pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install Add support PKCS...
details: https://anonhg.NetBSD.org/pkgsrc/rev/25b7b70e81c6
branches: pkg_install-renovation
changeset: 541536:25b7b70e81c6
user: joerg <joerg%pkgsrc.org@localhost>
date: Sun May 11 20:20:37 2008 +0000
description:
Add support PKCS7 signatures in packages and pkg-vulnerabilities.
The support for non-native OpenSSL still needs to be done, e.g.
ensure static linkage for that. Documentation is essentially missing.
diffstat:
pkgtools/pkg_install/Makefile | 22 +-
pkgtools/pkg_install/files/add/Makefile.in | 14 +-
pkgtools/pkg_install/files/add/main.c | 20 +-
pkgtools/pkg_install/files/add/perform.c | 43 +-
pkgtools/pkg_install/files/add/pkg_add.1 | 26 +-
pkgtools/pkg_install/files/add/pkg_add.cat1 | 45 +-
pkgtools/pkg_install/files/add/verify.c | 179 -----
pkgtools/pkg_install/files/add/verify.h | 40 -
pkgtools/pkg_install/files/admin/Makefile.in | 11 +-
pkgtools/pkg_install/files/admin/main.c | 31 +-
pkgtools/pkg_install/files/configure | 39 +-
pkgtools/pkg_install/files/configure.ac | 18 +-
pkgtools/pkg_install/files/lib/Makefile.in | 13 +-
pkgtools/pkg_install/files/lib/lib.h | 24 +-
pkgtools/pkg_install/files/lib/parse-config.c | 12 +-
pkgtools/pkg_install/files/lib/pkcs7.c | 266 +++++++
pkgtools/pkg_install/files/lib/pkg_signature.c | 604 ++++++++++++++++++
pkgtools/pkg_install/files/lib/version.h | 4 +-
pkgtools/pkg_install/files/lib/vulnerabilities-file.c | 55 +-
19 files changed, 1089 insertions(+), 377 deletions(-)
diffs (truncated from 1965 to 300 lines):
diff -r 8104e2b23835 -r 25b7b70e81c6 pkgtools/pkg_install/Makefile
--- a/pkgtools/pkg_install/Makefile Fri May 09 00:49:38 2008 +0000
+++ b/pkgtools/pkg_install/Makefile Sun May 11 20:20:37 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.152 2008/04/23 14:37:10 joerg Exp $
+# $NetBSD: Makefile,v 1.152.2.1 2008/05/11 20:20:37 joerg Exp $
# Notes to package maintainers:
#
@@ -23,10 +23,8 @@
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
CONFIGURE_ARGS+= --with-pkgdbdir=${PKG_DBDIR:Q}
-CONFIGURE_ARGS+= --with-ftp=${FETCH_CMD:Q}
CONFIGURE_ARGS+= --with-pax=${PAX:Q}
-CONFIGURE_ARGS+= --with-tar=${TAR:Q}
-USE_TOOLS+= pax:run tar:run gzcat:run
+USE_TOOLS+= pax:run
# The following tools are needed by pkg_view and linkfarm.
USE_TOOLS+= chmod cmp cp env find grep ln mkdir rm rmdir \
@@ -84,21 +82,19 @@
VERSION!= ${AWK} -F '"' '/PKGTOOLS_VERSION/ {print $$2}' \
${FILESDIR}/lib/version.h
-# Make sure the audit-packages files pick up the right tools in the right
-# places.
-#
-SUBST_CLASSES= paths
-SUBST_STAGE.paths= pre-configure
-SUBST_MESSAGE.paths= Fixing paths in scripts.
-SUBST_FILES.paths= audit-packages/Makefile.in
-SUBST_SED.paths= -e 's,_gzcat_,${GZCAT},g'
