Validate the sha256sum if available
Adjust load_internal() to check the sha256sum value if we have it. Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
parent
f37c501657
commit
bd5ec9cd8e
|
@ -274,11 +274,15 @@ static alpm_file_t *files_msort(alpm_file_t *files, size_t n)
|
|||
* @param handle the context handle
|
||||
* @param pkgfile path to the package file
|
||||
* @param full whether to stop the load after metadata is read or continue
|
||||
* through the full archive
|
||||
* through the full archive
|
||||
* @param md5sum the expected md5sum of the package file if known
|
||||
* @param sha256sum the expected sha256sum of the package file if known
|
||||
* @param base64_sig the encoded signature of the package file if known
|
||||
* @param level the required level of signature verification
|
||||
* @return An information filled alpm_pkg_t struct
|
||||
*/
|
||||
alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle, const char *pkgfile,
|
||||
int full, const char *md5sum, const char *base64_sig,
|
||||
int full, const char *md5sum, const char *sha256sum, const char *base64_sig,
|
||||
alpm_siglevel_t level)
|
||||
{
|
||||
int ret;
|
||||
|
@ -311,7 +315,16 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle, const char *pkgfile,
|
|||
_alpm_log(handle, ALPM_LOG_DEBUG, "md5sum: %s\n", md5sum);
|
||||
if(md5sum) {
|
||||
_alpm_log(handle, ALPM_LOG_DEBUG, "checking md5sum for %s\n", pkgfile);
|
||||
if(_alpm_test_md5sum(pkgfile, md5sum) != 0) {
|
||||
if(_alpm_test_checksum(pkgfile, md5sum, ALPM_CSUM_MD5) != 0) {
|
||||
alpm_pkg_free(newpkg);
|
||||
RET_ERR(handle, ALPM_ERR_PKG_INVALID_CHECKSUM, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
_alpm_log(handle, ALPM_LOG_DEBUG, "sha256sum: %s\n", sha256sum);
|
||||
if(sha256sum) {
|
||||
_alpm_log(handle, ALPM_LOG_DEBUG, "checking sha256sum for %s\n", pkgfile);
|
||||
if(_alpm_test_checksum(pkgfile, sha256sum, ALPM_CSUM_SHA256) != 0) {
|
||||
alpm_pkg_free(newpkg);
|
||||
RET_ERR(handle, ALPM_ERR_PKG_INVALID_CHECKSUM, NULL);
|
||||
}
|
||||
|
@ -458,7 +471,7 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful
|
|||
CHECK_HANDLE(handle, return -1);
|
||||
ASSERT(pkg != NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1));
|
||||
|
||||
*pkg = _alpm_pkg_load_internal(handle, filename, full, NULL, NULL, level);
|
||||
*pkg = _alpm_pkg_load_internal(handle, filename, full, NULL, NULL, NULL, level);
|
||||
if(*pkg == NULL) {
|
||||
/* pm_errno is set by pkg_load */
|
||||
return -1;
|
||||
|
|
|
@ -69,7 +69,7 @@ int SYMEXPORT alpm_pkg_checkmd5sum(alpm_pkg_t *pkg)
|
|||
|
||||
fpath = _alpm_filecache_find(pkg->handle, alpm_pkg_get_filename(pkg));
|
||||
|
||||
retval = _alpm_test_md5sum(fpath, alpm_pkg_get_md5sum(pkg));
|
||||
retval = _alpm_test_checksum(fpath, pkg->md5sum, ALPM_CSUM_MD5);
|
||||
|
||||
if(retval == 0) {
|
||||
return 0;
|
||||
|
|
|
@ -150,7 +150,7 @@ void _alpm_pkg_free_trans(alpm_pkg_t *pkg);
|
|||
|
||||
|
||||
alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle, const char *pkgfile,
|
||||
int full, const char *md5sum, const char *base64_sig,
|
||||
int full, const char *md5sum, const char *sha256sum, const char *base64_sig,
|
||||
alpm_siglevel_t level);
|
||||
|
||||
int _alpm_pkg_cmp(const void *p1, const void *p2);
|
||||
|
|
|
@ -721,7 +721,7 @@ static int validate_deltas(alpm_handle_t *handle, alpm_list_t *deltas,
|
|||
alpm_delta_t *d = alpm_list_getdata(i);
|
||||
char *filepath = _alpm_filecache_find(handle, d->delta);
|
||||
|
||||
ret = _alpm_test_md5sum(filepath, d->delta_md5);
|
||||
ret = _alpm_test_checksum(filepath, d->delta_md5, ALPM_CSUM_MD5);
|
||||
if(ret != 0) {
|
||||
prompt_to_delete(trans, filepath, ALPM_ERR_DLT_INVALID);
|
||||
errors++;
|
||||
|
@ -909,7 +909,7 @@ int _alpm_sync_commit(alpm_handle_t *handle, alpm_list_t **data)
|
|||
"replacing pkgcache entry with package file for target %s\n",
|
||||
spkg->name);
|
||||
alpm_pkg_t *pkgfile =_alpm_pkg_load_internal(handle, filepath, 1, spkg->md5sum,
|
||||
spkg->base64_sig, level);
|
||||
spkg->sha256sum, spkg->base64_sig, level);
|
||||
if(!pkgfile) {
|
||||
prompt_to_delete(trans, filepath, handle->pm_errno);
|
||||
errors++;
|
||||
|
|
|
@ -829,25 +829,6 @@ char SYMEXPORT *alpm_compute_md5sum(const char *filename)
|
|||
return md5sum;
|
||||
}
|
||||
|
||||
int _alpm_test_md5sum(const char *filepath, const char *md5sum)
|
||||
{
|
||||
char *md5sum2;
|
||||
int ret;
|
||||
|
||||
md5sum2 = alpm_compute_md5sum(filepath);
|
||||
|
||||
if(md5sum == NULL || md5sum2 == NULL) {
|
||||
ret = -1;
|
||||
} else if(strcmp(md5sum, md5sum2) != 0) {
|
||||
ret = 1;
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
FREE(md5sum2);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/** Get the sha256 sum of file.
|
||||
* @param filename name of the file
|
||||
* @return the checksum on success, NULL on error
|
||||
|
@ -879,6 +860,32 @@ char SYMEXPORT *alpm_compute_sha256sum(const char *filename)
|
|||
return sha256sum;
|
||||
}
|
||||
|
||||
int _alpm_test_checksum(const char *filepath, const char *expected,
|
||||
enum _alpm_csum type)
|
||||
{
|
||||
char *computed;
|
||||
int ret;
|
||||
|
||||
if(type == ALPM_CSUM_MD5) {
|
||||
computed = alpm_compute_md5sum(filepath);
|
||||
} else if(type == ALPM_CSUM_SHA256) {
|
||||
computed = alpm_compute_sha256sum(filepath);
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(expected == NULL || computed == NULL) {
|
||||
ret = -1;
|
||||
} else if(strcmp(expected, computed) != 0) {
|
||||
ret = 1;
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
FREE(computed);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Note: does NOT handle sparse files on purpose for speed. */
|
||||
int _alpm_archive_fgets(struct archive *a, struct archive_read_buffer *b)
|
||||
{
|
||||
|
|
|
@ -91,6 +91,11 @@ struct archive_read_buffer {
|
|||
int ret;
|
||||
};
|
||||
|
||||
enum _alpm_csum {
|
||||
ALPM_CSUM_MD5,
|
||||
ALPM_CSUM_SHA256,
|
||||
};
|
||||
|
||||
int _alpm_makepath(const char *path);
|
||||
int _alpm_makepath_mode(const char *path, mode_t mode);
|
||||
int _alpm_copyfile(const char *src, const char *dest);
|
||||
|
@ -109,7 +114,7 @@ int _alpm_str_cmp(const void *s1, const void *s2);
|
|||
char *_alpm_filecache_find(alpm_handle_t *handle, const char *filename);
|
||||
const char *_alpm_filecache_setup(alpm_handle_t *handle);
|
||||
int _alpm_lstat(const char *path, struct stat *buf);
|
||||
int _alpm_test_md5sum(const char *filepath, const char *md5sum);
|
||||
int _alpm_test_checksum(const char *filepath, const char *expected, enum _alpm_csum type);
|
||||
int _alpm_archive_fgets(struct archive *a, struct archive_read_buffer *b);
|
||||
int _alpm_splitname(const char *target, char **name, char **version,
|
||||
unsigned long *name_hash);
|
||||
|
|
Loading…
Reference in New Issue