diff options
author | joerg <joerg> | 2008-12-30 15:55:57 +0000 |
---|---|---|
committer | joerg <joerg> | 2008-12-30 15:55:57 +0000 |
commit | 8cc7fcaedff26298d9bb9834c61e5c40cbbe9ae8 (patch) | |
tree | bec2a333dd0b2e66ea6e1ffa1da99751dbb7ca0f /pkgtools/pkg_install/files/lib/vulnerabilities-file.c | |
parent | 87226b8ed347ff9718e32fd717a8121289caaea7 (diff) | |
download | pkgsrc-8cc7fcaedff26298d9bb9834c61e5c40cbbe9ae8.tar.gz |
pkg_install-20081230:
Add initial support for secure GPG signatures.
Diffstat (limited to 'pkgtools/pkg_install/files/lib/vulnerabilities-file.c')
-rw-r--r-- | pkgtools/pkg_install/files/lib/vulnerabilities-file.c | 40 |
1 files changed, 3 insertions, 37 deletions
diff --git a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c index 4ec5f3279b9..ec5b797a130 100644 --- a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c +++ b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c @@ -1,4 +1,4 @@ -/* $NetBSD: vulnerabilities-file.c,v 1.3.4.7 2008/08/05 22:32:12 joerg Exp $ */ +/* $NetBSD: vulnerabilities-file.c,v 1.3.4.8 2008/12/30 15:55:57 joerg Exp $ */ /*- * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. @@ -38,7 +38,7 @@ #if HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: vulnerabilities-file.c,v 1.3.4.7 2008/08/05 22:32:12 joerg Exp $"); +__RCSID("$NetBSD: vulnerabilities-file.c,v 1.3.4.8 2008/12/30 15:55:57 joerg Exp $"); #if HAVE_SYS_STAT_H #include <sys/stat.h> @@ -72,40 +72,6 @@ static const char pkcs7_begin[] = "-----BEGIN PKCS7-----\n"; static const char pkcs7_end[] = "-----END PKCS7-----\n"; static void -verify_signature_gpg(const char *input, size_t input_len) -{ - pid_t child; - int fd[2], status; - - if (pipe(fd) == -1) - err(EXIT_FAILURE, "cannot create input pipes"); - - child = vfork(); - if (child == -1) - err(EXIT_FAILURE, "cannot fork GPG process"); - if (child == 0) { - close(fd[1]); - close(STDIN_FILENO); - if (dup2(fd[0], STDIN_FILENO) == -1) { - static const char err_msg[] = - "cannot redirect stdin of GPG process\n"; - write(STDERR_FILENO, err_msg, sizeof(err_msg) - 1); - _exit(255); - } - close(fd[0]); - execlp(gpg_cmd, gpg_cmd, "--verify", "-", (char *)NULL); - _exit(255); - } - close(fd[0]); - if (write(fd[1], input, input_len) != input_len) - errx(EXIT_FAILURE, "Short read from GPG"); - close(fd[1]); - waitpid(child, &status, 0); - if (status) - errx(EXIT_FAILURE, "GPG could not verify the signature"); -} - -static void verify_signature_pkcs7(const char *input) { #ifdef HAVE_SSL @@ -143,7 +109,7 @@ verify_signature(const char *input, size_t input_len) "At least GPG or CERTIFICATE_ANCHOR_PKGVULN " "must be configured"); if (gpg_cmd != NULL) - verify_signature_gpg(input, input_len); + inline_gpg_verify(input, input_len); if (certs_pkg_vulnerabilities != NULL) verify_signature_pkcs7(input); } |