Added support for the long awaited feature: RSA signed repositories.

bin/xbps-rindex/Makefile

@@ -3,5 +3,7 @@ TOPDIR = ../..
 
 BIN =	xbps-rindex
 OBJS =	main.o index-add.o index-clean.o remove-obsoletes.o repoflush.o
+OBJS += readpassphrase.o sign.o
+EXTRA_CFLAGS = -Wno-unused-result
 
 include $(TOPDIR)/mk/prog.mk

bin/xbps-rindex/defs.h

@@ -28,23 +28,6 @@
 
 #include <xbps.h>
 
-/* From index-add.c */
-int	index_add(struct xbps_handle *, int, char **, bool);
-
-/* From index-clean.c */
-int	index_clean(struct xbps_handle *, const char *);
-
-/* From index-files.c */
-int	index_files_add(struct xbps_handle *, int, char **);
-int	index_files_clean(struct xbps_handle *, const char *);
-
-/* From remove-obsoletes.c */
-int	remove_obsoletes(struct xbps_handle *, const char *);
-
-/* From repoflush.c */
-int	repodata_flush(struct xbps_handle *, const char *,
-		xbps_dictionary_t, xbps_dictionary_t);
-
 /* libarchive compat */
 #if ARCHIVE_VERSION_NUMBER >= 3000000
 
@@ -77,4 +60,41 @@ int	repodata_flush(struct xbps_handle *, const char *,
 
 #endif
 
+#ifndef __UNCONST
+#define __UNCONST(a)    ((void *)(unsigned long)(const void *)(a))
+#endif
+
+
+struct repodata {
+	struct archive *ar;
+	char *repofile;
+	char *tname;
+	int repofd;
+};
+
+/* From index-add.c */
+int	index_add(struct xbps_handle *, int, char **, bool);
+
+/* From index-clean.c */
+int	index_clean(struct xbps_handle *, const char *);
+
+/* From index-files.c */
+int	index_files_add(struct xbps_handle *, int, char **);
+int	index_files_clean(struct xbps_handle *, const char *);
+
+/* From remove-obsoletes.c */
+int	remove_obsoletes(struct xbps_handle *, const char *);
+
+/* From sign.c */
+int	sign_repo(struct xbps_handle *, const char *, const char *,
+		const char *);
+
+/* From readpass.c */
+char	*readpassphrase(const char *, char *, size_t, int);
+
+/* From repoflush.c */
+struct repodata *repodata_init(struct xbps_handle *xhp, const char *);
+int	repodata_add_buf(struct repodata *, const char *, const char *);
+void	repodata_flush(struct repodata *);
+
 #endif /* !_XBPS_RINDEX_DEFS_H_ */

bin/xbps-rindex/index-add.c

@@ -52,7 +52,7 @@ index_add(struct xbps_handle *xhp, int argc, char **argv, bool force)
 	const char *oldpkgver, *arch, *oldarch;
 	char *pkgver, *pkgname, *sha256, *repodir, *buf;
 	char *tmprepodir;
-	int rv, ret = 0;
+	int rv = 0, ret = 0;
 	bool flush = false, found = false;
 
 	idx = idxfiles = newpkgd = newpkgfilesd = curpkgd = NULL;
@@ -67,8 +67,8 @@ index_add(struct xbps_handle *xhp, int argc, char **argv, bool force)
 
 	repo = xbps_repo_open(xhp, repodir);
 	if (repo != NULL) {
-		idx = xbps_repo_get_plist(repo, XBPS_PKGINDEX);
-		idxfiles = xbps_repo_get_plist(repo, XBPS_PKGINDEX_FILES);
+		idx = xbps_repo_get_plist(repo, XBPS_REPOIDX);
+		idxfiles = xbps_repo_get_plist(repo, XBPS_REPOIDX_FILES);
 	}
 	if (idx == NULL)
 		idx = xbps_dictionary_create();
@@ -267,9 +267,19 @@ index_add(struct xbps_handle *xhp, int argc, char **argv, bool force)
 	 * Generate repository data file.
 	 */
 	if (flush) {
-		rv = repodata_flush(xhp, repodir, idx, idxfiles);
-		if (rv != 0)
-			return rv;
+		struct repodata *rd;
+		char *xml;
+
+		rd = repodata_init(xhp, repodir);
+		xml = xbps_dictionary_externalize(idx);
+		assert(idx);
+		rv = repodata_add_buf(rd, xml, XBPS_REPOIDX);
+		free(xml);
+		xml = xbps_dictionary_externalize(idxfiles);
+		assert(idx);
+		rv = repodata_add_buf(rd, xml, XBPS_REPOIDX_FILES);
+		free(xml);
+		repodata_flush(rd);
 	}
 	printf("index: %u packages registered.\n",
 	    xbps_dictionary_count(idx));
@@ -279,5 +289,5 @@ index_add(struct xbps_handle *xhp, int argc, char **argv, bool force)
 	xbps_object_release(idx);
 	xbps_object_release(idxfiles);
 
