emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Redo how the repository keys are stored.

Browse Source 
- Repository keys are now stored in a new directory on metadir (/var/db/xbps):

	<metadir>/key>

- Repository keys are stored with the hex fingerprint of its RSA
  public key in a plist dictionary:

	<metadir>/keys/xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.plist

- Drop xbps-rkeys(8) and merge its functionality into xbps-install(8) and
  xbps-query(8).

- xbps-query(8) -vL now shows some more details of remote repositories:

 3134 http://localhost:8000 (RSA signed, verified)
      Signed-by: Void Linux
      4096 60:ae:0c:d6:f0:95:17:80:bc:93:46:7a:89:af:a3:2d
   16 http://localhost:8000/nonfree (RSA signed, verified)
      Signed-by: Void Linux
      4096 60:ae:0c:d6:f0:95:17:80:bc:93:46:7a:89:af:a3:2d

Bump XBPS_API_VERSION.
This commit is contained in:
Juan RP
2013-11-18 16:05:46 +01:00
parent c9825feb29
commit 8882b0215f
22 changed files with 183 additions and 509 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/Makefile
View File

@@ -9,6 +9,5 @@ SUBDIRS += xbps-reconfigure
SUBDIRS += xbps-remove
SUBDIRS += xbps-rindex
SUBDIRS += xbps-uhelper
SUBDIRS += xbps-rkeys
include ../mk/subdir.mk

3
bin/xbps-create/xbps-create.8
View File

@@ -81,8 +81,7 @@ A list of required shared libraries, separated by a single blank. Example:
.Xr xbps-query 8 ,
.Xr xbps-reconfigure 8 ,
.Xr xbps-remove 8 ,
.Xr xbps-rindex 8 ,
.Xr xbps-rkeys 8
.Xr xbps-rindex 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS

17
bin/xbps-install/main.c
View File

@@ -76,6 +76,18 @@ unpack_progress_cb(struct xbps_unpack_cb_data *xpd, void *cbdata _unused)
xpd->entry_size);
}
static int
repo_import_key_cb(struct xbps_repo *repo, void *arg _unused, bool *done _unused)
{
int rv;
if ((rv = xbps_repo_key_import(repo)) != 0)
fprintf(stderr, "Failed to import pubkey from %s: %s\n",
repo->uri, strerror(rv));
return rv;
}
int
main(int argc, char **argv)
{
@@ -190,10 +202,13 @@ main(int argc, char **argv)
maxcols = get_maxcols();
/* Sync remote repository data by default */
/* Sync remote repository data and import keys from remote repos */
if (sync && !drun) {
if ((rv = xbps_rpool_sync(&xh, NULL)) != 0)
exit(rv);
rv = xbps_rpool_foreach(&xh, repo_import_key_cb, NULL);
if (rv != 0)
exit(rv);
}
if (sync && !update && (argc == optind))

9
bin/xbps-install/state_cb.c
View File

@@ -48,10 +48,10 @@ state_cb(struct xbps_state_cb_data *xscd, void *cbdata _unused)
switch (xscd->state) {
/* notifications */
case XBPS_STATE_REPO_SIGVERIFIED:
printf("[*] RSA signature verified correctly\n");
printf("[*] %s: RSA signature verified\n", xscd->arg);
break;
case XBPS_STATE_REPO_SIGUNVERIFIED:
printf("[*] RSA signature UNVERIFIED! ignoring...\n");
printf("[*] %s: RSA signature invalid! ignoring...\n", xscd->arg);
break;
case XBPS_STATE_TRANS_DOWNLOAD:
printf("\n[*] Downloading binary packages\n");
@@ -130,6 +130,11 @@ state_cb(struct xbps_state_cb_data *xscd, void *cbdata _unused)
"(rootdir: %s).", xscd->arg,
xscd->xhp->rootdir);
break;
case XBPS_STATE_REPO_KEY_IMPORT:
printf("%s\n", xscd->desc);
printf("Fingerprint: %s\n", xscd->arg);
rv = yesno("Do you want to import this public key?");
break;
/* errors */
case XBPS_STATE_UNPACK_FAIL:
case XBPS_STATE_UPDATE_FAIL:

3
bin/xbps-install/xbps-install.8
View File

@@ -110,8 +110,7 @@ Default cache directory to store downloaded binary packages.
.Xr xbps-query 8 ,
.Xr xbps-reconfigure 8 ,
.Xr xbps-remove 8 ,
.Xr xbps-rindex 8 ,
.Xr xbps-rkeys 8
.Xr xbps-rindex 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS

