emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement per pkg RSA signatures and on-demand repository access.

Browse Source
This commit is contained in:
Juan RP
2013-12-24 10:43:55 +01:00
parent 3c0edd40c8
commit ec0d38c469
16 changed files with 703 additions and 697 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Makefile
View File

@@ -35,14 +35,14 @@ EXTOBJS = external/dewey.o external/fexec.o external/mkpath.o
# libxbps
OBJS = package_configure.o package_config_files.o package_orphans.o
OBJS += package_remove.o package_find_obsoletes.o package_state.o
OBJS += package_unpack.o package_register.o package_script.o
OBJS += package_unpack.o package_register.o package_script.o verifysig.o
OBJS += transaction_commit.o transaction_package_replace.o
OBJS += transaction_dictionary.o transaction_sortdeps.o transaction_ops.o
OBJS += transaction_revdeps.o pubkey2fp.o
OBJS += download.o initend.o pkgdb.o package_conflicts.o
OBJS += plist.o plist_find.o plist_match.o archive.o
OBJS += plist_remove.o plist_fetch.o util.o util_hash.o
OBJS += repo.o repo_pkgdeps.o repo_sync.o repo_keys.o
OBJS += repo.o repo_pkgdeps.o repo_sync.o
OBJS += rpool.o rpool_get.o cb_util.o proplib_wrapper.o
OBJS += $(EXTOBJS) $(COMPAT_SRCS)

11
lib/initend.c
View File

@@ -93,9 +93,6 @@ xbps_init(struct xbps_handle *xhp)
assert(xhp != NULL);
if (xhp->initialized)
return 0;
if (xhp->conffile == NULL)
xhp->conffile = XBPS_CONF_DEF;
@@ -219,9 +216,6 @@ xbps_init(struct xbps_handle *xhp)
xbps_dbg_printf(xhp, "Repository[%u]=%s\n", i, repodir);
}
}
xhp->initialized = true;
return 0;
}
@@ -230,18 +224,13 @@ xbps_end(struct xbps_handle *xhp)
{
assert(xhp);
if (!xhp->initialized)
return;
xbps_pkgdb_release(xhp);
xbps_rpool_release(xhp);
if (xbps_object_type(xhp->pkgdb_revdeps) != XBPS_TYPE_UNKNOWN)
xbps_object_release(xhp->pkgdb_revdeps);
xbps_fetch_unset_cache_connection();
cfg_free(xhp->cfg);
xhp->initialized = false;
}
static void

5
lib/plist_fetch.c
View File

@@ -146,7 +146,7 @@ xbps_get_pkg_plist_from_binpkg(const char *fname, const char *plistf)
xbps_dictionary_t plistd = NULL;
struct archive *a;
struct archive_entry *entry;
const char *curpath, *comptype;
const char *comptype;
int i = 0;
assert(fname != NULL);
@@ -161,8 +161,7 @@ xbps_get_pkg_plist_from_binpkg(const char *fname, const char *plistf)
comptype = archive_compression_name(a);
while ((archive_read_next_header(a, &entry)) == ARCHIVE_OK) {
curpath = archive_entry_pathname(entry);
if (strcmp(curpath, plistf)) {
if (strcmp(archive_entry_pathname(entry), plistf)) {
archive_read_data_skip(a);
if (i >= 3) {
/*

164
lib/repo.c
View File

@@ -28,8 +28,15 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <libgen.h>
#include <fcntl.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include "xbps_api_impl.h"
/**
@@ -97,12 +104,10 @@ struct xbps_repo *
xbps_repo_open(struct xbps_handle *xhp, const char *url)
{
xbps_dictionary_t meta;
struct archive *ar = NULL;
struct xbps_repo *repo = NULL;
struct xbps_repo *repo;
struct stat st;
const char *arch;
char *repofile;
bool is_remote = false;
assert(xhp);
assert(url);
@@ -112,6 +117,11 @@ xbps_repo_open(struct xbps_handle *xhp, const char *url)
else
arch = xhp->native_arch;
repo = calloc(1, sizeof(struct xbps_repo));
assert(repo);
repo->xhp = xhp;
repo->uri = url;
if (xbps_repository_is_remote(url)) {
/* remote repository */
char *rpath;
@@ -120,7 +130,7 @@ xbps_repo_open(struct xbps_handle *xhp, const char *url)
return NULL;
repofile = xbps_xasprintf("%s/%s/%s-repodata", xhp->metadir, rpath, arch);
free(rpath);
is_remote = true;
repo->is_remote = true;
} else {
/* local repository */
repofile = xbps_repo_path(xhp, url);
@@ -129,43 +139,31 @@ xbps_repo_open(struct xbps_handle *xhp, const char *url)
if (stat(repofile, &st) == -1) {
xbps_dbg_printf(xhp, "[repo] `%s' stat repodata %s\n",
repofile, strerror(errno));
free(repofile);
return NULL;
}
ar = archive_read_new();
archive_read_support_compression_gzip(ar);
archive_read_support_format_tar(ar);
if (archive_read_open_filename(ar, repofile, st.st_blksize) == ARCHIVE_FATAL) {
xbps_dbg_printf(xhp,
"[repo] `%s' failed to open repodata archive %s\n",
repofile, strerror(archive_errno(repo->ar)));
archive_read_free(ar);
free(repo);
repo = NULL;
goto out;
}
repo = calloc(1, sizeof(struct xbps_repo));
assert(repo);
repo->ar = ar;
repo->xhp = xhp;
repo->uri = url;
repo->is_remote = is_remote;
repo->ar = archive_read_new();
archive_read_support_compression_gzip(repo->ar);
archive_read_support_format_tar(repo->ar);
if (archive_read_open_filename(repo->ar, repofile, st.st_blksize) == ARCHIVE_FATAL) {
xbps_dbg_printf(xhp,
"[repo] `%s' failed to open repodata archive %s\n",
repofile, strerror(archive_errno(repo->ar)));
archive_read_free(repo->ar);
repo->ar = NULL;
goto out;
}
if ((repo->idx = repo_get_dict(repo)) == NULL) {
xbps_dbg_printf(xhp,
"[repo] `%s' failed to internalize index on archive %s: %s\n",
url, repofile, strerror(archive_errno(repo->ar)));
archive_read_finish(repo->ar);
free(repo);
repo = NULL;
repo->ar = NULL;
goto out;
}
if ((meta = repo_get_dict(repo))) {
repo->is_signed = true;
repo->signature = xbps_dictionary_get(meta, "signature");
xbps_dictionary_get_cstring_nocopy(meta, "signature-by", &repo->signedby);
repo->pubkey = xbps_dictionary_get(meta, "public-key");
xbps_dictionary_get_uint16(meta, "public-key-size", &repo->pubkey_size);
@@ -184,24 +182,6 @@ xbps_repo_open_idxfiles(struct xbps_repo *repo)
repo->idxfiles = repo_get_dict(repo);
}
void HIDDEN
xbps_repo_invalidate(struct xbps_repo *repo)
{
if (repo->ar != NULL) {
archive_read_finish(repo->ar);
