Commit bc93eaff authored by Timo Teräs's avatar Timo Teräs

db, pkg: fix package verification during installation

some hooks to package verification code were missing causing the
verification to not be done (causing pre-script to be not run).
fixes #124, #126.
parent a120a96d
......@@ -1431,6 +1431,9 @@ static int apk_db_install_archive_entry(void *_ctx,
const char *p;
int r = 0, type = APK_SCRIPT_INVALID;
if (apk_sign_ctx_process_file(&ctx->sctx, ae, is) == 0)
return 0;
/* Package metainfo and script processing */
if (ae->name[0] == '.') {
/* APK 2.0 format */
......
......@@ -346,15 +346,16 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action,
}
EVP_MD_CTX_init(&ctx->mdctx);
EVP_DigestInit_ex(&ctx->mdctx, ctx->md, NULL);
EVP_MD_CTX_set_flags(&ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
}
void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
{
if (ctx->signature.data.ptr != NULL)
free(ctx->signature.data.ptr);
if (ctx->signature.pkey != NULL)
EVP_PKEY_free(ctx->signature.pkey);
EVP_MD_CTX_cleanup(&ctx->mdctx);
}
int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
......@@ -468,15 +469,19 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
goto update_digest;
/* Still in signature blocks? */
if (!sctx->control_started)
if (!sctx->control_started) {
if (part == APK_MPART_END)
return -EKEYREJECTED;
goto reset_digest;
}
/* Grab state and mark all remaining block as data */
end_of_control = (sctx->data_started == 0);
sctx->data_started = 1;
/* End of control-block and control does not have data checksum? */
if (sctx->has_data_checksum == 0 && end_of_control)
if (sctx->has_data_checksum == 0 && end_of_control &&
part != APK_MPART_END)
goto update_digest;
/* Drool in the remaining of the digest block now, we will finish
......@@ -542,7 +547,6 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
}
reset_digest:
EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
EVP_MD_CTX_set_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment