diff options
author | jkh <jkh@FreeBSD.org> | 2001-02-03 20:56:32 +0000 |
---|---|---|
committer | jkh <jkh@FreeBSD.org> | 2001-02-03 20:56:32 +0000 |
commit | 7af2fba0c0ea1f0a371c8aefd97f24b6b0348be3 (patch) | |
tree | 767a875b05802c430e4ac8a4dfddc313840b4a0f /usr.sbin | |
parent | 416d33d3f0dca622fb40233535300cb9e2b8c0ba (diff) | |
download | FreeBSD-src-7af2fba0c0ea1f0a371c8aefd97f24b6b0348be3.zip FreeBSD-src-7af2fba0c0ea1f0a371c8aefd97f24b6b0348be3.tar.gz |
Add a -g flag for verifying an installed package against its recorded
checksums (to see if it's been modified post-installation). Naturally,
this mechanism is only as secure as the contents of /var/db/pkg if you're
using it for auditing purposes.
Submitted by: Roman Shterenzon <roman@xpert.com>
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/pkg_install/info/info.h | 1 | ||||
-rw-r--r-- | usr.sbin/pkg_install/info/main.c | 6 | ||||
-rw-r--r-- | usr.sbin/pkg_install/info/perform.c | 2 | ||||
-rw-r--r-- | usr.sbin/pkg_install/info/pkg_info.1 | 4 | ||||
-rw-r--r-- | usr.sbin/pkg_install/info/show.c | 30 |
5 files changed, 41 insertions, 2 deletions
diff --git a/usr.sbin/pkg_install/info/info.h b/usr.sbin/pkg_install/info/info.h index 04d1ade..df4389e 100644 --- a/usr.sbin/pkg_install/info/info.h +++ b/usr.sbin/pkg_install/info/info.h @@ -45,6 +45,7 @@ #define SHOW_MTREE 0x0800 #define SHOW_SIZE 0x1000 #define SHOW_ORIGIN 0x2000 +#define SHOW_CKSUM 0x4000 extern int Flags; extern Boolean AllInstalled; diff --git a/usr.sbin/pkg_install/info/main.c b/usr.sbin/pkg_install/info/main.c index 4e60e2d..da5330a 100644 --- a/usr.sbin/pkg_install/info/main.c +++ b/usr.sbin/pkg_install/info/main.c @@ -28,7 +28,7 @@ static const char rcsid[] = "$FreeBSD$"; #endif -static char Options[] = "acdDe:fhiIkl:LmopqrRst:v"; +static char Options[] = "acdDe:fghiIkl:LmopqrRst:v"; int Flags = 0; Boolean AllInstalled = FALSE; @@ -88,6 +88,10 @@ main(int argc, char **argv) Flags |= SHOW_PLIST; break; + case 'g': + Flags |= SHOW_CKSUM; + break; + case 'i': Flags |= SHOW_INSTALL; break; diff --git a/usr.sbin/pkg_install/info/perform.c b/usr.sbin/pkg_install/info/perform.c index e9fa6d5..f9955bc 100644 --- a/usr.sbin/pkg_install/info/perform.c +++ b/usr.sbin/pkg_install/info/perform.c @@ -205,6 +205,8 @@ pkg_do(char *pkg) show_files("Files:\n", &plist); if ((Flags & SHOW_SIZE) && installed) show_size("Package Size:\n", &plist); + if ((Flags & SHOW_CKSUM) && installed) + show_cksum("Mismatched Checksums:\n", &plist); if (Flags & SHOW_ORIGIN) show_origin("Origin:\n", &plist); if (!Quiet) diff --git a/usr.sbin/pkg_install/info/pkg_info.1 b/usr.sbin/pkg_install/info/pkg_info.1 index 646810d..1a5b0c0 100644 --- a/usr.sbin/pkg_install/info/pkg_info.1 +++ b/usr.sbin/pkg_install/info/pkg_info.1 @@ -25,7 +25,7 @@ .Nd a utility for displaying information on software packages .Sh SYNOPSIS .Nm -.Op Fl cdDfiIkLmopqrRsv +.Op Fl cdDfgiIkLmopqrRsv .Op Fl e Ar package .Op Fl l Ar prefix .Op Fl t Ar template @@ -69,6 +69,8 @@ Show the long description field for each package. Show the install-message file for each package. .It Fl f Show the packing list instructions for each package. +.It Fl g +Show files that don't match the recorded checksum. .It Fl i Show the install script (if any) for each package. .It Fl I diff --git a/usr.sbin/pkg_install/info/show.c b/usr.sbin/pkg_install/info/show.c index a0dae0a..ea544b2 100644 --- a/usr.sbin/pkg_install/info/show.c +++ b/usr.sbin/pkg_install/info/show.c @@ -30,6 +30,7 @@ static const char rcsid[] = #include <stdlib.h> #include <sys/types.h> #include <sys/stat.h> +#include <md5.h> void show_file(char *title, char *fname) @@ -257,6 +258,35 @@ show_size(char *title, Package *plist) printf("%lu\n", size); } +/* Show files that don't match the recorded checksum */ +void +show_cksum(char *title, Package *plist) +{ + PackingList p; + char *dir = "."; + char tmp[FILENAME_MAX]; + + if (!Quiet) + printf("%s%s", InfoPrefix, title); + + for (p = plist->head; p != NULL; p = p->next) + if (p->type == PLIST_CWD) + dir = p->name; + else if (p->type == PLIST_FILE) { + snprintf(tmp, FILENAME_MAX, "%s/%s", dir, p->name); + if (!fexists(tmp)) + warnx("%s doesn't exist\n", tmp); + else if (p->next && p->next->type == PLIST_COMMENT && !strncmp(p->next->name, "MD5:", 4)) { + char *cp, buf[33]; + if ((cp = MD5File(tmp, buf)) != NULL) + if (strcmp(cp, p->next->name + 4)) + printf("%s fails the original MD5 checksum\n", tmp); + else if (Verbose) + printf("%s matched the original MD5 checksum\n", tmp); + } + } +} + /* Show an "origin" path (usually category/portname) */ void show_origin(char *title, Package *plist) |