repo->ar = NULL;
}
if (repo->idx != NULL) {
xbps_object_release(repo->idx);
repo->idx = NULL;
}
if (repo->idxfiles != NULL) {
xbps_object_release(repo->idxfiles);
repo->idxfiles = NULL;
}
repo->is_verified = false;
}
void
xbps_repo_close(struct xbps_repo *repo)
{
@@ -230,7 +210,7 @@ xbps_repo_get_virtualpkg(struct xbps_repo *repo, const char *pkg)
assert(repo);
assert(pkg);
if (repo->ar == NULL || repo->idx == NULL)
if (repo->idx == NULL)
return NULL;
pkgd = xbps_find_virtualpkg_in_dict(repo->xhp, repo->idx, pkg);
@@ -250,7 +230,7 @@ xbps_repo_get_pkg(struct xbps_repo *repo, const char *pkg)
assert(repo);
assert(pkg);
if (repo->ar == NULL || repo->idx == NULL)
if (repo->idx == NULL)
return NULL;
pkgd = xbps_find_pkg_in_dict(repo->idx, pkg);
@@ -427,3 +407,91 @@ xbps_repo_get_pkg_revdeps(struct xbps_repo *repo, const char *pkg)
return revdeps;
}
int
xbps_repo_key_import(struct xbps_repo *repo)
{
xbps_dictionary_t repokeyd = NULL;
char *p, *dbkeyd, *rkeyfile = NULL;
int import, rv = 0;
assert(repo);
/*
* If repository does not have required metadata plist, ignore it.
*/
if (repo->pubkey == NULL) {
xbps_dbg_printf(repo->xhp,
"[repo] `%s' unsigned repository!\n", repo->uri);
return 0;
}
/*
* Check the repository provides a working public-key data object.
*/
repo->is_signed = true;
if (repo->hexfp == NULL) {
xbps_dbg_printf(repo->xhp,
"[repo] `%s': invalid hex fingerprint: %s\n",
repo->uri, strerror(errno));
rv = EINVAL;
goto out;
}
/*
* Check if the public key is alredy stored.
*/
rkeyfile = xbps_xasprintf("%s/keys/%s.plist",
repo->xhp->metadir, repo->hexfp);
repokeyd = xbps_dictionary_internalize_from_zfile(rkeyfile);
if (xbps_object_type(repokeyd) == XBPS_TYPE_DICTIONARY) {
xbps_dbg_printf(repo->xhp,
"[repo] `%s' public key already stored.\n", repo->uri);
goto out;
}
/*
* Notify the client and take appropiate action to import
* the repository public key. Pass back the public key openssh fingerprint
* to the client.
*/
import = xbps_set_cb_state(repo->xhp, XBPS_STATE_REPO_KEY_IMPORT, 0,
repo->hexfp, "`%s' repository has been RSA signed by \"%s\"",
repo->uri, repo->signedby);
if (import <= 0) {
rv = EAGAIN;
goto out;
}
p = strdup(rkeyfile);
dbkeyd = dirname(p);
assert(dbkeyd);
if (access(dbkeyd, R_OK|W_OK) == -1) {
if (errno == ENOENT) {
xbps_mkpath(dbkeyd, 0755);
} else {
rv = errno;
xbps_dbg_printf(repo->xhp,
"[repo] `%s' cannot create %s: %s\n",
repo->uri, dbkeyd, strerror(errno));
free(p);
goto out;
}
}
free(p);
repokeyd = xbps_dictionary_create();
xbps_dictionary_set(repokeyd, "public-key", repo->pubkey);
xbps_dictionary_set_uint16(repokeyd, "public-key-size", repo->pubkey_size);
xbps_dictionary_set_cstring_nocopy(repokeyd, "signature-by", repo->signedby);
if (!xbps_dictionary_externalize_to_zfile(repokeyd, rkeyfile)) {
rv = errno;
xbps_dbg_printf(repo->xhp,
"[repo] `%s' failed to externalize %s: %s\n",
repo->uri, rkeyfile, strerror(rv));
}
out:
if (repokeyd)
xbps_object_release(repokeyd);
if (rkeyfile)
free(rkeyfile);
return rv;
}

213
lib/repo_keys.c
View File

@@ -1,213 +0,0 @@
/*-
* Copyright (c) 2013 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <libgen.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include "xbps_api_impl.h"
int
xbps_repo_key_import(struct xbps_repo *repo)
{
xbps_dictionary_t repokeyd = NULL;
char *p, *dbkeyd, *rkeyfile = NULL;
int import, rv = 0;
assert(repo);
/*
* Ignore local repositories.
*/
if (!xbps_repository_is_remote(repo->uri))
return 0;
/*
* If repository does not have required metadata plist, ignore it.
*/
if (repo->signature == NULL && repo->pubkey == NULL) {
xbps_dbg_printf(repo->xhp,
"[repo] `%s' unsigned repository!\n", repo->uri);
return 0;
}
/*
* Check the repository provides a working public-key data object.
*/
repo->is_signed = true;
if (repo->hexfp == NULL) {
xbps_dbg_printf(repo->xhp,
"[repo] `%s': invalid hex fingerprint: %s\n",
repo->uri, strerror(errno));
rv = EINVAL;
goto out;
}
/*
* Check if the public key is alredy stored.
*/
rkeyfile = xbps_xasprintf("%s/keys/%s.plist",
repo->xhp->metadir, repo->hexfp);
repokeyd = xbps_dictionary_internalize_from_zfile(rkeyfile);
if (xbps_object_type(repokeyd) == XBPS_TYPE_DICTIONARY) {
xbps_dbg_printf(repo->xhp,
"[repo] `%s' public key already stored.\n", repo->uri);
goto out;
}
/*
* Notify the client and take appropiate action to import
* the repository public key. Pass back the public key openssh fingerprint
* to the client.
*/
import = xbps_set_cb_state(repo->xhp, XBPS_STATE_REPO_KEY_IMPORT, 0,
repo->hexfp, "`%s' repository has been RSA signed by \"%s\"",
repo->uri, repo->signedby);
if (import <= 0) {
rv = EAGAIN;
goto out;
}
p = strdup(rkeyfile);
dbkeyd = dirname(p);
assert(dbkeyd);
if (access(dbkeyd, R_OK|W_OK) == -1) {
if (errno == ENOENT) {
xbps_mkpath(dbkeyd, 0755);
} else {
rv = errno;
xbps_dbg_printf(repo->xhp,
"[repo] `%s' cannot create %s: %s\n",
repo->uri, dbkeyd, strerror(errno));
free(p);
goto out;
}
}
free(p);
repokeyd = xbps_dictionary_create();
xbps_dictionary_set(repokeyd, "public-key", repo->pubkey);
xbps_dictionary_set_uint16(repokeyd, "public-key-size", repo->pubkey_size);
xbps_dictionary_set_cstring_nocopy(repokeyd, "signature-by", repo->signedby);
if (!xbps_dictionary_externalize_to_zfile(repokeyd, rkeyfile)) {
rv = errno;
xbps_dbg_printf(repo->xhp,
"[repo] `%s' failed to externalize %s: %s\n",
repo->uri, rkeyfile, strerror(rv));
}
out:
if (repokeyd)
xbps_object_release(repokeyd);
if (rkeyfile)
free(rkeyfile);
return rv;
}
static int
rsa_verify_buf(struct xbps_repo *repo, xbps_data_t sigdata,
xbps_data_t pubkey, const char *buf)
{
SHA256_CTX context;
BIO *bio;
RSA *rsa;
unsigned char sha256[SHA256_DIGEST_LENGTH];
int rv = 0;
ERR_load_crypto_strings();
SSL_load_error_strings();
bio = BIO_new_mem_buf(__UNCONST(xbps_data_data_nocopy(pubkey)),
xbps_data_size(pubkey));
assert(bio);
rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
if (rsa == NULL) {
xbps_dbg_printf(repo->xhp,
"[repo] `%s' error reading public key: %s\n",
repo->uri, ERR_error_string(ERR_get_error(), NULL));
return EINVAL;
}
SHA256_Init(&context);
SHA256_Update(&context, buf, strlen(buf));
SHA256_Final(sha256, &context);
if (RSA_verify(NID_sha1, sha256, sizeof(sha256),
xbps_data_data_nocopy(sigdata),
xbps_data_size(sigdata), rsa) == 0) {
xbps_dbg_printf(repo->xhp,
"[repo] `%s' failed to verify signature: %s\n",
repo->uri, ERR_error_string(ERR_get_error(), NULL));
rv = EPERM;
}
RSA_free(rsa);
BIO_free(bio);
ERR_free_strings();
return rv;
}
int HIDDEN
xbps_repo_key_verify(struct xbps_repo *repo)
{
xbps_dictionary_t repokeyd;
xbps_data_t xbps_pubkey;
char *idx_xml, *rkeyfile;
if (!repo->signature || !repo->hexfp)
return EINVAL;
rkeyfile = xbps_xasprintf("%s/keys/%s.plist",
repo->xhp->metadir, repo->hexfp);
repokeyd = xbps_dictionary_internalize_from_zfile(rkeyfile);
free(rkeyfile);
if (xbps_object_type(repokeyd) != XBPS_TYPE_DICTIONARY)
return EINVAL;
xbps_pubkey = xbps_dictionary_get(repokeyd, "public-key");
if (xbps_object_type(xbps_pubkey) != XBPS_TYPE_DATA) {
xbps_object_release(repokeyd);
return EINVAL;
}
idx_xml = xbps_dictionary_externalize(repo->idx);
if (idx_xml == NULL) {
xbps_object_release(repokeyd);
return EINVAL;
}
if (rsa_verify_buf(repo, repo->signature, xbps_pubkey, idx_xml) == 0)
repo->is_verified = true;
free(idx_xml);
xbps_object_release(repokeyd);
return repo->is_verified ? 0 : EPERM;
}