3
bin/xbps-pkgdb/xbps-pkgdb.8
View File

@@ -81,8 +81,7 @@ Default cache directory to store downloaded binary packages.
.Xr xbps-query 8 ,
.Xr xbps-reconfigure 8 ,
.Xr xbps-remove 8 ,
.Xr xbps-rindex 8 ,
.Xr xbps-rkeys 8
.Xr xbps-rindex 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS

9
bin/xbps-query/list.c
View File

@@ -160,11 +160,16 @@ repo_list_uri_cb(struct xbps_repo *repo, void *arg _unused, bool *done _unused)
repo->idx ? (ssize_t)xbps_dictionary_count(repo->idx) : -1,
repo->uri);
if (repo->is_remote) {
printf(" (RSA %s, %s)",
printf(" (RSA %s, %s)\n",
repo->is_signed ? "signed" : "unsigned",
repo->is_verified ? "verified" : "unverified");
if (repo->xhp->flags & XBPS_FLAG_VERBOSE) {
printf(" Signed-by: %s\n", repo->signedby);
printf(" %u %s\n", repo->pubkey_size, repo->hexfp);
}
} else {
printf("\n");
}
printf("\n");
return 0;
}

3
bin/xbps-query/xbps-query.8
View File

@@ -175,8 +175,7 @@ Default cache directory to store downloaded binary packages.
.Xr xbps-pkgdb 8 ,
.Xr xbps-reconfigure 8 ,
.Xr xbps-remove 8 ,
.Xr xbps-rindex 8 ,
.Xr xbps-rkeys 8
.Xr xbps-rindex 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS

3
bin/xbps-reconfigure/xbps-reconfigure.8
View File

@@ -65,8 +65,7 @@ Default cache directory to store downloaded binary packages.
.Xr xbps-pkgdb 8 ,
.Xr xbps-query 8 ,
.Xr xbps-remove 8 ,
.Xr xbps-rindex 8 ,
.Xr xbps-rkeys 8
.Xr xbps-rindex 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS

3
bin/xbps-remove/xbps-remove.8
View File

@@ -101,8 +101,7 @@ Default cache directory to store downloaded binary packages.
.Xr xbps-pkgdb 8 ,
.Xr xbps-query 8 ,
.Xr xbps-reconfigure 8 ,
.Xr xbps-rindex 8 ,
.Xr xbps-rkeys 8
.Xr xbps-rindex 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS

3
bin/xbps-rindex/xbps-rindex.8
View File

@@ -66,8 +66,7 @@ architecture.
.Xr xbps-pkgdb 8 ,
.Xr xbps-query 8 ,
.Xr xbps-reconfigure 8 ,
.Xr xbps-remove 8 ,
.Xr xbps-rkeys 8
.Xr xbps-remove 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS

7
bin/xbps-rkeys/Makefile
View File

@@ -1,7 +0,0 @@
TOPDIR = ../..
-include $(TOPDIR)/config.mk
BIN = xbps-rkeys
OBJS = main.o ../xbps-install/question.o ../xbps-install/fetch_cb.o
include $(TOPDIR)/mk/prog.mk

44
bin/xbps-rkeys/defs.h
View File

@@ -1,44 +0,0 @@
/*-
* Copyright (c) 2013 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _XBPS_RKEYS_DEFS_H_
#define _XBPS_RKEYS_DEFS_H_
#include <sys/time.h>
#include <xbps.h>
struct xferstat {
struct timeval start;
struct timeval last;
};
/* from xbps-install/fetch_cb.c */
void fetch_file_progress_cb(struct xbps_fetch_cb_data *, void *);
/* from xbps-install/question.c */
bool yesno(const char *, ...);
bool noyes(const char *, ...);
#endif /* !_XBPS_RKEYS_DEFS_H_ */

