diff options
-rw-r--r-- | Makefile.am | 3 | ||||
-rw-r--r-- | configure.ac | 1 | ||||
-rw-r--r-- | libopkg/opkg_download.c | 28 | ||||
-rw-r--r-- | src/Makefile.am | 5 | ||||
-rw-r--r-- | utils/Makefile.am | 1 | ||||
-rwxr-xr-x | utils/opkg-key | 74 | ||||
-rwxr-xr-x | utils/update-alternatives (renamed from update-alternatives) | 0 |
7 files changed, 105 insertions, 7 deletions
diff --git a/Makefile.am b/Makefile.am index 8783593..1b38e26 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,4 @@ -SUBDIRS = libbb libopkg src tests +SUBDIRS = libbb libopkg src tests utils HOST_CPU=@host_cpu@ BUILD_CPU=@build_cpu@ @@ -9,7 +9,6 @@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libopkg.pc -bin_SCRIPTS = update-alternatives interceptdir = $(datadir)/opkg/intercept intercept_DATA = intercept/ldconfig intercept/depmod intercept/update-modules diff --git a/configure.ac b/configure.ac index e9b264d..e71a5be 100644 --- a/configure.ac +++ b/configure.ac @@ -137,5 +137,6 @@ AC_OUTPUT( tests/Makefile src/Makefile libbb/Makefile + utils/Makefile libopkg.pc ) diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index 6acdc32..1d882a1 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -233,27 +233,48 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) #ifdef HAVE_GPGME int status = -1; gpgme_ctx_t ctx; - gpgme_data_t sig, text; + gpgme_data_t sig, text, key; gpgme_error_t err = -1; gpgme_verify_result_t result; gpgme_signature_t s; + char *trusted_path = NULL; err = gpgme_new (&ctx); if (err) return -1; + sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg"); + err = gpgme_data_new_from_file (&key, trusted_path, 1); + free (trusted_path); + if (err) + { + return -1; + } + err = gpgme_op_import (ctx, key); + if (err) + { + gpgme_data_release (key); + return -1; + } + gpgme_data_release (key); + err = gpgme_data_new_from_file (&sig, sig_file, 1); if (err) + { + gpgme_release (ctx); return -1; + } err = gpgme_data_new_from_file (&text, text_file, 1); if (err) + { + gpgme_data_release (sig); + gpgme_release (ctx); return -1; + } err = gpgme_op_verify (ctx, sig, text, NULL); - if (err) - return -1; result = gpgme_op_verify_result (ctx); if (!result) @@ -269,6 +290,7 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) s = s->next; } + gpgme_data_release (sig); gpgme_data_release (text); gpgme_release (ctx); diff --git a/src/Makefile.am b/src/Makefile.am index 1fb3ec9..35aaa2a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,8 +1,9 @@ AM_CFLAGS = -I${top_srcdir}/libopkg ${ALL_CFLAGS} -bin_PROGRAMS = opkg-cl +bin_PROGRAMS = opkg-cl opkg-key opkg_cl_SOURCES = opkg-frontend.c opkg_cl_LDADD = $(top_builddir)/libopkg/libopkg.la \ $(top_builddir)/libbb/libbb.la - +opkg_key_SOURCES = opkg-key.c +opkg_key_LDADD = $(GPGME_LIBS) diff --git a/utils/Makefile.am b/utils/Makefile.am new file mode 100644 index 0000000..7019e4b --- /dev/null +++ b/utils/Makefile.am @@ -0,0 +1 @@ +bin_SCRIPTS = update-alternatives opkg-key diff --git a/utils/opkg-key b/utils/opkg-key new file mode 100755 index 0000000..266bb66 --- /dev/null +++ b/utils/opkg-key @@ -0,0 +1,74 @@ +#!/bin/sh + +# Based on apt-key from apt-0.6.25 +# Licensed under GPL Version 2 + +set -e + +usage() { + echo "Usage: opkg-key [options] command [arguments]" + echo + echo "Manage opkg's list of trusted keys" + echo + echo " opkg-key add <file> - add the key contained in <file> ('-' for stdin)" + echo " opkg-key del <keyid> - remove the key <keyid>" + echo " opkg-key list - list keys" + echo + echo "Options:" + echo " -o <root> Use <root> as the offline root directory" + echo +} + +if [ "$1" = "-o" ]; then + ROOT=$2 + shift 2 + echo "Note: using \"$ROOT\" as root path" +else + ROOT="" +fi + +command="$1" +if [ -z "$command" ]; then + usage + exit 1 +fi +shift + +if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then + echo >&2 "Warning: gnupg does not seem to be installed." + echo >&2 "Warning: opkg-key requires gnupg for most operations." + echo >&2 +fi + +# We don't use a secret keyring, of course, but gpg panics and +# implodes if there isn't one available + +GPG="gpg --no-options --no-default-keyring --keyring $ROOT/etc/opkg/trusted.gpg --secret-keyring $ROOT/etc/opkg/secring.gpg --trustdb-name $ROOT/etc/opkg/trustdb.gpg" + +case "$command" in + add) + $GPG --quiet --batch --import "$1" + echo "OK" + ;; + del|rm|remove) + $GPG --quiet --batch --delete-key --yes "$1" + echo "OK" + ;; + list) + $GPG --batch --list-keys + ;; + finger*) + $GPG --batch --fingerprint + ;; + adv*) + echo "Executing: $GPG $*" + $GPG $* + ;; + help) + usage + ;; + *) + usage + exit 1 + ;; +esac diff --git a/update-alternatives b/utils/update-alternatives index 4983e19..4983e19 100755 --- a/update-alternatives +++ b/utils/update-alternatives |