Revert "Sign repodata"

This reverts commit 04194f44c8f952b038410d3eab44344e994af858.
This commit is contained in:
Juan RP 2020-01-06 14:31:40 +01:00
parent 9c61e341b1
commit b4fdc39e67
No known key found for this signature in database
GPG Key ID: AF19F6CB482F9368
8 changed files with 21 additions and 98 deletions

View File

@ -67,22 +67,21 @@
#define _XBPS_RINDEX "xbps-rindex"
/* From index-add.c */
int index_add(struct xbps_handle *, int, int, char **, bool, const char *, const char *);
int index_add(struct xbps_handle *, int, int, char **, bool, const char *);
/* From index-clean.c */
int index_clean(struct xbps_handle *, const char *, bool, const char *, const char *);
int index_clean(struct xbps_handle *, const char *, bool, const char *);
/* From remove-obsoletes.c */
int remove_obsoletes(struct xbps_handle *, const char *);
/* From sign.c */
int sign_buffer(const char *, unsigned int, const char *, unsigned char **, unsigned int *);
int sign_repo(struct xbps_handle *, const char *, const char *,
const char *, const char *);
int sign_pkgs(struct xbps_handle *, int, int, char **, const char *, bool);
/* From repoflush.c */
bool repodata_flush(struct xbps_handle *, const char *, const char *,
xbps_dictionary_t, xbps_dictionary_t, const char *, const char *);
xbps_dictionary_t, xbps_dictionary_t, const char *);
#endif /* !_XBPS_RINDEX_DEFS_H_ */

View File

@ -40,7 +40,7 @@
static bool
repodata_commit(struct xbps_handle *xhp, const char *repodir,
xbps_dictionary_t idx, xbps_dictionary_t meta, xbps_dictionary_t stage,
const char *compression, const char *privkey)
const char *compression)
{
xbps_object_iterator_t iter;
xbps_object_t keysym;
@ -172,8 +172,9 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir,
printf("stage: added `%s' (%s)\n", pkgver, arch);
}
xbps_object_iterator_release(iter);
rv = repodata_flush(xhp, repodir, "stagedata", stage, NULL, compression, privkey);
} else {
rv = repodata_flush(xhp, repodir, "stagedata", stage, NULL, compression);
}
else {
char *stagefile;
iter = xbps_dictionary_iterator(stage);
while ((keysym = xbps_object_iterator_next(iter))) {
@ -189,7 +190,7 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir,
stagefile = xbps_repo_path_with_name(xhp, repodir, "stagedata");
unlink(stagefile);
free(stagefile);
rv = repodata_flush(xhp, repodir, "repodata", idx, meta, compression, privkey);
rv = repodata_flush(xhp, repodir, "repodata", idx, meta, compression);
}
xbps_object_release(usedshlibs);
xbps_object_release(oldshlibs);
@ -197,7 +198,7 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir,
}
int
index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force, const char *compression, const char *privkey)
index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force, const char *compression)
{
xbps_dictionary_t idx, idxmeta, idxstage, binpkgd, curpkgd;
struct xbps_repo *repo = NULL, *stage = NULL;
@ -382,7 +383,7 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force
/*
* Generate repository data files.
*/
if (!repodata_commit(xhp, repodir, idx, idxmeta, idxstage, compression, privkey)) {
if (!repodata_commit(xhp, repodir, idx, idxmeta, idxstage, compression)) {
fprintf(stderr, "%s: failed to write repodata: %s\n",
_XBPS_RINDEX, strerror(errno));
goto out;

View File

@ -95,7 +95,7 @@ out:
static int
cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *repo,
const char *reponame, bool hashcheck, const char *compression, const char *privkey)
const char *reponame, bool hashcheck, const char *compression)
{
int rv = 0;
xbps_array_t allkeys;
@ -117,7 +117,7 @@ cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *rep
free(stagefile);
}
if (!xbps_dictionary_equals(dest, repo->idx)) {
if (!repodata_flush(xhp, repodir, reponame, dest, repo->idxmeta, compression, privkey)) {
if (!repodata_flush(xhp, repodir, reponame, dest, repo->idxmeta, compression)) {
rv = errno;
fprintf(stderr, "failed to write repodata: %s\n",
strerror(errno));
@ -136,7 +136,7 @@ cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *rep
* binary package cannot be read (unavailable, not enough perms, etc).
*/
int
index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck, const char *compression, const char *privkey)
index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck, const char *compression)
{
struct xbps_repo *repo, *stage;
char *rlockfname = NULL;
@ -168,11 +168,11 @@ index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck,
}
printf("Cleaning `%s' index, please wait...\n", repodir);
if ((rv = cleanup_repo(xhp, repodir, repo, "repodata", hashcheck, compression, privkey))) {
if ((rv = cleanup_repo(xhp, repodir, repo, "repodata", hashcheck, compression))) {
goto out;
}
if (stage) {
cleanup_repo(xhp, repodir, stage, "stagedata", hashcheck, compression, privkey);
cleanup_repo(xhp, repodir, stage, "stagedata", hashcheck, compression);
}
out:

