This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
[PATCH setup draft 4/4] If signature validation is turned off, check 'release:' tag
- From: Ken Brown <kbrown at cornell dot edu>
- To: cygwin-apps at cygwin dot com
- Date: Mon, 11 Dec 2017 16:41:36 -0500
- Subject: [PATCH setup draft 4/4] If signature validation is turned off, check 'release:' tag
- Authentication-results: sourceware.org; auth=none
- References: <20171211214136.6500-1-kbrown@cornell.edu>
If we aren't doing signature validation, look instead for "release:
cygwin" in the setup.ini files. If this fails for an official mirror,
reject the mirror. If it fails for a purported private mirror,
silently change the status of the site to "user site" and put a note
in the log file. This change will take effect on the next setup run
or if the user selects 'Back'.
---
ini.cc | 29 ++++++++++++++++++++++++-----
res.rc | 1 +
resource.h | 1 +
3 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/ini.cc b/ini.cc
index 62b7e83..3cffa82 100644
--- a/ini.cc
+++ b/ini.cc
@@ -271,11 +271,15 @@ do_local_ini (HWND owner)
}
static void
-mirror_warn (site_list_type site)
+mirror_warn (site_list_type site, bool sig)
{
- Log (LOG_BABBLE) << "Signature validation failed for " << site.url
- << " using the cygwin key but succeeded using other keys. "
- << endLog;
+ if (sig)
+ Log (LOG_BABBLE) << "Signature validation failed for " << site.url
+ << " using the cygwin key but succeeded using other keys. "
+ << endLog;
+ else
+ Log (LOG_BABBLE) << "setup.ini from " << site.url
+ << " is not from the cygwin release." << endLog;
Log (LOG_BABBLE) << "Changing status from 'mirror' to 'user site'." << endLog;
SiteList::iterator i = find (all_site_list.begin (), all_site_list.end (), site);
if (i != all_site_list.end ())
@@ -343,7 +347,7 @@ do_remote_ini (HWND owner)
if (ini_file)
{
if (n->is_mirror && !main_key_only)
- mirror_warn (*n);
+ mirror_warn (*n, true);
break;
}
}
@@ -369,6 +373,21 @@ do_remote_ini (HWND owner)
}
else
{
+ if (NoVerifyOption && n->is_mirror && aBuilder.release != "cygwin")
+ {
+ if (n->from_mirrors_lst)
+ {
+ // Reject setup.ini.
+ note (owner, IDS_SETUPINI_NOTCYGWIN,
+ SetupBaseName.c_str (), n->url.c_str ());
+ delete ini_file;
+ ini_file = NULL;
+ continue;
+ }
+ else
+ mirror_warn (*n, false);
+ }
+
/* save known-good setup.ini locally */
const std::string fp = "file://" + local_dir + "/" +
rfc1738_escape_part (n->url) +
diff --git a/res.rc b/res.rc
index 14f1109..cd202e0 100644
--- a/res.rc
+++ b/res.rc
@@ -562,6 +562,7 @@ BEGIN
IDS_MIRROR_LST "http://cygwin.com/mirrors.lst";
IDS_ERR_OPEN_WRITE "Can't open %s for writing: %s"
IDS_SETUPINI_MISSING "Unable to get %s from <%s>"
+ IDS_SETUPINI_NOTCYGWIN "%s from <%s> is not from cygwin release"
IDS_OLD_SETUPINI "This setup.ini is older than the one you used last time you installed cygwin. Proceed anyway?"
IDS_NOTHING_INSTALLED "Nothing needed to be installed"
IDS_INSTALL_COMPLETE "Installation Complete"
diff --git a/resource.h b/resource.h
index 79575fb..666e93b 100644
--- a/resource.h
+++ b/resource.h
@@ -39,6 +39,7 @@
#define IDS_ELEVATED 139
#define IDS_INSTALLEDB_VERSION 140
#define IDS_DOWNLOAD_INCOMPLETE_EXIT 141
+#define IDS_SETUPINI_NOTCYGWIN 142
// Dialogs
--
2.15.1