PATCH: package verification in dpkg
Hi,
Below is a patch that will allow dpkg to do cryptographic verification
of gpg signatures attached to packages at install time. It uses
debsig-verify written by BenC and the signatures are generated by
debsigs that I wrote. Both are, or will shortly be, in non-us.
The basic logic is this:
1. If debsig-verify is not installed, silently skip the verification
step.
2. Otherwise, attempt to verify the package. If it passes,
proceed with normal installation. If it fails, die unless
--force-bad-verify is given.
Pretty straightforward.
The output looks like this for a pass:
# dpkg -i test.deb
Authenticating test.deb ... passed
(Reading database ... 63921 files and directories currently installed.)
Preparing to replace inn2-inews 2.3.0-0 (using test.deb) ...
And here's a sample for a failure:
# dpkg -i inn2-inews_2.3.0-0_i386.deb
Authenticating inn2-inews_2.3.0-0_i386.deb ... debsig: Origin Signature check failed. This deb might not be signed.
dpkg: error processing inn2-inews_2.3.0-0_i386.deb (--install):
Verification on package inn2-inews_2.3.0-0_i386.deb failed!
Errors were encountered while processing:
inn2-inews_2.3.0-0_i386.deb
Below patch is made against 1.8.3.1.
Thanks!
-- John
diff -durN dpkg.orig/dpkg-1.8.3.1/main/main.c dpkg/dpkg-1.8.3.1/main/main.c
--- dpkg.orig/dpkg-1.8.3.1/main/main.c Fri Jan 12 11:02:12 2001
+++ dpkg/dpkg-1.8.3.1/main/main.c Fri Mar 9 10:10:36 2001
@@ -135,6 +135,7 @@
int fc_autoselect=1, fc_badpath=0, fc_overwritediverted=0, fc_architecture=0;
int fc_nonroot=0, fc_overwritedir=0, fc_conff_new=0, fc_conff_miss=0;
int fc_conff_old=0, fc_conff_def=0;
+int fc_badverify = 0;
int errabort = 50;
const char *admindir= ADMINDIR;
@@ -164,6 +165,7 @@
{ "overwrite-diverted", &fc_overwritediverted },
{ "overwrite-dir", &fc_overwritedir },
{ "architecture", &fc_architecture },
+ { "bad-verify", &fc_badverify },
{ 0 }
};
@@ -272,6 +274,7 @@
not-root Try to (de)install things even when not root\n\
overwrite Overwrite a file from one package with another\n\
overwrite-diverted Overwrite a diverted file with an undiverted version\n\
+ bad-verify Install a package even if it fails authenticity check\n\
depends-version [!] Turn dependency version problems into warnings\n\
depends [!] Turn all dependency problems into warnings\n\
confnew [!] Always use the new config files, don't prompt\n\
diff -durN dpkg.orig/dpkg-1.8.3.1/main/main.h dpkg/dpkg-1.8.3.1/main/main.h
--- dpkg.orig/dpkg-1.8.3.1/main/main.h Sun Nov 5 09:58:50 2000
+++ dpkg/dpkg-1.8.3.1/main/main.h Fri Mar 9 10:11:13 2001
@@ -85,6 +85,7 @@
extern int fc_autoselect, fc_badpath, fc_overwritediverted, fc_architecture;
extern int fc_nonroot, fc_overwritedir, fc_conff_new, fc_conff_miss;
extern int fc_conff_old, fc_conff_def;
+extern int fc_badverify;
extern int errabort;
extern const char *admindir;
diff -durN dpkg.orig/dpkg-1.8.3.1/main/processarc.c dpkg/dpkg-1.8.3.1/main/processarc.c
--- dpkg.orig/dpkg-1.8.3.1/main/processarc.c Fri Jan 12 11:02:12 2001
+++ dpkg/dpkg-1.8.3.1/main/processarc.c Fri Mar 9 10:15:14 2001
@@ -136,6 +136,32 @@
}
}
+ /* Verify the package. */
+
+ if (stat("/usr/bin/debsig-verify", &stab) == 0) { /* We have verifier */
+ printf(_("Authenticating %s ... "), filename);
+ fflush(stdout);
+ c1 = m_fork();
+ if (!c1) {
+ execl("/usr/bin/debsig-verify", "/usr/bin/debsig-verify", "-q",
+ filename, NULL);
+ ohshite(_("failed to exec debsig-verify"));
+ } else {
+ int status;
+ waitpid(c1, &status, 0);
+ if (!(WIFEXITED(status) && WEXITSTATUS(status) == 0)) {
+ if (! fc_badverify) {
+ ohshit(_("Verification on package %s failed!"), filename);
+ } else {
+ fprintf(stderr, _("Verification on package %s failed,\nbut installing anyway as you request.\n"), filename);
+ }
+ } else {
+ printf(_("passed\n"));
+ }
+ }
+ }
+
+
if (f_noact) {
cidir= cidirtmpnambuf;
if (!tmpnam(cidir)) ohshite(_("unable to get unique filename for control info"));
diff -durN dpkg.orig/dpkg-1.8.3.1/po/dpkg.pot dpkg/dpkg-1.8.3.1/po/dpkg.pot
--- dpkg.orig/dpkg-1.8.3.1/po/dpkg.pot Sat Jan 13 08:58:01 2001
+++ dpkg/dpkg-1.8.3.1/po/dpkg.pot Fri Mar 9 10:16:18 2001
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2001-01-13 08:58-0500\n"
+"POT-Creation-Date: 2001-03-09 10:16-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -2122,12 +2122,12 @@
"`more' !"
msgstr ""
-#: dpkg-deb/main.c:135 main/main.c:179 split/main.c:142
+#: dpkg-deb/main.c:135 main/main.c:181 split/main.c:142
#, c-format
msgid "conflicting actions --%s and --%s"
msgstr ""
-#: main/main.c:188
+#: main/main.c:190
#, c-format
msgid ""
"%s debugging option, --debug=<octal> or -D<octal>:\n"
@@ -2148,26 +2148,26 @@
"Note that the meanings and values are subject to change.\n"
msgstr ""
-#: main/main.c:207
+#: main/main.c:209
msgid "--debug requires an octal argument"
msgstr ""
-#: main/main.c:231
+#: main/main.c:233
#, c-format
msgid "null package name in --ignore-depends comma-separated list `%.250s'"
msgstr ""
-#: main/main.c:237
+#: main/main.c:239
#, c-format
msgid "--ignore-depends requires a legal package name. `%.250s' is not; %s"
msgstr ""
-#: main/main.c:253
+#: main/main.c:255
#, c-format
msgid "invalid integer for --%s: `%.250s'"
msgstr ""
-#: main/main.c:263
+#: main/main.c:265
#, c-format
msgid ""
"%s forcing options - control behaviour when problems found:\n"
@@ -2184,6 +2184,8 @@
" overwrite Overwrite a file from one package with another\n"
" overwrite-diverted Overwrite a diverted file with an undiverted "
"version\n"
+" bad-verify Install a package even if it fails authenticity "
+"check\n"
" depends-version [!] Turn dependency version problems into warnings\n"
" depends [!] Turn all dependency problems into warnings\n"
" confnew [!] Always use the new config files, don't prompt\n"
@@ -2205,16 +2207,16 @@
"Forcing options marked [*] are enabled by default.\n"
msgstr ""
-#: main/main.c:302
+#: main/main.c:305
#, c-format
msgid "unknown force/refuse option `%.*s'"
msgstr ""
-#: main/main.c:382
+#: main/main.c:385
msgid "failed to exec dpkg-deb"
msgstr ""
-#: dpkg-deb/main.c:155 main/main.c:419 split/main.c:163
+#: dpkg-deb/main.c:155 main/main.c:422 split/main.c:163
msgid "need an action option"
msgstr ""
@@ -2302,156 +2304,183 @@
msgid "reassembled package file"
msgstr ""
-#: main/processarc.c:141
+#. Verify the package.
+#. We have verifier
+#: main/processarc.c:142
+#, c-format
+msgid "Authenticating %s ... "
+msgstr ""
+
+#: main/processarc.c:148
+msgid "failed to exec debsig-verify"
+msgstr ""
+
+#: main/processarc.c:154
+#, c-format
+msgid "Verification on package %s failed!"
