From patchwork Wed Sep 16 01:10:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Spooren X-Patchwork-Id: 1364867 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=aparcar.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=1o7+qBdw; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Brht43XCgz9sTK for ; Wed, 16 Sep 2020 11:13:00 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=7ixlIyFn1+cp95wh7+cEW6hZrZUtyy7oN+fEtSfUee8=; b=1o7+qBdwTMyyzrfOhDZcecUuuY +GFgE4IMAd0Q+xlamb7HOnwPFq+Q9Rkk9sR+juNH56U7+0LoRnkkPd5lPlbcAdIRvbHU7Mtwb3RM2 610pHXIckJ4KjkvH36SjFWMcDWOCPJYL2uE9THmE6EBwJFnbDY4GqZpeFysQSeALms65+V9ma2Tec CbJfoyZW0zg0oJAEYEwyLP1ZobUxbl86rPpMyX+AVmEPPwQo1fY1YIg9VxUebkjsybkvo/GJBvuM+ wOb2ZX882RAnBjNA0dQ4ObOIrWPJV+FdIdWVh/F8BUmbjWtF9HqqBWcNBV/z7aikZwI4w6ZaYgJ6B v0rvuEyQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kILyH-0002Xm-Jm; Wed, 16 Sep 2020 01:10:53 +0000 Received: from relay6-d.mail.gandi.net ([217.70.183.198]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kILyE-0002XH-5k for openwrt-devel@lists.openwrt.org; Wed, 16 Sep 2020 01:10:51 +0000 X-Originating-IP: 72.234.141.215 Received: from dawn.lan (udp224251uds.hawaiiantel.net [72.234.141.215]) (Authenticated sender: mail@aparcar.org) by relay6-d.mail.gandi.net (Postfix) with ESMTPA id 726A6C0004; Wed, 16 Sep 2020 01:10:44 +0000 (UTC) From: Paul Spooren To: openwrt-devel@lists.openwrt.org Subject: [PATCH] conf: add src/{,gz}/trusted option Date: Tue, 15 Sep 2020 15:10:41 -1000 Message-Id: <20200916011041.1746959-1-mail@aparcar.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200915_211050_399516_CBB4979A X-CRM114-Status: GOOD ( 18.14 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [217.70.183.198 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paul Spooren Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This options allows to individually disable signature checks for individual feeds. This option should only be used for local feeds or remote feeds downloaded via HTTPS. Within OpenWrt this option allows ImageBuilders to verify remote feeds while also taking local feeds into account which are unsigned. The two new config options are: src/trusted src/gz/trusted Signed-off-by: Paul Spooren --- ImageBuilders offer a folder called "packages/" which includes at least the packages kernel_*.ipk and libc*.ipk, additionally packages provided by the user. It is not possible to enable signature checks within the ImageBuilder and allow an unsigned local package feed at the same time. This patch is an option to set the special local packages feed to "trusted". As an alternative, the ImageBuilder could generate usign keys which sign the local package feed, however those keys would then also be considered for remote feeds which seems less secure. libopkg/opkg_cmd.c | 2 +- libopkg/opkg_conf.c | 28 ++++++++++++++++++++++++---- libopkg/pkg_hash.c | 2 +- libopkg/pkg_src.c | 3 ++- libopkg/pkg_src.h | 3 ++- libopkg/pkg_src_list.c | 4 ++-- libopkg/pkg_src_list.h | 2 +- 7 files changed, 33 insertions(+), 11 deletions(-) diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c index a329558..05c0c85 100644 --- a/libopkg/opkg_cmd.c +++ b/libopkg/opkg_cmd.c @@ -143,7 +143,7 @@ static int opkg_update_cmd(int argc, char **argv) } free(url); #if defined(HAVE_USIGN) - if (pkglist_dl_error == 0 && conf->check_signature) { + if (pkglist_dl_error == 0 && conf->check_signature && ! src->trusted) { /* download detached signitures to verify the package lists */ /* get the url for the sig file */ if (src->extra_data) /* debian style? */ diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c index 38703ee..6097588 100644 --- a/libopkg/opkg_conf.c +++ b/libopkg/opkg_conf.c @@ -295,7 +295,7 @@ opkg_conf_parse_file(const char *filename, if (!nv_pair_list_find ((nv_pair_list_t *) dist_src_list, name)) { pkg_src_list_append(dist_src_list, name, - value, extra, 0); + value, extra, 0, 0); } else { opkg_msg(ERROR, "Duplicate dist declaration (%s %s). " @@ -305,7 +305,7 @@ opkg_conf_parse_file(const char *filename, if (!nv_pair_list_find ((nv_pair_list_t *) dist_src_list, name)) { pkg_src_list_append(dist_src_list, name, - value, extra, 1); + value, extra, 1, 0); } else { opkg_msg(ERROR, "Duplicate dist declaration (%s %s). " @@ -315,7 +315,7 @@ opkg_conf_parse_file(const char *filename, if (!nv_pair_list_find ((nv_pair_list_t *) pkg_src_list, name)) { pkg_src_list_append(pkg_src_list, name, - value, extra, 0); + value, extra, 0, 0); } else { opkg_msg(ERROR, "Duplicate src declaration (%s %s). " @@ -325,7 +325,27 @@ opkg_conf_parse_file(const char *filename, if (!nv_pair_list_find ((nv_pair_list_t *) pkg_src_list, name)) { pkg_src_list_append(pkg_src_list, name, - value, extra, 1); + value, extra, 1, 0); + } else { + opkg_msg(ERROR, + "Duplicate src declaration (%s %s). " + "Skipping.\n", name, value); + } + } else if (strcmp(type, "src/trusted") == 0) { + if (!nv_pair_list_find + ((nv_pair_list_t *) pkg_src_list, name)) { + pkg_src_list_append(pkg_src_list, name, + value, extra, 0, 1); + } else { + opkg_msg(ERROR, + "Duplicate src declaration (%s %s). " + "Skipping.\n", name, value); + } + } else if (strcmp(type, "src/gz/trusted") == 0) { + if (!nv_pair_list_find + ((nv_pair_list_t *) pkg_src_list, name)) { + pkg_src_list_append(pkg_src_list, name, + value, extra, 1, 1); } else { opkg_msg(ERROR, "Duplicate src declaration (%s %s). " diff --git a/libopkg/pkg_hash.c b/libopkg/pkg_hash.c index 52c64ff..21dc914 100644 --- a/libopkg/pkg_hash.c +++ b/libopkg/pkg_hash.c @@ -84,7 +84,7 @@ int dist_hash_add_from_file(const char *lists_dir, pkg_src_t * dist) return -1; } pkg_src_list_append(&conf->pkg_src_list, subname, - dist->value, "__dummy__", 0); + dist->value, "__dummy__", 0, 0); } free(list_file); diff --git a/libopkg/pkg_src.c b/libopkg/pkg_src.c index fae3ce3..dd26469 100644 --- a/libopkg/pkg_src.c +++ b/libopkg/pkg_src.c @@ -19,11 +19,12 @@ #include "libbb/libbb.h" int pkg_src_init(pkg_src_t * src, const char *name, const char *base_url, - const char *extra_data, int gzip) + const char *extra_data, int gzip, int trusted) { src->gzip = gzip; src->name = xstrdup(name); src->value = xstrdup(base_url); + src->trusted = trusted; if (extra_data) src->extra_data = xstrdup(extra_data); else diff --git a/libopkg/pkg_src.h b/libopkg/pkg_src.h index 1320f1f..0ff2d92 100644 --- a/libopkg/pkg_src.h +++ b/libopkg/pkg_src.h @@ -25,10 +25,11 @@ typedef struct { char *value; char *extra_data; int gzip; + int trusted; } pkg_src_t; int pkg_src_init(pkg_src_t * src, const char *name, const char *base_url, - const char *extra_data, int gzip); + const char *extra_data, int gzip, int trusted); void pkg_src_deinit(pkg_src_t * src); #endif diff --git a/libopkg/pkg_src_list.c b/libopkg/pkg_src_list.c index cc24438..4ea254c 100644 --- a/libopkg/pkg_src_list.c +++ b/libopkg/pkg_src_list.c @@ -42,11 +42,11 @@ void pkg_src_list_deinit(pkg_src_list_t * list) pkg_src_t *pkg_src_list_append(pkg_src_list_t * list, const char *name, const char *base_url, - const char *extra_data, int gzip) + const char *extra_data, int gzip, int trusted) { /* freed in pkg_src_list_deinit */ pkg_src_t *pkg_src = xcalloc(1, sizeof(pkg_src_t)); - pkg_src_init(pkg_src, name, base_url, extra_data, gzip); + pkg_src_init(pkg_src, name, base_url, extra_data, gzip, trusted); void_list_append((void_list_t *) list, pkg_src); diff --git a/libopkg/pkg_src_list.h b/libopkg/pkg_src_list.h index 71a10f6..4e175e8 100644 --- a/libopkg/pkg_src_list.h +++ b/libopkg/pkg_src_list.h @@ -38,6 +38,6 @@ void pkg_src_list_deinit(pkg_src_list_t * list); pkg_src_t *pkg_src_list_append(pkg_src_list_t * list, const char *name, const char *root_dir, const char *extra_data, - int gzip); + int gzip, int trusted); #endif