Timo Teräs · Timo Teräs · Timo Teräs · d306abf8 · d306abf8 · d306abf8
Showing with 49 additions and 28 deletions

Makefile Makefile +1 -1

src/apk_database.h src/apk_database.h +1 -1

src/database.c src/database.c +21 -19

src/info.c src/info.c +2 -0

src/package.c src/package.c +24 -7

No files found.
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@
 -include config.mk

 PACKAGE := apk-tools
-VERSION := 2.1.0
+VERSION := 2.1.1

 ##
 # Default directories

--- a/src/apk_database.h
+++ b/src/apk_database.h
@@ -124,7 +124,7 @@ struct apk_database {
 	const char *cache_dir;
 	char *cache_remount_dir;
 	apk_blob_t *arch;
-	unsigned int local_repos;
+	unsigned int local_repos, bad_repos;
 	int permanent : 1;
 	int compat_newfeatures : 1;
 	int compat_notinstallable : 1;

--- a/src/database.c
+++ b/src/database.c
@@ -1120,7 +1120,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
 	struct apk_bstream *bs;
 	struct statfs stfs;
 	apk_blob_t blob;
-	int r, fd, rr = 0;
+	int r, fd;

 	memset(db, 0, sizeof(*db));
 	if (apk_flags & APK_SIMULATE) {
@@ -1272,25 +1272,23 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
 	}

 	if (!(dbopts->open_flags & APK_OPENF_NO_SYS_REPOS)) {
-		list_for_each_entry(repo, &dbopts->repository_list, list) {
-			r = apk_db_add_repository(db, APK_BLOB_STR(repo->url));
-			rr = r ?: rr;
-		}
+		list_for_each_entry(repo, &dbopts->repository_list, list)
+			apk_db_add_repository(db, APK_BLOB_STR(repo->url));
 		blob = apk_blob_from_file(
 			db->root_fd,
 			dbopts->repositories_file ?: "etc/apk/repositories");
 		if (!APK_BLOB_IS_NULL(blob)) {
-			r = apk_blob_for_each_segment(
+			apk_blob_for_each_segment(
 				blob, "\n",
 				apk_db_add_repository, db);
-			rr = r ?: rr;
 			free(blob.ptr);
 		}
 		if (apk_flags & APK_UPDATE_CACHE)
 			apk_db_index_write_nr_cache(db);
 	}
-	if (rr != 0) {
-		r = rr;
+	if (db->bad_repos && !(apk_flags & APK_FORCE)) {
+		apk_error("Aborting due to some repositories failed to load. Use --force to ignore this error.");
+		r = -EBADMSG;
 		goto ret_r;
 	}

@@ -1301,7 +1299,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
 			    "might not function properly");
 	}

-	return rr;
+	return 0;

 ret_errno:
 	r = -errno;
@@ -1570,7 +1568,7 @@ struct apk_repository *apk_db_select_repo(struct apk_database *db,
 			0xf5,0xa7,0x0a,0x7c,0x17,0x26,0x69,0xb0,0x05,0x38 },
 		.csum.type = APK_CHECKSUM_SHA1,
 	};
-	unsigned int repos = pkg->repos;
+	unsigned int repos = pkg->repos & ~(db->bad_repos);
 	int i;

 	/* Always prefer local repositories */
@@ -1666,7 +1664,8 @@ static int load_index(struct apk_database *db, struct apk_bstream *bs,
 		r = apk_tar_parse(is, load_apkindex, &ctx, FALSE, &db->id_cache);
 		is->close(is);
 		apk_sign_ctx_free(&ctx.sctx);
-		if (ctx.found == 0)
+
+		if (r >= 0 && ctx.found == 0)
 			r = -ENOMSG;
 	} else {
 		bs = apk_bstream_from_istream(apk_bstream_gunzip(bs));
@@ -1720,15 +1719,18 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t repository)
 		db->local_repos |= BIT(r);
 		bs = apk_repo_file_open(repo, db->arch, apkindex_tar_gz, buf, sizeof(buf));
 	}
-	if (bs == NULL) {
-		apk_warning("%s: index failed to open", buf);
-		return 0;
+	if (bs != NULL)
+		r = load_index(db, bs, targz, r);
+	else
+		r = -ENOENT;
+
+	if (r != 0) {
+		apk_warning("Ignoring %s: %s", buf, apk_error_str(r));
+		db->bad_repos |= BIT(r);
+		r = 0;
 	}

-	r = load_index(db, bs, targz, r);
-	if (r != 0)
-		apk_error("%s: BAD signature", buf);
-	return r;
+	return 0;
 }

 static void extract_cb(void *_ctx, size_t progress)

--- a/src/info.c
+++ b/src/info.c
@@ -368,9 +368,11 @@ static int info_parse(void *ctx, struct apk_db_options *dbopts,
 	switch (optch) {
 	case 'e':
 		ictx->action = info_exists;
+		dbopts->open_flags |= APK_OPENF_NO_REPOS;
 		break;
 	case 'W':
 		ictx->action = info_who_owns;
+		dbopts->open_flags |= APK_OPENF_NO_REPOS;
 		break;
 	case 'w':
 		ictx->subaction_mask |= APK_INFO_URL;

--- a/src/package.c
+++ b/src/package.c
@@ -416,10 +416,26 @@ void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
 	EVP_MD_CTX_cleanup(&ctx->mdctx);
 }

+static int check_signing_key_trust(struct apk_sign_ctx *sctx)
+{
+	switch (sctx->action) {
+	case APK_SIGN_VERIFY:
+	case APK_SIGN_VERIFY_AND_GENERATE:
+		if (sctx->signature.pkey == NULL) {
+			if (apk_flags & APK_ALLOW_UNTRUSTED)
+				break;
+			return -ENOKEY;
+		}
+	}
+	return 0;
+}
+
 int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
 			      const struct apk_file_info *fi,
 			      struct apk_istream *is)
 {
+	int r;
+
 	if (ctx->data_started)
 		return 1;

@@ -432,6 +448,9 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
 			return -ENOMSG;
 		ctx->data_started = 1;
 		ctx->control_started = 1;
+		r = check_signing_key_trust(ctx);
+		if (r < 0)
+			return r;
 		return 1;
 	}

@@ -458,7 +477,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
 	if (strncmp(&fi->name[6], "RSA.", 4) == 0 ||
 	    strncmp(&fi->name[6], "DSA.", 4) == 0) {
 		int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC);
-	        BIO *bio;
+		BIO *bio;

 		if (fd < 0)
 			return 0;
@@ -571,15 +590,13 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 		return 0;
 	}

+	r = check_signing_key_trust(sctx);
+	if (r < 0)
+		return r;
+
 	switch (sctx->action) {
 	case APK_SIGN_VERIFY:
 	case APK_SIGN_VERIFY_AND_GENERATE:
-		if (sctx->signature.pkey == NULL) {
-			if (apk_flags & APK_ALLOW_UNTRUSTED)
-				break;
-			return -ENOKEY;
-		}
-
 		r = EVP_VerifyFinal(&sctx->mdctx,
 			(unsigned char *) sctx->signature.data.ptr,
 			sctx->signature.data.len,