View File

@ -155,9 +155,9 @@ main(int argc, char **argv)
}
if (add_mode)
rv = index_add(&xh, optind, argc, argv, force, compression, privkey);
rv = index_add(&xh, optind, argc, argv, force, compression);
else if (clean_mode)
rv = index_clean(&xh, argv[optind], hashcheck, compression, privkey);
rv = index_clean(&xh, argv[optind], hashcheck, compression);
else if (rm_mode)
rv = remove_obsoletes(&xh, argv[optind]);
else if (sign_mode)

View File

@ -40,14 +40,13 @@
bool
repodata_flush(struct xbps_handle *xhp, const char *repodir,
const char *reponame, xbps_dictionary_t idx, xbps_dictionary_t meta,
const char *compression, const char *privkey)
const char *compression)
{
struct archive *ar;
char *repofile, *tname, *buf;
unsigned char *sig = NULL;
const char *signature_type = NULL;
int rv, repofd = -1;
unsigned int siglen, buflen;
mode_t mask;
bool result;
@ -97,9 +96,8 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
rv = xbps_archive_append_buf(ar, buf, strlen(buf),
XBPS_REPOIDX, 0644, "root", "root");
free(buf);
if (rv != 0) {
if (rv != 0)
return false;
}
/* XBPS_REPOIDX_META */
if (meta == NULL) {
@ -116,8 +114,7 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
if (rv != 0)
return false;
if (xbps_dictionary_get_cstring_nocopy(meta, "signature-type", &signature_type))
{
if (xbps_dictionary_get_cstring_nocopy(meta, "signature-type", &signature_type)) {
rv = sign_buffer(buf, buflen, privkey, &sig, &siglen);
free(buf);
if (rv != 0) {

View File

@ -93,32 +93,6 @@ pubkey_from_privkey(RSA *rsa)
return buf;
}
static bool
rsa_sign_buffer(RSA *rsa, const char *buffer, unsigned int buflen,
unsigned char **sigret, unsigned int *siglen)
{
unsigned char *sha256;
sha256 = xbps_buffer_hash_raw(buffer, buflen);
if(!sha256)
return false;
if ((*sigret = calloc(1, RSA_size(rsa) + 1)) == NULL) {
free(sha256);
return false;
}
if (!RSA_sign(NID_sha1, sha256, SHA256_DIGEST_LENGTH,
*sigret, siglen, rsa)) {
free(sha256);
free(*sigret);
return false;
}
free(sha256);
return true;
}
static bool
rsa_sign_file(RSA *rsa, const char *file,
unsigned char **sigret, unsigned int *siglen)
@ -176,26 +150,6 @@ ssl_init(void)
SSL_library_init();
}
int
sign_buffer(const char *buffer, unsigned int buflen, const char *privkey, unsigned char **sig, unsigned int *sig_len)
{
RSA *rsa = NULL;
int rv = 0;
rsa = load_rsa_key(privkey);
if (!rsa_sign_buffer(rsa, buffer, buflen, sig, sig_len)) {
fprintf(stderr, "failed to sign buffer (%u bytes): %s\n", buflen, strerror(errno));
rv = EINVAL;
}
if (rsa) {
RSA_free(rsa);
rsa = NULL;
}
return rv;
}
int
sign_repo(struct xbps_handle *xhp, const char *repodir,
const char *privkey, const char *signedby, const char *compression)
@ -280,7 +234,7 @@ sign_repo(struct xbps_handle *xhp, const char *repodir,
_XBPS_RINDEX, strerror(errno));
goto out;
}
flush_failed = repodata_flush(xhp, repodir, "repodata", repo->idx, meta, compression, privkey);
flush_failed = repodata_flush(xhp, repodir, "repodata", repo->idx, meta, compression);
xbps_repo_unlock(rlockfd, rlockfname);
if (!flush_failed) {
fprintf(stderr, "failed to write repodata: %s\n", strerror(errno));

View File

@ -1858,18 +1858,6 @@ bool xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filele
*/
char *xbps_file_hash(const char *file);
/**
* Returns a raw byte buffer with the sha256 hash for the data specified
* in \a buffer of length \a len.
*
* @param[in] buffer Pointer to byte buffer.
* @param[in] len Length of data in buffer
* @return A pointer to a malloc(3)ed buffer, NULL otherwise and errno
* is set appropiately. The pointer should be free(3)d when it's no
* longer needed.
*/
unsigned char *xbps_buffer_hash_raw(const char *buffer, ssize_t len);
/**
* Returns a raw byte buffer with the sha256 hash for the file specified
* by \a file.

View File

@ -108,22 +108,6 @@ xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filelen)
return true;
}
unsigned char *
xbps_buffer_hash_raw(const char *buffer, ssize_t len)
{
unsigned char *digest;
SHA256_CTX sha256;
digest = malloc(SHA256_DIGEST_LENGTH);
assert(digest);
SHA256_Init(&sha256);
SHA256_Update(&sha256, buffer, len);
SHA256_Final(digest, &sha256);
return digest;
}
unsigned char *
xbps_file_hash_raw(const char *file)
{