emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement per pkg RSA signatures and on-demand repository access.

Browse Source
This commit is contained in:
Juan RP
2013-12-24 10:43:55 +01:00
parent 3c0edd40c8
commit ec0d38c469
16 changed files with 703 additions and 697 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
lib/rpool.c
View File

@ -42,97 +42,6 @@ static SIMPLEQ_HEAD(rpool_head, xbps_repo) rpool_queue =
* @defgroup repopool Repository pool functions
*/
int HIDDEN
xbps_rpool_init(struct xbps_handle *xhp)
{
struct xbps_repo *repo;
const char *repouri;
bool foundrepo = false;
int retval, rv = 0;
assert(xhp);
if (xhp->rpool_initialized)
return 0;
for (unsigned int i = 0; i < xbps_array_count(xhp->repositories); i++) {
xbps_array_get_cstring_nocopy(xhp->repositories, i, &repouri);
if ((repo = xbps_repo_open(xhp, repouri)) == NULL) {
repo = calloc(1, sizeof(struct xbps_repo));
assert(repo);
repo->xhp = xhp;
repo->uri = repouri;
if (xbps_repository_is_remote(repouri))
repo->is_remote = true;
}
if (repo->is_remote) {
if (!repo->is_signed) {
/* ignore unsigned repositories */
xbps_repo_invalidate(repo);
} else {
/*
* Check the repository index signature against
* stored public key.
*/
retval = xbps_repo_key_verify(repo);
if (retval == 0) {
/* signed, verified */
xbps_set_cb_state(xhp, XBPS_STATE_REPO_SIGVERIFIED,
0, repouri, NULL);
} else if (retval == EPERM) {
/* signed, unverified */
xbps_set_cb_state(xhp, XBPS_STATE_REPO_SIGUNVERIFIED,
0, repouri, NULL);
xbps_repo_invalidate(repo);
} else {
/* any error */
xbps_dbg_printf(xhp, "[rpool] %s: key_verify %s\n",
repouri, strerror(retval));
xbps_repo_invalidate(repo);
}
}
}
/*
* If repository has passed signature checks, add it to the pool.
*/
SIMPLEQ_INSERT_TAIL(&rpool_queue, repo, entries);
foundrepo = true;
xbps_dbg_printf(xhp, "[rpool] `%s' registered (%s, %s).\n",
repouri, repo->is_signed ? "signed" : "unsigned",
repo->is_verified ? "verified" : "unverified");
}
if (!foundrepo) {
/* no repositories available, error out */
rv = ENOTSUP;
goto out;
}
xhp->rpool_initialized = true;
xbps_dbg_printf(xhp, "[rpool] initialized ok.\n");
out:
if (rv != 0)
xbps_rpool_release(xhp);
return rv;
}
void HIDDEN
xbps_rpool_release(struct xbps_handle *xhp)
{
struct xbps_repo *repo;
if (!xhp->rpool_initialized)
return;
while ((repo = SIMPLEQ_FIRST(&rpool_queue))) {
SIMPLEQ_REMOVE(&rpool_queue, repo, xbps_repo, entries);
xbps_repo_close(repo);
free(repo);
}
xhp->rpool_initialized = false;
xbps_dbg_printf(xhp, "[rpool] released ok.\n");
}
int
xbps_rpool_sync(struct xbps_handle *xhp, const char *uri)
{
@ -155,31 +64,45 @@ xbps_rpool_sync(struct xbps_handle *xhp, const char *uri)
return 0;
}
struct xbps_repo *
xbps_rpool_get_repo(const char *url)
{
struct xbps_repo *repo;
SIMPLEQ_FOREACH(repo, &rpool_queue, entries)
if (strcmp(url, repo->uri) == 0)
return repo;
return NULL;
}
int
xbps_rpool_foreach(struct xbps_handle *xhp,
int (*fn)(struct xbps_repo *, void *, bool *),
void *arg)
{
struct xbps_repo *repo;
const char *repouri;
int rv = 0;
bool done = false;
bool foundrepo = false, done = false;
assert(fn != NULL);
/* Initialize repository pool */
if ((rv = xbps_rpool_init(xhp)) != 0) {
if (rv == ENOTSUP) {
xbps_dbg_printf(xhp, "[rpool] empty repository list.\n");
} else if (rv != ENOENT && rv != ENOTSUP) {
xbps_dbg_printf(xhp, "[rpool] couldn't initialize: %s\n", strerror(rv));
for (unsigned int i = 0; i < xbps_array_count(xhp->repositories); i++) {
xbps_array_get_cstring_nocopy(xhp->repositories, i, &repouri);
repo = xbps_rpool_get_repo(repouri);
if (!repo) {
repo = xbps_repo_open(xhp, repouri);
SIMPLEQ_INSERT_TAIL(&rpool_queue, repo, entries);
xbps_dbg_printf(xhp, "[rpool] `%s' registered.\n", repouri);
}
return rv;
}
/* Iterate over repository pool */
SIMPLEQ_FOREACH(repo, &rpool_queue, entries) {
foundrepo = true;
rv = (*fn)(repo, arg, &done);
if (rv != 0 || done)
break;
}
if (!foundrepo)
rv = ENOTSUP;
return rv;
}