-
# linkresolver interface appeared in libarchive 2.5.
BUILDLINK_API_DEPENDS.libarchive+= libarchive>=2.5
.include "../../archivers/bzip2/builtin.mk"
.include "../../archivers/libarchive/builtin.mk"
.include "../../devel/zlib/builtin.mk"
+.include "../../security/openssl/builtin.mk"
+
+.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
+CONFIGURE_ARGS+= --with-ssl
+
+.include "../../security/openssl/buildlink3.mk"
+.endif
.if empty(USE_BUILTIN.bzip2:M[yY][eE][sS]) || \
empty(USE_BUILTIN.zlib:M[yY][eE][sS])
diff -r 8104e2b23835 -r 25b7b70e81c6 pkgtools/pkg_install/files/add/Makefile.in
--- a/pkgtools/pkg_install/files/add/Makefile.in Fri May 09 00:49:38 2008 +0000
+++ b/pkgtools/pkg_install/files/add/Makefile.in Sun May 11 20:20:37 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.in,v 1.16.4.1 2008/04/26 17:44:23 joerg Exp $
+# $NetBSD: Makefile.in,v 1.16.4.2 2008/05/11 20:20:37 joerg Exp $
srcdir= @srcdir@
@@ -13,17 +13,25 @@
CC= @CC@
CCLD= $(CC)
-LIBS= -linstall -lfetch -larchive -lbz2 -lz @LIBS@
CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I../lib
DEFS= @DEFS@ -DOPSYS_NAME=\"$(OPSYS)\" -DMACHINE_ARCH=\"$(MACHINE_ARCH)\" -DBINDIR=\"$(sbindir)\"
CFLAGS= @CFLAGS@
LDFLAGS= @LDFLAGS@ -L../lib
+SSL_SUPPORT= @ssl_support@
+
+LIBS= -linstall -lfetch -lcrypto -larchive -lbz2 -lz
+.if !empty(SSL_SUPPORT)
+LIBS+= -lcrypto
+CPPFLAGS+= -DHAVE_SSL
+.endif
+LIBS+= @LIBS@
+
INSTALL= @INSTALL@
PROG= pkg_add
-OBJS= main.o perform.o verify.o
+OBJS= main.o perform.o
all: $(PROG)
diff -r 8104e2b23835 -r 25b7b70e81c6 pkgtools/pkg_install/files/add/main.c
--- a/pkgtools/pkg_install/files/add/main.c Fri May 09 00:49:38 2008 +0000
+++ b/pkgtools/pkg_install/files/add/main.c Sun May 11 20:20:37 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.14.4.1 2008/04/26 17:44:23 joerg Exp $ */
+/* $NetBSD: main.c,v 1.14.4.2 2008/05/11 20:20:37 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -11,7 +11,7 @@
#if 0
static char *rcsid = "from FreeBSD Id: main.c,v 1.16 1997/10/08 07:45:43 charnier Exp";
#else
-__RCSID("$NetBSD: main.c,v 1.14.4.1 2008/04/26 17:44:23 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.14.4.2 2008/05/11 20:20:37 joerg Exp $");
#endif
#endif
@@ -47,9 +47,8 @@
#endif
#include "lib.h"
#include "add.h"
-#include "verify.h"
-static char Options[] = "AIK:LRVW:fhm:np:s:t:uvw:";
+static char Options[] = "AIK:LRVW:fhm:np:t:uvw:";
char *OverrideMachine = NULL;
char *Prefix = NULL;
@@ -66,7 +65,7 @@
usage(void)
{
(void) fprintf(stderr, "%s\n%s\n%s\n",
- "usage: pkg_add [-AfhILnRuVv] [-K pkg_dbdir] [-m machine] [-p prefix]",
+ "usage: pkg_add [-AfhILnRuVv] [-C config] [-K pkg_dbdir] [-m machine] [-p prefix]",
" [-s verification-type] [-W viewbase] [-w view]",
" [[ftp|http]://[user[:password]@]host[:port]][/path/]pkg-name ...");
exit(1);
@@ -87,6 +86,9 @@
Automatic = TRUE;
break;
+ case 'C':
+ config_file = optarg;
+
case 'f':
Force = TRUE;
break;
@@ -120,12 +122,6 @@
Prefix = optarg;
break;
-#if 0
- case 's':
- set_verification(optarg);
- break;
-#endif
-
case 'u':
Replace++;
break;
@@ -156,6 +152,8 @@
argc -= optind;
argv += optind;
+ pkg_install_config();
+
path_create(getenv("PKG_PATH"));
TAILQ_INIT(&pkgs);
diff -r 8104e2b23835 -r 25b7b70e81c6 pkgtools/pkg_install/files/add/perform.c
--- a/pkgtools/pkg_install/files/add/perform.c Fri May 09 00:49:38 2008 +0000
