Sign index-meta

2019-10-01 21:18:25 +02:00 · 2019-10-01 21:18:25 +02:00 · 381b7b7600
commit 381b7b7600
parent b4e93a95bf
3 changed files with 33 additions and 13 deletions
--- a/bin/xbps-rindex/repoflush.c
+++ b/bin/xbps-rindex/repoflush.c
@ -93,8 +93,7 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
 	buf = xbps_dictionary_externalize(idx);
 	if (buf == NULL)
 		return false;
-	buflen = strlen(buf);
-	rv = xbps_archive_append_buf(ar, buf, buflen,
+	rv = xbps_archive_append_buf(ar, buf, strlen(buf),
 	    XBPS_REPOIDX, 0644, "root", "root");
 	free(buf);
 	if (rv != 0) {
@ -110,12 +109,32 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
 	} else {
 		buf = xbps_dictionary_externalize(meta);
 	}
-	rv = xbps_archive_append_buf(ar, buf, strlen(buf),
+	buflen = strlen(buf);
+	rv = xbps_archive_append_buf(ar, buf, buflen,
 	    XBPS_REPOIDX_META, 0644, "root", "root");
-	free(buf);
 	if (rv != 0)
 		return false;

+	if (meta)
+	{
+		rv = sign_buffer(buf, buflen, privkey, &sig, &siglen);
+		free(buf);
+		if (rv != 0) {
+			free(sig);
+			return false;
+		}
+		assert(sig);
+		rv = xbps_archive_append_buf(ar, sig, siglen,
+		    XBPS_REPOIDXMETA_SIG, 0644, "root", "root");
+		if (rv != 0) {
+			free(sig);
+			return false;
+		}
+		free(sig);
+	} else {
+		free(buf);
+	}
+
 	/* Write data to tempfile and rename */
 	if (archive_write_close(ar) != ARCHIVE_OK)
 		return false;
--- a/include/xbps.h.in
+++ b/include/xbps.h.in
@ -116,18 +116,19 @@
 */
 #define XBPS_REPOIDX		"index.plist"

-/** 
- * @def XBPS_REPOIDX_SIG
- * Filename for the signature of repository index property list.
- */
-#define XBPS_REPOIDX_SIG	"index.plist.sig"
-
 /**
 * @def XBPS_REPOIDX_META
 * Filename for the repository index metadata property list.
 */
 #define XBPS_REPOIDX_META 	"index-meta.plist"

+/**
+ * @def XBPS_REPOIDXMETA_SIG
+ * Filename for the signature of repository index metadata
+ * property list.
+ */
+#define XBPS_REPOIDXMETA_SIG	"index-meta.plist.sig"
+
 /**
 * @def XBPS_FLAG_VERBOSE
 * Verbose flag that can be used in the function callbacks to alter
@ -1360,7 +1361,7 @@ struct xbps_repo {
 	xbps_dictionary_t idxmeta;
 	/**
 	 * @var uri
-	 * 
+	 *
 	 * URI string associated with repository.
 	 */
 	const char *uri;
--- a/lib/repo.c
+++ b/lib/repo.c
@ -75,9 +75,9 @@ repo_verify_index(struct xbps_repo *repo, unsigned char *digest) {
 		return false;
 	}

-	if (strcmp(archive_entry_pathname(entry), XBPS_REPOIDX_SIG) != 0) {
+	if (strcmp(archive_entry_pathname(entry), XBPS_REPOIDXMETA_SIG) != 0) {
 		xbps_dbg_printf(repo->xhp,
-		    "%s: no signature of %s\n", repo->uri, XBPS_REPOIDX);
+		    "%s: no signature of %s\n", repo->uri, XBPS_REPOIDX_META);
 		return false;
 	}