diff options
| author | Marc Espie <espie@cvs.openbsd.org> | 2016-09-04 12:51:45 +0000 |
|---|---|---|
| committer | Marc Espie <espie@cvs.openbsd.org> | 2016-09-04 12:51:45 +0000 |
| commit | e3d0dd2530658a2ed25e4e17c3b8651be87a8540 (patch) | |
| tree | ded19d0dbfbd639830a13df8090ef31ede87349d /usr.sbin/pkg_add/OpenBSD | |
| parent | d14ad68a7271e66cd5866c99335865fb1827c536 (diff) | |
signature tracking bases: stored signed status inside object, so that
we don't erroneously get "signature" comments from unsigned packages.
force the gzip object to get its header.
So if it can't something wrong happened.
for now, we just know shit happened...
Diffstat (limited to 'usr.sbin/pkg_add/OpenBSD')
| -rw-r--r-- | usr.sbin/pkg_add/OpenBSD/PackageLocation.pm | 15 | ||||
| -rw-r--r-- | usr.sbin/pkg_add/OpenBSD/PackageRepository.pm | 49 |
2 files changed, 35 insertions, 29 deletions
diff --git a/usr.sbin/pkg_add/OpenBSD/PackageLocation.pm b/usr.sbin/pkg_add/OpenBSD/PackageLocation.pm index 3e7bf875bdc..932e8d29363 100644 --- a/usr.sbin/pkg_add/OpenBSD/PackageLocation.pm +++ b/usr.sbin/pkg_add/OpenBSD/PackageLocation.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: PackageLocation.pm,v 1.46 2016/09/04 12:08:49 espie Exp $ +# $OpenBSD: PackageLocation.pm,v 1.47 2016/09/04 12:51:44 espie Exp $ # # Copyright (c) 2003-2007 Marc Espie <espie@openbsd.org> # @@ -128,13 +128,9 @@ sub store_end_of_stream sub signing_info { my $self = shift; - my $comment; my $result = ""; - eval { - $comment = $self->{fh}->getHeaderInfo->{Comment}; - }; - if (defined $comment) { - for my $line (split /\n/, $comment) { + if ($self->{is_signed}) { + for my $line (split /\n/, $self->{fh}->getHeaderInfo->{Comment}) { if ($line =~ m/^key=.*\/(.*)\.sec$/) { $result .= "\@signer $1\n"; } elsif ($line =~ m/^date=(.*)$/) { @@ -152,9 +148,8 @@ sub find_contents while (my $e = $self->next) { if ($e->isFile && is_info_name($e->{name})) { if ($e->{name} eq CONTENTS ) { - # XXX not yet - #my $v = $self->signing_info.$e->contents($extra); - my $v = $e->contents($extra); + my $v = + $self->signing_info.$e->contents($extra); $self->store_end_of_stream; return $v; } diff --git a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm index 0a04627cc16..1695af195bf 100644 --- a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm +++ b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: PackageRepository.pm,v 1.126 2016/09/04 12:08:49 espie Exp $ +# $OpenBSD: PackageRepository.pm,v 1.127 2016/09/04 12:51:44 espie Exp $ # # Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org> # @@ -308,11 +308,17 @@ sub did_it_fork sub uncompress { my $self = shift; + my $object = shift; require IO::Uncompress::Gunzip; - return IO::Uncompress::Gunzip->new(@_, MultiStream => 1); + my $fh = IO::Uncompress::Gunzip->new(@_, MultiStream => 1); + if (!$fh->getHeaderInfo) { + print STDERR "Bad signed package ", + $self->url($object->{name}), "\n"; + } + return $fh; } -sub checksigpipe +sub signify_pipe { my $self = shift; CORE::open STDERR, ">", "/dev/null"; @@ -323,12 +329,17 @@ sub checksigpipe exit(1); } -sub checksigned +sub check_signed { - my $self = shift; + my ($self, $object) = @_; # XXX not yet return 0; -# return !$self->{state}->defines('unsigned'); + if ($self->{state}->defines('unsigned')) { + return 0; + } else { + $object->{is_signed} = 1; + return 1; + } } package OpenBSD::PackageRepository::Local; @@ -391,18 +402,18 @@ sub open_pipe if (defined $ENV{'PKG_CACHE'}) { $self->may_copy($object, $ENV{'PKG_CACHE'}); } - if ($self->checksigned) { + my $name = $self->relative_url($object->{name}); + if ($self->check_signed($object)) { my $pid = open(my $fh, "-|"); $self->did_it_fork($pid); if ($pid) { $object->{pid} = $pid; - return $self->uncompress($fh); + return $self->uncompress($object, $fh); } else { - $self->checksigpipe( "-x", - $self->relative_url($object->{name})); + $self->signify_pipe( "-x", $name); } } else { - return $self->uncompress($self->relative_url($object->{name})); + return $self->uncompress($object, $name); } } @@ -465,17 +476,17 @@ sub new sub open_pipe { my ($self, $object) = @_; - if ($self->checksigned) { + if ($self->check_signed($object)) { my $pid = open(my $fh, "-|"); $self->did_it_fork($pid); if ($pid) { $object->{pid} = $pid; - return $fh; + return $self->uncompress_signed($object, $fh); } else { - $self->checksigpipe; + $self->signify_pipe; } } else { - return $self->uncompress(\*STDIN); + return $self->uncompress($object, \*STDIN); } } @@ -614,7 +625,7 @@ sub open_pipe exit(0); } - if ($self->checksigned) { + if ($self->check_signed($object)) { my $pid = open(my $fh, "-|"); $self->did_it_fork($pid); if ($pid) { @@ -624,12 +635,12 @@ sub open_pipe open(STDIN, '<&', $rdfh) or $self->{state}->fatal("Bad dup: #1", $!); close($rdfh); - $self->checksigpipe; + $self->signify_pipe; } - return $self->uncompress($fh); + return $self->uncompress($object, $fh); } else { - return $self->uncompress($rdfh); + return $self->uncompress($object, $rdfh); } } |