4b --- /dev/null +++ b/utils/Makefile.am @@ -0,0 +1 @@ +bin_SCRIPTS = update-alternatives opkg-key diff --git a/utils/opkg-key b/utils/opkg-key new file mode 100755 index 0000000..266bb66 --- /dev/null +++ b/utils/opkg-key @@ -0,0 +1,74 @@ +#!/bin/sh + +# Based on apt-key from apt-0.6.25 +# Licensed under GPL Version 2 + +set -e + +usage() { + echo "Usage: opkg-key [options] command [arguments]" + echo + echo "Manage opkg's list of trusted keys" + echo + echo " opkg-key add - add the key contained in ('-' for stdin)" + echo " opkg-key del - remove the key " + echo " opkg-key list - list keys" + echo + echo "Options:" + echo " -o Use as the offline root directory" + echo +} + +if [ "$1" = "-o" ]; then + ROOT=$2 + shift 2 + echo "Note: using \"$ROOT\" as root path" +else + ROOT="" +fi + +command="$1" +if [ -z "$command" ]; then + usage + exit 1 +fi +shift + +if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then + echo >&2 "Warning: gnupg does not seem to be installed." + echo >&2 "Warning: opkg-key requires gnupg for most operations." + echo >&2 +fi + +# We don't use a secret keyring, of course, but gpg panics and +# implodes if there isn't one available + +GPG="gpg --no-options --no-default-keyring --keyring $ROOT/etc/opkg/trusted.gpg --secret-keyring $ROOT/etc/opkg/secring.gpg --trustdb-name $ROOT/etc/opkg/trustdb.gpg" + +case "$command" in + add) + $GPG --quiet --batch --import "$1" + echo "OK" + ;; + del|rm|remove) + $GPG --quiet --batch --delete-key --yes "$1" + echo "OK" + ;; + list) + $GPG --batch --list-keys + ;; + finger*) + $GPG --batch --fingerprint + ;; + adv*) + echo "Executing: $GPG $*" + $GPG $* + ;; + help) + usage + ;; + *) + usage + exit 1 + ;; +esac diff --git a/utils/update-alternatives b/utils/update-alternatives new file mode 100755 index 0000000..4983e19 --- /dev/null +++ b/utils/update-alternatives @@ -0,0 +1,189 @@ +#!/bin/sh +# update-alternatives +# +# Copyright (C) 2001 Carl D. Worth +# +# This program was inspired by the Debian update-alternatives program +# which is Copyright (C) 1995 Ian Jackson. This version of +# update-alternatives is command-line compatible with Debian's for a +# subset of the options, (only --install, --remove, and --help) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +set -e + +# admin dir +ad="$OPKG_OFFLINE_ROOT/usr/lib/opkg/alternatives" + +usage() { + echo "update-alternatives: $* + +Usage: update-alternatives --install + update-alternatives --remove + update-alternatives --help + is the link pointing to the provided path (ie. /usr/bin/foo). + is the name in $ad/alternatives (ie. foo) + is the name referred to (ie. /usr/bin/foo-extra-spiffy) + is an integer; options with higher numbers are chosen. +" >&2 + exit 2 +} + +quit() { + echo "update-alternatives: $*" >&2 + exit 2 +} + +register_alt() { + [ $# -lt 2 ] && return 1 + local name="$1" + local link="$2" + + if [ ! -d $ad ]; then + mkdir -p $ad + fi + + if [ -e "$ad/$name" ]; then + local olink=`head -n 1 $ad/$name` + if [ "$link" != "$olink" ]; then + echo "update-alternatives: Error: cannot register alternative $name to $link since it is already registered to $olink" >&2 + return 1 + fi + else + echo "$link" > "$ad/$name" + fi + + return 0 +} + +protect_slashes() { + sed -e 's/\//\\\//g' +} + +remove_alt() { + [ $# -lt 2 ] && return 1 + local name="$1" + local path="$2" + + [ ! -f $ad/$name ] && return 0 + + path=`echo $path | protect_slashes` + sed -ne "/^$path\>.*/!p" $ad/$name > $ad/$name.new + mv $ad/$name.new $ad/$name +} + +add_alt() { + [ $# -lt 3 ] && return 1 + local name="$1" + local path="$2" + local priority="$3" + remove_alt $name $path + echo "$path $priority" >> $ad/$name +} + +find_best_alt() { + [ $# -lt 1 ] && return 1 + [ ! -f $ad/$name ] && return 0 + + link=$OPKG_OFFLINE_ROOT/`head -n 1 $ad/$name` + +## path=`sed -ne "1!p" $ad/$name | sort -nr -k2 | head -1 | sed 's/ .*//'` +## busybox safe: + path=`sed -ne "1!p" $ad/$name | sed -e "s/\(.*\) \(.*\)/\2 \1/g" | sort -nr | head -n 1 | sed 's/[^ ]* //'` + if [ -z "$path" ]; then + echo "update-alternatives: removing $link as no more alternatives exist for it" + rm $ad/$name + if [ -L $link ]; then + rm $link + fi + return 0 + fi + + if [ ! -e $link -o -L $link ]; then + local link_dir=`dirname $link` + if [ ! -d $link_dir ]; then + mkdir -p $link_dir + fi + ln -sf $path $link + echo "update-alternatives: Linking $link to $path" + else + echo "update-alternatives: Error: not linking $link to $path since $link exists and is not a link" + return 1 + fi + + return 0 +} + +do_install() { + if [ $# -lt 4 ]; then + usage "--install needs " + fi + local link="$1" + local name="$2" + local path="$3" + local priority="$4" + + path=`echo $path | sed 's|/\+|/|g'` + + # This is a bad hack, but I haven't thought of a cleaner solution yet... + [ -n "$OPKG_OFFLINE_ROOT" ] && path=`echo $path | sed "s|^$OPKG_OFFLINE_ROOT/*|/|"` + + register_alt $name $link + add_alt $name $path $priority + find_best_alt $name +} + +do_remove() { + if [ $# -lt 2 ]; then + usage "--remove needs " + fi + local name="$1" + local path="$2" + + path=`echo $path | sed 's|/\+|/|g'` + + # This is a bad hack, but I haven't thought of a cleaner solution yet... + [ -n "$OPKG_OFFLINE_ROOT" ] && path=`echo $path | sed "s|^$OPKG_OFFLINE_ROOT/*|/|"` + + remove_alt $name $path + find_best_alt $name +} + +### +# update-alternatives "main" +### + +while [ $# -gt 0 ]; do + arg="$1" + shift + + case $arg in + --help) + usage "help:" + exit 0 + ;; + --install) + do_install $* + exit $? + ;; + --remove) + do_remove $* + exit $? + ;; + *) + usage "unknown argument \`$arg'" + ;; + esac +done + +usage "at least one of --install or --remove must appear" + +exit 0