emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libxbps: ABI/API break due to hash function changes

Browse Source
This commit is contained in:
Duncan Overbruck
2020-02-10 01:54:52 +01:00
parent aa4d726dca
commit 0d90534236
18 changed files with 141 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
bin/xbps-create/main.c
View File

@@ -55,7 +55,8 @@ struct xentry {
TAILQ_ENTRY(xentry) entries;
uint64_t mtime;
uint64_t size;
char *file, *type, *target, *hash;
char *file, *type, *target;
char sha256[XBPS_SHA256_SIZE];
ino_t inode;
};
@@ -317,6 +318,7 @@ ftw_cb(const char *fpath, const struct stat *sb, const struct dirent *dir UNUSED
xbps_dictionary_t fileinfo = NULL;
const char *filep = NULL;
char *buf, *p, *p2, *dname;
char sha256[XBPS_SHA256_SIZE];
ssize_t r;
/* Ignore metadata files generated by xbps-src and destdir */
@@ -480,12 +482,9 @@ ftw_cb(const char *fpath, const struct stat *sb, const struct dirent *dir UNUSED
}
assert(xe->type);
if ((p = xbps_file_hash(fpath)) == NULL)
die("failed to process hash for %s:", fpath);
xbps_dictionary_set_cstring(fileinfo, "sha256", p);
free(p);
if ((xe->hash = xbps_file_hash(fpath)) == NULL)
if (!xbps_file_sha256(xe->sha256, sizeof sha256, fpath))
die("failed to process hash for %s:", fpath);
xbps_dictionary_set_cstring(fileinfo, "sha256", xe->sha256);
xbps_dictionary_set_uint64(fileinfo, "inode", sb->st_ino);
xe->inode = sb->st_ino;
@@ -607,8 +606,8 @@ process_xentry(const char *key, const char *mutable_files)
xbps_dictionary_set_cstring(d, "file", p);
if (xe->target)
xbps_dictionary_set_cstring(d, "target", xe->target);
if (xe->hash)
xbps_dictionary_set_cstring(d, "sha256", xe->hash);
if (*xe->sha256)
xbps_dictionary_set_cstring(d, "sha256", xe->sha256);
if (xe->mtime)
xbps_dictionary_set_uint64(d, "mtime", xe->mtime);
if (xe->size)

14
bin/xbps-digest/main.c
View File

@@ -53,7 +53,7 @@ int
main(int argc, char **argv)
{
int c;
char *hash = NULL;
char sha256[XBPS_SHA256_SIZE];
const char *mode = NULL, *progname = argv[0];
const struct option longopts[] = {
{ NULL, 0, NULL, 0 }
@@ -84,23 +84,19 @@ main(int argc, char **argv)
}
if (argc < 1) {
hash = xbps_file_hash("/dev/stdin");
if (hash == NULL)
if (!xbps_file_sha256(sha256, sizeof sha256, "/dev/stdin"))
exit(EXIT_FAILURE);
printf("%s\n", hash);
free(hash);
printf("%s\n", sha256);
} else {
for (int i = 0; i < argc; i++) {
hash = xbps_file_hash(argv[i]);
if (hash == NULL) {
if (!xbps_file_sha256(sha256, sizeof sha256, argv[i])) {
fprintf(stderr,
"%s: couldn't get hash for %s (%s)\n",
progname, argv[i], strerror(errno));
exit(EXIT_FAILURE);
}
printf("%s\n", hash);
free(hash);
printf("%s\n", sha256);
}
}
exit(EXIT_SUCCESS);

16
bin/xbps-fetch/main.c
View File

@@ -138,13 +138,13 @@ main(int argc, char **argv)
}
for (int i = 0; i < argc; i++) {
unsigned char *digest = NULL;
unsigned char digest[XBPS_SHA256_DIGEST_SIZE];
if (i > 0 || !filename)
filename = fname(argv[i]);
if (shasum) {
rv = xbps_fetch_file_dest_digest(&xh, argv[i], filename, verbose ? "v" : "", &digest);
rv = xbps_fetch_file_dest_sha256(&xh, argv[i], filename, verbose ? "v" : "", digest, sizeof digest);
} else {
rv = xbps_fetch_file_dest(&xh, argv[i], filename, verbose ? "v" : "");
}
@@ -153,15 +153,19 @@ main(int argc, char **argv)
fprintf(stderr, "%s: %s\n", argv[i], xbps_fetch_error_string());
} else if (rv == 0) {
fprintf(stderr, "%s: file is identical with remote.\n", argv[i]);
if (shasum)
digest = xbps_file_hash_raw(filename);
if (shasum) {
if (!xbps_file_sha256_raw(digest, sizeof digest, filename)) {
xbps_error_printf("%s: failed to hash libxbps: %s: %s\n",
progname, filename, strerror(rv));
*digest = '\0';
}
}
} else {
rv = 0;
}
if (digest != NULL) {
if (*digest) {
print_digest(digest, SHA256_DIGEST_LENGTH);
printf(" %s\n", filename);
free(digest);
}
}