-	return 0;
+	return rv;
 }

bin/xbps-rindex/index-clean.c

@@ -71,7 +71,7 @@ idx_cleaner_cb(struct xbps_handle *xhp,
 		 * File can be read; check its hash.
 		 */
 		xbps_dictionary_get_cstring_nocopy(obj,
-		    "filename-sha256", &sha256);
+				"filename-sha256", &sha256);
 		if (xbps_file_hash_check(filen, sha256) != 0)
 			xbps_array_add_cstring_nocopy(cbd->array, pkgver);
 	}
@@ -80,7 +80,7 @@ idx_cleaner_cb(struct xbps_handle *xhp,
 }
 
 /*
- * Removes stalled pkg entries in repository's index.plist file, if any
+ * Removes stalled pkg entries in repository's XBPS_REPOIDX file, if any
  * binary package cannot be read (unavailable, not enough perms, etc).
  */
 int
@@ -102,8 +102,8 @@ index_clean(struct xbps_handle *xhp, const char *repodir)
 		fprintf(stderr, "index: cannot read repository data: %s\n", strerror(errno));
 		return -1;
 	}
-	idx = xbps_repo_get_plist(repo, XBPS_PKGINDEX);
-	idxfiles = xbps_repo_get_plist(repo, XBPS_PKGINDEX_FILES);
+	idx = xbps_repo_get_plist(repo, XBPS_REPOIDX);
+	idxfiles = xbps_repo_get_plist(repo, XBPS_REPOIDX_FILES);
 	xbps_repo_close(repo);
 	if (idx == NULL || idxfiles == NULL) {
 		fprintf(stderr, "incomplete repository data file!");
@@ -111,7 +111,7 @@ index_clean(struct xbps_handle *xhp, const char *repodir)
 	}
 	if (chdir(repodir) == -1) {
 		fprintf(stderr, "index: cannot chdir to %s: %s\n",
-		    repodir, strerror(errno));
+				repodir, strerror(errno));
 		return -1;
 	}
 	printf("Cleaning `%s' index, please wait...\n", repodir);
@@ -134,14 +134,25 @@ index_clean(struct xbps_handle *xhp, const char *repodir)
 	xbps_object_release(cbd.array);
 
 	if (flush) {
-		rv = repodata_flush(xhp, repodir, idx, idxfiles);
-		if (rv != 0)
-			return rv;
+		struct repodata *rd;
+		char *xml;
+
+		rd = repodata_init(xhp, repodir);
+		xml = xbps_dictionary_externalize(idx);
+		assert(idx);
+		rv = repodata_add_buf(rd, xml, XBPS_REPOIDX);
+		free(xml);
+		xml = xbps_dictionary_externalize(idxfiles);
+		assert(idx);
+		rv = repodata_add_buf(rd, xml, XBPS_REPOIDX_FILES);
+		free(xml);
+		repodata_flush(rd);
+
 	}
 	printf("index: %u packages registered.\n",
-	    xbps_dictionary_count(idx));
+			xbps_dictionary_count(idx));
 	printf("index-files: %u packages registered.\n",
-	    xbps_dictionary_count(idxfiles));
+			xbps_dictionary_count(idxfiles));
 
 	xbps_object_release(idx);
 	xbps_object_release(idxfiles);

bin/xbps-rindex/main.c

@@ -39,11 +39,14 @@ usage(bool fail)
 	    "OPTIONS\n"
 	    " -f --force                        Force mode to overwrite entry in add mode\n"
 	    " -h --help                         Show help usage\n"
-	    " -V --version                      Show XBPS version\n\n"
+	    " -V --version                      Show XBPS version\n"
+	    "    --privkey <key>                Path to the private key for signing\n"
+	    "    --signedby <string>            Signature details, i.e \"name <email>\"\n\n"
 	    "MODE\n"
 	    " -a --add <repodir/pkg> ...        Add package(s) to repository index\n"
 	    " -c --clean <repodir>              Cleans obsolete entries in repository index\n"
-	    " -r --remove-obsoletes <repodir>   Removes obsolete packages from repository\n\n");
+	    " -r --remove-obsoletes <repodir>   Removes obsolete packages from repository\n"
+	    " -s --sign <repodir>               Sign repository index\n\n");
 	exit(fail ? EXIT_FAILURE : EXIT_SUCCESS);
 }
 
@@ -58,14 +61,26 @@ main(int argc, char **argv)
 		{ "help", no_argument, NULL, 'h' },
 		{ "remove-obsoletes", no_argument, NULL, 'r' },
 		{ "version", no_argument, NULL, 'V' },
+		{ "privkey", required_argument, NULL, 0},
+		{ "signedby", required_argument, NULL, 1},
+		{ "sign", no_argument, NULL, 's'},
 		{ NULL, 0, NULL, 0 }
 	};
 	struct xbps_handle xh;
+	const char *privkey = NULL, *signedby = NULL;
 	int rv, c;
-	bool clean_mode = false, add_mode = false, rm_mode = false, force = false;
+	bool clean_mode, add_mode, rm_mode, sign_mode, force;
+
+	clean_mode = add_mode = rm_mode = sign_mode = force = false;
 
 	while ((c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) {
 		switch (c) {
+		case 0:
+			privkey = optarg;
+			break;
+		case 1:
+			signedby = optarg;
+			break;
 		case 'a':
 			add_mode = true;
 			break;
@@ -81,18 +96,22 @@ main(int argc, char **argv)
 		case 'r':
 			rm_mode = true;
 			break;
+		case 's':
+			sign_mode = true;
+			break;
 		case 'V':
 			printf("%s\n", XBPS_RELVER);
 			exit(EXIT_SUCCESS);
 		}
 	}
-	if ((argc == optind) || (!add_mode && !clean_mode && !rm_mode)) {
+	if ((argc == optind) || (!add_mode && !clean_mode && !rm_mode && !sign_mode)) {
 		usage(true);
 	} else if ((add_mode && (clean_mode || rm_mode)) ||
 		   (clean_mode && (add_mode || rm_mode)) ||
-		   (rm_mode && (add_mode || clean_mode))) {
-		fprintf(stderr, "Only one mode can be specified: add, clean "
-		    "or remove-obsoletes.\n");
+		   (rm_mode && (add_mode || clean_mode)) ||
+		   (sign_mode && (add_mode || clean_mode || rm_mode))) {
+		fprintf(stderr, "Only one mode can be specified: add, clean, "
+		    "remove-obsoletes or sign.\n");
 		exit(EXIT_FAILURE);
 	}
 
@@ -110,6 +129,8 @@ main(int argc, char **argv)
 		rv = index_clean(&xh, argv[optind]);
 	else if (rm_mode)
 		rv = remove_obsoletes(&xh, argv[optind]);
+	else if (sign_mode)
+		rv = sign_repo(&xh, argv[optind], privkey, signedby);
 
 	exit(rv ? EXIT_FAILURE : EXIT_SUCCESS);
 }

bin/xbps-rindex/readpassphrase.c

@@ -0,0 +1,123 @@
+/*	$NetBSD: readpassphrase.c,v 1.1 2009/06/07 22:38:47 christos Exp $	*/
+/*
+ * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+
+#include "defs.h"
+
+#define RPP_ECHO_OFF    0x00            /* Turn off echo (default). */
+#define RPP_ECHO_ON     0x01            /* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02            /* Fail if there is no tty. */
+#define RPP_FORCELOWER  0x04            /* Force input to lower case. */
+#define RPP_FORCEUPPER  0x08            /* Force input to upper case. */
+#define RPP_SEVENBIT    0x10            /* Strip the high bit from input. */
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+	struct termios term, oterm;
+	char ch, *p, *end;
+	int input, output;
+	sigset_t oset, nset;
+
+	/* I suppose we could alloc on demand in this case (XXX). */
+	if (bufsiz == 0) {
+		errno = EINVAL;
+		return(NULL);
+	}
+
+	/*
+	 * Read and write to /dev/tty if available.  If not, read from
+	 * stdin and write to stderr unless a tty is required.
+	 */
+	if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+		if (flags & RPP_REQUIRE_TTY) {
+			errno = ENOTTY;
+			return(NULL);
+		}
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	}
+
+	/*
+	 * We block SIGINT and SIGTSTP so the terminal is not left
+	 * in an inconsistent state (ie: no echo).  It would probably
+	 * be better to simply catch these though.
+	 */
+	sigemptyset(&nset);
+	sigaddset(&nset, SIGINT);
+	sigaddset(&nset, SIGTSTP);
+	(void)sigprocmask(SIG_BLOCK, &nset, &oset);
+
+	/* Turn off echo if possible. */
+	if (tcgetattr(input, &oterm) == 0) {
+		memcpy(&term, &oterm, sizeof(term));
+		if (!(flags & RPP_ECHO_ON) && (term.c_lflag & ECHO))
+			term.c_lflag &= ~ECHO;
+		(void)tcsetattr(input, TCSAFLUSH, &term);
+	} else {
+		memset(&term, 0, sizeof(term));
+		memset(&oterm, 0, sizeof(oterm));
+	}
+
+	(void)write(output, prompt, strlen(prompt));
+	end = buf + bufsiz - 1;
+	for (p = buf; read(input, &ch, 1) == 1 && ch != '\n' && ch != '\r';) {
+		if (p < end) {
+			if ((flags & RPP_SEVENBIT))
+				ch &= 0x7f;
+			if (isalpha((unsigned char)ch)) {
+				if ((flags & RPP_FORCELOWER))
+					ch = tolower((unsigned char)ch);
+				if ((flags & RPP_FORCEUPPER))
+					ch = toupper((unsigned char)ch);
+			}
+			*p++ = ch;
+		}
+	}
+	*p = '\0';
+	if (!(term.c_lflag & ECHO))
+		(void)write(output, "\n", 1);
+
+	/* Restore old terminal settings and signal mask. */
+	if (memcmp(&term, &oterm, sizeof(term)) != 0)
+		(void)tcsetattr(input, TCSAFLUSH, &oterm);
+	(void)sigprocmask(SIG_SETMASK, &oset, NULL);
+	if (input != STDIN_FILENO)
+		(void)close(input);
+
+	return(buf);
+}

bin/xbps-rindex/remove-obsoletes.c

@@ -119,7 +119,7 @@ remove_obsoletes(struct xbps_handle *xhp, const char *repodir)
 		}
 		return 0;
 	}
-	if ((repo->idx = xbps_repo_get_plist(repo, XBPS_PKGINDEX)) == NULL) {
+	if ((repo->idx = xbps_repo_get_plist(repo, XBPS_REPOIDX)) == NULL) {
 		xbps_repo_close(repo);
 		return -1;
 	}

bin/xbps-rindex/repoflush.c

@@ -37,58 +37,54 @@
 #include <xbps.h>
 #include "defs.h"
 
-int
-repodata_flush(struct xbps_handle *xhp, const char *repodir,
-	xbps_dictionary_t idx, xbps_dictionary_t idxfiles)
+struct repodata *
+repodata_init(struct xbps_handle *xhp, const char *repodir)
 {
-	struct archive *ar;
-	mode_t myumask;
-	char *repofile, *tname, *xml;
-	int repofd;
+	struct repodata *rd;
+
+	rd = malloc(sizeof(struct repodata));
+	assert(rd);
 
 	/* Create a tempfile for our repository archive */
-	repofile = xbps_repo_path(xhp, repodir);
-	tname = xbps_xasprintf("%s.XXXXXXXXXX", repofile);
-	if ((repofd = mkstemp(tname)) == -1)
-		return errno;
+	rd->repofile = xbps_repo_path(xhp, repodir);
+	rd->tname = xbps_xasprintf("%s.XXXXXXXXXX", rd->repofile);
+	if ((rd->repofd = mkstemp(rd->tname)) == -1) {
+		free(rd);
+		return NULL;
+	}
 
 	/* Create and write our repository archive */
-	ar = archive_write_new();
-	assert(ar);
-	archive_write_set_compression_gzip(ar);
-	archive_write_set_format_pax_restricted(ar);
-	archive_write_set_options(ar, "compression-level=9");
-	archive_write_open_fd(ar, repofd);
+	rd->ar = archive_write_new();
+	assert(rd->ar);
+	archive_write_set_compression_gzip(rd->ar);
+	archive_write_set_format_pax_restricted(rd->ar);
+	archive_write_set_options(rd->ar, "compression-level=9");
+	archive_write_open_fd(rd->ar, rd->repofd);
 
-	xml = xbps_dictionary_externalize(idx);
-	assert(xml);
-	if (xbps_archive_append_buf(ar, xml, strlen(xml),
-	    XBPS_PKGINDEX, 0644, "root", "root") != 0) {
-		free(xml);
-		return -1;
-	}
-	free(xml);
+	return rd;
+}
 
