Commit Graph

12 Commits

Author SHA1 Message Date
Piotr Wójcik
6cf1555398 Revert "libxbps: verify repodata signatures even if rootdir is unset."
This reverts commit be05118aa8.
2020-01-06 15:33:25 +01:00
Juan RP
d2208f91e0
Revert "Verify repodata signature"
This reverts commit a7830cf780.
2020-01-06 14:33:49 +01:00
Juan RP
be05118aa8
libxbps: verify repodata signatures even if rootdir is unset.
xbps-rindex(1) has a -r option that sets the remove mode,
due to the changes added to sign repodata we need to access
to the correct directory where repository public keys are
stored. This makes the code use `$PWD/keys` before falling
back to `metadir`.

Fixes the test suite to run with unprivileged users (non root).
2019-11-24 12:52:50 +01:00
Piotr Wójcik
a7830cf780 Verify repodata signature 2019-11-02 11:53:14 +01:00
Duncaen
6ed0c8c5c5 lib/verifysig.c: add xbps_verify_signature to verify signature against digest 2019-10-25 23:38:01 +02:00
Enno Boland
df97be6a54 lib/verifysig.c: use xbps_file_hash_raw()
instead of mmap'ing the source file, xbps_file_hash_raw is used
to generate a digest of the file.
2016-06-16 06:51:10 +02:00
Juan RP
769a997afb Introduce xbps_plist_{array,dictionary}_from_file().
Those are a wrapper around xbps_{array,dictionary}_internalize_from_zfile()
that prints a debugging msg when the plist file cannot be internalized.

Update xbps to use these wrappers.
2015-05-28 10:15:05 +02:00
Juan RP
aae88aa253 lib/verifysig.c: resource leak (CID 62727) 2014-10-05 07:27:13 +02:00
Juan RP
72cefcfc83 Introduce xbps_mmap_file() and use it in strategic points.
Rather than using a random buffer from stack or heap, and decide
what size to use, create a private memory mapped object...

This simplifies the code in lib/verifysig.c and xbps-create.
2014-09-27 13:00:34 +02:00
Juan RP
27f7bbd44d xbps_verify_file_signature: there's no repo->hexfp anymore, compute it instead. 2014-01-30 19:34:26 +01:00
Juan RP
d08e76a386 Keep repo metadata if possible when updating repodata (xbps-rindex -a/-c).
API/ABI incompat changes, you've been warned.
2014-01-30 13:07:34 +01:00
Juan RP
ec0d38c469 Implement per pkg RSA signatures and on-demand repository access. 2013-12-24 10:43:55 +01:00