127
lib/rpool.c
View File

@@ -42,97 +42,6 @@ static SIMPLEQ_HEAD(rpool_head, xbps_repo) rpool_queue =
* @defgroup repopool Repository pool functions
*/
int HIDDEN
xbps_rpool_init(struct xbps_handle *xhp)
{
struct xbps_repo *repo;
const char *repouri;
bool foundrepo = false;
int retval, rv = 0;
assert(xhp);
if (xhp->rpool_initialized)
return 0;
for (unsigned int i = 0; i < xbps_array_count(xhp->repositories); i++) {
xbps_array_get_cstring_nocopy(xhp->repositories, i, &repouri);
if ((repo = xbps_repo_open(xhp, repouri)) == NULL) {
repo = calloc(1, sizeof(struct xbps_repo));
assert(repo);
repo->xhp = xhp;
repo->uri = repouri;
if (xbps_repository_is_remote(repouri))
repo->is_remote = true;
}
if (repo->is_remote) {
if (!repo->is_signed) {
/* ignore unsigned repositories */
xbps_repo_invalidate(repo);
} else {
/*
* Check the repository index signature against
* stored public key.
*/
retval = xbps_repo_key_verify(repo);
if (retval == 0) {
/* signed, verified */
xbps_set_cb_state(xhp, XBPS_STATE_REPO_SIGVERIFIED,
0, repouri, NULL);
} else if (retval == EPERM) {
/* signed, unverified */
xbps_set_cb_state(xhp, XBPS_STATE_REPO_SIGUNVERIFIED,
0, repouri, NULL);
xbps_repo_invalidate(repo);
} else {
/* any error */
xbps_dbg_printf(xhp, "[rpool] %s: key_verify %s\n",
repouri, strerror(retval));
xbps_repo_invalidate(repo);
}
}
}
/*
* If repository has passed signature checks, add it to the pool.
*/
SIMPLEQ_INSERT_TAIL(&rpool_queue, repo, entries);
foundrepo = true;
xbps_dbg_printf(xhp, "[rpool] `%s' registered (%s, %s).\n",
repouri, repo->is_signed ? "signed" : "unsigned",
repo->is_verified ? "verified" : "unverified");
}
if (!foundrepo) {
/* no repositories available, error out */
rv = ENOTSUP;
goto out;
}
xhp->rpool_initialized = true;
xbps_dbg_printf(xhp, "[rpool] initialized ok.\n");
out:
if (rv != 0)
xbps_rpool_release(xhp);
return rv;
}
void HIDDEN
xbps_rpool_release(struct xbps_handle *xhp)
{
struct xbps_repo *repo;
if (!xhp->rpool_initialized)
return;
while ((repo = SIMPLEQ_FIRST(&rpool_queue))) {
SIMPLEQ_REMOVE(&rpool_queue, repo, xbps_repo, entries);
xbps_repo_close(repo);
free(repo);
}
xhp->rpool_initialized = false;
xbps_dbg_printf(xhp, "[rpool] released ok.\n");
}
int
xbps_rpool_sync(struct xbps_handle *xhp, const char *uri)
{
@@ -155,31 +64,45 @@ xbps_rpool_sync(struct xbps_handle *xhp, const char *uri)
return 0;
}
struct xbps_repo *
xbps_rpool_get_repo(const char *url)
{
struct xbps_repo *repo;
SIMPLEQ_FOREACH(repo, &rpool_queue, entries)
if (strcmp(url, repo->uri) == 0)
return repo;
return NULL;
}
int
xbps_rpool_foreach(struct xbps_handle *xhp,
int (*fn)(struct xbps_repo *, void *, bool *),
void *arg)
{
struct xbps_repo *repo;
const char *repouri;
int rv = 0;
bool done = false;
bool foundrepo = false, done = false;
assert(fn != NULL);
/* Initialize repository pool */
if ((rv = xbps_rpool_init(xhp)) != 0) {
if (rv == ENOTSUP) {
xbps_dbg_printf(xhp, "[rpool] empty repository list.\n");
} else if (rv != ENOENT && rv != ENOTSUP) {
xbps_dbg_printf(xhp, "[rpool] couldn't initialize: %s\n", strerror(rv));
for (unsigned int i = 0; i < xbps_array_count(xhp->repositories); i++) {
xbps_array_get_cstring_nocopy(xhp->repositories, i, &repouri);
repo = xbps_rpool_get_repo(repouri);
if (!repo) {
repo = xbps_repo_open(xhp, repouri);
SIMPLEQ_INSERT_TAIL(&rpool_queue, repo, entries);
xbps_dbg_printf(xhp, "[rpool] `%s' registered.\n", repouri);
}
return rv;
}
/* Iterate over repository pool */
SIMPLEQ_FOREACH(repo, &rpool_queue, entries) {
foundrepo = true;
rv = (*fn)(repo, arg, &done);
if (rv != 0 || done)
break;
}
if (!foundrepo)
rv = ENOTSUP;
return rv;
}

