On 21 Feb 2003 16:30:02 +0100 Tollef Fog Heen <tfheen@raw.no> wrote: > optimally, what I'd like > is getting anna to support gpg and verify the full integrity of the > install. One would then only have to trust the integrity of the > initial boot media; a compromised mirror would be detected > immediately. Attached is program that uses libopencdk to verify the Release/Release.gpg file, its only experimental code though. The code is small, but as it needs libgcrypt (which needs opencdk and zlib) it makes it a 350kB binary, 171kB gzip'ed, which is pretty big for our purposes. Glenn
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <opencdk.h>
extern int verify_gpg_file(const char *sign_file)
{
CDK_KEYDB_HD pub_db;
CDK_HD hd;
int rc;
const unsigned long ftpmaster2003[2] = { 0xB629A24C, 0x38C6029A };
const unsigned long ftpmaster2002[2] = { 0xAA7DEB7B, 0x722F1AED };
printf("Verifying gpg signature of %s\n", sign_file);
cdk_set_log_level(CDK_LOG_DEBUG);
rc = cdk_keydb_new(&pub_db, CDK_DBTYPE_PK_KEYRING, "/home/bug1/.gnupg/pubring.gpg", 29);
if (rc) {
fprintf(stderr, "keydb new: `%s'\n", cdk_strerror(rc));
return 0;
}
cdk_handle_new(&hd);
cdk_handle_set_keydb(hd, pub_db);
/* Check the signature */
rc = cdk_file_verify(hd, sign_file, NULL);
printf("cdk_file_verify result is %d\n", rc);
/* Process the results */
rc = cdk_sig_get_ulong_attr(hd, 0, CDK_ATTR_STATUS);
switch(rc) {
case CDK_SIGSTAT_GOOD: {
const unsigned long *keyid;
keyid = cdk_sig_get_data_attr(hd, 0, CDK_ATTR_KEYID);
/* TODO: should detect the key id using a seperate keyring ? */
printf(" Good signature by %08lX%08lX\n", keyid[0], keyid[1]);
if ((keyid[0] == ftpmaster2002[0]) && (keyid[1] != ftpmaster2002[1])) {
printf(" Key signed with expired key\n");
}
else if ((keyid[0] != ftpmaster2003[0]) || (keyid[1] != ftpmaster2003[1])) {
printf(" Danger Will Robinson, Danger!\n");
printf(" Who the hell is %08lX %08lX ?", keyid[0], keyid[1]);
printf(" It should be signed by B629A24C 38C6029A\n");
printf(" This other guy might be trying sneak in a trojaned package!\n");
printf(" Danger Will Robinson, Danger!\n");
exit(-1);
}
break;
}
case CDK_SIGSTAT_BAD:
printf(" Verification failed, signature doesnt match file\n");
break;
case CDK_SIGSTAT_NOKEY:
printf(" Verification failed, unknown keyid\n");
break;
}
/* Cleanup */
cdk_handle_free(hd);
return(rc);
}
int main(int argc, char **argv)
{
verify_gpg_file(argv[1]);
}
Attachment:
pgp5_cP9q4Ckm.pgp
Description: PGP signature