Revert "Sign repodata"

This reverts commit 04194f44c8.
2020-01-06 14:31:40 +01:00 · 2020-01-06 14:31:40 +01:00 · b4fdc39e67
commit b4fdc39e67
parent 9c61e341b1
8 changed files with 21 additions and 98 deletions
--- a/bin/xbps-rindex/defs.h
+++ b/bin/xbps-rindex/defs.h
@ -67,22 +67,21 @@
 #define _XBPS_RINDEX		"xbps-rindex"
 /* From index-add.c */
-int	index_add(struct xbps_handle *, int, int, char **, bool, const char *, const char *);
+int	index_add(struct xbps_handle *, int, int, char **, bool, const char *);
 /* From index-clean.c */
-int	index_clean(struct xbps_handle *, const char *, bool, const char *, const char *);
+int	index_clean(struct xbps_handle *, const char *, bool, const char *);
 /* From remove-obsoletes.c */
 int	remove_obsoletes(struct xbps_handle *, const char *);
 /* From sign.c */
 int sign_buffer(const char *, unsigned int, const char *, unsigned char **, unsigned int *);
 int	sign_repo(struct xbps_handle *, const char *, const char *,
 		const char *, const char *);
 int	sign_pkgs(struct xbps_handle *, int, int, char **, const char *, bool);
 /* From repoflush.c */
 bool	repodata_flush(struct xbps_handle *, const char *, const char *,
-		xbps_dictionary_t, xbps_dictionary_t, const char *, const char *);
+		xbps_dictionary_t, xbps_dictionary_t, const char *);
 #endif /* !_XBPS_RINDEX_DEFS_H_ */
--- a/bin/xbps-rindex/index-add.c
+++ b/bin/xbps-rindex/index-add.c
@ -40,7 +40,7 @@
 static bool
 repodata_commit(struct xbps_handle *xhp, const char *repodir,
 	xbps_dictionary_t idx, xbps_dictionary_t meta, xbps_dictionary_t stage,
-	const char *compression, const char *privkey)
+	const char *compression)
 {
 	xbps_object_iterator_t iter;
 	xbps_object_t keysym;
@ -172,8 +172,9 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir,
 			printf("stage: added `%s' (%s)\n", pkgver, arch);
 		}
 		xbps_object_iterator_release(iter);
-		rv = repodata_flush(xhp, repodir, "stagedata", stage, NULL, compression, privkey);
+		rv = repodata_flush(xhp, repodir, "stagedata", stage, NULL, compression);
-	} else {
+	}
 	else {
 		char *stagefile;
 		iter = xbps_dictionary_iterator(stage);
 		while ((keysym = xbps_object_iterator_next(iter))) {
@ -189,7 +190,7 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir,
 		stagefile = xbps_repo_path_with_name(xhp, repodir, "stagedata");
 		unlink(stagefile);
 		free(stagefile);
-		rv = repodata_flush(xhp, repodir, "repodata", idx, meta, compression, privkey);
+		rv = repodata_flush(xhp, repodir, "repodata", idx, meta, compression);
 	}
 	xbps_object_release(usedshlibs);
 	xbps_object_release(oldshlibs);
@ -197,7 +198,7 @@ repodata_commit(struct xbps_handle *xhp, const char *repodir,
 }
 int
-index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force, const char *compression, const char *privkey)
+index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force, const char *compression)
 {
 	xbps_dictionary_t idx, idxmeta, idxstage, binpkgd, curpkgd;
 	struct xbps_repo *repo = NULL, *stage = NULL;
@ -382,7 +383,7 @@ index_add(struct xbps_handle *xhp, int args, int argmax, char **argv, bool force
 	/*
 	 * Generate repository data files.