259
bin/xbps-rkeys/main.c
View File

@@ -1,259 +0,0 @@
/*-
* Copyright (c) 2013 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <getopt.h>
#include <assert.h>
#include <xbps.h>
#include "defs.h"
static void __attribute__((noreturn))
usage(bool fail)
{
fprintf(stdout,
"Usage: xbps-rkeys [OPTIONS] <MODE> [REPOURL...]\n\n"
"OPTIONS\n"
" -a --all Process all repositories in configuration file\n"
" -C --config <file> Full path to configuration file\n"
" -d --debug Debug mode shown to stderr\n"
" -h --help Print usage help\n"
" -r --rootdir <dir> Full path to rootdir\n"
" -V --version Show XBPS version\n\n"
"MODE\n"
" -i --import Import public RSA key(s)\n"
" -R --remove Remove public RSA key(s)\n"
" -s --show Show repository info\n");
exit(fail ? EXIT_FAILURE : EXIT_SUCCESS);
}
static void
print_hexfp(unsigned const char *fp)
{
unsigned int i, c, len;
len = strlen((const char *)fp);
for (i = 0; i < len; i++) {
fprintf(stdout, "%02x", fp[i]);
c = i + 1;
if (c < len)
fprintf(stdout, ":");
}
}
static int
state_cb(struct xbps_state_cb_data *xscd, void *cbd _unused)
{
int rv = 0;
switch (xscd->state) {
/* notifications */
case XBPS_STATE_REPO_KEY_IMPORT:
printf("%s\n", xscd->desc);
printf("Fingerprint: ");
print_hexfp((unsigned const char *)xscd->arg);
printf("\n");
rv = noyes("Do you want to import this public key?");
break;
case XBPS_STATE_REPOSYNC:
printf("[*] Downloading repository index `%s'...\n", xscd->arg);
break;
default:
xbps_dbg_printf(xscd->xhp,
"%s: unknown state %d\n", xscd->arg, xscd->state);
break;
}
return rv;
}
static int
repo_import_key_cb(struct xbps_repo *repo, void *arg _unused, bool *done _unused)
{
int rv;
rv = xbps_repo_key_import(repo);
if (rv != 0)
fprintf(stderr, "Failed to import pubkey from %s: %s\n", repo->uri, strerror(rv));
return rv;
}
static int
repo_info_cb(struct xbps_repo *repo, void *arg _unused, bool *done _unused)
{
xbps_dictionary_t rkeyd = NULL;
xbps_data_t rpubkey;
unsigned char *fp;
const char *signee;
uint16_t rpubkeysiz;
if (!repo->is_remote)
return 0;
printf("%s (%s, %s)\n", repo->uri,
repo->is_signed ? "RSA signed" : "unsigned",
repo->is_verified ? "verified" : "unverified");
rkeyd = xbps_dictionary_get(repo->xhp->repokeys, repo->uri);
if (xbps_object_type(rkeyd) == XBPS_TYPE_DICTIONARY) {
rpubkey = xbps_dictionary_get(rkeyd, "public-key");
assert(rpubkey);
xbps_dictionary_get_uint16(rkeyd, "public-key-size", &rpubkeysiz);
xbps_dictionary_get_cstring_nocopy(rkeyd, "signature-by", &signee);
printf(" Signed by: %s\n", signee);
printf(" %u ", rpubkeysiz);
fp = xbps_pubkey2fp(repo->xhp, rpubkey);
assert(fp);
print_hexfp(fp);
free(fp);
printf("\n");
}
return 0;
}
static int
repo_remove_key_cb(struct xbps_repo *repo, void *arg, bool *done _unused)
{
bool *flush = arg;
if (xbps_object_type(repo->xhp->repokeys) != XBPS_TYPE_DICTIONARY)
return 0;
xbps_dictionary_remove(repo->xhp->repokeys, repo->uri);
printf("Removed `%s' from storage.\n", repo->uri);
*flush = true;
return 0;
}
int
main(int argc, char **argv)
{
const char *shortopts = "aC:dhir:Rsv";
const struct option longopts[] = {
{ "all", no_argument, NULL, 'a' },
{ "config", required_argument, NULL, 'C' },
{ "debug", no_argument, NULL, 'd' },
{ "help", no_argument, NULL, 'h' },
{ "import", no_argument, NULL, 'i' },
{ "remove", no_argument, NULL, 'R' },
{ "show", no_argument, NULL, 's' },
{ "rootdir", required_argument, NULL, 'r' },
{ "version", no_argument, NULL, 'V' },
{ NULL, 0, NULL, 0 }
};
struct xbps_handle xh;
struct xferstat xfer;
char *rkeys;
const char *conffile = NULL, *rootdir = NULL;
int c, rv, flags = 0;
bool all, flush, import, remove, show;
all = import = remove = show = flush = false;
while ((c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) {
switch (c) {
case 'a':
all = true;
break;
case 'C':
conffile = optarg;
break;
case 'd':
flags |= XBPS_FLAG_DEBUG;
break;
case 'h':
usage(false);
/* NOTREACHED */
case 'i':
import = true;
break;
case 'R':
remove = true;
break;
case 'r':
rootdir = optarg;
break;
case 's':
show = true;
break;
case 'V':
printf("%s\n", XBPS_RELVER);
exit(EXIT_SUCCESS);
case '?':
default:
usage(true);
/* NOTREACHED */
}
}
if (!all && (argc == optind))
usage(true);
memset(&xh, 0, sizeof(xh));
xh.fetch_cb = fetch_file_progress_cb;
xh.fetch_cb_data = &xfer;
xh.state_cb = state_cb;
xh.rootdir = rootdir;
xh.conffile = conffile;
xh.flags = flags;
/* register specified repos */
if (!all) {
for (int i = optind; i < argc; i++) {
if (xh.repositories == NULL)
xh.repositories = xbps_array_create();
xbps_array_add_cstring_nocopy(xh.repositories, argv[i]);
}
}
/* initialize libxbps */
if ((rv = xbps_init(&xh)) != 0) {
xbps_error_printf("Failed to initialize libxbps: %s\n",
strerror(rv));
exit(EXIT_FAILURE);
}
if (import) {
/* Sync remote repodata first */
xbps_rpool_sync(&xh, NULL);
rv = xbps_rpool_foreach(&xh, repo_import_key_cb, NULL);
} else if (remove) {
rv = xbps_rpool_foreach(&xh, repo_remove_key_cb, &flush);
if (flush) {
rkeys = xbps_xasprintf("%s/%s", xh.metadir, XBPS_REPOKEYS);
xbps_dictionary_externalize_to_file(xh.repokeys, rkeys);
free(rkeys);
}
} else if (show) {
rv = xbps_rpool_foreach(&xh, repo_info_cb, NULL);
}
xbps_end(&xh);
exit(rv ? EXIT_FAILURE : EXIT_SUCCESS);
}

