From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 11 Jul 2021 15:03:17 +0000 (+0000)
Subject: archive: Implement creating a signature
X-Git-Tag: 0.9.28~1052
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6a5c6eefa16a27a97f2ebb63ff0f21c2a30df26;p=pakfire.git

archive: Implement creating a signature

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/_pakfire/archive.c b/src/_pakfire/archive.c
index 3e3d25e4f..979b5226c 100644
--- a/src/_pakfire/archive.c
+++ b/src/_pakfire/archive.c
@@ -27,6 +27,7 @@
 
 #include "archive.h"
 #include "errors.h"
+#include "key.h"
 #include "package.h"
 
 PyObject* new_archive(PyTypeObject* type, struct pakfire_archive* archive) {
@@ -126,6 +127,22 @@ static PyObject* Archive_verify(ArchiveObject* self) {
 	return NULL;
 }
 
+static PyObject* Archive_sign(ArchiveObject* self, PyObject* args) {
+	KeyObject* key = NULL;
+
+	if (!PyArg_ParseTuple(args, "O!", &KeyType, &key))
+		return NULL;
+
+	// Create signature
+	int r = pakfire_archive_sign(self->archive, key->key);
+	if (r) {
+		PyErr_SetFromErrno(PyExc_OSError);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
 static PyObject* Archive_extract(ArchiveObject* self, PyObject* args) {
 	const char* prefix = NULL;
 
@@ -206,6 +223,12 @@ static struct PyMethodDef Archive_methods[] = {
 		METH_VARARGS,
 		NULL
 	},
+	{
+		"sign",
+		(PyCFunction)Archive_sign,
+		METH_VARARGS,
+		NULL
+	},
 	{
 		"verify",
 		(PyCFunction)Archive_verify,
diff --git a/src/libpakfire/archive.c b/src/libpakfire/archive.c
index f58e197cf..1aaad99ad 100644
--- a/src/libpakfire/archive.c
+++ b/src/libpakfire/archive.c
@@ -1175,6 +1175,21 @@ ERROR:
 	return status;
 }
 
+static int pakfire_archive_load_checksums_mtree(struct pakfire_archive* archive) {
+	return 0;
+}
+
+static int pakfire_archive_load_checksums_legacy(struct pakfire_archive* archive) {
+	return 0;
+}
+
+static int pakfire_archive_load_checksums(struct pakfire_archive* archive) {
+	if (archive->format >= 6)
+		return pakfire_archive_load_checksums_mtree(archive);
+	else
+		return pakfire_archive_load_checksums_legacy(archive);
+}
+
 /*
 	This function is called to examine whether we have a signature and if so verify it
 */
@@ -1398,6 +1413,46 @@ PAKFIRE_EXPORT const char* pakfire_archive_verify_strerror(pakfire_archive_verif
 	return _("Unknown error");
 }
 
+static int pakfire_archive_create_signature(struct pakfire_archive* archive,
+		struct pakfire_key* key, char** signature, size_t signature_length) {
+	char* buffer = NULL;
+	size_t length = 0;
+
+	// Read chksums
+	int r = open_archive_and_read(archive, "chksums", &buffer, &length);
+	if (r)
+		goto ERROR;
+
+	// Use the key to sign the buffer
+	r = pakfire_key_sign(key, buffer, length, signature, signature_length);
+	if (r)
+		goto ERROR;
+
+ERROR:
+	if (buffer)
+		free(buffer);
+
+	return r;
+}
+
+PAKFIRE_EXPORT int pakfire_archive_sign(struct pakfire_archive* archive, struct pakfire_key* key) {
+	int r;
+
+	// XXX check if all checksums match
+
+	char* signature = NULL;
+	size_t signature_length = 0;
+
+	// Create the signature
+	r = pakfire_archive_create_signature(archive, key, &signature, &signature_length);
+	if (r)
+		return r;
+
+	// XXX write signature to archive
+
+	return 0;
+}
+
 PAKFIRE_EXPORT size_t pakfire_archive_get_size(struct pakfire_archive* archive) {
 	struct stat buf;
 
diff --git a/src/libpakfire/include/pakfire/archive.h b/src/libpakfire/include/pakfire/archive.h
index ca072c0c4..17641846c 100644
--- a/src/libpakfire/include/pakfire/archive.h
+++ b/src/libpakfire/include/pakfire/archive.h
@@ -61,6 +61,7 @@ struct pakfire_filelist* pakfire_archive_get_filelist(struct pakfire_archive* ar
 int pakfire_archive_verify(struct pakfire_archive* archive,
 	pakfire_archive_verify_status_t* status);
 const char* pakfire_archive_verify_strerror(pakfire_archive_verify_status_t status);
+int pakfire_archive_sign(struct pakfire_archive* archive, struct pakfire_key* key);
 
 size_t pakfire_archive_get_size(struct pakfire_archive* archive);
 struct pakfire_package* pakfire_archive_make_package(
diff --git a/src/libpakfire/libpakfire.sym b/src/libpakfire/libpakfire.sym
index 8b920918a..e825bb8ac 100644
--- a/src/libpakfire/libpakfire.sym
+++ b/src/libpakfire/libpakfire.sym
@@ -65,6 +65,7 @@ global:
 	pakfire_archive_open;
 	pakfire_archive_read;
 	pakfire_archive_ref;
+	pakfire_archive_sign;
 	pakfire_archive_unref;
 	pakfire_archive_verify;
 	pakfire_archive_verify_strerror;