src/main/verify.c

   1 /*
   2  * dpkg - main program for package management
   3  * verify.c - verify package integrity
   4  *
   5  * Copyright © 2012-2015 Guillem Jover <guillem@debian.org>
   6  *
   7  * This is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation; either version 2 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * This is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  */
  20
  21 #include <config.h>
  22 #include <compat.h>
  23
  24 #include <errno.h>
  25 #include <fcntl.h>
  26 #include <unistd.h>
  27 #include <string.h>
  28 #include <stdbool.h>
  29 #include <stdlib.h>
  30 #include <stdio.h>
  31
  32 #include <dpkg/i18n.h>
  33 #include <dpkg/dpkg.h>
  34 #include <dpkg/dpkg-db.h>
  35 #include <dpkg/options.h>
  36 #include <dpkg/db-ctrl.h>
  37 #include <dpkg/db-fsys.h>
  38 #include <dpkg/buffer.h>
  39
  40 #include "main.h"
  41
  42
  43 enum verify_result {
  44         VERIFY_NONE,
  45         VERIFY_PASS,
  46         VERIFY_FAIL,
  47 };
  48
  49 struct verify_checks {
  50         int exists_errno;
  51         enum verify_result exists;
  52         enum verify_result mode;
  53         enum verify_result md5sum;
  54 };
  55
  56 typedef void verify_output_func(struct fsys_namenode *, struct verify_checks *);
  57
  58 static int
  59 verify_result_rpm(enum verify_result result, int check)
  60 {
  61         switch (result) {
  62         case VERIFY_FAIL:
  63                 return check;
  64         case VERIFY_PASS:
  65                 return '.';
  66         case VERIFY_NONE:
  67         default:
  68                 return '?';
  69         }
  70 }
  71
  72 static void
  73 verify_output_rpm(struct fsys_namenode *namenode, struct verify_checks *checks)
  74 {
  75         char result[9];
  76         char *error = NULL;
  77         int attr;
  78
  79         memset(result, '?', sizeof(result));
  80
  81         if (checks->exists == VERIFY_FAIL) {
  82                 memcpy(result, "missing  ", sizeof(result));
  83                 if (checks->exists_errno != ENOENT)
  84                         m_asprintf(&error, " (%s)", strerror(checks->exists_errno));
  85         } else {
  86                 result[1] = verify_result_rpm(checks->mode, 'M');
  87                 result[2] = verify_result_rpm(checks->md5sum, '5');
  88         }
  89
  90         if (namenode->flags & FNNF_OLD_CONFF)
  91                 attr = 'c';
  92         else
  93                 attr = ' ';
  94
  95         printf("%.9s %c %s%s\n", result, attr, namenode->name, error ? error : "");
  96
  97         free(error);
  98 }
  99
 100 static verify_output_func *verify_output = verify_output_rpm;
 101
 102 bool
 103 verify_set_output(const char *name)
 104 {
 105         if (strcmp(name, "rpm") == 0)
 106                 verify_output = verify_output_rpm;
 107         else
 108                 return false;
 109
 110         return true;
 111 }
 112
 113 static int
 114 verify_digest(const char *filename, struct fsys_namenode *fnn,
 115               struct verify_checks *checks)
 116 {
 117         static int fd;
 118
 119         fd = open(filename, O_RDONLY);
 120
 121         if (fd >= 0) {
 122                 struct dpkg_error err;
 123                 char hash[MD5HASHLEN + 1];
 124
 125                 push_cleanup(cu_closefd, ehflag_bombout, 1, &fd);
 126                 if (fd_md5(fd, hash, -1, &err) < 0)
 127                         ohshit(_("cannot compute MD5 digest for file '%s': %s"),
 128                                filename, err.str);
 129                 pop_cleanup(ehflag_normaltidy); /* fd = open(cdr.buf) */
 130                 close(fd);
 131
 132                 if (strcmp(hash, fnn->newhash) == 0) {
 133                         checks->md5sum = VERIFY_PASS;
 134                         return 0;
 135                 } else {
 136                         checks->md5sum = VERIFY_FAIL;
 137                 }
 138         } else {
 139                 checks->md5sum = VERIFY_NONE;
 140         }
 141
 142         return -1;
 143 }
 144
 145 static int
 146 verify_file(const char *filename, struct fsys_namenode *fnn,
 147             struct pkginfo *pkg, struct verify_checks *checks)
 148 {
 149         struct stat st;
 150         int failures = 0;
 151
 152         if (lstat(filename, &st) < 0) {
 153                 checks->exists_errno = errno;
 154                 checks->exists = VERIFY_FAIL;
 155                 return 1;
 156         }
 157         checks->exists = VERIFY_PASS;
 158
 159         if (fnn->newhash == NULL && fnn->oldhash != NULL)
 160                 fnn->newhash = fnn->oldhash;
 161
 162         if (fnn->newhash != NULL) {
 163                 /* Mode check heuristic: If we know its digest, the pathname
 164                  * must be a regular file. */
 165                 if (!S_ISREG(st.st_mode)) {
 166                         checks->mode = VERIFY_FAIL;
 167                         failures++;
 168                 }
 169
 170                 if (verify_digest(filename, fnn, checks) < 0)
 171                         failures++;
 172         }
 173
 174         return failures;
 175 }
 176
 177 static void
 178 verify_package(struct pkginfo *pkg)
 179 {
 180         struct fsys_namenode_list *file;
 181         struct varbuf filename = VARBUF_INIT;
 182
 183         ensure_packagefiles_available(pkg);
 184         parse_filehash(pkg, &pkg->installed);
 185         pkg_conffiles_mark_old(pkg);
 186
 187         for (file = pkg->files; file; file = file->next) {
 188                 struct verify_checks checks;
 189                 struct fsys_namenode *fnn;
 190
 191                 fnn = namenodetouse(file->namenode, pkg, &pkg->installed);
 192
 193                 varbuf_reset(&filename);
 194                 varbuf_add_str(&filename, dpkg_fsys_get_dir());
 195                 varbuf_add_str(&filename, fnn->name);
 196                 varbuf_end_str(&filename);
 197
 198                 memset(&checks, 0, sizeof(checks));
 199
 200                 if (verify_file(filename.buf, fnn, pkg, &checks) > 0)
 201                         verify_output(fnn, &checks);
 202         }
 203
 204         varbuf_destroy(&filename);
 205 }
 206
 207 int
 208 verify(const char *const *argv)
 209 {
 210         struct pkginfo *pkg;
 211         int rc = 0;
 212
 213         modstatdb_open(msdbrw_readonly);
 214         ensure_diversions();
 215
 216         if (!*argv) {
 217                 struct pkg_hash_iter *iter;
 218
 219                 iter = pkg_hash_iter_new();
 220                 while ((pkg = pkg_hash_iter_next_pkg(iter)))
 221                         verify_package(pkg);
 222                 pkg_hash_iter_free(iter);
 223         } else {
 224                 const char *thisarg;
 225
 226                 while ((thisarg = *argv++)) {
 227                         pkg = dpkg_options_parse_pkgname(cipaction, thisarg);
 228                         if (pkg->status == PKG_STAT_NOTINSTALLED) {
 229                                 notice(_("package '%s' is not installed"),
 230                                        pkg_name(pkg, pnaw_nonambig));
 231                                 rc = 1;
 232                                 continue;
 233                         }
 234
 235                         verify_package(pkg);
 236                 }
 237         }
 238
 239         modstatdb_shutdown();
 240
 241         m_output(stdout, _("<standard output>"));
 242
 243         return rc;
 244 }