+++ b/pkgtools/pkg_install/files/add/perform.c Sun May 11 20:20:37 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: perform.c,v 1.70.4.1 2008/04/26 17:44:23 joerg Exp $ */
+/* $NetBSD: perform.c,v 1.70.4.2 2008/05/11 20:20:37 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -6,7 +6,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: perform.c,v 1.70.4.1 2008/04/26 17:44:23 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.70.4.2 2008/05/11 20:20:37 joerg Exp $");
/*-
* Copyright (c) 2003 Grant Beattie <grant%NetBSD.org@localhost>
@@ -71,7 +71,7 @@
};
struct pkg_task {
- const char *pkgname;
+ char *pkgname;
const char *prefix;
const char *install_prefix;
@@ -139,9 +139,17 @@
found_required = 0;
+ r = ARCHIVE_OK;
last_descr = 0;
- while ((r = archive_read_next_header(pkg->archive, &pkg->entry)) ==
- ARCHIVE_OK) {
+
+ if (pkg->entry != NULL)
+ goto skip_header;
+
+ for (;;) {
+ r = archive_read_next_header(pkg->archive, &pkg->entry);
+ if (r != ARCHIVE_OK)
+ break;
+skip_header:
fname = archive_entry_pathname(pkg->entry);
for (descr = pkg_meta_descriptors; descr->entry_filename;
@@ -175,7 +183,7 @@
if ((*target = malloc(size + 1)) == NULL)
err(2, "cannot allocate meta data");
if (archive_read_data(pkg->archive, *target, size) != size) {
- warn("cannot read package meta data");
+ warnx("cannot read package meta data");
return -1;
}
(*target)[size] = '\0';
@@ -183,13 +191,15 @@
if (r != ARCHIVE_OK)
pkg->entry = NULL;
+ if (r == ARCHIVE_EOF)
+ r = ARCHIVE_OK;
for (descr = pkg_meta_descriptors; descr->entry_filename; ++descr) {
if (descr->required_file)
--found_required;
}
- return !found_required ? 0 : -1;
+ return !found_required && r == ARCHIVE_OK ? 0 : -1;
}
/*
@@ -222,7 +232,12 @@
warnx("Invalid PLIST: missing @name");
return -1;
}
- pkg->pkgname = p->name;
+ if (pkg->pkgname == NULL)
+ pkg->pkgname = strdup(p->name);
+ else if (strcmp(pkg->pkgname, p->name) != 0) {
+ warnx("Signature and PLIST differ on package name");
+ return -1;
+ }
if ((p = find_plist(&pkg->plist, PLIST_CWD)) == NULL) {
warnx("Invalid PLIST: missing @cwd");
return -1;
@@ -1054,6 +1069,9 @@
{
int status;
void *archive_cookie;
+#ifdef HAVE_SSL
+ void*signature_cookie;
+#endif
struct pkg_task *pkg;
if ((pkg = calloc(1, sizeof(*pkg))) == NULL)
@@ -1065,6 +1083,11 @@
warnx("no pkg found for '%s', sorry.", pkgpath);
goto clean_memory;
}
+#ifdef HAVE_SSL
+ if (pkg_verify_signature(&pkg->archive, &pkg->entry, &pkg->pkgname,
+ &signature_cookie))
+ goto clean_memory;
+#endif
if (read_meta_data(pkg))
goto clean_memory;
@@ -1205,6 +1228,10 @@
close_archive(archive_cookie);
}
free(pkg->other_version);
+ free(pkg->pkgname);
+#ifdef HAVE_SSL
+ pkg_free_signature(signature_cookie);
+#endif
free(pkg);
return status;
}
diff -r 8104e2b23835 -r 25b7b70e81c6 pkgtools/pkg_install/files/add/pkg_add.1
--- a/pkgtools/pkg_install/files/add/pkg_add.1 Fri May 09 00:49:38 2008 +0000
+++ b/pkgtools/pkg_install/files/add/pkg_add.1 Sun May 11 20:20:37 2008 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_add.1,v 1.28.6.1 2008/04/26 17:44:23 joerg Exp $
+.\" $NetBSD: pkg_add.1,v 1.28.6.2 2008/05/11 20:20:37 joerg Exp $
.\"
.\" FreeBSD install - a package for the installation and maintenance
.\" of non-core utilities.
@@ -17,7 +17,7 @@
.\"
.\" @(#)pkg_add.1
.\"
-.Dd August 23, 2007
+.Dd May 9, 2008
.Dt PKG_ADD 1
.Os
.Sh NAME
@@ -29,7 +29,6 @@
.Op Fl K Ar pkg_dbdir
.Op Fl m Ar machine
.Op Fl p Ar prefix
-.Op Fl s Ar verification-type
Home |
Main Index |
Thread Index |
Old Index