-	xml = xbps_dictionary_externalize(idxfiles);
-	assert(xml);
-	if (xbps_archive_append_buf(ar, xml, strlen(xml),
-	    XBPS_PKGINDEX_FILES, 0644, "root", "root") != 0) {
-		free(xml);
-		return -1;
-	}
-	free(xml);
+int
+repodata_add_buf(struct repodata *rd, const char *buf, const char *filename)
+{
+	return xbps_archive_append_buf(rd->ar, buf, strlen(buf),
+	    filename, 0644, "root", "root");
+}
 
-	archive_write_finish(ar);
+void
+repodata_flush(struct repodata *rd)
+{
+	mode_t myumask;
 
 	/* Write data to tempfile and rename */
-	fdatasync(repofd);
+	archive_write_finish(rd->ar);
+	fdatasync(rd->repofd);
 	myumask = umask(0);
 	(void)umask(myumask);
-	assert(fchmod(repofd, 0666 & ~myumask) != -1);
-	close(repofd);
-	rename(tname, repofile);
-	free(repofile);
-	free(tname);
-
-	return 0;
+	assert(fchmod(rd->repofd, 0666 & ~myumask) != -1);
+	close(rd->repofd);
+	rename(rd->tname, rd->repofile);
+	free(rd->repofile);
+	free(rd->tname);
+	free(rd);
 }

