Added support to check SHA256 integrity for binary pkgs.

This currently checks: - While removing, any file is checked and if hash doesn't match the file is ignored and not removed. - While installing, if a binary pkg file doesn't match with the one reported by the repository's pkg index file, the process will be stopped. --HG-- extra : convert_revision : 42bb64e89a092f0ff3e7d951e5b26e45d63a60fe
2009-02-26 05:41:49 +01:00 · 2009-02-26 05:41:49 +01:00 · 255c48b198
commit 255c48b198
parent 99ba792509
7 changed files with 144 additions and 83 deletions
--- a/lib/unpack.c
+++ b/lib/unpack.c
@ -45,6 +45,7 @@ xbps_unpack_binary_pkg(prop_dictionary_t repo, prop_dictionary_t pkg,
 		       const char *destdir, int flags)
 {
 	prop_string_t filename, repoloc, arch;
+	const char *sha256;
 	char *binfile, *path;
 	int rv = 0;

@ -53,6 +54,7 @@ xbps_unpack_binary_pkg(prop_dictionary_t repo, prop_dictionary_t pkg,
 	/* Append filename to the full path for binary pkg */
 	filename = prop_dictionary_get(pkg, "filename");
 	arch = prop_dictionary_get(pkg, "architecture");
+	prop_dictionary_get_cstring_nocopy(pkg, "filename-sha256", &sha256);
 	if (repo)
 		repoloc = prop_dictionary_get(repo, "location-local");
 	else
@ -72,6 +74,13 @@ xbps_unpack_binary_pkg(prop_dictionary_t repo, prop_dictionary_t pkg,
 	}
 	free(path);

+	if ((rv = xbps_check_file_hash(binfile, sha256)) == ERANGE) {
+		printf("ERROR: SHA256 doesn't match for %s!",
+		    prop_string_cstring_nocopy(filename));
+		free(binfile);
+		return rv;
+	}
+
 	rv = unpack_archive_init(pkg, destdir, binfile, flags);
 	free(binfile);
 	return rv;