Keep repo metadata if possible when updating repodata (xbps-rindex -a/-c).
API/ABI incompat changes, you've been warned.
This commit is contained in:
Juan RP
@@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2008-2013 Juan Romero Pardines.
|
||||
* Copyright (c) 2008-2014 Juan Romero Pardines.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -156,15 +156,25 @@ list_pkgs_pkgdb(struct xbps_handle *xhp)
|
||||
static int
|
||||
repo_list_uri_cb(struct xbps_repo *repo, void *arg _unused, bool *done _unused)
|
||||
{
|
||||
const char *signedby, *hexfp;
|
||||
uint16_t pubkeysize;
|
||||
|
||||
printf("%5zd %s",
|
||||
repo->idx ? (ssize_t)xbps_dictionary_count(repo->idx) : -1,
|
||||
repo->uri);
|
||||
printf(" (RSA %s)\n", repo->is_signed ? "signed" : "unsigned");
|
||||
if (repo->xhp->flags & XBPS_FLAG_VERBOSE) {
|
||||
if (repo->signedby)
|
||||
printf(" Signed-by: %s\n", repo->signedby);
|
||||
if (repo->hexfp)
|
||||
printf(" %u %s\n", repo->pubkey_size, repo->hexfp);
|
||||
xbps_data_t pubkey;
|
||||
|
||||
xbps_dictionary_get_cstring_nocopy(repo->idxmeta, "signature-by", &signedby);
|
||||
xbps_dictionary_get_uint16(repo->idxmeta, "public-key-size", &pubkeysize);
|
||||
pubkey = xbps_dictionary_get(repo->idxmeta, "public-key");
|
||||
hexfp = xbps_pubkey2fp(repo->xhp, pubkey);
|
||||
|
||||
if (signedby)
|
||||
printf(" Signed-by: %s\n", signedby);
|
||||
if (pubkeysize && hexfp)
|
||||
printf(" %u %s\n", pubkeysize, hexfp);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2012-2013 Juan Romero Pardines.
|
||||
* Copyright (c) 2012-2014 Juan Romero Pardines.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -41,7 +41,7 @@ int
|
||||
index_add(struct xbps_handle *xhp, int argc, char **argv, bool force)
|
||||
{
|
||||
xbps_array_t array, pkg_files, pkg_links, pkg_cffiles;
|
||||
xbps_dictionary_t idx, idxfiles, binpkgd, pkg_filesd, curpkgd;
|
||||
xbps_dictionary_t idx, idxmeta, idxfiles, binpkgd, pkg_filesd, curpkgd;
|
||||
xbps_object_t obj, fileobj;
|
||||
struct xbps_repo *repo;
|
||||
struct stat st;
|
||||
@@ -62,10 +62,12 @@ index_add(struct xbps_handle *xhp, int argc, char **argv, bool force)
|
||||
if (repo && repo->idx) {
|
||||
xbps_repo_open_idxfiles(repo);
|
||||
idx = xbps_dictionary_copy(repo->idx);
|
||||
idxmeta = xbps_dictionary_copy(repo->idxmeta);
|
||||
idxfiles = xbps_dictionary_copy(repo->idxfiles);
|
||||
xbps_repo_close(repo);
|
||||
} else {
|
||||
idx = xbps_dictionary_create();
|
||||
idxmeta = NULL;
|
||||
idxfiles = xbps_dictionary_create();
|
||||
}
|
||||
|
||||
@@ -241,7 +243,7 @@ index_add(struct xbps_handle *xhp, int argc, char **argv, bool force)
|
||||
* Generate repository data files.