bin/xbps-rindex/sign.c

@@ -0,0 +1,231 @@
+/*-
+ * Copyright (c) 2013 Juan Romero Pardines.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <assert.h>
+
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/rsa.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
+
+#include "defs.h"
+
+static int
+password_cb(char *buf, int size)
+{
+	int len = 0;
+	char pass[BUFSIZ];
+
+	if (readpassphrase("Enter passphrase: ", pass, BUFSIZ, 0) == NULL)
+		return 0;
+
+	len = strlen(pass);
+
+	if (len <= 0)
+		return 0;
+	if (len > size)
+		len = size;
+
+	memset(buf, '\0', size);
+	memcpy(buf, pass, len);
+	memset(&pass, 0, BUFSIZ);
+
+	return len;
+}
+
+static RSA *
+load_rsa_privkey(const char *path)
+{
+	FILE *fp;
+	RSA *rsa = NULL;
+
+	if ((fp = fopen(path, "r")) == 0)
+		return NULL;
+
+	if ((rsa = RSA_new()) == NULL) {
+		fclose(fp);
+		return NULL;
+	}
+
+	rsa = PEM_read_RSAPrivateKey(fp, 0,
+			(pem_password_cb *)password_cb,
+			__UNCONST(path));
+	fclose(fp);
+	return rsa;
+}
+
+static char *
+pubkey_from_privkey(RSA *rsa)
+{
+	BIO *bp;
+	char *buf;
+
+	bp = BIO_new(BIO_s_mem());
+	assert(bp);
+
+	if (!PEM_write_bio_RSA_PUBKEY(bp, rsa)) {
+		fprintf(stderr, "error writing public key: %s\n",
+		    ERR_error_string(ERR_get_error(), NULL));
+		BIO_free(bp);
+		return NULL;
+	}
+	/* XXX (xtraeme) 8192 should be always enough? */
+	buf = malloc(8192);
+	assert(buf);
+	BIO_read(bp, buf, 8192);
+	BIO_free(bp);
+	ERR_free_strings();
+
+	return buf;
+}
+
+static RSA *
+rsa_sign_buf(const char *privkey, const char *buf,
+	 unsigned char **sigret, unsigned int *siglen)
+{
+	SHA256_CTX context;
+	RSA *rsa;
+	unsigned char sha256[SHA256_DIGEST_LENGTH];
+
+	ERR_load_crypto_strings();
+	SSL_load_error_strings();
+	OpenSSL_add_all_algorithms();
+	OpenSSL_add_all_ciphers();
+	OpenSSL_add_all_digests();
+
+	rsa = load_rsa_privkey(privkey);
+	if (rsa == NULL) {
+		fprintf(stderr, "can't load private key from %s\n", privkey);
+		return NULL;
+	}
+
+	SHA256_Init(&context);
+	SHA256_Update(&context, buf, strlen(buf));
+	SHA256_Final(sha256, &context);
+
+	*sigret = calloc(1, RSA_size(rsa) + 1);
+	if (RSA_sign(NID_sha1, sha256, sizeof(sha256),
+				*sigret, siglen, rsa) == 0) {
+		fprintf(stderr, "%s: %s\n", privkey,
+		    ERR_error_string(ERR_get_error(), NULL));
+		return NULL;
+	}
+	return rsa;
+}
+
+int
+sign_repo(struct xbps_handle *xhp, const char *repodir,
+	const char *privkey, const char *signedby)
+{
+	RSA *rsa = NULL;
+	struct repodata *rd;
+	struct xbps_repo *repo;
+	xbps_dictionary_t idx, meta;
+	xbps_data_t data;
+	unsigned int siglen;
+	unsigned char *sig;
+	char *buf, *xml, *defprivkey = NULL;
+	int rv = 0;
+
+	if (signedby == NULL) {
+		fprintf(stderr, "--signedby unset! cannot sign repository\n");
+		return -1;
+	}
+	/*
+	 * Check that repository index exists and not empty, otherwise bail out.
+	 */
+	repo = xbps_repo_open(xhp, repodir);
+	if (repo == NULL) {
+		fprintf(stderr, "cannot read repository data: %s\n", strerror(errno));
+		return -1;
+	}
+	idx = xbps_repo_get_plist(repo, XBPS_REPOIDX);
+	xbps_repo_close(repo);
+	if (xbps_dictionary_count(idx) == 0) {
+		fprintf(stderr, "invalid number of objects in repository index!\n");
+		return -1;
+	}
+	/*
+	 * Externalize the index and then sign it.
+	 */
+	xml = xbps_dictionary_externalize(idx);
+	if (xml == NULL) {
+		fprintf(stderr, "failed to externalize repository index: %s\n", strerror(errno));
+		xbps_object_release(idx);
+		return -1;
+	}
+	/*
+	 * If privkey not set, default to ~/.ssh/id_rsa.
+	 */
+	if (privkey == NULL)
+		defprivkey = xbps_xasprintf("%s/.ssh/id_rsa", getenv("HOME"));
+	else
+		defprivkey = strdup(privkey);
+
+	rsa = rsa_sign_buf(defprivkey, xml, &sig, &siglen);
+	if (rsa == NULL) {
+		free(xml);
+		return -1;
+	}
+	/*
+	 * Prepare the XBPS_REPOMETA for our repository data.
+	 */
+	meta = xbps_dictionary_create();
+	xbps_dictionary_set_cstring_nocopy(meta, "signature-by", signedby);
+	xbps_dictionary_set_cstring_nocopy(meta, "signature-type", "rsa");
+	data = xbps_data_create_data_nocopy(sig, siglen);
+	xbps_dictionary_set(meta, "signature", data);
+
+	buf = pubkey_from_privkey(rsa);
+	assert(buf);
+	data = xbps_data_create_data_nocopy(buf, strlen(buf));
+	xbps_dictionary_set(meta, "public-key", data);
+	xbps_dictionary_set_uint16(meta, "public-key-size", RSA_size(rsa) * 8);
+
+	/*
+	 * and finally write our repodata file!
+	 */
+	rd = repodata_init(xhp, repodir);
+	assert(rd);
+	xml = xbps_dictionary_externalize(idx);
+	assert(xml);
+	rv = repodata_add_buf(rd, xml, XBPS_REPOIDX);
+	free(xml);
+	xml = xbps_dictionary_externalize(meta);
+	assert(xml);
+	rv = repodata_add_buf(rd, xml, XBPS_REPOMETA);
+	free(xml);
+	repodata_flush(rd);
+	free(buf);
+	RSA_free(rsa);
+
+	return rv;
+}

bin/xbps-rindex/xbps-rindex.8

@@ -1,4 +1,4 @@
-.Dd August 18, 2013
+.Dd October 5, 2013
 .Os Void Linux
 .Dt xbps-rindex 8
 .Sh NAME
@@ -38,6 +38,17 @@ Removes obsolete packages from
 .Ar repository .
 Packages that are not currently registered in repository's index will
 be removed (out of date, invalid archives, etc).
+.It Sy -s, --sign
+Signs a repository with your specified RSA key. If
+.Fl --privkey
+argument not set, it defaults to
+.Sy ~/.ssh/id_rsa .
+.It Sy --signedby Ar string
+This is required to sign a repository, use something like
+.Ar name <email> .
+.It Sy --privkey Ar key
+Path to the private RSA key to sign the repository. If unset, defaults to
+.Sy ~/.ssh/id_rsa .
 .Sh ENVIRONMENT
 .Bl -tag -width XBPS_TARGET_ARCH
 .It Sy XBPS_TARGET_ARCH