repo

List, download and sync packs with remote repositories
Log | Files | Refs | README

commit ebc4a2bd4e1b087652ee804241fd982a2592d82b
parent d3a89dc9b29fb289077b2f9c6c5e46a7f420b8dc
Author: z3bra <contactatz3bradotorg>
Date:   Tue May 16 20:03:12 +0200

Make pack verification optionnal

Pack verification can now be disabled using the -u flag (for untrusted).
This allow caching packs even if there is no signature or if we don't
have the public key.

Diffstat:
config.mk | 2+-
parse.y | 14++++++++++----
repo.1 | 2++
repo.c | 119++++++++++++++++++++++++++++++++++++++++++++-----------------------------------
repo.h | 2+-
5 files changed, 81 insertions(+), 58 deletions(-)
diff --git a/config.mk b/config.mk @@ -7,7 +7,7 @@ YACC = yacc PREFIX = /usr/local MANDIR = ${PREFIX}/man -CPPFLAGS = -DVERSION=\"${VERSION}\" -DCHECKSIG +CPPFLAGS = -DVERSION=\"${VERSION}\" CFLAGS = ${CPPFLAGS} -Wall -Wextra -pedantic -g LDFLAGS = LIBS = -lcurl -lssl -lcrypto -ldl -lz -lpthread diff --git a/parse.y b/parse.y @@ -50,6 +50,7 @@ static int findeol(void); static struct repos *repos = NULL; static char *local = NULL; +static int *verify = NULL; typedef struct { union { @@ -60,7 +61,7 @@ typedef struct { } YYSTYPE; %} -%token REPO LOCAL ERROR +%token REPO LOCAL VERIFY ERROR %token <v.string> STRING %token <v.number> NUMBER %% @@ -79,6 +80,9 @@ main : REPO STRING { | LOCAL STRING { strncpy(local, $2, PATH_MAX); } + | VERIFY NUMBER { + *verify = !$2; + } ; %% @@ -113,8 +117,9 @@ lookup(char *s) { /* this has to be sorted always */ static const struct keywords keywords[] = { - { "local", LOCAL }, - { "repo", REPO } + { "local", LOCAL }, + { "repo", REPO }, + { "verify", VERIFY } }; const struct keywords *p; @@ -375,7 +380,7 @@ popfile(void) } int -parseconf(struct repos *rlist, char *localrepo, const char *filename) +parseconf(struct repos *rlist, char *localrepo, int *untrust, const char *filename) { int errors = 0; @@ -387,6 +392,7 @@ parseconf(struct repos *rlist, char *localrepo, const char *filename) repos = rlist; local = localrepo; + verify = untrust; yyparse(); errors = file->errors; diff --git a/repo.1 b/repo.1 @@ -33,6 +33,8 @@ in the local filesystem. List packs available for downloads in all the repositories. .It Fl s Retrieve the pack list from the remote repositories. +.It Fl u +Allow installtin untrusted packs (disable signature verification) .El .Sh SEE ALSO .Xr pack 5 , diff --git a/repo.c b/repo.c @@ -18,19 +18,18 @@ void usage(char *); int download(char *, FILE *); -int cachepack(char *, char *, struct packs *); +int checkpack(char *, char *); +int cachepack(char *, char *, struct packs *, int); int verbose = 0; -int fflag, lflag, sflag; +int fflag, lflag, sflag, uflag; -#ifdef CHECKSIG char *sickexec[] = { "sick", "-a", NULL }; -#endif void usage(char *name) { - fprintf(stderr, "usage: %s [-c FILE] [-fls] [-r URL] [PACK..]\n", name); + fprintf(stderr, "usage: %s [-c FILE] [-flsu] [-r URL] [PACK..]\n", name); exit(1); } @@ -147,17 +146,56 @@ download(char *url, FILE *fd) return 0; } +int +checkpack(char fn[PATH_MAX], char *url) +{ + FILE *f; + int fd[2], out, status; + pipe(fd); + if (!fork()) { + close(0); + close(1); + close(fd[1]); + dup2(fd[0], 0); + + if ((out = open(fn, O_WRONLY|O_CREAT|O_TRUNC, 0644)) < 0) { + perror(fn); + return -1; + } + dup2(out, 1); + execvp(sickexec[0], sickexec); + perror(sickexec[0]); + } + + close(fd[0]); + f = fdopen(fd[1], "w"); + if (!f) { + perror("pipe"); + exit(1); + } + + download(url, f); + fflush(f); + fclose(f); + + wait(&status); + if (status) { + fprintf(stderr, "%s: Pack verification failed\n", basename(fn)); + unlink(fn); + return -1; + } + return 0; +} + int -cachepack(char *name, char *localrepo, struct packs *plist) +cachepack(char *name, char *localrepo, struct packs *plist, int untrust) { + int ret = 0; FILE *f; char fn[PATH_MAX];; struct pack *p = NULL; struct stat sb; -#ifdef CHECKSIG - int fd[2], out, status; -#endif TAILQ_FOREACH(p, plist, entries) { if (!strncmp(p->name, name, PATH_MAX)) { @@ -167,53 +205,27 @@ cachepack(char *name, char *localrepo, struct packs *plist) continue; } -#ifdef CHECKSIG - pipe(fd); - if (!fork()) { - close(0); - close(1); - close(fd[1]); - dup2(fd[0], 0); - - if ((out = open(fn, O_WRONLY|O_CREAT|O_TRUNC, 0644)) < 0) { - perror(fn); - return -1; - } - dup2(out, 1); - execvp(sickexec[0], sickexec); - perror(sickexec[0]); + if (untrust) { + f = fopen(fn, "w"); + if (!f) { + perror(fn); + exit(1); + } + download(p->url, f); + fflush(f); + fclose(f); + } else { + if (checkpack(fn, p->url)) { + ret++; + continue; + } } - close(fd[0]); - f = fdopen(fd[1], "a"); - if (!f) { - perror("pipe"); - exit(1); - } -#else - f = fopen(fn, "a"); - if (!f) { - perror(fn); - exit(1); - } -#endif - download(p->url, f); - fflush(f); - fclose(f); - -#ifdef CHECKSIG - wait(&status); - if (status) { - fprintf(stderr, "%s: Pack verification failed\n", basename(fn)); - unlink(fn); - continue; - } -#endif puts(fn); break; } } - return 0; + return ret; } int @@ -248,6 +260,9 @@ main (int argc, char *argv[]) case 's': sflag = 1; break; + case 'u': + uflag = 1; + break; case 'l': lflag = 1; break; @@ -259,7 +274,7 @@ main (int argc, char *argv[]) }ARGEND; if (!stat(cfgfile, &sb)) - parseconf(&rlist, localrepo, cfgfile); + parseconf(&rlist, localrepo, &uflag, cfgfile); if (sflag) { snprintf(fn, PATH_MAX, "%s/%s", localrepo, DEFLISTFILE); @@ -287,7 +302,7 @@ main (int argc, char *argv[]) } while ((n = *(argv++))) - cachepack(n, localrepo, &plist); + cachepack(n, localrepo, &plist, uflag); return 0; } diff --git a/repo.h b/repo.h @@ -22,4 +22,4 @@ TAILQ_HEAD(repos, repo); struct pack *addpack(struct packs *, char *, char *, char *); struct repo *addrepo(struct repos *, char *); int repolist(struct packs *, char *); -int parseconf(struct repos *, char *, const char *); +int parseconf(struct repos *, char *, int *, const char *);