On 24/12/20 8:43 am, Emil Velikov wrote: > With libarchive v3.5.0 we have API to fetch the digest from the mtree. > Use that to validate if the installed files are modified or not. > > As always, a modified backup file will trigger a warning but will not > result in an actual failure. > > TODO: localization... no idea how that is even done :-)
Adding the _() around the strings is all that needed done. > NOTE: indentation is likely all over the place - first time I see ts=2 For line wraps, we generally just use two indents, so really does not matter what the tab system is. > Signed-off-by: Emil Velikov <emil.l.veli...@gmail.com> > --- > src/pacman/check.c | 66 +++++++++++++++++++++++++++++++++++++++++----- > 1 file changed, 59 insertions(+), 7 deletions(-) > > diff --git a/src/pacman/check.c b/src/pacman/check.c > index 02217d0f..083c547d 100644 > --- a/src/pacman/check.c > +++ b/src/pacman/check.c > @@ -176,19 +176,70 @@ static int check_file_size(const char *pkgname, const > char *filepath, > return 0; > } > > -/* placeholders - libarchive currently does not read checksums from mtree > files > -static int check_file_md5sum(const char *pkgname, const char *filepath, > - struct stat *st, struct archive_entry *entry, int backup) > +#if ARCHIVE_VERSION_NUMBER >= 3005000 This does not need wrapped in #if. There is nothing libarchive specific in this function. > +static int check_file_cksum(const char *pkgname, const char *filepath, > + int backup, const char *cksum_name, const char *cksum_calc, > const char *cksum_mtree) > { > + if(!cksum_calc || !cksum_mtree) { Only one of these failures matches the error message. Split into "checkusm information not available" and "failed to calculate checksum" > + if(!config->quiet) { > + pm_printf(ALPM_LOG_WARNING, _("%s: %s (failed to > compute %s checksum)\n"), > + pkgname, filepath, cksum_name); > + } > + return 1; > + } > + > + if(strcmp(cksum_calc, cksum_mtree) != 0) { > + if(backup) { > + if(!config->quiet) { > + printf("%s%s%s: ", config->colstr.title, > _("backup file"), > + config->colstr.nocolor); > + printf(_("%s: %s (%s checksum mismatch)\n"), > + pkgname, filepath, cksum_name); > + } > + return 0; > + } > + if(!config->quiet) { > + pm_printf(ALPM_LOG_WARNING, _("%s: %s (%s checksum > mismatch)\n"), > + pkgname, filepath, cksum_name); > + } > + return 1; OK. > + } > + > return 0; > } > +#endif > + > +static int check_file_md5sum(const char *pkgname, const char *filepath, > + struct archive_entry *entry, int backup) > +{ > + int errors = 0; > +#if ARCHIVE_VERSION_NUMBER >= 3005000 > + char *cksum_calc = alpm_compute_md5sum(filepath); > + char *cksum_mtree = hex_representation(archive_entry_digest(entry, > + > ARCHIVE_ENTRY_DIGEST_MD5), 16); > + errors = check_file_cksum(pkgname, filepath, backup, "MD5", cksum_calc, > + > cksum_mtree); > + free(cksum_mtree); > + free(cksum_calc); > +#endif > + return (errors != 0 ? 1 : 0); > +} > > static int check_file_sha256sum(const char *pkgname, const char *filepath, > - struct stat *st, struct archive_entry *entry, int backup) > + struct archive_entry *entry, int backup) > { > - return 0; > + int errors = 0; > +#if ARCHIVE_VERSION_NUMBER >= 3005000 > + char *cksum_calc = alpm_compute_sha256sum(filepath); > + char *cksum_mtree = hex_representation(archive_entry_digest(entry, > + > ARCHIVE_ENTRY_DIGEST_SHA256), 32); > + errors = check_file_cksum(pkgname, filepath, backup, "SHA256", > cksum_calc, > + > cksum_mtree); > + free(cksum_mtree); > + free(cksum_calc); > +#endif > + return (errors != 0 ? 1 : 0); > } > -*/ > > /* Loop through the files of the package to check if they exist. */ > int check_pkg_fast(alpm_pkg_t *pkg) > @@ -369,7 +420,8 @@ int check_pkg_full(alpm_pkg_t *pkg) > > if(type == AE_IFREG) { > file_errors += check_file_size(pkgname, filepath, &st, > entry, backup); > - /* file_errors += check_file_md5sum(pkgname, filepath, > &st, entry, backup); */ > + file_errors += check_file_md5sum(pkgname, filepath, > entry, backup); > + file_errors += check_file_sha256sum(pkgname, filepath, > entry, backup); > } > > if(config->quiet && file_errors) { >