emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "Don't assume repodata is signed when has index-meta.plist"

Browse Source 
This reverts commit 4e3d4d228747a5e3c55863346568d5f3d8699c50.
This commit is contained in:
Juan RP 2020-01-06 14:45:57 +01:00
parent 68113a8fc0
commit 2884fc3ab7
No known key found for this signature in database
GPG Key ID: AF19F6CB482F9368
3 changed files with 3 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bin/xbps-rindex/repoflush.c
View File

@ -45,7 +45,6 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
struct archive *ar; struct archive *ar;
char *repofile, *tname, *buf; char *repofile, *tname, *buf;
unsigned char *sig = NULL; unsigned char *sig = NULL;
const char *signature_type = NULL;
int rv, repofd = -1; int rv, repofd = -1;
mode_t mask; mode_t mask;
bool result; bool result;

16
lib/plist_fetch.c
View File

@ -183,10 +183,6 @@ xbps_repo_fetch_remote(struct xbps_repo *repo, const char *url)
xbps_dictionary_t idxmeta_tmp = NULL; xbps_dictionary_t idxmeta_tmp = NULL;
size_t meta_signature_len = 0; size_t meta_signature_len = 0;
uint8_t i = 0; uint8_t i = 0;
bool verified = false;
const char *signature_type = NULL;
unsigned char *meta_digest = NULL;
unsigned char *meta_signature = NULL;
assert(url); assert(url);
assert(repo); assert(repo);
@ -221,17 +217,7 @@ xbps_repo_fetch_remote(struct xbps_repo *repo, const char *url)
} }
archive_read_finish(a); archive_read_finish(a);
verified = xbps_verify_digest_signature(repo, idxmeta_tmp, meta_signature, meta_signature_len, meta_digest); if (xbps_object_type(repo->idxmeta) == XBPS_TYPE_DICTIONARY)
if (verified) {
xbps_dbg_printf(repo->xhp, "Verification of repo's '%s' signature passed.\n", url);
} else {
xbps_warn_printf("Verification of repo's '%s' signature failed. Taking safe part.\n", url);
idxmeta_tmp = get_safe_idxmeta(idxmeta_tmp);
}
repo->idxmeta = idxmeta_tmp;
if (xbps_dictionary_get_cstring_nocopy(repo->idxmeta, "signature-type", &signature_type))
repo->is_signed = true; repo->is_signed = true;
if (xbps_object_type(repo->idx) == XBPS_TYPE_DICTIONARY) if (xbps_object_type(repo->idx) == XBPS_TYPE_DICTIONARY)

15
lib/repo.c
View File

@ -619,7 +619,6 @@ xbps_repo_key_import(struct xbps_repo *repo)
char *hexfp = NULL; char *hexfp = NULL;
char *p, *dbkeyd, *rkeyfile = NULL; char *p, *dbkeyd, *rkeyfile = NULL;
int import, rv = 0; int import, rv = 0;
bool has_signedby, has_pubkey_size, has_pubkey;
assert(repo); assert(repo);
/* /*
@ -640,18 +639,8 @@ xbps_repo_key_import(struct xbps_repo *repo)
xbps_dictionary_get_uint16(repo->idxmeta, "public-key-size", &pubkey_size); xbps_dictionary_get_uint16(repo->idxmeta, "public-key-size", &pubkey_size);
pubkey = xbps_dictionary_get(repo->idxmeta, "public-key"); pubkey = xbps_dictionary_get(repo->idxmeta, "public-key");
has_signedby = (signedby != NULL); if (signedby == NULL || pubkey_size == 0 ||
has_pubkey_size = (pubkey_size > 0); xbps_object_type(pubkey) != XBPS_TYPE_DATA) {
has_pubkey = (xbps_object_type(pubkey) == XBPS_TYPE_DATA);
if (!has_signedby && !has_pubkey_size && !has_pubkey)
{
xbps_dbg_printf(repo->xhp,
"[repo] `%s' unsigned repository with meta!\n", repo->uri);
return 0;
}
else if (!has_signedby || !has_pubkey_size || !has_pubkey)
{
xbps_dbg_printf(repo->xhp, xbps_dbg_printf(repo->xhp,
"[repo] `%s': incomplete signed repository " "[repo] `%s': incomplete signed repository "
"(missing objs)\n", repo->uri); "(missing objs)\n", repo->uri);