Skip to content

Commit 8d5c48b

Browse files
author
Juan RP
committed
Added support for the long awaited feature: RSA signed repositories.
1 parent ae2eea8 commit 8d5c48b

File tree

29 files changed

+1121
-155
lines changed

29 files changed

+1121
-155
lines changed

NEWS

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,20 @@
1+
xbps-0.27 (???):
2+
3+
* Support for RSA signed repositories. A repository can be signed with your
4+
preferred RSA key (any ssh key works) as follows:
5+
6+
$ xbps-rindex -s --signedby "foobar <foo@bar>" --privkey /priv/key /path/to/repo
7+
8+
The first time xbps-install(8) access to a signed repository it will ask you
9+
to import its public key to verify the signature. Please double-check the
10+
hex fingerprint of the public key is the real one!
11+
12+
Once the public key has been imported it's not expected to change, hence if the
13+
repository index has been modified or signed with another key, it will be ignored.
14+
15+
Starting from now on all remote repositories must be signed and verified.
16+
Local repos do not need to be signed and they will work as before.
17+
118
xbps-0.26 (2013-09-25):
219

320
* xbps-query(8): the `-D --defrepo' argument has been superseded by

TODO

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,6 @@ xbps-create:
77
- Move all configuration files to <prefix>/share/<pkgname>/conf/<cffile>.
88
- Add -i --installed option to create binpkg from an installed version.
99

10-
All:
11-
- Add support to sign with PGP or RSA the repository index files.
12-
13-
Issues listed at http://code.google.com/p/xbps/issues/list
10+
Issues listed at https://github.com/xtraeme/xbps/issues
1411

1512
Surely more stuff...

bin/xbps-install/defs.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ bool noyes(const char *, ...);
4848
void fetch_file_progress_cb(struct xbps_fetch_cb_data *, void *);
4949

5050
/* from state_cb.c */
51-
void state_cb(struct xbps_state_cb_data *, void *);
51+
int state_cb(struct xbps_state_cb_data *, void *);
5252

5353
/* From util.c */
5454
void print_package_line(const char *, int, bool);

bin/xbps-install/state_cb.c

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,13 +31,14 @@
3131
#include <xbps.h>
3232
#include "defs.h"
3333

34-
void
34+
int
3535
state_cb(struct xbps_state_cb_data *xscd, void *cbdata _unused)
3636
{
3737
xbps_dictionary_t pkgd;
3838
const char *instver, *newver;
3939
char *pkgname;
4040
bool syslog_enabled = false;
41+
int rv = 0;
4142

4243
if (xscd->xhp->flags & XBPS_FLAG_SYSLOG) {
4344
syslog_enabled = true;
@@ -46,6 +47,19 @@ state_cb(struct xbps_state_cb_data *xscd, void *cbdata _unused)
4647

4748
switch (xscd->state) {
4849
/* notifications */
50+
case XBPS_STATE_REPO_KEY_IMPORT:
51+
printf("%s\n", xscd->desc);
52+
printf("Fingerprint: ");
53+
xbps_print_hexfp(xscd->arg);
54+
printf("\n");
55+
rv = noyes("Do you want to import this public key?");
56+
break;
57+
case XBPS_STATE_REPO_SIGVERIFIED:
58+
printf("[*] RSA signature verified correctly\n");
59+
break;
60+
case XBPS_STATE_REPO_SIGUNVERIFIED:
61+
printf("[*] RSA signature UNVERIFIED! ignoring...\n");
62+
break;
4963
case XBPS_STATE_TRANS_DOWNLOAD:
5064
printf("\n[*] Downloading binary packages\n");
5165
break;
@@ -141,7 +155,7 @@ state_cb(struct xbps_state_cb_data *xscd, void *cbdata _unused)
141155
case XBPS_STATE_REMOVE_FILE_OBSOLETE_FAIL:
142156
/* Ignore errors due to not empty directories */
143157
if (xscd->err == ENOTEMPTY)
144-
return;
158+
return 0;
145159

