freebsd
[Feature resurrection] pkg check -r, recompute the checksum
Hello,
Would it be possible to enable anew the recompute feature? I agree it's not often used, but when we need it.... We need it.
Unless there are others reasons like a security concern or too time-consuming to rewrite for the version 2?
The general use case is: one modifies an installed software. There could be many reasons.
Recent example: I asked a new feature for the mail server mox and the author did it. Up to now, he doesn't make a new release and the FreeBSD port stays without this feature. I just recompiled the executable and replaced it. Now, pkg complains at each check.
I worked to modify the code of the release-2.1 branch and it seems I succeded. I would like to have your opinion on the pkg_recompute function. I looked at your codes, past and present, and tried to do something that works. I haven't programmed in C for some time. Something may escaped me.
I changed the following files: libpkg/libpkg.ver, libpkg/pkg.c, libpkg/pkg.h and src/check.c. If you're ok, I can make a patch (adapted to the main branch of course).
int
pkg_recompute(struct pkgdb *db, struct pkg *pkg)
{
struct pkg_file *f = NULL;
int64_t flatsize = 0;
struct stat st;
pkg_checksum_type_t type;
char *newsum;
int rc = EPKG_OK;
while (pkg_files(pkg, &f) == EPKG_OK) {
if (lstat(f->path, &st) == -1)
continue;
if (!S_ISLNK(st.st_mode))
flatsize += st.st_size;
type = pkg_checksum_file_get_type(f->sum, strlen(f->sum));
if (type == PKG_HASH_TYPE_UNKNOWN)
type = PKG_HASH_TYPE_SHA256_HEX;
newsum = pkg_checksum_generate_file(f->path, type);
if (newsum == NULL) {
rc = EPKG_FATAL;
break;
}
if (strcmp(newsum, f->sum) != 0)
pkgdb_file_set_cksum(db, f, newsum);
free(newsum);
}
if (rc == EPKG_OK && flatsize != pkg->flatsize)
pkg->flatsize = flatsize;
return (rc);
}
Edit: changed the pkg_recompute function. The first version worked but didn't prefix the hash with the used pkg_checksum_type. I should have used pkg_checksum_generate_file instead of pkg_checksum_symlinkat / pkg_checksum_fileat. This is what this new version does.
This is not complicated to resurect the feature, but I think this feature should just not exists. if one it modifying a packages, imho he should just create a package for the new thing and install that version rather than faking the currently installed package. This is the reason why I removed the feature. The other reason is in environement like PCIDSS and things like that, the availability of the feature make the auditors nervous.
You're the best placed to know what pkg should and shouldn't do.
Just a remark: it was complicated for me! I never looked at the pkg code before and I'm far to understand all its logics and mecanisms.
Will pkg_recompute work well? I mean, do I overlooked an important part of the internal logic behind the checksum?
At the base, I wanted to write an utility rather than ask for a feature. But I failed to use /usr/local/include/pkg.h to work on checksum computation. Some parts of libpkg are "private"... [edited] That said, conversely at what I believed, there are many functions (all?) in libpkg.so. Maybe it's possible...
@bapt please see https://forums.freebsd.org/threads/package-checksum-errors.98857/ at your convenience.
this is a good reason not to readd the recompute, it does not fix the checksums! if the checksums are invalid it means there is a really issue to fix, why did it happen, is there an issue with the package, etc.
Thank you. The mime mess on mate-control-center is also FUBAR immediately after install / update: mate-control-center-1.28.1_3: checksum mismatch for /usr/local/share/applications/mimeinfo.cache