diff --git a/bin/xbps-rindex/defs.h b/bin/xbps-rindex/defs.h index bf808d1f..1545ed23 100644 --- a/bin/xbps-rindex/defs.h +++ b/bin/xbps-rindex/defs.h @@ -67,22 +67,21 @@ #define _XBPS_RINDEX "xbps-rindex" /* From index-add.c */ -int index_add(struct xbps_handle *, int, int, char **, bool, const char *, const char *); +int index_add(struct xbps_handle *, int, int, char **, bool, const char *); /* From index-clean.c */ -int index_clean(struct xbps_handle *, const char *, bool, const char *, const char *); +int index_clean(struct xbps_handle *, const char *, bool, const char *); /* From remove-obsoletes.c */ int remove_obsoletes(struct xbps_handle *, const char *); /* From sign.c */ -int sign_buffer(const char *, unsigned int, const char *, unsigned char **, unsigned int *); int sign_repo(struct xbps_handle *, const char *, const char *, const char *, const char *); int sign_pkgs(struct xbps_handle *, int, int, char **, const char *, bool); /* From repoflush.c */ bool repodata_flush(struct xbps_handle *, const char *, const char *, - xbps_dictionary_t, xbps_dictionary_t, const char *, const char *); + xbps_dictionary_t, xbps_dictionary_t, const char *); #endif /* !_XBPS_RINDEX_DEFS_H_ */ diff --git a/bin/xbps-rindex/index-add.c b/bin/xbps-rindex/index-add.c index 92c4b6de..d47d04b2 100644 --- a/bin/xbps-rindex/index-add.c +++ b/bin/xbps-rindex/index-add.c @@ -40,7 +40,7 @@ static bool repodata_commit(struct xbps_handle *xhp, const char *repodir, xbps_dictionary_t idx, xbps_dictionary_t meta, xbps_dictionary_t stage, - const char *compression, const char *privkey) + const char *compression) { xbps_object_iterator_t iter; xbps_object_t keysym; @@ -172,8 +172,9 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir, printf("stage: added `%s' (%s)\n", pkgver, arch); } xbps_object_iterator_release(iter); - rv = repodata_flush(xhp, repodir, "stagedata", stage, NULL, compression, privkey); - } else { + rv = repodata_flush(xhp, repodir, "stagedata", stage, NULL, compression); + } + else { char *stagefile; iter = xbps_dictionary_iterator(stage); while ((keysym = xbps_object_iterator_next(iter))) { @@ -189,7 +190,7 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir, stagefile = xbps_repo_path_with_name(xhp, repodir, "stagedata"); unlink(stagefile); free(stagefile); - rv = repodata_flush(xhp, repodir, "repodata", idx, meta, compression, privkey); + rv = repodata_flush(xhp, repodir, "repodata", idx, meta, compression); } xbps_object_release(usedshlibs); xbps_object_release(oldshlibs); @@ -197,7 +198,7 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir, } int -index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force, const char *compression, const char *privkey) +index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force, const char *compression) { xbps_dictionary_t idx, idxmeta, idxstage, binpkgd, curpkgd; struct xbps_repo *repo = NULL, *stage = NULL; @@ -382,7 +383,7 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force /* * Generate repository data files. */ - if (!repodata_commit(xhp, repodir, idx, idxmeta, idxstage, compression, privkey)) { + if (!repodata_commit(xhp, repodir, idx, idxmeta, idxstage, compression)) { fprintf(stderr, "%s: failed to write repodata: %s\n", _XBPS_RINDEX, strerror(errno)); goto out; diff --git a/bin/xbps-rindex/index-clean.c b/bin/xbps-rindex/index-clean.c index 0995527b..0160038c 100644 --- a/bin/xbps-rindex/index-clean.c +++ b/bin/xbps-rindex/index-clean.c @@ -95,7 +95,7 @@ out: static int cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *repo, - const char *reponame, bool hashcheck, const char *compression, const char *privkey) + const char *reponame, bool hashcheck, const char *compression) { int rv = 0; xbps_array_t allkeys; @@ -117,7 +117,7 @@ cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *rep free(stagefile); } if (!xbps_dictionary_equals(dest, repo->idx)) { - if (!repodata_flush(xhp, repodir, reponame, dest, repo->idxmeta, compression, privkey)) { + if (!repodata_flush(xhp, repodir, reponame, dest, repo->idxmeta, compression)) { rv = errno; fprintf(stderr, "failed to write repodata: %s\n", strerror(errno)); @@ -136,7 +136,7 @@ cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *rep * binary package cannot be read (unavailable, not enough perms, etc). */ int -index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck, const char *compression, const char *privkey) +index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck, const char *compression) { struct xbps_repo *repo, *stage; char *rlockfname = NULL; @@ -168,11 +168,11 @@ index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck, } printf("Cleaning `%s' index, please wait...