Commit Graph

48 Commits

Author SHA1 Message Date
classabbyamp
406f109100 lib/, bin/: fix signature type, now called *.sig2
Since 8d5c48b, xbps has used a sha1 ASN1 prefix with a sha256 hash, and
as of openssl v3, openssl cares about this. This works around that in a
compatible way by moving to a second sig file, binpkg.sig2.

For xbps-remove -O and xbps-rindex -r, also clean up obselete .sig files.
2023-08-30 21:00:37 +02:00
classabbyamp
1271a3dbed bin/: use xbps logging functions more 2023-02-11 14:23:51 +01:00
Arsen Arsenović
1263b6607f
bin/xbps-rindex: fix a leak in load_rsa_privkey
Closes: #327 [via git-merge-pr]
2021-02-04 23:15:36 +01:00
Duncan Overbruck
44cd938115
Revert "Use shared LICENSE file for all xbps code."
This reverts commit be7d8cfaf1.

This commit missed some previous copyrights mentioned,
in general I think its better to have this per-file to
follow who wrote what and when.
2020-04-29 14:12:10 +02:00
Juan RP
be7d8cfaf1
Use shared LICENSE file for all xbps code. 2020-04-24 11:44:19 +02:00
Juan RP
debfcf1273
Use xbps_repo_release() where applicable. 2020-04-19 11:09:05 +02:00
Duncan Overbruck
0d90534236
libxbps: ABI/API break due to hash function changes 2020-02-10 13:32:17 +01:00
Juan RP
10b2f7b425
Revert "Preserve meta-index data on change of signing key"
This reverts commit ae26a83ad2.
2020-01-06 14:46:12 +01:00
Juan RP
b4fdc39e67
Revert "Sign repodata"
This reverts commit 04194f44c8.
2020-01-06 14:31:40 +01:00
Piotr Wójcik
ae26a83ad2 Preserve meta-index data on change of signing key 2019-11-02 11:53:14 +01:00
Piotr Wójcik
04194f44c8 Sign repodata 2019-11-02 11:53:14 +01:00
Juan RP
6c1759862e
xbps-rindex: added --compression option and set zstd by default.
Multiple compression formats are now supported for repodata,
none, gzip, bzip2, xz, lz4 and zstd.
2019-06-17 07:24:05 +02:00
Michael Gehring
5e4f445b90 bin/xbps-rindex: use xbps_file_hash_raw while signing
Fixes #243
2017-06-27 20:05:15 +02:00
Juan RP
0cff982e7b xbps-rindex/sign: simplify. 2016-07-13 08:37:04 +02:00
Enno Boland
4d1ee3b01d xbps-rindex: check for consistent shlibs
When adding packages to the index, xbps-rindex will check if the
consistency of shlibs is broken by a package. If so, rindex will create
a stage file and commit the packages there. Once the consistency is restored,
rindex -a will commit the stage area back to the public repo and delete the
stage file.
2016-03-21 08:31:18 +01:00
Juan RP
83b5b357cb xbps-rindex/sign: fix a memleak found by clang-analyzer. 2015-12-21 17:16:00 +01:00
Juan RP
582de078f4 xbps-rindex/sign: ignore fstat(2) return value (CID #98679). 2015-07-26 08:21:00 +02:00
Juan RP
7d7f08b559 xbps-rindex/sign: fix a resource leak (CID #98687). 2015-07-26 08:12:22 +02:00
Juan RP
97c8eb0c36 xbps-rindex: fix a double close (CID #98694). 2015-07-26 07:59:16 +02:00
Juan RP
d86cece411 xbps-rindex(1): add support to sign specific pkgs, not the whole repo.
See NEWS for more information.
2015-06-04 16:01:43 +02:00
Juan RP
9a16283575 Introduce xbps_repo_{un,}lock() to serialize write access to repodata.
We use a simple file lock that is created with O_CREAT|O_EXCL.
This should fix the concurrency issues with multiple processes
running xbps-rindex -a/-c on the same repository/arch combo.
2015-03-25 12:00:59 +01:00
Juan RP
b23855f692 xbps_repo_close: only unlock the file lock if repo was opened as such.
If xbps_repo_open() was called with the lock arg set, xbps_repo_close()
will now unlock the repo file lock, without the need to set it.

This avoids the need to always unlock the file lock even if it wasn't
locked previously. This also introduceds an ABI/API break, but this
way it's cleaner.
2015-01-11 09:11:38 +01:00
Juan RP
3afb9d709d Get rid of repodata index-files; the archive is now 8x smaller.
See the NEWS file for more information.
2014-11-13 17:09:43 +01:00
Juan RP
b96d1c9f4e bin/xbps-rindex/sign.c: CID 62699 (dereference NULL return value) 2014-10-05 13:20:18 +02:00
Juan RP
013731c502 Acquire/release a POSIX file lock on repository archives.
- xbps_repo_open() accepts a third argument (bool) to acquire a POSIX file
lock on the repository archive.
- xbps_repo_close() accepts a second argument (bool) to release a POSIX file
lock on the repository archive.

