Verify index-meta

This commit is contained in:
Piotr Wójcik 2019-10-01 21:18:25 +02:00 committed by Juan RP
parent ae26a83ad2
commit 09125769bd

View File

@ -62,7 +62,7 @@ xbps_repo_path_with_name(struct xbps_handle *xhp, const char *url, const char *n
} }
static bool static bool
repo_verify_index(struct xbps_repo *repo, unsigned char *digest) { repo_verify_index(struct xbps_repo *repo, xbps_dictionary_t idxmeta, unsigned char *digest) {
bool verified = false; bool verified = false;
unsigned char *sig_buf = NULL; unsigned char *sig_buf = NULL;
size_t sigfilelen = 0; size_t sigfilelen = 0;
@ -86,7 +86,7 @@ repo_verify_index(struct xbps_repo *repo, unsigned char *digest) {
if (sig_buf == NULL) { if (sig_buf == NULL) {
return false; return false;
} }
verified = xbps_verify_digest_signature(repo, sig_buf, sigfilelen, digest); verified = xbps_verify_digest_signature(repo, idxmeta, sig_buf, sigfilelen, digest);
free(sig_buf); free(sig_buf);
return verified; return verified;
@ -97,7 +97,7 @@ repo_get_dict(struct xbps_repo *repo, bool *verified)
{ {
struct archive_entry *entry; struct archive_entry *entry;
int rv; int rv;
xbps_dictionary_t dict; xbps_dictionary_t dict, idxmeta;
char *bytes = NULL; char *bytes = NULL;
unsigned char *digest = NULL; unsigned char *digest = NULL;
@ -115,11 +115,11 @@ repo_get_dict(struct xbps_repo *repo, bool *verified)
return NULL; return NULL;
} }
dict = xbps_archive_get_dictionary(repo->ar, entry, &bytes); dict = xbps_archive_get_dictionary(repo->ar, entry, &bytes);
if (verified != NULL && idxmeta = (repo->idxmeta != NULL) ? repo->idxmeta : dict;
bytes != NULL && if (verified != NULL && bytes != NULL) {
(digest = xbps_buffer_hash_raw(bytes, strlen(bytes))) != NULL && digest = xbps_buffer_hash_raw(bytes, strlen(bytes));
repo_verify_index(repo, digest)) *verified = repo_verify_index(repo, idxmeta, digest);
*verified = true; }
free(digest); free(digest);
free(bytes); free(bytes);
return dict; return dict;
@ -213,7 +213,7 @@ repo_open_local(struct xbps_repo *repo, const char *repofile)
return false; return false;
} }
xbps_dictionary_make_immutable(repo->idx); xbps_dictionary_make_immutable(repo->idx);
repo->idxmeta = repo_get_dict(repo, NULL); repo->idxmeta = repo_get_dict(repo, &verified);
if (repo->idxmeta != NULL) { if (repo->idxmeta != NULL) {
if (xbps_dictionary_get_cstring_nocopy(repo->idxmeta, "signature-type", &signature_type)) if (xbps_dictionary_get_cstring_nocopy(repo->idxmeta, "signature-type", &signature_type))
repo->is_signed = true; repo->is_signed = true;