 	 */
-	if (!repodata_commit(xhp, repodir, idx, idxmeta, idxstage, compression, privkey)) {
+	if (!repodata_commit(xhp, repodir, idx, idxmeta, idxstage, compression)) {
 		fprintf(stderr, "%s: failed to write repodata: %s\n",
 				_XBPS_RINDEX, strerror(errno));
 		goto out;
--- a/bin/xbps-rindex/index-clean.c
+++ b/bin/xbps-rindex/index-clean.c
@ -95,7 +95,7 @@ out:
 static int
 cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *repo,
-	const char *reponame, bool hashcheck, const char *compression, const char *privkey)
+	const char *reponame, bool hashcheck, const char *compression)
 {
 	int rv = 0;
 	xbps_array_t allkeys;
@ -117,7 +117,7 @@ cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *rep
 		free(stagefile);
 	}
 	if (!xbps_dictionary_equals(dest, repo->idx)) {
-		if (!repodata_flush(xhp, repodir, reponame, dest, repo->idxmeta, compression, privkey)) {
+		if (!repodata_flush(xhp, repodir, reponame, dest, repo->idxmeta, compression)) {
 			rv = errno;
 			fprintf(stderr, "failed to write repodata: %s\n",
 			    strerror(errno));
@ -136,7 +136,7 @@ cleanup_repo(struct xbps_handle *xhp, const char *repodir, struct xbps_repo *rep
 * binary package cannot be read (unavailable, not enough perms, etc).
 */
 int
-index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck, const char *compression, const char *privkey)
+index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck, const char *compression)
 {
 	struct xbps_repo *repo, *stage;
 	char *rlockfname = NULL;
@ -168,11 +168,11 @@ index_clean(struct xbps_handle *xhp, const char *repodir, const bool hashcheck,
 	}
 	printf("Cleaning `%s' index, please wait...\n", repodir);
-	if ((rv = cleanup_repo(xhp, repodir, repo, "repodata", hashcheck, compression, privkey))) {
+	if ((rv = cleanup_repo(xhp, repodir, repo, "repodata", hashcheck, compression))) {
 		goto out;
 	}
 	if (stage) {
-		cleanup_repo(xhp, repodir, stage, "stagedata", hashcheck, compression, privkey);
+		cleanup_repo(xhp, repodir, stage, "stagedata", hashcheck, compression);
 	}
 out:
--- a/bin/xbps-rindex/main.c
+++ b/bin/xbps-rindex/main.c
@ -155,9 +155,9 @@ main(int argc, char **argv)
 	}
 	if (add_mode)
-		rv = index_add(&xh, optind, argc, argv, force, compression, privkey);
+		rv = index_add(&xh, optind, argc, argv, force, compression);
 	else if (clean_mode)
-		rv = index_clean(&xh, argv[optind], hashcheck, compression, privkey);
+		rv = index_clean(&xh, argv[optind], hashcheck, compression);
 	else if (rm_mode)
 		rv = remove_obsoletes(&xh, argv[optind]);
 	else if (sign_mode)
--- a/bin/xbps-rindex/repoflush.c
+++ b/bin/xbps-rindex/repoflush.c
@ -40,14 +40,13 @@
 bool
 repodata_flush(struct xbps_handle *xhp, const char *repodir,
 	const char *reponame, xbps_dictionary_t idx, xbps_dictionary_t meta,
-	const char *compression, const char *privkey)
+	const char *compression)
 {
 	struct archive *ar;
 	char *repofile, *tname, *buf;
 	unsigned char *sig = NULL;
 	const char *signature_type = NULL;
 	int rv, repofd = -1;
 	unsigned int siglen, buflen;
 	mode_t mask;
 	bool result;
@ -97,9 +96,8 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
 	rv = xbps_archive_append_buf(ar, buf, strlen(buf),
 	    XBPS_REPOIDX, 0644, "root", "root");
 	free(buf);
-	if (rv != 0) {
+	if (rv != 0)
 		return false;
 	}
 	/* XBPS_REPOIDX_META */
 	if (meta == NULL) {