This avoids the issue of multiple xbps-rindex(8) processes being blocked
even for different repositories on the same architecture, resulting in
unnecessary contention.
2014-09-05 12:26:42 +02:00
Juan RP
dacbb2f22f Fixed some warnings reported by clang. 2014-04-20 10:02:54 +02:00
Juan RP
ee9479cc57 xbps-rindex: --sign bugfix to avoid garbage in the PEM RSA public key buffer. 2014-03-31 12:00:08 +02:00
Juan RP
9fe6b363d6 Revert "xbps-rindex: [sign] free pubkey data obj after externalizing index-meta."
This reverts commit 11e04685ef.
2014-02-06 16:34:59 +01:00
Juan RP
06b0f86ef4 Revert "xbps-rindex: [sign] pubkey buffer must be kept until index-meta is externalized too."
This reverts commit cbe05bd0f4.
2014-02-06 16:34:45 +01:00
Juan RP
cbe05bd0f4 xbps-rindex: [sign] pubkey buffer must be kept until index-meta is externalized too. 2014-02-06 12:26:17 +01:00
Juan RP
11e04685ef xbps-rindex: [sign] free pubkey data obj after externalizing index-meta.
Otherwise the externalization process might give unexpected results.
2014-02-06 11:52:36 +01:00
Juan RP
4f7385e4a6 xbps-rindex: switch named semaphore only for the target architecture. 2014-01-31 18:44:24 +01:00
Juan RP
f5e1fff93a xbps-rindex: use a POSIX named semaphore to avoid concurrency issues. 2014-01-31 11:35:31 +01:00
Juan RP
915b8b2557 bin/xbps-rindex/sign.c: fix a stupid typo. 2014-01-30 19:46:46 +01:00
Juan RP
ea26fb3d3f bin/xbps-rindex/sign.c: initialize var for strcmp(). 2014-01-30 19:33:14 +01:00
Juan RP
d08e76a386 Keep repo metadata if possible when updating repodata (xbps-rindex -a/-c).
API/ABI incompat changes, you've been warned.
2014-01-30 13:07:34 +01:00
Juan RP
7f5bd2f8a3 bin/xbps-rindex/sign.c: add 0.27 compat again. 2014-01-21 16:36:44 +01:00
Juan RP
72f37de770 Fix #29 (xbps-rindex does not sign repodata if no pkg has been signed) 2014-01-21 11:06:02 +01:00
Juan RP
23650f1c66 bin/xbps-rindex/sign.c: add 0.27 compat glue. 2014-01-03 10:53:55 +01:00
Juan RP
0a9522210a bin/xbps-rindex/sign.c: use access(2) to check if pkg signature exists. 2013-12-26 07:59:11 +01:00
Juan RP
e4b2193786 bin/xbps-rindex/sign.c: fix a -Wsign-compare warning. 2013-12-24 10:58:55 +01:00
Juan RP
ec0d38c469 Implement per pkg RSA signatures and on-demand repository access. 2013-12-24 10:43:55 +01:00
Juan RP
711f2ea7f5 bin/xbps-rindex/sign.c: fix a double free in error path found by clang-analyzer. 2013-12-11 12:39:15 +01:00
Juan RP
d98468515a Fix #25 correctly: compare against repo->signature. 2013-11-30 08:30:25 +01:00
Juan RP
e86f9def03 xbps-rindex: fix #25 (--sign unnecessarily regenerates <arch>-repodata). 2013-11-30 08:04:37 +01:00
Juan RP
43b9be6046 xbps-rindex(8): added support for XBPS_PASSPHRASE env var.
- XBPS_PASSPHRASE (if set) will be supplied as passphrase when signing repos.
- Use the default OpenSSL passphrase cb when loading the private key.
2013-10-12 09:55:03 +02:00
Juan RP
f3b0b19258 xbps-rindex: remove -c --clean mode and adapt to the new libxbps API.
- Removed -c --clean mode. It's not too useful and adds a considerable
  amount of gratuitous code. It takes almost the same time than
  adding all pkgs from scratch.

- When creating the repository data always add the meta plist at the
  2nd position in the archive, to optimize its access.

- Misc improvements.
2013-10-07 10:23:14 +02:00
Juan RP
8d5c48b861 Added support for the long awaited feature: RSA signed repositories. 2013-10-05 11:38:04 +02:00