224
lib/transaction_commit.c
View File

@@ -56,11 +56,12 @@
*/
static int
check_binpkgs_hash(struct xbps_handle *xhp, xbps_object_iterator_t iter)
check_binpkgs(struct xbps_handle *xhp, xbps_object_iterator_t iter)
{
xbps_object_t obj;
const char *pkgver, *arch, *repoloc, *sha256, *trans;
char *binfile, *filen;
struct xbps_repo *repo;
const char *pkgver, *repoloc, *trans, *sha256;
char *binfile;
int rv = 0;
while ((obj = xbps_object_iterator_next(iter)) != NULL) {
@@ -69,33 +70,50 @@ check_binpkgs_hash(struct xbps_handle *xhp, xbps_object_iterator_t iter)
(strcmp(trans, "configure") == 0))
continue;
xbps_dictionary_get_cstring_nocopy(obj, "architecture", &arch);
xbps_dictionary_get_cstring_nocopy(obj, "repository", &repoloc);
xbps_dictionary_get_cstring_nocopy(obj, "pkgver", &pkgver);
xbps_dictionary_get_cstring_nocopy(obj,
"filename-sha256", &sha256);
binfile = xbps_repository_pkg_path(xhp, obj);
if (binfile == NULL) {
rv = EINVAL;
rv = ENOMEM;
break;
}
filen = xbps_xasprintf("%s.%s.xbps", pkgver, arch);
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY, 0, pkgver,
"Verifying `%s' package integrity...", filen, repoloc);
rv = xbps_file_hash_check(binfile, sha256);
if (rv != 0) {
free(binfile);
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL,
rv, pkgver,
"Failed to verify `%s' package integrity: %s",
filen, strerror(rv));
free(filen);
/*
* For pkgs in local repos check the sha256 hash.
* For pkgs in remote repos check the RSA signature.
*/
if ((repo = xbps_rpool_get_repo(repoloc)) == NULL) {
rv = errno;
xbps_dbg_printf(xhp, "%s: failed to get repository "
"%s: %s\n", pkgver, repoloc, strerror(errno));
break;
}
if (repo->is_remote) {
/* remote repo */
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY, 0, pkgver,
"%s: verifying RSA signature...", pkgver);
if (!xbps_verify_file_signature(repo, binfile)) {
rv = EPERM;
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
"%s: the RSA signature is not valid!", pkgver);
free(binfile);
break;
}
} else {
/* local repo */
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY, 0, pkgver,
"%s: verifying SHA256 hash...", pkgver);
xbps_dictionary_get_cstring_nocopy(obj, "filename-sha256", &sha256);
if ((rv = xbps_file_hash_check(binfile, sha256)) != 0) {
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
"%s: SHA256 hash is not valid!", pkgver, strerror(rv));
free(binfile);
break;
}
}
free(binfile);
free(filen);
}
xbps_object_iterator_reset(iter);
@@ -107,9 +125,8 @@ download_binpkgs(struct xbps_handle *xhp, xbps_object_iterator_t iter)
{
xbps_object_t obj;
const char *pkgver, *arch, *fetchstr, *repoloc, *trans;
char *binfile, *filen;
char *binfile, *sigfile;
int rv = 0;
bool state_dload = false;
while ((obj = xbps_object_iterator_next(iter)) != NULL) {
xbps_dictionary_get_cstring_nocopy(obj, "transaction", &trans);
@@ -127,66 +144,47 @@ download_binpkgs(struct xbps_handle *xhp, xbps_object_iterator_t iter)
break;
}
/*
* If downloaded package is in cachedir continue.
* If binary package is in cachedir or in a local repository, continue.
*/
if (access(binfile, R_OK) == 0) {
free(binfile);
continue;
}
/*
* Create cachedir.
*/
if (access(xhp->cachedir, R_OK|X_OK|W_OK) == -1) {
if (xbps_mkpath(xhp->cachedir, 0755) == -1) {
xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD_FAIL,
errno, pkgver,
"%s: [trans] cannot create cachedir `%s':"
"%s", pkgver, xhp->cachedir,
strerror(errno));
free(binfile);
rv = errno;
break;
}
}
if (state_dload == false) {
xbps_set_cb_state(xhp, XBPS_STATE_TRANS_DOWNLOAD,
0, NULL, NULL);
state_dload = true;
}
filen = xbps_xasprintf("%s.%s.xbps", pkgver, arch);
xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD,
0, pkgver, "Downloading binary package `%s' (from `%s')...",
filen, repoloc);
xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD, 0, pkgver,
"Downloading `%s' package (from `%s')...", pkgver, repoloc);
/*
* Fetch binary package.
*/
if (chdir(xhp->cachedir) == -1) {
xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD_FAIL,
errno, pkgver,
"%s: [trans] failed to change dir to cachedir"
"`%s': %s", pkgver, xhp->cachedir,
strerror(errno));
rv = errno;
free(binfile);
free(filen);
break;
}
rv = xbps_fetch_file(xhp, binfile, NULL);
if (rv == -1) {
fetchstr = xbps_fetch_error_string();
xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD_FAIL,
fetchLastErrCode != 0 ? fetchLastErrCode : errno,
pkgver, "%s: [trans] failed to download binary package "
"`%s' from `%s': %s", pkgver, filen, repoloc,
fetchstr ? fetchstr : strerror(errno));
pkgver, "[trans] failed to download `%s' package from `%s': %s",
pkgver, repoloc, fetchstr ? fetchstr : strerror(errno));
free(binfile);
free(filen);
break;
}
/*