@ -116,8 +114,7 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
 	if (rv != 0)
 		return false;
-	if (xbps_dictionary_get_cstring_nocopy(meta, "signature-type", &signature_type))
+	if (xbps_dictionary_get_cstring_nocopy(meta, "signature-type", &signature_type)) {
 	{
 		rv = sign_buffer(buf, buflen, privkey, &sig, &siglen);
 		free(buf);
 		if (rv != 0) {
--- a/bin/xbps-rindex/sign.c
+++ b/bin/xbps-rindex/sign.c
@ -93,32 +93,6 @@ pubkey_from_privkey(RSA *rsa)
 	return buf;
 }
 static bool
 rsa_sign_buffer(RSA *rsa, const char *buffer, unsigned int buflen,
 	 unsigned char **sigret, unsigned int *siglen)
 {
 	unsigned char *sha256;
 	sha256 = xbps_buffer_hash_raw(buffer, buflen);
 	if(!sha256)
 		return false;
 	if ((*sigret = calloc(1, RSA_size(rsa) + 1)) == NULL) {
 		free(sha256);
 		return false;
 	}
 	if (!RSA_sign(NID_sha1, sha256, SHA256_DIGEST_LENGTH,
 				*sigret, siglen, rsa)) {
 		free(sha256);
 		free(*sigret);
 		return false;
 	}
 	free(sha256);
 	return true;
 }
 static bool
 rsa_sign_file(RSA *rsa, const char *file,
 	 unsigned char **sigret, unsigned int *siglen)
@ -176,26 +150,6 @@ ssl_init(void)
 	SSL_library_init();
 }
 int
 sign_buffer(const char *buffer, unsigned int buflen, const char *privkey, unsigned char **sig, unsigned int *sig_len)
 {
 	RSA *rsa = NULL;
 	int rv = 0;
 	rsa = load_rsa_key(privkey);
 	if (!rsa_sign_buffer(rsa, buffer, buflen, sig, sig_len)) {
 		fprintf(stderr, "failed to sign buffer (%u bytes): %s\n", buflen, strerror(errno));
 		rv = EINVAL;
 	}
 	if (rsa) {
 		RSA_free(rsa);
 		rsa = NULL;
 	}
 	return rv;
 }
 int
 sign_repo(struct xbps_handle *xhp, const char *repodir,
 	const char *privkey, const char *signedby, const char *compression)
@ -280,7 +234,7 @@ sign_repo(struct xbps_handle *xhp, const char *repodir,
 		    _XBPS_RINDEX, strerror(errno));
 		goto out;
 	}
-	flush_failed = repodata_flush(xhp, repodir, "repodata", repo->idx, meta, compression, privkey);
+	flush_failed = repodata_flush(xhp, repodir, "repodata", repo->idx, meta, compression);
 	xbps_repo_unlock(rlockfd, rlockfname);
 	if (!flush_failed) {
 		fprintf(stderr, "failed to write repodata: %s\n", strerror(errno));
--- a/include/xbps.h.in
+++ b/include/xbps.h.in
@ -1858,18 +1858,6 @@ bool xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filele
 */
 char *xbps_file_hash(const char *file);
 /**
 * Returns a raw byte buffer with the sha256 hash for the data specified
 * in \a buffer of length \a len.
 *
 * @param[in] buffer Pointer to byte buffer.
 * @param[in] len Length of data in buffer
 * @return A pointer to a malloc(3)ed buffer, NULL otherwise and errno
 * is set appropiately. The pointer should be free(3)d when it's no
 * longer needed.
 */
 unsigned char *xbps_buffer_hash_raw(const char *buffer, ssize_t len);
 /**
 * Returns a raw byte buffer with the sha256 hash for the file specified
 * by \a file.
--- a/lib/util_hash.c
+++ b/lib/util_hash.c
@ -108,22 +108,6 @@ xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filelen)
 	return true;
 }
 unsigned char *
 xbps_buffer_hash_raw(const char *buffer, ssize_t len)
 {
 	unsigned char *digest;
 	SHA256_CTX sha256;
 	digest = malloc(SHA256_DIGEST_LENGTH);
 	assert(digest);
 	SHA256_Init(&sha256);
 	SHA256_Update(&sha256, buffer, len);
 	SHA256_Final(digest, &sha256);
 	return digest;
 }
 unsigned char *
 xbps_file_hash_raw(const char *file)
 {