146160
xbps_error_printf("%s\n", xscd->desc);
147161
if (syslog_enabled)
@@ -152,4 +166,6 @@ state_cb(struct xbps_state_cb_data *xscd, void *cbdata _unused)
152166
"%s: unknown state %d\n", xscd->arg, xscd->state);
153167
break;
154168
}
169+
170+
return rv;
155171
}

bin/xbps-query/list.c

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -156,8 +156,15 @@ list_pkgs_pkgdb(struct xbps_handle *xhp)
156156
static int
157157
repo_list_uri_cb(struct xbps_repo *repo, void *arg _unused, bool *done _unused)
158158
{
159-
printf("%5zd %s\n", repo->idx ? (ssize_t)xbps_dictionary_count(repo->idx) : -1, repo->uri);
160-
159+
printf("%5zd %s",
160+
repo->idx ? (ssize_t)xbps_dictionary_count(repo->idx) : -1,
161+
repo->uri);
162+
if (xbps_repository_is_remote(repo->uri)) {
163+
printf(" (RSA %s, %s)",
164+
repo->is_signed ? "signed" : "unsigned",
165+
repo->is_verified ? "verified" : "unverified");
166+
}
167+
printf("\n");
161168
return 0;
162169
}
163170

bin/xbps-query/ownedby.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ repo_ownedby_cb(struct xbps_repo *repo, void *arg, bool *done _unused)
162162
struct ffdata *ffd = arg;
163163
int rv;
164164

165-
filesd = xbps_repo_get_plist(repo, XBPS_PKGINDEX_FILES);
165+
filesd = xbps_repo_get_plist(repo, XBPS_REPOIDX_FILES);
166166
if (filesd == NULL)
167167
return 0;
168168

bin/xbps-query/search.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,9 @@ search_pkgs_cb(struct xbps_repo *repo, void *arg, bool *done _unused)
131131
struct search_data *sd = arg;
132132
int rv;
133133

134+
if (repo->idx == NULL)
135+
return 0;
136+
134137
allkeys = xbps_dictionary_all_keys(repo->idx);
135138
rv = xbps_array_foreach_cb(repo->xhp, allkeys, repo->idx, search_array_cb, sd);
136139
xbps_object_release(allkeys);

bin/xbps-reconfigure/main.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ usage(bool fail)
5050
exit(fail ? EXIT_FAILURE : EXIT_SUCCESS);
5151
}
5252

53-
static void
53+
static int
5454
state_cb(struct xbps_state_cb_data *xscd, void *cbd _unused)
5555
{
5656
bool syslog_enabled = false;
@@ -84,6 +84,8 @@ state_cb(struct xbps_state_cb_data *xscd, void *cbd _unused)
8484
"%s: unknown state %d\n", xscd->arg, xscd->state);
8585
break;
8686
}
87+
88+
return 0;
8789
}
8890

8991
int

bin/xbps-remove/main.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ usage(bool fail)
6262
exit(fail ? EXIT_FAILURE : EXIT_SUCCESS);
6363
}
6464

65-
static void
65+
static int
6666
state_cb_rm(struct xbps_state_cb_data *xscd, void *cbdata _unused)
6767
{
6868
bool syslog_enabled = false;
@@ -101,7 +101,7 @@ state_cb_rm(struct xbps_state_cb_data *xscd, void *cbdata _unused)
101101
case XBPS_STATE_REMOVE_FILE_OBSOLETE_FAIL:
102102
/* Ignore errors due to not empty directories */
103103
if (xscd->err == ENOTEMPTY)
104-
return;
104+
return 0;
105105

106106
xbps_error_printf("%s\n", xscd->desc);
107107
if (syslog_enabled)
@@ -112,6 +112,8 @@ state_cb_rm(struct xbps_state_cb_data *xscd, void *cbdata _unused)
112112
"%s: unknown state %d\n", xscd->arg, xscd->state);
113113
break;
114114
}
115+
116+
return 0;
115117
}
116118

117119
static int

bin/xbps-rindex/Makefile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,7 @@ TOPDIR = ../..
33

44
BIN = xbps-rindex
55
OBJS = main.o index-add.o index-clean.o remove-obsoletes.o repoflush.o
6+
OBJS += readpassphrase.o sign.o
7+
EXTRA_CFLAGS = -Wno-unused-result
68

79
include $(TOPDIR)/mk/prog.mk

0 commit comments

Comments
 (0)