61
bin/xbps-rkeys/xbps-rkeys.8
View File

@@ -1,61 +0,0 @@
.Dd October 9, 2013
.Os Void Linux
.Dt xbps-rkeys 8
.Sh NAME
.Nm xbps-rkeys
.Nd XBPS utility to manage RSA public keys in remote repositories
.Sh SYNOPSYS
.Nm xbps-rkeys
.Op OPTIONS
.Op MODE
.Op REPOURL...
.Sh DESCRIPTION
The
.Nm
utility manages RSA public keys from remote repositories. A public key from a remote
repository can be imported and removed, last but not least there is an option to
show the repository information with details.
.Sh OPTIONS
.Bl -tag -width -x
.It Fl a, Fl -all
Processes all repositories specified in a configuration file.
.It Fl C, Fl -config Ar file
Specifies a full path to the XBPS configuration file.
.It Fl d, Fl -debug
Enables extra debugging shown to stderr.
.It Fl h, Fl -help
Show the help usage.
.It Fl r, Fl -rootdir Ar dir
Specifies a full path for the target root directory.
.It Fl V, Fl -version
Shows the XBPS version.
.Sh MODE
.Bl -tag -width -x
.It Fl i, Fl -import
Imports the RSA public key of target repository into the database.
Please double-check the fingerprint is the real one.
.It Fl R, Fl -remove
Removes the RSA public key (and its properties) of target repository from
the database.
.It Fl s, Fl -show
Shows information of the target signed repositories.
.Sh FILES
.Bl -tag -width /var/db/xbps/repokeys.plist
.It Ar /var/db/xbps/repokeys.plist
Default plist file to store repository public keys and its properties.
.Sh SEE ALSO
.Xr xbps-create 8 ,
.Xr xbps-dgraph 8 ,
.Xr xbps-install 8 ,
.Xr xbps-pkgdb 8 ,
.Xr xbps-query 8 ,
.Xr xbps-reconfigure 8 ,
.Xr xbps-remove 8 ,
.Xr xbps-rindex 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS
Probably, but I try to make this not happen. Use it under your own
responsability and enjoy your life.
.Pp
Report bugs in https://github.com/xtraeme/xbps/issues