Date: Fri, 1 Feb 2002 16:33:53 +0900 (JST) From: SHIMIZU Yoshiaki <shimizuysa@nttdata.co.jp> To: FreeBSD-gnats-submit@freebsd.org Cc: shimizuysa@nttdata.co.jp Subject: bin/34519: pkg_check(8) does not return exit code >0 if verifing in case of PKG_UNSIGNED or PKG_SIGUNKNOWN Message-ID: <200202010733.g117XrI01476@classic.sc.biz.nttdata.co.jp>
next in thread | raw e-mail | index | archive | help
>Number: 34519
>Category: bin
>Synopsis: pkg_check(8) does not return exit code >0 if verifing in case of PKG_UNSIGNED or PKG_SIGUNKNOWN
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 31 23:40:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: SHIMIZU Yoshiaki
>Release: FreeBSD 4.5-STABLE i386
>Organization:
NTT Data CORPORATION
>Environment:
System: FreeBSD classic.sc.biz.nttdata.co.jp 4.5-STABLE FreeBSD 4.5-STABLE #0: Thu Jan 31 16:31:05 JST 2002 joshua@classic.sc.biz.nttdata.co.jp:/usr/obj/usr/src/sys/CLASSIC i386
>Description:
DIAGNOSTICS of pkg_check(8) manpage says :
pkg_sign and pkg_check return with an exit code >0 if anything went wrong
for any file. For pkg_check, this usually indicates that the package is
not signed, or that the signature is forged.
However, when verifying non-signed or non-gziped file (both PKG_UNSIGNED case),
pkg_check(8) returns exit code =0 with warnning message.
I use only `-t x509' option-type, but Maybe using `-t sha-1' option-type
`PKG_UNKNOWN' case is looks same.
It's makes problem, when detecting package integrity mismatch in shell-scripts.
>How-To-Repeat:
# pkg_check -t x509 -k VALID_CRT PKG_UNSIGNED.tar.gz
File UNSIGNED.tar.gz is not a signed gzip file
# echo $?
0
>Fix:
/* $FreeBSD: src/usr.sbin/pkg_install/sign/main.c,v 1.1.2.1 2001/03/05 03:43:53 wes Exp $ */
======
--- src/usr.sbin/pkg_install/sign/main.c.orig Mon Mar 5 12:43:53 2001
+++ src/usr.sbin/pkg_install/sign/main.c Tue Jan 29 20:30:00 2002
@@ -83,7 +83,7 @@
}
result = check_signature(file, userid, envp, filename);
if (fclose(file) == 0) {
- if (result == PKG_BADSIG || result == PKG_SIGERROR)
+ if (result == PKG_BADSIG || result == PKG_UNSIGNED || result == PKG_SIGERROR || result == PKG_UNKNOWN)
return 0;
else
return 1;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202010733.g117XrI01476>