Commit 5375efac authored by Timo Teräs's avatar Timo Teräs
Browse files

apk: allow-untrusted option

to not make hard error of untrusted or missing signatures
parent 23582a0e
......@@ -43,6 +43,8 @@ static struct apk_option generic_options[] = {
{ 0x101, "progress", "Show a progress bar" },
{ 0x102, "clean-protected", "Do not create .apk-new files to "
"configuration dirs" },
{ 0x103, "allow-untrusted", "Blindly install packages with untrusted "
"signatures or no signature at all" },
{ 0x104, "simulate", "Show what would be done without actually "
"doing it" },
{ 0x105, "wait", "Wait for TIME seconds to get an exclusive "
......@@ -351,6 +353,9 @@ int main(int argc, char **argv)
case 0x102:
apk_flags |= APK_CLEAN_PROTECTED;
break;
case 0x103:
apk_flags |= APK_ALLOW_UNTRUSTED;
break;
case 0x104:
apk_flags |= APK_SIMULATE;
break;
......
......@@ -59,6 +59,7 @@ extern unsigned int apk_flags;
#define APK_RECURSIVE 0x0020
#define APK_PREFER_AVAILABLE 0x0040
#define APK_UPDATE_CACHE 0x0080
#define APK_ALLOW_UNTRUSTED 0x0100
#define apk_error(args...) do { apk_log("ERROR: ", args); } while (0)
#define apk_warning(args...) do { if (apk_verbosity > 0) { apk_log("WARNING: ", args); } } while (0)
......
......@@ -453,16 +453,20 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
return 0;
/* Verify the signature if we have public key */
if (sctx->action == APK_SIGN_VERIFY &&
sctx->signature.pkey != NULL) {
r = EVP_VerifyFinal(&sctx->mdctx,
(unsigned char *) sctx->signature.data.ptr,
sctx->signature.data.len,
sctx->signature.pkey);
if (r != 1)
return -EKEYREJECTED;
if (sctx->action == APK_SIGN_VERIFY) {
if (sctx->signature.pkey == NULL) {
if (!(apk_flags & APK_ALLOW_UNTRUSTED))
return -ENOKEY;
} else {
r = EVP_VerifyFinal(&sctx->mdctx,
(unsigned char *) sctx->signature.data.ptr,
sctx->signature.data.len,
sctx->signature.pkey);
if (r != 1)
return -EKEYREJECTED;
sctx->control_verified = 1;
sctx->control_verified = 1;
}
EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
return 0;
} else if (sctx->action == APK_SIGN_GENERATE) {
......@@ -492,7 +496,8 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
EVP_MD_CTX_size(&sctx->mdctx)) != 0)
return -EKEYREJECTED;
sctx->data_verified = 1;
if (!sctx->control_verified)
if (!(apk_flags & APK_ALLOW_UNTRUSTED) &&
!sctx->control_verified)
return -ENOKEY;
} else if (sctx->action == APK_SIGN_VERIFY) {
if (sctx->signature.pkey == NULL)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment