diff options
| author | Timo Teras <timo.teras@iki.fi> | 2009-07-17 14:29:02 +0300 |
|---|---|---|
| committer | Timo Teras <timo.teras@iki.fi> | 2009-07-17 14:29:02 +0300 |
| commit | 0942832325f8e81d9e3cc7019cf1b1016d226533 (patch) | |
| tree | 5074340668dcd9b184afa3f773e3b09de9139c49 | |
| parent | 65be7ade1d092a309d27056d6d55585bda54e8bd (diff) | |
| download | apk-tools-0942832325f8e81d9e3cc7019cf1b1016d226533.tar.bz2 apk-tools-0942832325f8e81d9e3cc7019cf1b1016d226533.tar.xz | |
index: fix output file permissions, verify signed index (ref #46)
| -rw-r--r-- | src/index.c | 4 | ||||
| -rw-r--r-- | src/package.c | 25 |
2 files changed, 20 insertions, 9 deletions
diff --git a/src/index.c b/src/index.c index 12f21fe..c3124d8 100644 --- a/src/index.c +++ b/src/index.c @@ -169,14 +169,14 @@ static int index_main(void *ctx, int argc, char **argv) if (ictx->method == APK_SIGN_GENERATE) { memset(&fi, 0, sizeof(fi)); fi.name = "APKINDEX"; - fi.mode = 0755 | S_IFREG; + fi.mode = 0644 | S_IFREG; os = apk_ostream_counter(&fi.size); apk_db_index_write(&db, os); os->close(os); } if (ictx->output != NULL) - os = apk_ostream_to_file(ictx->output, 0755); + os = apk_ostream_to_file(ictx->output, 0644); else os = apk_ostream_to_fd(STDOUT_FILENO); if (ictx->method == APK_SIGN_GENERATE) { diff --git a/src/package.c b/src/package.c index ea67c69..632e93e 100644 --- a/src/package.c +++ b/src/package.c @@ -391,13 +391,24 @@ int apk_sign_ctx_mpart_cb(void *ctx, EVP_MD_CTX *mdctx, int part) break; case APK_MPART_END: if (sctx->action == APK_SIGN_VERIFY) { - /* Check that data checksum matches */ - EVP_DigestFinal_ex(mdctx, calculated, NULL); - if (sctx->has_data_checksum && - EVP_MD_CTX_size(mdctx) != 0 && - memcmp(calculated, sctx->data_checksum, - EVP_MD_CTX_size(mdctx)) == 0) - sctx->data_verified = 1; + if (sctx->has_data_checksum) { + /* Check that data checksum matches */ + EVP_DigestFinal_ex(mdctx, calculated, NULL); + if (EVP_MD_CTX_size(mdctx) != 0 && + memcmp(calculated, sctx->data_checksum, + EVP_MD_CTX_size(mdctx)) == 0) + sctx->data_verified = 1; + } else if (sctx->signature.pkey != NULL) { + /* Assume that the data is fully signed */ + r = EVP_VerifyFinal(mdctx, + (unsigned char *) sctx->signature.data.ptr, + sctx->signature.data.len, + sctx->signature.pkey); + if (r == 1) { + sctx->control_verified = 1; + sctx->data_verified = 1; + } + } } else if (!sctx->has_data_checksum) { /* Package identity is checksum of all data */ sctx->identity.type = EVP_MD_CTX_size(mdctx); |