Lines Matching +full:sig +full:- +full:dir

1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
4  * Copyright (c) 2012-2014 Baptiste Daroussin <bapt@FreeBSD.org>
114 		if (strcmp(name, impl->pi_name) == 0) {
115 			ops = impl->pi_ops;
123 	ctx_size = ops->pkgsign_ctx_size;
131 	nctx->impl = impl;
134 	if (ops->pkgsign_new != NULL)
135 		ret = (*ops->pkgsign_new)(name, nctx);
148     const unsigned char *key, int keylen, unsigned char *sig, int siglen)
151 	return ((*ctx->impl->pi_ops->pkgsign_verify_cert)(ctx, fd, sigfile,
152 	    key, keylen, sig, siglen));
158     unsigned char *sig, int siglen)
161 	return ((*ctx->impl->pi_ops->pkgsign_verify_data)(ctx, data, datasz,
162 	    sigfile, key, keylen, sig, siglen));
174 	ret = -1;
183 	if (lseek(fd, 0, 0) == -1) {
199 		if (strcmp(end, "/pkg-static") == 0) {
212 		warnx("failed to extract pkg-static: %s",
228 	case -1:
229 		return (-1);
232 			execl(path, "pkg-static", "add", "-f", pkgpath,
235 			execl(path, "pkg-static", "add", pkgpath,
242 	while (waitpid(pid, &pstat, 0) == -1)
244 			return (-1);
271 	if ((fd = mkstemp(path)) == -1) {
273 		return (-1);
280 		return (-1);
285 			if (strcmp(u->scheme, "file") != 0 &&
286 			    repo->mirror_type == MIRROR_SRV) {
288 				    "_%s._tcp.%s", u->scheme, u->host);
295 			strlcpy(u->host, current->host, sizeof(u->host));
296 			u->port = current->port;
301 			--retry;
305 				current = current->next;
330 	if (fd != -1) {
332 		fd = -1;
356 		if (cur->type != UCL_STRING)
380 	f->type = fct;
381 	strlcpy(f->hash, fp, sizeof(f->hash));
392 		free(fingerprint->name);
399 load_fingerprint(const char *dir, const char *filename)
408 	snprintf(path, MAXPATHLEN, "%s/%s", dir, filename);
419 	if (obj->type == UCL_OBJECT)
423 		f->name = strdup(filename);
434 	DIR *d;
453 		if (strcmp(ent->d_name, ".") == 0 ||
454 		    strcmp(ent->d_name, "..") == 0)
456 		finger = load_fingerprint(path, ent->d_name);
506 	if (bufsz <= sizeof(PKGSIGN_MARKER) - 1 ||
507 	    strncmp(buf, PKGSIGN_MARKER, sizeof(PKGSIGN_MARKER) - 1) != 0)
510 	buf += sizeof(PKGSIGN_MARKER) - 1;
515 	sigtype = strndup(buf, endp - buf);
517 	*bufszp -= *bufp - buf;
531 	if (lseek(fd, 0, 0) == -1) {
540 	pk->siglen = sigsz;
541 	pk->sig = calloc(1, pk->siglen);
542 	memcpy(pk->sig, sigb, pk->siglen);
543 	pk->sigtype = sigtype;
555 	char *sig, *cert, *type;
563 	sig = cert = type = NULL;
566 	if (lseek(fd, 0, 0) == -1) {
572 	if ((my_fd = dup(fd)) == -1) {
584 	sigfp = open_memstream(&sig, &sigsz);
619 	sc->siglen = sigsz -1; /* Trim out unrelated trailing newline */
620 	sc->sig = sig;
623 		sc->type = strdup("rsa");
626 		assert(type[typesz - 1] == '\n');
627 		type[typesz - 1] = '\0';
628 		sc->type = type;
632 	 * cert could be DER-encoded rather than PEM, so strip off any trailing
636 	    strcmp(&cert[certsz - 4], "END\n") == 0)
637 		certsz -= 4;
638 	sc->certlen = certsz;
639 	sc->cert = cert;
660 		if (r->pubkey == NULL) {
661 			warnx("No CONFIG_PUBKEY defined for %s", r->name);
664 		pubkey = r->pubkey;
677 	if (lseek(fd_pkg, 0, SEEK_SET) == -1) {
682 	if (strcmp(pk->sigtype, "rsa") == 0) {
697 	if (pkgsign_new(pk->sigtype, &sctx) != 0) {
698 		warnx("Failed to fetch '%s' signer", pk->sigtype);
703 	printf("Verifying signature with public key %s.a.. ", r->pubkey);
704 	if (pkgsign_verify_data(sctx, data, datasz, r->pubkey, NULL, 0, pk->sig,
705 	    pk->siglen) == false) {
715 		free(pk->sig);
743 		if (r->fingerprints == NULL) {
744 			warnx("No FINGERPRINTS defined for %s", r->name);
747 		fingerprints = r->fingerprints;
777 	/* Explicitly mark as non-trusted until proven otherwise. */
778 	sc->trusted = false;
781 	hash = sha256_buf(sc->cert, sc->certlen);
786 			if (strcasecmp(fingerprint->hash, hash) == 0) {
789 				    fingerprint->name);
796 		if (strcasecmp(fingerprint->hash, hash) == 0) {
797 			sc->trusted = true;
798 			sc->name = strdup(fingerprint->name);
803 	if (sc->trusted == false) {
809 	if (pkgsign_new(sc->type, &sctx) != 0) {
815 	printf("Verifying signature with trusted certificate %s... ", sc->name);
816 	if (pkgsign_verify_cert(sctx, fd_pkg, NULL, sc->cert, sc->certlen,
817 	    sc->sig, sc->siglen) == false) {
831 		free(sc->cert);
832 		free(sc->sig);
833 		free(sc->name);
851 	fd_sig = -1;
852 	ret = -1;
854 	printf("Bootstrapping pkg from %s, please wait...\n", repo->url);
859 	packagesite = repo->url;
868 	if ((fd_pkg = fetch_to_fd(repo, url, tmppkg, fetchOpts)) == -1)
871 	if (repo->signature_type == SIGNATURE_FINGERPRINT) {
872 		snprintf(tmpsig, MAXPATHLEN, "%s/%s.sig.XXXXXX",
875 		snprintf(url, MAXPATHLEN, "%s/Latest/%s.sig",
878 		if ((fd_sig = fetch_to_fd(repo, url, tmpsig, fetchOpts)) == -1) {
886 	} else if (repo->signature_type == SIGNATURE_PUBKEY) {
892 		    repo->url, bootstrap_name);
894 		if ((fd_sig = fetch_to_fd(repo, url, tmpsig, fetchOpts)) == -1) {
914 		fprintf(stderr, "A pre-built version of pkg could not be found for "
919 	if (fd_sig != -1) {
924 	if (fd_pkg != -1) {
939 "in non-interactive (stdin not being a tty)\n";
943 "Usage: pkg [-4|-6] bootstrap [-f] [-y]\n";
947 "Usage: pkg add [-f] [-y] {pkg.pkg}\n";
976 	fd_sig = -1;
977 	ret = -1;
980 	if (fd_pkg == -1)
991 			snprintf(path, sizeof(path), "%s.sig", pkgpath);
993 			if ((fd_sig = open(path, O_RDONLY)) == -1) {
1006 			if ((fd_sig = open(path, O_RDONLY)) == -1) {
1027 	if (fd_sig != -1)
1034 #define	PKG_DEVEL_NAME	PKG_NAME "-devel"
1048 	 * Chop off the final "-" (version delimiter) and check the name that
1050 	 * pkg.$archive short form but we'll check it anyways.  pkg-devel short
1052 	 * OK.  We otherwise assumed that non-pkg packages will always have a
1055 	vstart = strrchr(pkg, '-');
1057 		return (strlen(pkg) > sizeof(PKG_PKG) - 1 &&
1058 		    strncmp(pkg, PKG_PKG, sizeof(PKG_PKG) - 1) == 0);
1061 	namelen = vstart - pkg;
1062 	if (namelen == sizeof(PKG_NAME) - 1 &&
1063 	    strncmp(pkg, PKG_NAME, sizeof(PKG_NAME) - 1) == 0)
1065 	if (namelen == sizeof(PKG_DEVEL_NAME) - 1 &&
1066 	    strncmp(pkg, PKG_DEVEL_NAME, sizeof(PKG_DEVEL_NAME) - 1) == 0)
1095 		{ "only-ipv4",		no_argument,		NULL,	'4' },
1096 		{ "only-ipv6",		no_argument,		NULL,	'6' },
1103 	while ((ch = getopt_long(argc, argv, "-:dfr::yN46", longopts, NULL)) != -1) {
1131 			 * For that reason, we specify that -r has an optional
1139 			 * in order to support separating -r from the reponame
1152 					    "Must specify a repository with -r!\n");
1164 			// Non-option arguments, first one is the command
1166 				command = argv[optind-1];
1188 				 * If it's not a request for pkg or pkg-devel,
1193 				if (!pkg_is_pkg_pkg(argv[optind-1])) {
1196 					pkgarg = argv[optind-1];
1207 	if ((bootstrap_only && force) || access(pkgpath, X_OK) == -1) {
1211 		 * To allow 'pkg -N' to be used as a reliable test for whether
1225 			if (access(pkgarg, R_OK) == -1) {