summaryrefslogtreecommitdiffstats
path: root/src/main/verify.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/main/verify.c243
1 files changed, 243 insertions, 0 deletions
diff --git a/src/main/verify.c b/src/main/verify.c
new file mode 100644
index 0000000..6a5d733
--- /dev/null
+++ b/src/main/verify.c
@@ -0,0 +1,243 @@
+/*
+ * dpkg - main program for package management
+ * verify.c - verify package integrity
+ *
+ * Copyright © 2012-2015 Guillem Jover <guillem@debian.org>
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <compat.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <dpkg/i18n.h>
+#include <dpkg/dpkg.h>
+#include <dpkg/dpkg-db.h>
+#include <dpkg/options.h>
+#include <dpkg/db-ctrl.h>
+#include <dpkg/db-fsys.h>
+#include <dpkg/buffer.h>
+
+#include "main.h"
+
+
+enum verify_result {
+ VERIFY_NONE,
+ VERIFY_PASS,
+ VERIFY_FAIL,
+};
+
+struct verify_checks {
+ int exists_errno;
+ enum verify_result exists;
+ enum verify_result mode;
+ enum verify_result md5sum;
+};
+
+typedef void verify_output_func(struct fsys_namenode *, struct verify_checks *);
+
+static int
+verify_result_rpm(enum verify_result result, int check)
+{
+ switch (result) {
+ case VERIFY_FAIL:
+ return check;
+ case VERIFY_PASS:
+ return '.';
+ case VERIFY_NONE:
+ default:
+ return '?';
+ }
+}
+
+static void
+verify_output_rpm(struct fsys_namenode *namenode, struct verify_checks *checks)
+{
+ char result[9];
+ char *error = NULL;
+ int attr;
+
+ memset(result, '?', sizeof(result));
+
+ if (checks->exists == VERIFY_FAIL) {
+ memcpy(result, "missing ", sizeof(result));
+ if (checks->exists_errno != ENOENT)
+ m_asprintf(&error, " (%s)", strerror(checks->exists_errno));
+ } else {
+ result[1] = verify_result_rpm(checks->mode, 'M');
+ result[2] = verify_result_rpm(checks->md5sum, '5');
+ }
+
+ if (namenode->flags & FNNF_OLD_CONFF)
+ attr = 'c';
+ else
+ attr = ' ';
+
+ printf("%.9s %c %s%s\n", result, attr, namenode->name, error ? error : "");
+
+ free(error);
+}
+
+static verify_output_func *verify_output = verify_output_rpm;
+
+bool
+verify_set_output(const char *name)
+{
+ if (strcmp(name, "rpm") == 0)
+ verify_output = verify_output_rpm;
+ else
+ return false;
+
+ return true;
+}
+
+static int
+verify_digest(const char *filename, struct fsys_namenode *fnn,
+ struct verify_checks *checks)
+{
+ static int fd;
+
+ fd = open(filename, O_RDONLY);
+
+ if (fd >= 0) {
+ struct dpkg_error err;
+ char hash[MD5HASHLEN + 1];
+
+ push_cleanup(cu_closefd, ehflag_bombout, 1, &fd);
+ if (fd_md5(fd, hash, -1, &err) < 0)
+ ohshit(_("cannot compute MD5 digest for file '%s': %s"),
+ filename, err.str);
+ pop_cleanup(ehflag_normaltidy); /* fd = open(cdr.buf) */
+ close(fd);
+
+ if (strcmp(hash, fnn->newhash) == 0) {
+ checks->md5sum = VERIFY_PASS;
+ return 0;
+ } else {
+ checks->md5sum = VERIFY_FAIL;
+ }
+ } else {
+ checks->md5sum = VERIFY_NONE;
+ }
+
+ return -1;
+}
+
+static int
+verify_file(const char *filename, struct fsys_namenode *fnn,
+ struct pkginfo *pkg, struct verify_checks *checks)
+{
+ struct stat st;
+ int failures = 0;
+
+ if (lstat(filename, &st) < 0) {
+ checks->exists_errno = errno;
+ checks->exists = VERIFY_FAIL;
+ return 1;
+ }
+ checks->exists = VERIFY_PASS;
+
+ if (fnn->newhash == NULL && fnn->oldhash != NULL)
+ fnn->newhash = fnn->oldhash;
+
+ if (fnn->newhash != NULL) {
+ /* Mode check heuristic: If we know its digest, the pathname
+ * must be a regular file. */
+ if (!S_ISREG(st.st_mode)) {
+ checks->mode = VERIFY_FAIL;
+ failures++;
+ }
+
+ if (verify_digest(filename, fnn, checks) < 0)
+ failures++;
+ }
+
+ return failures;
+}
+
+static void
+verify_package(struct pkginfo *pkg)
+{
+ struct fsys_namenode_list *file;
+ struct varbuf filename = VARBUF_INIT;
+
+ ensure_packagefiles_available(pkg);
+ parse_filehash(pkg, &pkg->installed);
+ pkg_conffiles_mark_old(pkg);
+
+ for (file = pkg->files; file; file = file->next) {
+ struct verify_checks checks;
+ struct fsys_namenode *fnn;
+
+ fnn = namenodetouse(file->namenode, pkg, &pkg->installed);
+
+ varbuf_set_str(&filename, dpkg_fsys_get_dir());
+ varbuf_add_str(&filename, fnn->name);
+ varbuf_end_str(&filename);
+
+ memset(&checks, 0, sizeof(checks));
+
+ if (verify_file(filename.buf, fnn, pkg, &checks) > 0)
+ verify_output(fnn, &checks);
+ }
+
+ varbuf_destroy(&filename);
+}
+
+int
+verify(const char *const *argv)
+{
+ struct pkginfo *pkg;
+ int rc = 0;
+
+ modstatdb_open(msdbrw_readonly);
+ ensure_diversions();
+
+ if (!*argv) {
+ struct pkg_hash_iter *iter;
+
+ iter = pkg_hash_iter_new();
+ while ((pkg = pkg_hash_iter_next_pkg(iter)))
+ verify_package(pkg);
+ pkg_hash_iter_free(iter);
+ } else {
+ const char *thisarg;
+
+ while ((thisarg = *argv++)) {
+ pkg = dpkg_options_parse_pkgname(cipaction, thisarg);
+ if (pkg->status == PKG_STAT_NOTINSTALLED) {
+ notice(_("package '%s' is not installed"),
+ pkg_name(pkg, pnaw_nonambig));
+ rc = 1;
+ continue;
+ }
+
+ verify_package(pkg);
+ }
+ }
+
+ modstatdb_shutdown();
+
+ m_output(stdout, _("<standard output>"));
+
+ return rc;
+}