From 4318ab1de6881f00ccb3a04c755893dee5f068ed Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Mon, 24 Aug 2020 17:07:40 +0200 Subject: [PATCH] opkg: allow to configure the path to the signature verification script Currently, package index signatures are only checked when opkg runs on the OpenWrt device. The verification script is hard-coded to a path in /usr/sbin/. Making this path configurable is a first step to implement signature verification in host builds of opkg (e.g. in the imagebuilder). Signed-off-by: Baptiste Jonglez Acked-by: Paul Spooren --- libopkg/opkg_conf.c | 4 ++++ libopkg/opkg_conf.h | 3 +++ libopkg/opkg_download.c | 2 +- src/opkg-cl.c | 8 ++++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c index 08855eb..38703ee 100644 --- a/libopkg/opkg_conf.c +++ b/libopkg/opkg_conf.c @@ -72,6 +72,7 @@ opkg_option_t options[] = { {"size", OPKG_OPT_TYPE_BOOL, &_conf.size}, {"tmp_dir", OPKG_OPT_TYPE_STRING, &_conf.tmp_dir}, {"verbosity", OPKG_OPT_TYPE_INT, &_conf.verbosity}, + {"verify_program", OPKG_OPT_TYPE_STRING, &_conf.verify_program}, {NULL, 0, NULL} }; @@ -572,6 +573,9 @@ int opkg_conf_load(void) if (conf->lists_dir == NULL) conf->lists_dir = xstrdup(OPKG_CONF_LISTS_DIR); + if (conf->verify_program == NULL) + conf->verify_program = xstrdup(OPKG_CONF_DEFAULT_VERIFY_PROGRAM); + if (conf->offline_root) { sprintf_alloc(&tmp, "%s/%s", conf->offline_root, conf->lists_dir); diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h index 37f95a1..91190b3 100644 --- a/libopkg/opkg_conf.h +++ b/libopkg/opkg_conf.h @@ -35,6 +35,8 @@ extern opkg_conf_t *conf; #define OPKG_CONF_DEFAULT_CONF_FILE_DIR OPKGETCDIR"/opkg" +#define OPKG_CONF_DEFAULT_VERIFY_PROGRAM "/usr/sbin/opkg-key" + /* In case the config file defines no dest */ #define OPKG_CONF_DEFAULT_DEST_NAME "root" #define OPKG_CONF_DEFAULT_DEST_ROOT_DIR "/" @@ -85,6 +87,7 @@ struct opkg_conf { char *overlay_root; int query_all; int verbosity; + char *verify_program; int noaction; int size; int download_only; diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index e970506..7bbf34b 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -298,7 +298,7 @@ int opkg_prepare_url_for_install(const char *url, char **namep) int opkg_verify_file(char *text_file, char *sig_file) { #if defined HAVE_USIGN - const char *argv[] = { "/usr/sbin/opkg-key", "verify", sig_file, + const char *argv[] = { conf->verify_program, "verify", sig_file, text_file, NULL }; return xsystem(argv) ? -1 : 0; diff --git a/src/opkg-cl.c b/src/opkg-cl.c index 40a7502..01c6e94 100644 --- a/src/opkg-cl.c +++ b/src/opkg-cl.c @@ -53,6 +53,7 @@ enum { ARGS_OPT_CACHE, ARGS_OPT_FORCE_SIGNATURE, ARGS_OPT_NO_CHECK_CERTIFICATE, + ARGS_OPT_VERIFY_PROGRAM, ARGS_OPT_SIZE, }; @@ -109,6 +110,8 @@ static struct option long_options[] = { {"lists-dir", 1, 0, 'l'}, {"lists_dir", 1, 0, 'l'}, {"verbosity", 2, 0, 'V'}, + {"verify-program", 1, 0, ARGS_OPT_VERIFY_PROGRAM}, + {"verify_program", 1, 0, ARGS_OPT_VERIFY_PROGRAM}, {"version", 0, 0, 'v'}, {0, 0, 0, 0} }; @@ -232,6 +235,9 @@ static int args_parse(int argc, char *argv[]) case ARGS_OPT_NO_CHECK_CERTIFICATE: conf->no_check_certificate = 1; break; + case ARGS_OPT_VERIFY_PROGRAM: + conf->verify_program = xstrdup(optarg); + break; case ':': parse_err = -1; break; @@ -322,6 +328,8 @@ static void usage() printf(" directory name in a pinch).\n"); printf("\t-o Use as the root directory for\n"); printf("\t--offline-root offline installation of packages.\n"); + printf + ("\t--verify-program Use the given program to verify usign signatures\n"); printf ("\t--add-arch : Register architecture with given priority\n"); printf -- 2.30.2