2
bin/xbps-pkgdb/check.c
View File

@@ -102,7 +102,7 @@ check_pkg_integrity(struct xbps_handle *xhp,
free(buf);
return -1;
}
rv = xbps_file_hash_check(buf, sha256);
rv = xbps_file_sha256_check(buf, sha256);
free(buf);
if (rv == ENOENT) {
xbps_dictionary_remove(opkgd, "metafile-sha256");

6
bin/xbps-pkgdb/check_pkg_files.c
View File

@@ -99,9 +99,9 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
if (xhp->noextract && xbps_patterns_match(xhp->noextract, file))
continue;
path = xbps_xasprintf("%s/%s", xhp->rootdir, file);
xbps_dictionary_get_cstring_nocopy(obj,
"sha256", &sha256);
rv = xbps_file_hash_check(path, sha256);
xbps_dictionary_get_cstring_nocopy(obj,
"sha256", &sha256);
rv = xbps_file_sha256_check(path, sha256);
switch (rv) {
case 0:
if (check_file_mtime(obj, pkgname, path)) {

2
bin/xbps-remove/clean-cache.c
View File

@@ -72,7 +72,7 @@ cleaner_cb(struct xbps_handle *xhp, xbps_object_t obj,
if (repo_pkgd) {
xbps_dictionary_get_cstring_nocopy(repo_pkgd,
"filename-sha256", &rsha256);
if (xbps_file_hash_check(binpkg, rsha256) == 0) {
if (xbps_file_sha256_check(binpkg, rsha256) == 0) {
/* hash matched */
return 0;
}

7
bin/xbps-rindex/index-add.c
View File

@@ -252,7 +252,8 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force
*/
for (int i = args; i < argmax; i++) {
const char *arch = NULL, *pkg = argv[i];
char *sha256 = NULL, *pkgver = NULL;
char *pkgver = NULL;
char sha256[XBPS_SHA256_SIZE];
char pkgname[XBPS_NAME_SIZE];
assert(pkg);
@@ -331,7 +332,7 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force
* - filename-size
* - filename-sha256
*/
if ((sha256 = xbps_file_hash(pkg)) == NULL) {
if (!xbps_file_sha256(sha256, sizeof sha256, pkg)) {
xbps_object_release(binpkgd);
free(pkgver);
rv = EINVAL;
@@ -339,12 +340,10 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force
}
if (!xbps_dictionary_set_cstring(binpkgd, "filename-sha256", sha256)) {
xbps_object_release(binpkgd);
free(sha256);
free(pkgver);
rv = EINVAL;
goto out;
}
free(sha256);
if (stat(pkg, &st) == -1) {
xbps_object_release(binpkgd);
free(pkgver);

2
bin/xbps-rindex/index-clean.c
View File

@@ -77,7 +77,7 @@ idx_cleaner_cb(struct xbps_handle *xhp,
*/
xbps_dictionary_get_cstring_nocopy(obj,
"filename-sha256", &sha256);
if (xbps_file_hash_check(filen, sha256) != 0) {
if (xbps_file_sha256_check(filen, sha256) != 0) {
if (!xbps_pkg_name(pkgname, sizeof(pkgname), pkgver))
goto out;
xbps_dictionary_remove(dest, pkgname);

15
bin/xbps-rindex/sign.c
View File

@@ -97,25 +97,26 @@ static bool
rsa_sign_file(RSA *rsa, const char *file,
unsigned char **sigret, unsigned int *siglen)
{
unsigned char *sha256;
unsigned char digest[XBPS_SHA256_DIGEST_SIZE];
sha256 = xbps_file_hash_raw(file);
if(!sha256)
if (!xbps_file_sha256_raw(digest, sizeof digest, file))
return false;
if ((*sigret = calloc(1, RSA_size(rsa) + 1)) == NULL) {
free(sha256);
return false;
}
if (!RSA_sign(NID_sha1, sha256, SHA256_DIGEST_LENGTH,
/*
* XXX: NID_sha1 is wrong, doesn't make it any weaker
* but the ASN1 is wrong, OpenSSL/LibreSSL doesn't care.
* Other implementations like golang fail because of this.
*/
if (!RSA_sign(NID_sha1, digest, XBPS_SHA256_DIGEST_SIZE,
*sigret, siglen, rsa)) {
free(sha256);
free(*sigret);
return false;
}
free(sha256);
return true;
}

7
bin/xbps-uhelper/main.c
View File

@@ -285,19 +285,20 @@ main(int argc, char **argv)
printf("%s\n", XBPS_SYSDEFCONF_PATH);
} else if (strcmp(argv[0], "digest") == 0) {
char sha256[XBPS_SHA256_SIZE];
/* Prints SHA256 hashes for specified files */
if (argc < 2)
usage();
for (int i = 1; i < argc; i++) {
filename = xbps_file_hash(argv[i]);
if (filename == NULL) {
if (!xbps_file_sha256(sha256, sizeof sha256, argv[i])) {
fprintf(stderr,
"E: couldn't get hash for %s (%s)\n",
argv[i], strerror(errno));
exit(EXIT_FAILURE);
}
printf("%s\n", filename);
printf("%s\n", sha256);
}
} else if (strcmp(argv[0], "fetch") == 0) {
/* Fetch a file from specified URL */