summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorticktock35 <ticktock35@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358>2008-12-28 02:53:44 (EST)
committer ticktock35 <ticktock35@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358>2008-12-28 02:53:44 (EST)
commitfb70577757cf49404fc6e837bd94d4f7d1f81f61 (patch)
tree3b5a9d6380b0cb4d3f5fe9de0791cc004001f875
parent2c6f8eda7145ce3e8645567aa930b16853770f94 (diff)
adding check_signature config
default if off you can turn that on via adding one line in /etc/opkg/opkg.conf file + option check_signature 1 git-svn-id: http://opkg.googlecode.com/svn/trunk@193 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358
-rw-r--r--libopkg/opkg.c66
-rw-r--r--libopkg/opkg_cmd.c58
-rw-r--r--libopkg/opkg_conf.c1
-rw-r--r--libopkg/opkg_conf.h1
-rw-r--r--libopkg/opkg_download.c2
-rw-r--r--libopkg/opkg_install.c2
6 files changed, 69 insertions, 61 deletions
diff --git a/libopkg/opkg.c b/libopkg/opkg.c
index d69721b..11b5ee7 100644
--- a/libopkg/opkg.c
+++ b/libopkg/opkg.c
@@ -850,42 +850,44 @@ opkg_update_package_lists (opkg_t *opkg, opkg_progress_callback_t progress_callb
free (url);
#ifdef HAVE_GPGME
- char *sig_file_name;
- /* download detached signitures to verify the package lists */
- /* get the url for the sig file */
- if (src->extra_data) /* debian style? */
- sprintf_alloc (&url, "%s/%s/%s", src->value, src->extra_data,
- "Packages.sig");
- else
- sprintf_alloc (&url, "%s/%s", src->value, "Packages.sig");
+ if ( opkg->conf->check_signature ) {
+ char *sig_file_name;
+ /* download detached signitures to verify the package lists */
+ /* get the url for the sig file */
+ if (src->extra_data) /* debian style? */
+ sprintf_alloc (&url, "%s/%s/%s", src->value, src->extra_data,
+ "Packages.sig");
+ else
+ sprintf_alloc (&url, "%s/%s", src->value, "Packages.sig");
- /* create filename for signature */
- sprintf_alloc (&sig_file_name, "%s/%s.sig", lists_dir, src->name);
+ /* create filename for signature */
+ sprintf_alloc (&sig_file_name, "%s/%s.sig", lists_dir, src->name);
- /* make sure there is no existing signature file */
- unlink (sig_file_name);
+ /* make sure there is no existing signature file */
+ unlink (sig_file_name);
- err = opkg_download (opkg->conf, url, sig_file_name, NULL, NULL);
- if (err)
- {
- /* XXX: Warning: Download failed */
- }
- else
- {
- int err;
- err = opkg_verify_file (opkg->conf, list_file_name, sig_file_name);
- if (err == 0)
- {
- /* XXX: Notice: Signature check passed */
- }
- else
- {
- /* XXX: Warning: Signature check failed */
- }
+ err = opkg_download (opkg->conf, url, sig_file_name, NULL, NULL);
+ if (err)
+ {
+ /* XXX: Warning: Download failed */
+ }
+ else
+ {
+ int err;
+ err = opkg_verify_file (opkg->conf, list_file_name, sig_file_name);
+ if (err == 0)
+ {
+ /* XXX: Notice: Signature check passed */
+ }
+ else
+ {
+ /* XXX: Warning: Signature check failed */
+ }
+ }
+ free (sig_file_name);
+ free (list_file_name);
+ free (url);
}
- free (sig_file_name);
- free (list_file_name);
- free (url);
#else
/* XXX: Note: Signature check for %s skipped because GPG support was not
* enabled in this build
diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c
index 411bb72..043536c 100644
--- a/libopkg/opkg_cmd.c
+++ b/libopkg/opkg_cmd.c
@@ -261,34 +261,36 @@ static int opkg_update_cmd(opkg_conf_t *conf, int argc, char **argv)
free(url);
#ifdef HAVE_GPGME
- /* download detached signitures to verify the package lists */
- /* get the url for the sig file */
- if (src->extra_data) /* debian style? */
- sprintf_alloc(&url, "%s/%s/%s", src->value, src->extra_data,
- "Packages.sig");
- else
- sprintf_alloc(&url, "%s/%s", src->value, "Packages.sig");
-
- /* create temporary file for it */
- char *tmp_file_name;
-
- sprintf_alloc (&tmp_file_name, "%s/%s", tmp, "Packages.sig");
-
- err = opkg_download(conf, url, tmp_file_name, NULL, NULL);
- if (err) {
- failures++;
- opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
- } else {
- int err;
- err = opkg_verify_file (conf, list_file_name, tmp_file_name);
- if (err == 0)
- opkg_message (conf, OPKG_NOTICE, "Signature check passed\n");
- else
- opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
- }
- unlink (tmp_file_name);
- free (tmp_file_name);
- free (url);
+ if (conf->check_signature) {
+ /* download detached signitures to verify the package lists */
+ /* get the url for the sig file */
+ if (src->extra_data) /* debian style? */
+ sprintf_alloc(&url, "%s/%s/%s", src->value, src->extra_data,
+ "Packages.sig");
+ else
+ sprintf_alloc(&url, "%s/%s", src->value, "Packages.sig");
+
+ /* create temporary file for it */
+ char *tmp_file_name;
+
+ sprintf_alloc (&tmp_file_name, "%s/%s", tmp, "Packages.sig");
+
+ err = opkg_download(conf, url, tmp_file_name, NULL, NULL);
+ if (err) {
+ failures++;
+ opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
+ } else {
+ int err;
+ err = opkg_verify_file (conf, list_file_name, tmp_file_name);
+ if (err == 0)
+ opkg_message (conf, OPKG_NOTICE, "Signature check passed\n");
+ else
+ opkg_message (conf, OPKG_NOTICE, "Signature check failed\n");
+ }
+ unlink (tmp_file_name);
+ free (tmp_file_name);
+ free (url);
+ }
#else
// Do nothing
#endif
diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
index d722a0d..ac785c8 100644
--- a/libopkg/opkg_conf.c
+++ b/libopkg/opkg_conf.c
@@ -56,6 +56,7 @@ int opkg_init_options_array(const opkg_conf_t *conf, opkg_option_t **options)
{ "force_downgrade", OPKG_OPT_TYPE_BOOL, &conf->force_downgrade },
{ "force_reinstall", OPKG_OPT_TYPE_BOOL, &conf->force_reinstall },
{ "force_space", OPKG_OPT_TYPE_BOOL, &conf->force_space },
+ { "check_signature", OPKG_OPT_TYPE_INT, &conf->check_signature },
{ "ftp_proxy", OPKG_OPT_TYPE_STRING, &conf->ftp_proxy },
{ "http_proxy", OPKG_OPT_TYPE_STRING, &conf->http_proxy },
{ "no_proxy", OPKG_OPT_TYPE_STRING, &conf->no_proxy },
diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index 407c8de..c2f9015 100644
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -63,6 +63,7 @@ struct opkg_conf
int force_space;
int force_removal_of_dependent_packages;
int force_removal_of_essential_packages;
+ int check_signature;
int nodeps; /* do not follow dependences */
char *offline_root;
char *offline_root_path;
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index 93b5084..a212969 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -304,6 +304,8 @@ int
opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file)
{
#ifdef HAVE_GPGME
+ if (conf->check_signature == 0 )
+ return 0;
int status = -1;
gpgme_ctx_t ctx;
gpgme_data_t sig, text, key;
diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c
index 5f154a5..50cdabb 100644
--- a/libopkg/opkg_install.c
+++ b/libopkg/opkg_install.c
@@ -832,7 +832,7 @@ int opkg_install_pkg(opkg_conf_t *conf, pkg_t *pkg, int from_upgrade)
char *list_file_name, *sig_file_name, *lists_dir;
/* check to ensure the package has come from a repository */
- if (pkg->src)
+ if (conf->check_signature && pkg->src)
{
sprintf_alloc (&lists_dir, "%s",
(conf->restrict_to_default_dest)