int conffile_has_been_modified(ipkg_conf_t *conf, conffile_t *conffile) { char *md5sum; char *filename = conffile->name; char *root_filename; int ret; if (conffile->value == NULL) { ipkg_message(conf, IPKG_NOTICE, "%s: conffile %s has no md5sum\n", __FUNCTION__, conffile->name); return 1; } root_filename = root_filename_alloc(conf, filename); md5sum = file_md5sum_alloc(root_filename); ret = strcmp(md5sum, conffile->value); if (ret) { ipkg_message(conf, IPKG_NOTICE, "%s: conffile %s: \t\nold md5=%s \t\nnew md5=%s\n", __FUNCTION__, conffile->name, md5sum, conffile->value); } free(root_filename); free(md5sum); return ret; }
int conffile_has_been_modified(conffile_t * conffile) { char *md5sum; char *filename = conffile->name; char *root_filename; int ret = 1; if (conffile->value == NULL) { opkg_msg(NOTICE, "Conffile %s has no md5sum.\n", conffile->name); return 1; } root_filename = root_filename_alloc(filename); md5sum = file_md5sum_alloc(root_filename); if (md5sum && (ret = strcmp(md5sum, conffile->value))) { opkg_msg(INFO, "Conffile %s:\n\told md5=%s\n\tnew md5=%s\n", conffile->name, md5sum, conffile->value); } free(root_filename); if (md5sum) free(md5sum); return ret; }
int opkg_verify_file (char *text_file, char *sig_file) { #if defined HAVE_GPGME if (conf->check_signature == 0 ) return 0; int status = -1; gpgme_ctx_t ctx; gpgme_data_t sig, text, key; gpgme_error_t err; gpgme_verify_result_t result; gpgme_signature_t s; char *trusted_path = NULL; gpgme_check_version (NULL); err = gpgme_new (&ctx); if (err) return -1; trusted_path = root_filename_alloc("/etc/opkg/trusted.gpg"); err = gpgme_data_new_from_file (&key, trusted_path, 1); free (trusted_path); if (err) { return -1; } err = gpgme_op_import (ctx, key); if (err) { gpgme_data_release (key); return -1; } gpgme_data_release (key); err = gpgme_data_new_from_file (&sig, sig_file, 1); if (err) { gpgme_release (ctx); return -1; } err = gpgme_data_new_from_file (&text, text_file, 1); if (err) { gpgme_data_release (sig); gpgme_release (ctx); return -1; } err = gpgme_op_verify (ctx, sig, text, NULL); result = gpgme_op_verify_result (ctx); if (!result) return -1; /* see if any of the signitures matched */ s = result->signatures; while (s) { status = gpg_err_code (s->status); if (status == GPG_ERR_NO_ERROR) break; s = s->next; } gpgme_data_release (sig); gpgme_data_release (text); gpgme_release (ctx); return status; #elif defined HAVE_OPENSSL X509_STORE *store = NULL; PKCS7 *p7 = NULL; BIO *in = NULL, *indata = NULL; // Sig check failed by default ! int status = -1; openssl_init(); // Set-up the key store if(!(store = setup_verify(conf->signature_ca_file, conf->signature_ca_path))){ opkg_msg(ERROR, "Can't open CA certificates.\n"); goto verify_file_end; } // Open a BIO to read the sig file if (!(in = BIO_new_file(sig_file, "rb"))){ opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file); goto verify_file_end; } // Read the PKCS7 block contained in the sig file p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); if(!p7){ opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n", sig_file); goto verify_file_end; } #if defined(HAVE_PATHFINDER) if(conf->check_x509_path){ if(!pkcs7_pathfinder_verify_signers(p7)){ opkg_msg(ERROR, "pkcs7_pathfinder_verify_signers: " "Path verification failed.\n"); goto verify_file_end; } } #endif // Open the Package file to authenticate if (!(indata = BIO_new_file(text_file, "rb"))){ opkg_msg(ERROR, "Can't open file %s.\n", text_file); goto verify_file_end; } // Let's verify the autenticity ! if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1){ // Get Off My Lawn! opkg_msg(ERROR, "Verification failure.\n"); }else{ // Victory ! status = 0; } verify_file_end: BIO_free(in); BIO_free(indata); PKCS7_free(p7); X509_STORE_free(store); return status; #else /* mute `unused variable' warnings. */ (void) sig_file; (void) text_file; (void) conf; return 0; #endif }
int opkg_verify_gpg_signature(const char *file, const char *sigfile) { int status = -1; int ret = -1; gpgme_ctx_t ctx; int have_ctx = 0; gpgme_data_t sig, text, key; int have_sig = 0, have_text = 0, have_key = 0; gpgme_error_t err; gpgme_verify_result_t result; gpgme_signature_t s; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; char *trusted_path = NULL; if (opkg_config->check_signature == 0) return 0; gpgme_check_version(NULL); err = gpgme_new(&ctx); if (err) { opkg_msg(ERROR, "Unable to create gpgme context: %s\n", gpg_strerror(err)); goto out_err; } have_ctx = 1; err = gpgme_set_protocol(ctx, protocol); if (err) { opkg_msg(ERROR, "Unable to set gpgme protocol to OpenPGP: %s\n", gpg_strerror(err)); goto out_err; } trusted_path = root_filename_alloc("/etc/opkg/trusted.gpg"); if (!trusted_path) { opkg_msg(ERROR, "Out of memory!\n"); goto out_err; } err = gpgme_data_new_from_file(&key, trusted_path, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", trusted_path, gpg_strerror(err)); goto out_err; } have_key = 1; err = gpgme_op_import(ctx, key); if (err) { opkg_msg(ERROR, "Unable to import key from file %s: %s\n", trusted_path, gpg_strerror(err)); goto out_err; } err = gpgme_data_new_from_file(&sig, sigfile, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", sigfile, gpg_strerror(err)); goto out_err; } have_sig = 1; err = gpgme_data_new_from_file(&text, file, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", file, gpg_strerror(err)); goto out_err; } have_text = 1; err = gpgme_op_verify(ctx, sig, text, NULL); if (err) { opkg_msg(ERROR, "Unable to verify signature: %s\n", gpg_strerror(err)); goto out_err; } result = gpgme_op_verify_result(ctx); if (!result) { opkg_msg(ERROR, "Unable to get verification data: %s\n", gpg_strerror(err)); goto out_err; } /* see if any of the signitures matched */ s = result->signatures; while (s) { status = gpg_err_code(s->status); if (status == GPG_ERR_NO_ERROR) { ret = 0; break; } s = s->next; } out_err: if (have_sig) gpgme_data_release(sig); if (have_text) gpgme_data_release(text); if (have_key) gpgme_data_release(key); if (trusted_path) free(trusted_path); if (have_ctx) gpgme_release(ctx); return ret; }