* Fetch package signature.
*/
sigfile = xbps_xasprintf("%s.sig", binfile);
free(binfile);
xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD, 0, pkgver,
"Downloading `%s' signature (from `%s')...", pkgver, repoloc);
rv = xbps_fetch_file(xhp, sigfile, NULL);
if (rv == -1) {
fetchstr = xbps_fetch_error_string();
xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD_FAIL,
fetchLastErrCode != 0 ? fetchLastErrCode : errno,
pkgver, "[trans] failed to download `%s' signature from `%s': %s",
pkgver, repoloc, fetchstr ? fetchstr : strerror(errno));
free(sigfile);
break;
}
rv = 0;
free(binfile);
free(filen);
free(sigfile);
}
xbps_object_iterator_reset(iter);
@@ -199,25 +197,44 @@ xbps_transaction_commit(struct xbps_handle *xhp)
xbps_object_t obj;
xbps_object_iterator_t iter;
const char *pkgver, *tract;
char *pkgname;
int rv = 0;
bool update, install, sr;
bool update;
assert(xbps_object_type(xhp->transd) == XBPS_TYPE_DICTIONARY);
update = install = false;
/*
* Create cachedir if necessary.
*/
if (access(xhp->cachedir, R_OK|X_OK|W_OK) == -1) {
if (xbps_mkpath(xhp->cachedir, 0755) == -1) {
xbps_set_cb_state(xhp, XBPS_STATE_TRANS_FAIL,
errno, NULL,
"[trans] cannot create cachedir `%s': %s",
xhp->cachedir, strerror(errno));
return errno;
}
}
if (chdir(xhp->cachedir) == -1) {
xbps_set_cb_state(xhp, XBPS_STATE_TRANS_FAIL,
errno, NULL,
"[trans] failed to change dir to cachedir `%s': %s",
xhp->cachedir, strerror(errno));
return errno;
}
iter = xbps_array_iter_from_dict(xhp->transd, "packages");
if (iter == NULL)
return EINVAL;
/*
* Download binary packages (if they come from a remote repository).
*/
xbps_set_cb_state(xhp, XBPS_STATE_TRANS_DOWNLOAD, 0, NULL, NULL);
if ((rv = download_binpkgs(xhp, iter)) != 0)
goto out;
/*
* Check SHA256 hashes for binary packages in transaction.
* Check binary package integrity.
*/
xbps_set_cb_state(xhp, XBPS_STATE_TRANS_VERIFY, 0, NULL, NULL);
if ((rv = check_binpkgs_hash(xhp, iter)) != 0)
if ((rv = check_binpkgs(xhp, iter)) != 0)
goto out;
/*
* Install, update, configure or remove packages as specified
@@ -226,25 +243,22 @@ xbps_transaction_commit(struct xbps_handle *xhp)
xbps_set_cb_state(xhp, XBPS_STATE_TRANS_RUN, 0, NULL, NULL);
while ((obj = xbps_object_iterator_next(iter)) != NULL) {
update = false;
xbps_dictionary_get_cstring_nocopy(obj, "transaction", &tract);
xbps_dictionary_get_cstring_nocopy(obj, "pkgver", &pkgver);
if (strcmp(tract, "remove") == 0) {
update = false;
sr = false;
/*
* Remove package.
*/
xbps_dictionary_get_bool(obj, "remove-and-update",
&update);
xbps_dictionary_get_bool(obj, "softreplace", &sr);
rv = xbps_remove_pkg(xhp, pkgver, update, sr);
xbps_dictionary_get_bool(obj, "remove-and-update", &update);
rv = xbps_remove_pkg(xhp, pkgver, update, false);
if (rv != 0) {
xbps_dbg_printf(xhp, "[trans] failed to "
"remove %s\n", pkgver);
goto out;
}
continue;
} else if (strcmp(tract, "configure") == 0) {
/*
* Reconfigure pending package.
@@ -252,20 +266,17 @@ xbps_transaction_commit(struct xbps_handle *xhp)
rv = xbps_configure_pkg(xhp, pkgver, false, false, false);
if (rv != 0)
goto out;
} else {
/*
* Install or update a package.
*/
if (strcmp(tract, "update") == 0)
update = true;
else
install = true;
if (update && xbps_pkgdb_get_pkg(xhp, pkgver)) {
/*
* Update a package: execute pre-remove
* action if found before unpacking.
*/
continue;
} else if (strcmp(tract, "update") == 0) {
/*
* Update a package: execute pre-remove action of
* existing package before unpacking new version.
*/
pkgname = xbps_pkg_name(pkgver);
assert(pkgname);
if (xbps_pkgdb_get_pkg(xhp, pkgname)) {
xbps_set_cb_state(xhp, XBPS_STATE_UPDATE, 0,
pkgver, NULL);
rv = xbps_remove_pkg(xhp, pkgver, true, false);
@@ -276,27 +287,30 @@ xbps_transaction_commit(struct xbps_handle *xhp)
"%s: [trans] failed to update "
"package `%s'", pkgver,
strerror(rv));
free(pkgname);
goto out;
}
} else {
/* Install a package */
xbps_set_cb_state(xhp, XBPS_STATE_INSTALL,
0, pkgver, NULL);
}
/*
* Unpack binary package.
*/
if ((rv = xbps_unpack_binary_pkg(xhp, obj)) != 0)
goto out;
/*
* Register package.
*/
if ((rv = xbps_register_pkg(xhp, obj)) != 0)
goto out;
free(pkgname);
} else {
/* Install a package */
xbps_set_cb_state(xhp, XBPS_STATE_INSTALL, 0,
pkgver, NULL);
}
/*
* Unpack binary package.
*/
if ((rv = xbps_unpack_binary_pkg(xhp, obj)) != 0)
goto out;
/*
* Register package.
*/
if ((rv = xbps_register_pkg(xhp, obj)) != 0)
goto out;
}
/* if there are no packages to install or update we are done */
if (!update && !install)
if (!xbps_dictionary_get(xhp->transd, "total-update-pkgs") &&
!xbps_dictionary_get(xhp->transd, "total-install-pkgs"))
goto out;
/* if installing packages for target_arch, don't configure anything */

