On 24/12/20 8:43 am, Emil Velikov wrote:
> With libarchive v3.5.0 we have API to fetch the digest from the mtree.
> Use that to validate if the installed files are modified or not.
>
> As always, a modified backup file will trigger a warning but will not
> result in an actual failure.
>
> TODO: localization... no idea how that is even done :-)
Adding the _() around the strings is all that needed done.
> NOTE: indentation is likely all over the place - first time I see ts=2
For line wraps, we generally just use two indents, so really does not
matter what the tab system is.
> Signed-off-by: Emil Velikov <emil.l.veli...@gmail.com>
> ---
> src/pacman/check.c | 66 +++++++++++++++++++++++++++++++++++++++++-----
> 1 file changed, 59 insertions(+), 7 deletions(-)
>
> diff --git a/src/pacman/check.c b/src/pacman/check.c
> index 02217d0f..083c547d 100644
> --- a/src/pacman/check.c
> +++ b/src/pacman/check.c
> @@ -176,19 +176,70 @@ static int check_file_size(const char *pkgname, const
> char *filepath,
> return 0;
> }
>
> -/* placeholders - libarchive currently does not read checksums from mtree
> files
> -static int check_file_md5sum(const char *pkgname, const char *filepath,
> - struct stat *st, struct archive_entry *entry, int backup)
> +#if ARCHIVE_VERSION_NUMBER >= 3005000
This does not need wrapped in #if. There is nothing libarchive specific
in this function.
> +static int check_file_cksum(const char *pkgname, const char *filepath,
> + int backup, const char *cksum_name, const char *cksum_calc,
> const char *cksum_mtree)
> {
> + if(!cksum_calc || !cksum_mtree) {
Only one of these failures matches the error message. Split into
"checkusm information not available" and "failed to calculate checksum"
> + if(!config->quiet) {
> + pm_printf(ALPM_LOG_WARNING, _("%s: %s (failed to
> compute %s checksum)\n"),
> + pkgname, filepath, cksum_name);
> + }
> + return 1;
> + }
> +
> + if(strcmp(cksum_calc, cksum_mtree) != 0) {
> + if(backup) {
> + if(!config->quiet) {
> + printf("%s%s%s: ", config->colstr.title,
> _("backup file"),
> + config->colstr.nocolor);
> + printf(_("%s: %s (%s checksum mismatch)\n"),
> + pkgname, filepath, cksum_name);
> + }
> + return 0;
> + }
> + if(!config->quiet) {
> + pm_printf(ALPM_LOG_WARNING, _("%s: %s (%s checksum
> mismatch)\n"),
> + pkgname, filepath, cksum_name);
> + }
> + return 1;
OK.
> + }
> +
> return 0;
> }
> +#endif
> +
> +static int check_file_md5sum(const char *pkgname, const char *filepath,
> + struct archive_entry *entry, int backup)
> +{
> + int errors = 0;
> +#if ARCHIVE_VERSION_NUMBER >= 3005000
> + char *cksum_calc = alpm_compute_md5sum(filepath);
> + char *cksum_mtree = hex_representation(archive_entry_digest(entry,
> +
> ARCHIVE_ENTRY_DIGEST_MD5), 16);
> + errors = check_file_cksum(pkgname, filepath, backup, "MD5", cksum_calc,
> +
> cksum_mtree);
> + free(cksum_mtree);
> + free(cksum_calc);
> +#endif
> + return (errors != 0 ? 1 : 0);
> +}
>
> static int check_file_sha256sum(const char *pkgname, const char *filepath,
> - struct stat *st, struct archive_entry *entry, int backup)
> + struct archive_entry *entry, int backup)
> {
> - return 0;
> + int errors = 0;
> +#if ARCHIVE_VERSION_NUMBER >= 3005000
> + char *cksum_calc = alpm_compute_sha256sum(filepath);
> + char *cksum_mtree = hex_representation(archive_entry_digest(entry,
> +
> ARCHIVE_ENTRY_DIGEST_SHA256), 32);
> + errors = check_file_cksum(pkgname, filepath, backup, "SHA256",
> cksum_calc,
> +
> cksum_mtree);
> + free(cksum_mtree);
> + free(cksum_calc);
> +#endif
> + return (errors != 0 ? 1 : 0);
> }
> -*/
>
> /* Loop through the files of the package to check if they exist. */
> int check_pkg_fast(alpm_pkg_t *pkg)
> @@ -369,7 +420,8 @@ int check_pkg_full(alpm_pkg_t *pkg)
>
> if(type == AE_IFREG) {
> file_errors += check_file_size(pkgname, filepath, &st,
> entry, backup);
> - /* file_errors += check_file_md5sum(pkgname, filepath,
> &st, entry, backup); */
> + file_errors += check_file_md5sum(pkgname, filepath,
> entry, backup);
> + file_errors += check_file_sha256sum(pkgname, filepath,
> entry, backup);
> }
>
> if(config->quiet && file_errors) {
>
