@@ -1371,6 +1371,11 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade)
pkg_md5 = pkg_get_md5(pkg);
if (pkg_md5) {
file_md5 = file_md5sum_alloc(local_filename);
+ if (!file_md5 && !conf->force_checksum) {
+ opkg_msg(ERROR, "Failed to compute md5sum of package %s.\n",
+ pkg->name);
+ return -1;
+ }
if (file_md5 && strcmp(file_md5, pkg_md5)) {
if (!conf->force_checksum) {
opkg_msg(ERROR, "Package %s md5sum mismatch. "
@@ -1392,6 +1397,11 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade)
pkg_sha256 = pkg_get_sha256(pkg);
if (pkg_sha256) {
file_sha256 = file_sha256sum_alloc(local_filename);
+ if (!file_sha256 && !conf->force_checksum) {
+ opkg_msg(ERROR, "Failed to compute sha256sum of package %s.\n",
+ pkg->name);
+ return -1;
+ }
if (file_sha256 && strcmp(file_sha256, pkg_sha256)) {
if (!conf->force_checksum) {
opkg_msg(ERROR,
@@ -1410,6 +1420,16 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade)
free(file_sha256);
}
+ /* Check that at least one type of checksum was found. There are
+ * two acceptable exceptions:
+ * 1) the package is explicitly installed from a local file;
+ * 2) the --force-checksum option is used to disable checksum verification. */
+ if (!pkg_md5 && !pkg_sha256 && !pkg->provided_by_hand && !conf->force_checksum) {
+ opkg_msg(ERROR, "Failed to obtain checksum of package %s from package index.\n",
+ pkg->name);
+ return -1;
+ }
+
/* Check file size */
err = lstat(local_filename, &pkg_stat);