+msgstr ""
+
+#: main/processarc.c:156
+#, c-format
+msgid ""
+"Verification on package %s failed,\n"
+"but installing anyway as you request.\n"
+msgstr ""
+
+#: main/processarc.c:159
+msgid "passed\n"
+msgstr ""
+
+#: main/processarc.c:167
msgid "unable to get unique filename for control info"
msgstr ""
-#: main/processarc.c:163
+#: main/processarc.c:189
msgid "failed to exec dpkg-deb to extract control information"
msgstr ""
-#: main/processarc.c:179
+#: main/processarc.c:205
#, c-format
msgid "Recorded info about %s from %s.\n"
msgstr ""
-#: main/processarc.c:188
+#: main/processarc.c:214
#, c-format
msgid "package architecture (%s) does not match system (%s)"
msgstr ""
-#: main/processarc.c:239
+#: main/processarc.c:265
#, c-format
msgid ""
"dpkg: regarding %s containing %s, pre-dependency problem:\n"
"%s"
msgstr ""
-#: main/processarc.c:242
+#: main/processarc.c:268
#, c-format
msgid "pre-dependency problem - not installing %.250s"
msgstr ""
-#: main/processarc.c:243
+#: main/processarc.c:269
msgid "dpkg: warning - ignoring pre-dependency problem !\n"
msgstr ""
-#: main/processarc.c:257
+#: main/processarc.c:283
#, c-format
msgid "Preparing to replace %s %s (using %s) ...\n"
msgstr ""
-#: main/processarc.c:262
+#: main/processarc.c:288
#, c-format
msgid "Unpacking %s (from %s) ...\n"
msgstr ""
-#: main/processarc.c:282
+#: main/processarc.c:308
#, c-format
msgid "name of conffile (starting `%.250s') is too long (>%d characters)"
msgstr ""
-#: main/processarc.c:336
+#: main/processarc.c:362
#, c-format
msgid "read error in %.250s"
msgstr ""
#. conff= fopen()
-#: main/processarc.c:338
+#: main/processarc.c:364
#, c-format
msgid "error closing %.250s"
msgstr ""
-#: main/processarc.c:340
+#: main/processarc.c:366
#, c-format
msgid "error trying to open %.250s"
msgstr ""
-#: main/processarc.c:373
+#: main/processarc.c:399
#, c-format
msgid "De-configuring %s, so that we can remove %s ...\n"
msgstr ""
-#: main/processarc.c:431
+#: main/processarc.c:457
#, c-format
msgid "Unpacking replacement %.250s ...\n"
msgstr ""
-#: main/processarc.c:510
+#: main/processarc.c:536
msgid "unable to exec dpkg-deb to get filesystem archive"
msgstr ""
-#: main/processarc.c:523
+#: main/processarc.c:549
msgid "error reading dpkg-deb tar output"
msgstr ""
-#: main/processarc.c:525
+#: main/processarc.c:551
msgid "corrupted filesystem tarfile - corrupted package archive"
msgstr ""
-#: main/processarc.c:528
+#: main/processarc.c:554
msgid "dpkg-deb: zap possible trailing zeros"
msgstr ""
-#: main/processarc.c:620
+#: main/processarc.c:646
#, c-format
msgid "dpkg: warning - unable to delete old file `%.250s': %s\n"
msgstr ""
-#: main/processarc.c:642 main/processarc.c:877 main/remove.c:287
+#: main/processarc.c:668 main/processarc.c:903 main/remove.c:287
msgid "cannot read info directory"
msgstr ""
-#: main/processarc.c:655
+#: main/processarc.c:681
#, c-format
msgid "old version of package has overly-long info file name starting `%.250s'"
msgstr ""
-#: main/processarc.c:667
+#: main/processarc.c:693
#, c-format
msgid "unable to remove obsolete info file `%.250s'"
msgstr ""
-#: main/processarc.c:670
+#: main/processarc.c:696
#, c-format
msgid "unable to install (supposed) new info file `%.250s'"
msgstr ""
-#: main/processarc.c:677
+#: main/processarc.c:703
msgid "unable to open temp control directory"
msgstr ""
-#: main/processarc.c:686
+#: main/processarc.c:712
#, c-format
msgid "package contains overly-long control info file name (starting `%.50s')"
msgstr ""
-#: main/processarc.c:691
+#: main/processarc.c:717
#, c-format
msgid "package control info contained directory `%.250s'"
msgstr ""
-#: main/processarc.c:693
+#: main/processarc.c:719
#, c-format
msgid "package control info rmdir of `%.250s' didn't say not a dir"
msgstr ""
-#: main/processarc.c:699
+#: main/processarc.c:725
#, c-format
msgid "dpkg: warning - package %s contained list as info file"
msgstr ""
-#: main/processarc.c:706
+#: main/processarc.c:732
#, c-format
msgid "unable to install new info file `%.250s' as `%.250s'"
msgstr ""
-#: main/processarc.c:857
+#: main/processarc.c:883
#, c-format
msgid "(Noting disappearance of %s, which has been completely replaced.)\n"
msgstr ""
-#: main/processarc.c:893
+#: main/processarc.c:919
#, c-format
msgid "unable to delete disappearing control info file `%.250s'"
msgstr ""
--
John Goerzen <jgoerzen@complete.org> www.complete.org
Sr. Software Developer, Progeny Linux Systems, Inc. www.progenylinux.com
#include <std_disclaimer.h> <jgoerzen@progenylinux.com>
Reply to: