From: espie <espie@openbsd.org>
Date: Wed, 25 Dec 2013 14:38:15 +0000 (+0000)
Subject: move the choice of signature type for checking into one single place
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c8c001747cfd695d7d81481df4fcffa4e155a3d2;p=openbsd

move the choice of signature type for checking into one single place
---

diff --git a/usr.sbin/pkg_add/OpenBSD/Delete.pm b/usr.sbin/pkg_add/OpenBSD/Delete.pm
index 43320f0e0b0..162943f1375 100644
--- a/usr.sbin/pkg_add/OpenBSD/Delete.pm
+++ b/usr.sbin/pkg_add/OpenBSD/Delete.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: Delete.pm,v 1.120 2013/09/24 21:00:57 espie Exp $
+# $OpenBSD: Delete.pm,v 1.121 2013/12/25 14:38:15 espie Exp $
 #
 # Copyright (c) 2003-2007 Marc Espie <espie@openbsd.org>
 #
@@ -106,8 +106,7 @@ sub delete_package
 	}
 	if ($plist->is_signed) {
 		if (!$state->{quick}) {
-			require OpenBSD::x509;
-			if (!OpenBSD::x509::check_signature($plist, $state)) {
+			if (!$plist->check_signature($state)) {
 				$state->fatal("package #1 was corrupted: signature check failed", $pkgname);
 			}
 		}
diff --git a/usr.sbin/pkg_add/OpenBSD/PackingList.pm b/usr.sbin/pkg_add/OpenBSD/PackingList.pm
index 998d065c62c..7a09540e4a7 100644
--- a/usr.sbin/pkg_add/OpenBSD/PackingList.pm
+++ b/usr.sbin/pkg_add/OpenBSD/PackingList.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: PackingList.pm,v 1.121 2012/12/28 15:09:09 espie Exp $
+# $OpenBSD: PackingList.pm,v 1.122 2013/12/25 14:38:15 espie Exp $
 #
 # Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org>
 #
@@ -531,6 +531,18 @@ sub to_installation
 	$self->tofile(OpenBSD::PackageInfo::installed_contents($self->pkgname));
 }
 
+sub check_signature
+{
+	my ($plist, $state) = @_;
+	my $sig = $plist->get('digital-signature');
+	if ($sig->{key} eq 'x509') {
+		require OpenBSD::x509;
+		return OpenBSD::x509::check_signature($plist, $state);
+	} else {
+		$state->log("Error: unknown signature style $sig->{key}");
+		return 0;
+	}
+}
 
 sub forget
 {
diff --git a/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm b/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm
index 449d486517b..7c9fc61e1aa 100644
--- a/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm
+++ b/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm
@@ -1,7 +1,7 @@
 #! /usr/bin/perl
 
 # ex:ts=8 sw=4:
-# $OpenBSD: PkgAdd.pm,v 1.39 2013/12/25 14:20:48 espie Exp $
+# $OpenBSD: PkgAdd.pm,v 1.40 2013/12/25 14:38:15 espie Exp $
 #
 # Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org>
 #
@@ -660,12 +660,9 @@ sub check_x509_signature
 				$state->errsay("NOT CHECKING DIGITAL SIGNATURE FOR #1",
 				    $plist->pkgname);
 			} else {
-				require OpenBSD::x509;
-
-				if (!OpenBSD::x509::check_signature($plist,
-				    $state)) {
+				if (!$plist->check_signature($state)) {
 					$state->fatal("#1 is corrupted",
-					    $set->print);
+					    $plist->pkgname);
 				}
 				$state->{check_digest} = 1;
 				$state->{packages_with_sig}++;
diff --git a/usr.sbin/pkg_add/OpenBSD/PkgCheck.pm b/usr.sbin/pkg_add/OpenBSD/PkgCheck.pm
index 1837dcdc4cb..7f9bb1937b1 100644
--- a/usr.sbin/pkg_add/OpenBSD/PkgCheck.pm
+++ b/usr.sbin/pkg_add/OpenBSD/PkgCheck.pm
@@ -1,7 +1,7 @@
 #! /usr/bin/perl
 
 # ex:ts=8 sw=4:
-# $OpenBSD: PkgCheck.pm,v 1.41 2013/09/11 15:36:18 espie Exp $
+# $OpenBSD: PkgCheck.pm,v 1.42 2013/12/25 14:38:15 espie Exp $
 #
 # Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org>
 #
@@ -688,9 +688,7 @@ sub package_files_check
 		my $plist = OpenBSD::PackingList->from_installation($name);
 		$state->log->set_context($name);
 		if ($plist->is_signed && !$state->defines('nosig')) {
-			require OpenBSD::x509;
-
-			if (!OpenBSD::x509::check_signature($plist, $state)) {
+			if (!$plist->check_signature($state)) {
 				$state->fatal("#1 is corrupted", $name);
 			}
 		}
diff --git a/usr.sbin/pkg_add/OpenBSD/x509.pm b/usr.sbin/pkg_add/OpenBSD/x509.pm
index 3ea670755ce..8cc266b727c 100644
--- a/usr.sbin/pkg_add/OpenBSD/x509.pm
+++ b/usr.sbin/pkg_add/OpenBSD/x509.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: x509.pm,v 1.11 2010/12/24 09:04:14 espie Exp $
+# $OpenBSD: x509.pm,v 1.12 2013/12/25 14:38:15 espie Exp $
 #
 # Copyright (c) 2003-2007 Marc Espie <espie@openbsd.org>
 #
@@ -81,10 +81,6 @@ sub check_signature
 {
 	my ($plist, $state) = @_;
 	my $sig = $plist->get('digital-signature');
-	if ($sig->{key} ne 'x509') {
-		$state->log("Error: unknown signature style");
-		return 0;
-	}
 	my ($fh, $fname) = mkstemp("/tmp/pkgcontent.XXXXXXXXX");
 	my ($fh2, $fname2) = mkstemp("/tmp/pkgsig.XXXXXXXXX");
 	$plist->write_no_sig($fh);