\n", repodir); - if ((rv = cleanup_repo(xhp, repodir, repo, "repodata", hashcheck, compression, privkey))) { + if ((rv = cleanup_repo(xhp, repodir, repo, "repodata", hashcheck, compression))) { goto out; } if (stage) { - cleanup_repo(xhp, repodir, stage, "stagedata", hashcheck, compression, privkey); + cleanup_repo(xhp, repodir, stage, "stagedata", hashcheck, compression); } out: diff --git a/bin/xbps-rindex/main.c b/bin/xbps-rindex/main.c index 624ae452..fab83425 100644 --- a/bin/xbps-rindex/main.c +++ b/bin/xbps-rindex/main.c @@ -155,9 +155,9 @@ main(int argc, char **argv) } if (add_mode) - rv = index_add(&xh, optind, argc, argv, force, compression, privkey); + rv = index_add(&xh, optind, argc, argv, force, compression); else if (clean_mode) - rv = index_clean(&xh, argv[optind], hashcheck, compression, privkey); + rv = index_clean(&xh, argv[optind], hashcheck, compression); else if (rm_mode) rv = remove_obsoletes(&xh, argv[optind]); else if (sign_mode) diff --git a/bin/xbps-rindex/repoflush.c b/bin/xbps-rindex/repoflush.c index 82f312b4..c1ce25ae 100644 --- a/bin/xbps-rindex/repoflush.c +++ b/bin/xbps-rindex/repoflush.c @@ -40,14 +40,13 @@ bool repodata_flush(struct xbps_handle *xhp, const char *repodir, const char *reponame, xbps_dictionary_t idx, xbps_dictionary_t meta, - const char *compression, const char *privkey) + const char *compression) { struct archive *ar; char *repofile, *tname, *buf; unsigned char *sig = NULL; const char *signature_type = NULL; int rv, repofd = -1; - unsigned int siglen, buflen; mode_t mask; bool result; @@ -97,9 +96,8 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir, rv = xbps_archive_append_buf(ar, buf, strlen(buf), XBPS_REPOIDX, 0644, "root", "root"); free(buf); - if (rv != 0) { + if (rv != 0) return false; - } /* XBPS_REPOIDX_META */ if (meta == NULL) { @@ -116,8 +114,7 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir, if (rv != 0) return false; - if (xbps_dictionary_get_cstring_nocopy(meta, "signature-type", &signature_type)) - { + if (xbps_dictionary_get_cstring_nocopy(meta, "signature-type", &signature_type)) { rv = sign_buffer(buf, buflen, privkey, &sig, &siglen); free(buf); if (rv != 0) { diff --git a/bin/xbps-rindex/sign.c b/bin/xbps-rindex/sign.c index 96e028b9..549159c3 100644 --- a/bin/xbps-rindex/sign.c +++ b/bin/xbps-rindex/sign.c @@ -93,32 +93,6 @@ pubkey_from_privkey(RSA *rsa) return buf; } -static bool -rsa_sign_buffer(RSA *rsa, const char *buffer, unsigned int buflen, - unsigned char **sigret, unsigned int *siglen) -{ - unsigned char *sha256; - - sha256 = xbps_buffer_hash_raw(buffer, buflen); - if(!sha256) - return false; - - if ((*sigret = calloc(1, RSA_size(rsa) + 1)) == NULL) { - free(sha256); - return false; - } - - if (!RSA_sign(NID_sha1, sha256, SHA256_DIGEST_LENGTH, - *sigret, siglen, rsa)) { - free(sha256); - free(*sigret); - return false; - } - - free(sha256); - return true; -} - static bool rsa_sign_file(RSA *rsa, const char *file, unsigned char **sigret, unsigned int *siglen) @@ -176,26 +150,6 @@ ssl_init(void) SSL_library_init(); } -int -sign_buffer(const char *buffer, unsigned int buflen, const char *privkey, unsigned char **sig, unsigned int *sig_len) -{ - RSA *rsa = NULL; - int rv = 0; - - rsa = load_rsa_key(privkey); - if (!rsa_sign_buffer(rsa, buffer, buflen, sig, sig_len)) { - fprintf(stderr, "failed to sign buffer (%u bytes): %s\n", buflen, strerror(errno)); - rv = EINVAL; - } - - if (rsa) { - RSA_free(rsa); - rsa = NULL; - } - - return rv; -} - int sign_repo(struct xbps_handle *xhp, const char *repodir, const char *privkey, const char *signedby, const char *compression) @@ -280,7 +234,7 @@ sign_repo(struct xbps_handle *xhp, const char *repodir, _XBPS_RINDEX, strerror(errno)); goto out; } - flush_failed = repodata_flush(xhp, repodir, "repodata", repo->idx, meta, compression, privkey); + flush_failed = repodata_flush(xhp, repodir, "repodata", repo->idx, meta, compression); xbps_repo_unlock(rlockfd, rlockfname); if (!flush_failed) { fprintf(stderr, "failed to write repodata: %s\n", strerror(errno)); diff --git a/include/xbps.h.in b/include/xbps.h.in index 4814c58f..b550a781 100644 --- a/include/xbps.h.in +++ b/include/xbps.h.in @@ -1858,18 +1858,6 @@ bool xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filele */ char *xbps_file_hash(const char *file); -/** - * Returns a raw byte buffer with the sha256 hash for the data specified - * in \a buffer of length \a len. - * - * @param[in] buffer Pointer to byte buffer. - * @param[in] len Length of data in buffer - * @return A pointer to a malloc(3)ed buffer, NULL otherwise and errno - * is set appropiately. The pointer should be free(3)d when it's no - * longer needed. - */ -unsigned char *xbps_buffer_hash_raw(const char *buffer, ssize_t len); - /** * Returns a raw byte buffer with the sha256 hash for the file specified * by \a file. diff --git a/lib/util_hash.c b/lib/util_hash.c index e57bee7c..985e9063 100644 --- a/lib/util_hash.c +++ b/lib/util_hash.c @@ -108,22 +108,6 @@ xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filelen) return true; } -unsigned char * -xbps_buffer_hash_raw(const char *buffer, ssize_t len) -{ - unsigned char *digest; - SHA256_CTX sha256; - - digest = malloc(SHA256_DIGEST_LENGTH); - assert(digest); - - SHA256_Init(&sha256); - SHA256_Update(&sha256, buffer, len); - SHA256_Final(digest, &sha256); - - return digest; -} - unsigned char * xbps_file_hash_raw(const char *file) {