|
||||
*/
|
||||
if (flush) {
|
||||
if (!repodata_flush(xhp, repodir, idx, idxfiles, NULL)) {
|
||||
if (!repodata_flush(xhp, repodir, idx, idxfiles, idxmeta)) {
|
||||
fprintf(stderr, "failed to write repodata: %s\n", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -121,7 +121,7 @@ index_clean(struct xbps_handle *xhp, const char *repodir)
|
||||
struct xbps_repo *repo;
|
||||
struct cbdata cbd;
|
||||
xbps_array_t allkeys;
|
||||
xbps_dictionary_t idx, idxfiles;
|
||||
xbps_dictionary_t idx, idxmeta, idxfiles;
|
||||
char *keyname, *pkgname;
|
||||
int rv = 0;
|
||||
bool flush = false;
|
||||
@@ -135,6 +135,7 @@ index_clean(struct xbps_handle *xhp, const char *repodir)
|
||||
}
|
||||
xbps_repo_open_idxfiles(repo);
|
||||
idx = xbps_dictionary_copy(repo->idx);
|
||||
idxmeta = xbps_dictionary_copy(repo->idxmeta);
|
||||
idxfiles = xbps_dictionary_copy(repo->idxfiles);
|
||||
xbps_repo_close(repo);
|
||||
if (idx == NULL || idxfiles == NULL) {
|
||||
@@ -185,7 +186,7 @@ index_clean(struct xbps_handle *xhp, const char *repodir)
|
||||
xbps_object_release(allkeys);
|
||||
|
||||
if (flush) {
|
||||
if (!repodata_flush(xhp, repodir, idx, idxfiles, NULL)) {
|
||||
if (!repodata_flush(xhp, repodir, idx, idxfiles, idxmeta)) {
|
||||
fprintf(stderr, "failed to write repodata: %s\n",
|
||||
strerror(errno));
|
||||
return -1;
|
||||
|
||||
@@ -119,14 +119,14 @@ sign_repo(struct xbps_handle *xhp, const char *repodir,
|
||||
struct stat st;
|
||||
struct xbps_repo *repo;
|
||||
xbps_dictionary_t pkgd, meta = NULL;
|
||||
xbps_data_t data = NULL;
|
||||
xbps_data_t data = NULL, rpubkey = NULL;
|
||||
xbps_object_iterator_t iter = NULL;
|
||||
xbps_object_t obj;
|
||||
RSA *rsa = NULL;
|
||||
unsigned char *sig;
|
||||
unsigned int siglen;
|
||||
uint16_t pubkeysize;
|
||||
const char *arch, *pkgver;
|
||||
uint16_t rpubkeysize, pubkeysize;
|
||||
const char *arch, *pkgver, *rsignedby;
|
||||
char *binpkg, *binpkg_sig, *buf, *defprivkey;
|
||||
int binpkg_fd, binpkg_sig_fd, rv = 0;
|
||||
bool flush = false;
|
||||
@@ -244,7 +244,7 @@ sign_repo(struct xbps_handle *xhp, const char *repodir,
|
||||
}
|
||||
xbps_object_iterator_release(iter);
|
||||
/*
|
||||
* Check if repository meta contains changes compared to its
|
||||
* Check if repository index-meta contains changes compared to its
|
||||
* current state.
|
||||
*/
|
||||
if ((buf = pubkey_from_privkey(rsa)) == NULL) {
|
||||
@@ -254,15 +254,19 @@ sign_repo(struct xbps_handle *xhp, const char *repodir,
|
||||
meta = xbps_dictionary_create();
|
||||
|
||||
data = xbps_data_create_data(buf, strlen(buf));
|
||||
if (!xbps_data_equals(repo->pubkey, data))
|
||||
rpubkey = xbps_dictionary_get(repo->idxmeta, "public-key");
|
||||
if (!xbps_data_equals(rpubkey, data))
|
||||
flush = true;
|
||||
|
||||
free(buf);
|
||||
|
||||
pubkeysize = RSA_size(rsa) * 8;
|
||||
if (repo->pubkey_size != pubkeysize)
|
||||
xbps_dictionary_get_uint16(repo->idxmeta, "public-key-size", &rpubkeysize);
|
||||
if (rpubkeysize != pubkeysize)
|
||||
flush = true;
|
||||
|
||||
if (repo->signedby == NULL || strcmp(repo->signedby, signedby))
|
||||
xbps_dictionary_get_cstring_nocopy(repo->idxmeta, "signedby", &rsignedby);
|
||||
if (rsignedby == NULL || strcmp(rsignedby, signedby))
|
||||
flush = true;
|
||||
|
||||
if (!flush)
|
||||
@@ -273,22 +277,7 @@ sign_repo(struct xbps_handle *xhp, const char *repodir,
|
||||
xbps_dictionary_set_cstring_nocopy(meta, "signature-by", signedby);
|
||||
xbps_dictionary_set_cstring_nocopy(meta, "signature-type", "rsa");
|
||||
xbps_object_release(data);
|
||||
/*
|
||||
* Compatibility with 0.27.
|
||||
*/
|
||||
if ((buf = xbps_dictionary_externalize(repo->idx)) == NULL) {
|
||||
rv = errno;
|
||||
fprintf(stderr, "failed to externalize repository index: %s\n", strerror(errno));
|
||||
goto out;
|
||||
}
|
||||
if (!rsa_sign_buf(rsa, buf, strlen(buf), &sig, &siglen)) {
|
||||
rv = errno;
|
||||
fprintf(stderr, "failed to create repository index signature: %s\n", strerror(errno));
|
||||
goto out;
|
||||
}
|
||||
data = xbps_data_create_data_nocopy(sig, siglen);
|
||||
xbps_dictionary_set(meta, "signature", data);
|
||||
free(buf);
|
||||
data = NULL;
|
||||
|
||||
if (!repodata_flush(xhp, repodir, repo->idx, repo->idxfiles, meta)) {
|
||||
fprintf(stderr, "failed to write repodata: %s\n", strerror(errno));
|
||||
@@ -304,10 +293,6 @@ out:
|
||||
RSA_free(rsa);
|
||||
rsa = NULL;
|
||||
}
|
||||
if (data)
|
||||
xbps_object_release(data);
|
||||
if (meta)
|
||||
xbps_object_release(meta);
|
||||
if (repo)
|
||||
xbps_repo_close(repo);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user