From be05118aa8adb9f2520c679c8649ce76eea28858 Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Sun, 24 Nov 2019 12:52:50 +0100
Subject: [PATCH] libxbps: verify repodata signatures even if rootdir is unset.

xbps-rindex(1) has a -r option that sets the remove mode,
due to the changes added to sign repodata we need to access
to the correct directory where repository public keys are
stored. This makes the code use `$PWD/keys` before falling
back to `metadir`.

Fixes the test suite to run with unprivileged users (non root).
---
 lib/verifysig.c                     | 10 +++++++---
 tests/xbps/xbps-rindex/sign_test.sh | 26 +++++++++++---------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/lib/verifysig.c b/lib/verifysig.c
index e0ccbfab..a58a1154 100644
--- a/lib/verifysig.c
+++ b/lib/verifysig.c
@@ -77,8 +77,7 @@ xbps_verify_digest_signature(struct xbps_repo *repo, xbps_dictionary_t idxmeta,
 {
 	xbps_dictionary_t repokeyd = NULL;
 	xbps_data_t pubkey;
-	char *hexfp = NULL;
-	char *rkeyfile = NULL;
+	char *hexfp = NULL, *rkeyfile = NULL;
 	bool val = false;
 
 	if (!xbps_dictionary_count(idxmeta)) {
@@ -94,7 +93,12 @@ xbps_verify_digest_signature(struct xbps_repo *repo, xbps_dictionary_t idxmeta,
 	/*
 	 * Prepare repository RSA public key to verify fname signature.
 	 */
-	rkeyfile = xbps_xasprintf("%s/keys/%s.plist", repo->xhp->metadir, hexfp);
+	/* XXX: xbps-rindex does not set rootdir, use cwd and fallback to defaults otherwise */
+	rkeyfile = xbps_xasprintf("keys/%s.plist", hexfp);
+	if (access(rkeyfile, R_OK) == -1) {
+		free(rkeyfile);
+		rkeyfile = xbps_xasprintf("%s/keys/%s.plist", repo->xhp->metadir, hexfp);
+	}
 	repokeyd = xbps_plist_dictionary_from_file(repo->xhp, rkeyfile);
 	if (xbps_object_type(repokeyd) != XBPS_TYPE_DICTIONARY) {
 		xbps_dbg_printf(repo->xhp, "cannot read rkey data at %s: %s\n",
diff --git a/tests/xbps/xbps-rindex/sign_test.sh b/tests/xbps/xbps-rindex/sign_test.sh
index 4cee5cd2..d71602b6 100644
--- a/tests/xbps/xbps-rindex/sign_test.sh
+++ b/tests/xbps/xbps-rindex/sign_test.sh
@@ -1,14 +1,6 @@
 #! /usr/bin/env atf-sh
 # Test that xbps-rindex(1) signing repo metadata works as expected.
 
-get_resources() {
-	mkdir -p root/var/db/xbps/keys
-	mkdir -p /var/db/xbps/keys
-	cp $(atf_get_srcdir)/data/id_xbps .
-	cp $(atf_get_srcdir)/data/bd:75:21:4e:40:06:97:5e:72:31:40:6e:9e:08:a8:ae.plist root/var/db/xbps/keys
-	cp $(atf_get_srcdir)/data/bd:75:21:4e:40:06:97:5e:72:31:40:6e:9e:08:a8:ae.plist /var/db/xbps/keys
-}
-
 atf_test_case sign
 
 sign_head() {
@@ -16,11 +8,13 @@ sign_head() {
 }
 
 sign_body() {
-	get_resources
+	cp $(atf_get_srcdir)/data/id_xbps .
 	# make pkg
 	mkdir -p some_repo pkg_A
 	touch pkg_A/file00
 	cd some_repo
+	mkdir -p keys
+	cp $(atf_get_srcdir)/data/bd:75:21:4e:40:06:97:5e:72:31:40:6e:9e:08:a8:ae.plist keys
 	xbps-create -A noarch -n foo-1.0_1 -s "foo pkg" ../pkg_A
 	atf_check_equal $? 0
 	# make repodata
@@ -29,14 +23,14 @@ sign_body() {
 	repodata=$(ls *-repodata)
 	atf_check_equal $(tar tf $repodata | wc -l) 2
 	# sign repodata
-	xbps-rindex -s $PWD --signedby test --privkey ../id_xbps
+	xbps-rindex -d -s $PWD --signedby test --privkey ../id_xbps
 	atf_check_equal $? 0
 	atf_check_equal $(tar tf $repodata | wc -l) 3
 	# update pkg
 	xbps-create -A noarch -n foo-1.1_1 -s "foo pkg" ../pkg_A
 	atf_check_equal $? 0
 	# update repodata
-	xbps-rindex -a $PWD/*.xbps --privkey ../id_xbps
+	xbps-rindex -d -a $PWD/*.xbps --privkey ../id_xbps
 	atf_check_equal $? 0
 	atf_check_equal $(tar tf $repodata | wc -l) 3
 }
@@ -48,11 +42,13 @@ verify_head() {
 }
 
 verify_body() {
-	get_resources
+	cp $(atf_get_srcdir)/data/id_xbps .
 	# make pkg
 	mkdir -p some_repo pkg_A
 	touch pkg_A/file00
 	cd some_repo
+	mkdir -p keys
+	cp $(atf_get_srcdir)/data/bd:75:21:4e:40:06:97:5e:72:31:40:6e:9e:08:a8:ae.plist keys
 	xbps-create -A noarch -n foo-1.0_1 -s "foo pkg" ../pkg_A
 	atf_check_equal $? 0
 	# make repodata
@@ -60,10 +56,10 @@ verify_body() {
 	atf_check_equal $? 0
 	repodata=$(ls *-repodata)
 	# sign repodata
-	xbps-rindex -s $PWD --signedby test --privkey ../id_xbps
+	xbps-rindex -d -s $PWD --signedby test --privkey ../id_xbps
 	atf_check_equal $? 0
 	# verify signature
-	xbps-install -nid --repository=$PWD foo 2>&1 | grep -q "some_repo/$repodata' signature passed."
+	xbps-install -r root -nid --repository=$PWD foo 2>&1 | grep -q "some_repo/$repodata' signature passed."
 	atf_check_equal $? 0
 	# modify what is signed
 	tar tf $repodata
@@ -75,7 +71,7 @@ verify_body() {
 	atf_check_equal $? 0
 	cd ..
 	# verify wrong signature
-	xbps-install -nid --repository=$PWD foo 2>&1 | grep -q "some_repo/$repodata' signature failed. Taking safe part."
+	xbps-install -r root -nid --repository=$PWD foo 2>&1 | grep -q "some_repo/$repodata' signature failed. Taking safe part."
 	atf_check_equal $? 0
 }