159
lib/verifysig.c Normal file
View File

@@ -0,0 +1,159 @@
/*-
* Copyright (c) 2013 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <libgen.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include "xbps_api_impl.h"
static bool
rsa_verify_buf(struct xbps_repo *repo, xbps_data_t pubkey,
unsigned char *sig, unsigned int siglen,
unsigned char *buf, unsigned int buflen)
{
SHA256_CTX context;
BIO *bio;
RSA *rsa;
unsigned char sha256[SHA256_DIGEST_LENGTH];
int rv;
ERR_load_crypto_strings();
SSL_load_error_strings();
bio = BIO_new_mem_buf(__UNCONST(xbps_data_data_nocopy(pubkey)),
xbps_data_size(pubkey));
assert(bio);
rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
if (rsa == NULL) {
xbps_dbg_printf(repo->xhp, "`%s' error reading public key: %s\n",
repo->uri, ERR_error_string(ERR_get_error(), NULL));
return false;
}
SHA256_Init(&context);
SHA256_Update(&context, buf, buflen);
SHA256_Final(sha256, &context);
rv = RSA_verify(NID_sha1, sha256, sizeof(sha256), sig, siglen, rsa);
RSA_free(rsa);
BIO_free(bio);
ERR_free_strings();
return rv ? true : false;
}
bool
xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
{
xbps_dictionary_t repokeyd = NULL;
xbps_data_t pubkey;
struct stat st, sig_st;
unsigned char *buf = NULL, *sig_buf = NULL;
char *rkeyfile = NULL, *sig = NULL;
int fd = -1, sig_fd = -1;
bool val = false;
if (!repo->hexfp)
return false;
/*
* Prepare repository RSA public key to verify fname signature.
*/
rkeyfile = xbps_xasprintf("%s/keys/%s.plist",
repo->xhp->metadir, repo->hexfp);
repokeyd = xbps_dictionary_internalize_from_zfile(rkeyfile);
if (xbps_object_type(repokeyd) != XBPS_TYPE_DICTIONARY) {
xbps_dbg_printf(repo->xhp, "cannot read rkey data at %s: %s\n",
rkeyfile, strerror(errno));
goto out;
}
pubkey = xbps_dictionary_get(repokeyd, "public-key");
if (xbps_object_type(pubkey) != XBPS_TYPE_DATA)
goto out;
/*
* Prepare fname and signature data buffers.
*/
if ((fd = open(fname, O_RDONLY)) == -1) {
xbps_dbg_printf(repo->xhp, "can't open file %s: %s\n", fname, strerror(errno));
goto out;
}
sig = xbps_xasprintf("%s.sig", fname);
if ((sig_fd = open(sig, O_RDONLY)) == -1) {
xbps_dbg_printf(repo->xhp, "can't open signature file %s: %s\n", sig, strerror(errno));
goto out;
}
fstat(fd, &st);
fstat(sig_fd, &sig_st);
buf = malloc(st.st_size);
assert(buf);
sig_buf = malloc(sig_st.st_size);
assert(sig_buf);
if (read(fd, buf, st.st_size) != st.st_size) {
xbps_dbg_printf(repo->xhp, "failed to read file %s: %s\n", fname, strerror(errno));
goto out;
}
if (read(sig_fd, sig_buf, sig_st.st_size) != sig_st.st_size) {
xbps_dbg_printf(repo->xhp, "failed to read signature file %s: %s\n", sig, strerror(errno));
goto out;
}
/*
* Verify fname RSA signature.
*/
if (rsa_verify_buf(repo, pubkey, sig_buf, sig_st.st_size, buf, st.st_size))
val = true;
out:
if (rkeyfile)
free(rkeyfile);
if (fd != -1)
close(fd);
if (sig_fd != -1)
close(sig_fd);
if (buf)
free(buf);
if (sig)
free(sig);
if (sig_buf)
free(sig_buf);
if (repokeyd)
xbps_object_release(repokeyd);
return val;
}