Commit 09428323 authored by Timo Teräs's avatar Timo Teräs

index: fix output file permissions, verify signed index (ref #46)

parent 65be7ade
......@@ -169,14 +169,14 @@ static int index_main(void *ctx, int argc, char **argv)
if (ictx->method == APK_SIGN_GENERATE) {
memset(&fi, 0, sizeof(fi));
fi.name = "APKINDEX";
fi.mode = 0755 | S_IFREG;
fi.mode = 0644 | S_IFREG;
os = apk_ostream_counter(&fi.size);
apk_db_index_write(&db, os);
os->close(os);
}
if (ictx->output != NULL)
os = apk_ostream_to_file(ictx->output, 0755);
os = apk_ostream_to_file(ictx->output, 0644);
else
os = apk_ostream_to_fd(STDOUT_FILENO);
if (ictx->method == APK_SIGN_GENERATE) {
......
......@@ -391,13 +391,24 @@ int apk_sign_ctx_mpart_cb(void *ctx, EVP_MD_CTX *mdctx, int part)
break;
case APK_MPART_END:
if (sctx->action == APK_SIGN_VERIFY) {
/* Check that data checksum matches */
EVP_DigestFinal_ex(mdctx, calculated, NULL);
if (sctx->has_data_checksum &&
EVP_MD_CTX_size(mdctx) != 0 &&
memcmp(calculated, sctx->data_checksum,
EVP_MD_CTX_size(mdctx)) == 0)
sctx->data_verified = 1;
if (sctx->has_data_checksum) {
/* Check that data checksum matches */
EVP_DigestFinal_ex(mdctx, calculated, NULL);
if (EVP_MD_CTX_size(mdctx) != 0 &&
memcmp(calculated, sctx->data_checksum,
EVP_MD_CTX_size(mdctx)) == 0)
sctx->data_verified = 1;
} else if (sctx->signature.pkey != NULL) {
/* Assume that the data is fully signed */
r = EVP_VerifyFinal(mdctx,
(unsigned char *) sctx->signature.data.ptr,
sctx->signature.data.len,
sctx->signature.pkey);
if (r == 1) {
sctx->control_verified = 1;
sctx->data_verified = 1;
}
}
} else if (!sctx->has_data_checksum) {
/* Package identity is checksum of all data */
sctx->identity.type = EVP_MD_CTX_size(mdctx);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment