From 293b1cef8b5a6de64d3fec87c01729b64006713a Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Tue, 25 Aug 2020 01:00:29 +0200 Subject: [PATCH] libopkg: factor out checksum and size verification This is a sizeable chunk of code that be can pretty well isolated in its own function. This refactoring will be necessary for an upcoming feature in which opkg_download_pkg() will need to verify the checksum of packages in the cache. This is the reason why the new function is located in `opkg_download.c`. Signed-off-by: Baptiste Jonglez --- libopkg/opkg_download.c | 78 +++++++++++++++++++++++++++++++++++++++++ libopkg/opkg_download.h | 1 + libopkg/opkg_install.c | 71 ++----------------------------------- 3 files changed, 81 insertions(+), 69 deletions(-) diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index d5bc92c..373f231 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -35,6 +35,84 @@ static int str_starts_with(const char *str, const char *prefix) return (strncmp(str, prefix, strlen(prefix)) == 0); } +int opkg_verify_integrity(pkg_t *pkg, const char *filename) +{ + int err = 0; + char *file_md5, *pkg_md5; + char *file_sha256, *pkg_sha256; + struct stat pkg_stat; + long long int pkg_expected_size; + + /* Check file size */ + err = lstat(filename, &pkg_stat); + + if (err) { + opkg_msg(ERROR, "Failed to stat %s: %s\n", + filename, strerror(errno)); + return err; + } + + pkg_expected_size = pkg_get_int(pkg, PKG_SIZE); + + if (pkg_expected_size > 0 && pkg_stat.st_size != pkg_expected_size) { + if (!conf->force_checksum) { + opkg_msg(ERROR, + "Package size mismatch: %s is %lld bytes, expecting %lld bytes\n", + pkg->name, (long long int)pkg_stat.st_size, pkg_expected_size); + return -1; + } else { + opkg_msg(NOTICE, + "Ignored %s size mismatch.\n", + pkg->name); + } + } + + /* Check for md5 values */ + pkg_md5 = pkg_get_md5(pkg); + if (pkg_md5) { + file_md5 = file_md5sum_alloc(filename); + if (file_md5 && strcmp(file_md5, pkg_md5)) { + if (!conf->force_checksum) { + opkg_msg(ERROR, "Package %s md5sum mismatch. " + "Either the opkg or the package index are corrupt. " + "Try 'opkg update'.\n", pkg->name); + free(file_md5); + return -1; + } else { + opkg_msg(NOTICE, + "Ignored %s md5sum mismatch.\n", + pkg->name); + } + } + if (file_md5) + free(file_md5); + } + + /* Check for sha256 value */ + pkg_sha256 = pkg_get_sha256(pkg); + if (pkg_sha256) { + file_sha256 = file_sha256sum_alloc(filename); + if (file_sha256 && strcmp(file_sha256, pkg_sha256)) { + if (!conf->force_checksum) { + opkg_msg(ERROR, + "Package %s sha256sum mismatch. " + "Either the opkg or the package index are corrupt. " + "Try 'opkg update'.\n", pkg->name); + free(file_sha256); + return -1; + } else { + opkg_msg(NOTICE, + "Ignored %s sha256sum mismatch.\n", + pkg->name); + } + } + if (file_sha256) + free(file_sha256); + } + + return err; +} + int opkg_download(const char *src, const char *dest_file_name, const short hide_error) diff --git a/libopkg/opkg_download.h b/libopkg/opkg_download.h index fd260bc..863bcf2 100644 --- a/libopkg/opkg_download.h +++ b/libopkg/opkg_download.h @@ -20,6 +20,7 @@ #include "pkg.h" +int opkg_verify_integrity(pkg_t *pkg, const char *filename); int opkg_download(const char *src, const char *dest_file_name, const short hide_error); int opkg_download_pkg(pkg_t * pkg, const char *dir); diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c index 62db965..c6dda48 100644 --- a/libopkg/opkg_install.c +++ b/libopkg/opkg_install.c @@ -1250,12 +1250,8 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade) pkg_vec_t *replacees; abstract_pkg_t *ab_pkg = NULL; int old_state_flag; - char *file_md5, *pkg_md5; - char *file_sha256, *pkg_sha256; sigset_t newset, oldset; const char *local_filename; - long long int pkg_expected_size; - struct stat pkg_stat; time_t now; if (from_upgrade) @@ -1367,72 +1363,9 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade) } #endif - /* Check file size */ - err = lstat(local_filename, &pkg_stat); - - if (err) { - opkg_msg(ERROR, "Failed to stat %s: %s\n", - local_filename, strerror(errno)); + err = opkg_verify_integrity(pkg, local_filename); + if (err) return -1; - } - - pkg_expected_size = pkg_get_int(pkg, PKG_SIZE); - - if (pkg_expected_size > 0 && pkg_stat.st_size != pkg_expected_size) { - if (!conf->force_checksum) { - opkg_msg(ERROR, - "Package size mismatch: %s is %lld bytes, expecting %lld bytes\n", - pkg->name, (long long int)pkg_stat.st_size, pkg_expected_size); - return -1; - } else { - opkg_msg(NOTICE, - "Ignored %s size mismatch.\n", - pkg->name); - } - } - - /* Check for md5 values */ - pkg_md5 = pkg_get_md5(pkg); - if (pkg_md5) { - file_md5 = file_md5sum_alloc(local_filename); - if (file_md5 && strcmp(file_md5, pkg_md5)) { - if (!conf->force_checksum) { - opkg_msg(ERROR, "Package %s md5sum mismatch. " - "Either the opkg or the package index are corrupt. " - "Try 'opkg update'.\n", pkg->name); - free(file_md5); - return -1; - } else { - opkg_msg(NOTICE, - "Ignored %s md5sum mismatch.\n", - pkg->name); - } - } - if (file_md5) - free(file_md5); - } - - /* Check for sha256 value */ - pkg_sha256 = pkg_get_sha256(pkg); - if (pkg_sha256) { - file_sha256 = file_sha256sum_alloc(local_filename); - if (file_sha256 && strcmp(file_sha256, pkg_sha256)) { - if (!conf->force_checksum) { - opkg_msg(ERROR, - "Package %s sha256sum mismatch. " - "Either the opkg or the package index are corrupt. " - "Try 'opkg update'.\n", pkg->name); - free(file_sha256); - return -1; - } else { - opkg_msg(NOTICE, - "Ignored %s sha256sum mismatch.\n", - pkg->name); - } - } - if (file_sha256) - free(file_sha256); - } if (conf->download_only) { if (conf->nodeps == 0) { -- 2.30.2