1 /* $NetBSD: pkg_signature.c,v 1.1.1.7 2010/02/20 04:41:58 joerg Exp $ */ 2 3 #if HAVE_CONFIG_H 4 #include "config.h" 5 #endif 6 #include <nbcompat.h> 7 #if HAVE_SYS_CDEFS_H 8 #include <sys/cdefs.h> 9 #endif 10 __RCSID("$NetBSD: pkg_signature.c,v 1.1.1.7 2010/02/20 04:41:58 joerg Exp $"); 11 12 /*- 13 * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. 14 * All rights reserved. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions 18 * are met: 19 * 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in 24 * the documentation and/or other materials provided with the 25 * distribution. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 29 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 30 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 31 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 32 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 34 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 35 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 36 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 37 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 */ 40 41 #if HAVE_SYS_WAIT_H 42 #include <sys/wait.h> 43 #endif 44 #include <ctype.h> 45 #if HAVE_ERR_H 46 #include <err.h> 47 #endif 48 #include <errno.h> 49 #include <fcntl.h> 50 #include <stdlib.h> 51 #ifndef NETBSD 52 #include <nbcompat/sha2.h> 53 #else 54 #include <sha2.h> 55 #endif 56 #include <signal.h> 57 #ifdef NETBSD 58 #include <unistd.h> 59 #else 60 #include <nbcompat/unistd.h> 61 #endif 62 63 #include <archive.h> 64 #include <archive_entry.h> 65 66 #include "lib.h" 67 68 #define HASH_FNAME "+PKG_HASH" 69 #define SIGNATURE_FNAME "+PKG_SIGNATURE" 70 #define GPG_SIGNATURE_FNAME "+PKG_GPG_SIGNATURE" 71 72 struct signature_archive { 73 struct archive *archive; 74 off_t pkg_size; 75 size_t sign_block_len, sign_block_number, sign_cur_block; 76 char **sign_blocks; 77 unsigned char *sign_buf; 78 }; 79 80 static void 81 hash_block(unsigned char *buf, size_t buf_len, 82 char hash[SHA512_DIGEST_STRING_LENGTH]) 83 { 84 unsigned char digest[SHA512_DIGEST_LENGTH]; 85 SHA512_CTX hash_ctx; 86 int i; 87 88 SHA512_Init(&hash_ctx); 89 SHA512_Update(&hash_ctx, buf, buf_len); 90 SHA512_Final(digest, &hash_ctx); 91 for (i = 0; i < SHA512_DIGEST_LENGTH; ++i) { 92 unsigned char c; 93 94 c = digest[i] / 16; 95 if (c < 10) 96 hash[2 * i] = '0' + c; 97 else 98 hash[2 * i] = 'a' - 10 + c; 99 100 c = digest[i] % 16; 101 if (c < 10) 102 hash[2 * i + 1] = '0' + c; 103 else 104 hash[2 * i + 1] = 'a' - 10 + c; 105 } 106 hash[2 * i] = '\0'; 107 } 108 109 static ssize_t 110 verify_signature_read_cb(struct archive *archive, void *cookie, const void **buf) 111 { 112 struct signature_archive *state = cookie; 113 char hash[SHA512_DIGEST_STRING_LENGTH]; 114 ssize_t len, expected; 115 116 if (state->sign_cur_block >= state->sign_block_number) 117 return 0; 118 119 /* The following works for sign_block_len > 1 */ 120 if (state->sign_cur_block + 1 == state->sign_block_number) 121 expected = state->pkg_size % state->sign_block_len; 122 else 123 expected = state->sign_block_len; 124 125 len = archive_read_data(state->archive, state->sign_buf, expected); 126 if (len != expected) { 127 warnx("Short read from package"); 128 return -1; 129 } 130 131 hash_block(state->sign_buf, len, hash); 132 133 if (strcmp(hash, state->sign_blocks[state->sign_cur_block]) != 0) { 134 warnx("Invalid signature of block %llu", 135 (unsigned long long)state->sign_cur_block); 136 return -1; 137 } 138 ++state->sign_cur_block; 139 *buf = state->sign_buf; 140 return len; 141 } 142 143 static void 144 free_signature_int(struct signature_archive *state) 145 { 146 size_t i; 147 148 if (state->sign_blocks != NULL) { 149 for (i = 0; i < state->sign_block_number; ++i) 150 free(state->sign_blocks[i]); 151 } 152 free(state->sign_blocks); 153 free(state->sign_buf); 154 free(state); 155 } 156 157 static int 158 verify_signature_close_cb(struct archive *archive, void *cookie) 159 { 160 struct signature_archive *state = cookie; 161 162 archive_read_finish(state->archive); 163 free_signature_int(state); 164 return 0; 165 } 166 167 static int 168 read_file_from_archive(const char *archive_name, struct archive *archive, 169 struct archive_entry **entry, 170 const char *fname, char **content, size_t *len) 171 { 172 int r; 173 174 *content = NULL; 175 *len = 0; 176 177 retry: 178 if (*entry == NULL && 179 (r = archive_read_next_header(archive, entry)) != ARCHIVE_OK) { 180 if (r == ARCHIVE_FATAL) { 181 warnx("Cannot read from archive `%s': %s", 182 archive_name, archive_error_string(archive)); 183 } else { 184 warnx("Premature end of archive `%s'", archive_name); 185 } 186 *entry = NULL; 187 return -1; 188 } 189 if (strcmp(archive_entry_pathname(*entry), "//") == 0) { 190 archive_read_data_skip(archive); 191 *entry = NULL; 192 goto retry; 193 } 194 195 if (strcmp(fname, archive_entry_pathname(*entry)) != 0) 196 return 1; 197 198 if (archive_entry_size(*entry) > SSIZE_MAX - 1) { 199 warnx("Signature of archive `%s' too large to process", 200 archive_name); 201 return 1; 202 } 203 *len = archive_entry_size(*entry); 204 *content = xmalloc(*len + 1); 205 206 if (archive_read_data(archive, *content, *len) != (ssize_t)*len) { 207 warnx("Cannot read complete %s from archive `%s'", fname, 208 archive_name); 209 free(*content); 210 *len = 0; 211 *content = NULL; 212 return 1; 213 } 214 (*content)[*len] = '\0'; 215 *entry = NULL; 216 217 return 0; 218 } 219 220 static int 221 parse_hash_file(const char *hash_file, char **pkgname, 222 struct signature_archive *state) 223 { 224 static const char block1[] = "pkgsrc signature\n\nversion: 1\npkgname: "; 225 static const char block2[] = "algorithm: SHA512\nblock size: "; 226 static const char block3[] = "file size: "; 227 static const char block4[] = "end pkgsrc signature\n"; 228 char *next; 229 size_t i, len; 230 231 *pkgname = NULL; 232 233 if (strncmp(hash_file, block1, strlen(block1)) != 0) 234 goto cleanup; 235 hash_file += strlen(block1); 236 237 len = strcspn(hash_file, "\n"); 238 *pkgname = xmalloc(len + 1); 239 memcpy(*pkgname, hash_file, len); 240 (*pkgname)[len] = '\0'; 241 for (i = 0; i < len; ++i) { 242 if (!isgraph((unsigned char)(*pkgname)[i])) 243 goto cleanup; 244 } 245 hash_file += len + 1; 246 247 if (strncmp(hash_file, block2, strlen(block2)) != 0) 248 goto cleanup; 249 hash_file += strlen(block2); 250 251 errno = 0; 252 if (!isdigit((unsigned char)*hash_file)) 253 goto cleanup; 254 state->sign_block_len = strtoul(hash_file, &next, 10); 255 hash_file = next; 256 257 /* Assert sane minimum block size of 1KB */ 258 if (*hash_file++ != '\n' || errno == ERANGE || state->sign_block_len < 1024) 259 goto cleanup; 260 261 if (strncmp(hash_file, block3, strlen(block3)) != 0) 262 goto cleanup; 263 hash_file += strlen(block3); 264 265 errno = 0; 266 if (!isdigit((unsigned char)*hash_file)) 267 goto cleanup; 268 if (/* CONSTCOND */sizeof(off_t) >= sizeof(long long)) 269 state->pkg_size = strtoll(hash_file, &next, 10); 270 else 271 state->pkg_size = strtol(hash_file, &next, 10); 272 hash_file = next; 273 if (*hash_file++ != '\n' || errno == ERANGE || state->pkg_size < 1) 274 goto cleanup; 275 276 if (*hash_file++ != '\n') 277 goto cleanup; 278 279 if (state->pkg_size / state->sign_block_len > SSIZE_MAX) 280 goto cleanup; 281 state->sign_block_number = (state->pkg_size + 282 state->sign_block_len - 1) / state->sign_block_len; 283 284 state->sign_buf = xmalloc(state->sign_block_len); 285 state->sign_blocks = xcalloc(state->sign_block_number, sizeof(char *)); 286 287 for (i = 0; i < state->sign_block_number; ++i) { 288 len = strspn(hash_file, "01234567889abcdef"); 289 if (len != SHA512_DIGEST_LENGTH * 2 || hash_file[len] != '\n') 290 goto cleanup_hashes; 291 state->sign_blocks[i] = xmalloc(len + 1); 292 memcpy(state->sign_blocks[i], hash_file, len); 293 state->sign_blocks[i][len] = '\0'; 294 hash_file += len + 1; 295 } 296 297 if (strcmp(hash_file, block4) != 0) 298 goto cleanup_hashes; 299 300 return 0; 301 302 cleanup_hashes: 303 for (i = 0; i < state->sign_block_number; ++i) 304 free(state->sign_blocks[i]); 305 free(state->sign_blocks); 306 state->sign_blocks = NULL; 307 308 cleanup: 309 warnx("Unknown format of hash file"); 310 free(*pkgname); 311 *pkgname = NULL; 312 return -1; 313 } 314 315 int 316 pkg_verify_signature(const char *archive_name, struct archive **archive, 317 struct archive_entry **entry, char **pkgname) 318 { 319 struct signature_archive *state; 320 struct archive_entry *my_entry; 321 struct archive *a; 322 char *hash_file, *signature_file; 323 size_t hash_len, signature_len; 324 int r, has_sig; 325 326 *pkgname = NULL; 327 328 state = xmalloc(sizeof(*state)); 329 state->sign_blocks = NULL; 330 state->sign_buf = NULL; 331 state->archive = NULL; 332 333 r = read_file_from_archive(archive_name, *archive, entry, HASH_FNAME, 334 &hash_file, &hash_len); 335 if (r == -1) { 336 archive_read_finish(*archive); 337 *archive = NULL; 338 free(state); 339 goto no_valid_signature; 340 } else if (r == 1) { 341 free(state); 342 goto no_valid_signature; 343 } 344 345 if (parse_hash_file(hash_file, pkgname, state)) 346 goto no_valid_signature; 347 348 r = read_file_from_archive(archive_name, *archive, entry, SIGNATURE_FNAME, 349 &signature_file, &signature_len); 350 if (r == -1) { 351 archive_read_finish(*archive); 352 *archive = NULL; 353 free(state); 354 free(hash_file); 355 goto no_valid_signature; 356 } else if (r != 0) { 357 if (*entry != NULL) 358 r = read_file_from_archive(archive_name, *archive, 359 entry, GPG_SIGNATURE_FNAME, 360 &signature_file, &signature_len); 361 if (r == -1) { 362 archive_read_finish(*archive); 363 *archive = NULL; 364 free(state); 365 free(hash_file); 366 goto no_valid_signature; 367 } else if (r != 0) { 368 free(hash_file); 369 free(state); 370 goto no_valid_signature; 371 } 372 has_sig = !detached_gpg_verify(hash_file, hash_len, 373 signature_file, signature_len, gpg_keyring_verify); 374 375 free(signature_file); 376 } else { 377 #ifdef HAVE_SSL 378 has_sig = !easy_pkcs7_verify(hash_file, hash_len, signature_file, 379 signature_len, certs_packages, 1); 380 381 free(signature_file); 382 #else 383 warnx("No OpenSSL support compiled in, skipping signature"); 384 has_sig = 0; 385 free(signature_file); 386 #endif 387 } 388 389 r = archive_read_next_header(*archive, &my_entry); 390 if (r != ARCHIVE_OK) { 391 warnx("Cannot read inner package: %s", 392 archive_error_string(*archive)); 393 free_signature_int(state); 394 goto no_valid_signature; 395 } 396 397 if (archive_entry_size(my_entry) != state->pkg_size) { 398 warnx("Package size doesn't match signature"); 399 free_signature_int(state); 400 goto no_valid_signature; 401 } 402 403 state->archive = *archive; 404 405 a = archive_read_new(); 406 archive_read_support_compression_all(a); 407 archive_read_support_format_all(a); 408 if (archive_read_open(a, state, NULL, verify_signature_read_cb, 409 verify_signature_close_cb)) { 410 warnx("Can't open signed package file"); 411 archive_read_finish(a); 412 goto no_valid_signature; 413 } 414 *archive = a; 415 *entry = NULL; 416 417 return has_sig ? 0 : -1; 418 419 no_valid_signature: 420 return -1; 421 } 422 423 int 424 pkg_full_signature_check(const char *archive_name, struct archive **archive) 425 { 426 struct archive_entry *entry = NULL; 427 char *pkgname; 428 int r; 429 430 if (pkg_verify_signature(archive_name, archive, &entry, &pkgname)) 431 return -1; 432 if (pkgname == NULL) 433 return 0; 434 435 /* XXX read PLIST and compare pkgname */ 436 while ((r = archive_read_next_header(*archive, &entry)) == ARCHIVE_OK) 437 archive_read_data_skip(*archive); 438 439 free(pkgname); 440 return r == ARCHIVE_EOF ? 0 : -1; 441 } 442 443 static char * 444 extract_pkgname(int fd) 445 { 446 package_t plist; 447 plist_t *p; 448 struct archive *a; 449 struct archive_entry *entry; 450 char *buf; 451 ssize_t len; 452 int r; 453 454 a = archive_read_new(); 455 archive_read_support_compression_all(a); 456 archive_read_support_format_all(a); 457 if (archive_read_open_fd(a, fd, 1024)) { 458 warnx("Cannot open binary package: %s", 459 archive_error_string(a)); 460 archive_read_finish(a); 461 return NULL; 462 } 463 464 r = archive_read_next_header(a, &entry); 465 if (r != ARCHIVE_OK) { 466 warnx("Cannot extract package name: %s", 467 r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); 468 archive_read_finish(a); 469 return NULL; 470 } 471 if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { 472 warnx("Invalid binary package, doesn't start with +CONTENTS"); 473 archive_read_finish(a); 474 return NULL; 475 } 476 if (archive_entry_size(entry) > SSIZE_MAX - 1) { 477 warnx("+CONTENTS too large to process"); 478 archive_read_finish(a); 479 return NULL; 480 } 481 482 len = archive_entry_size(entry); 483 buf = xmalloc(len + 1); 484 485 if (archive_read_data(a, buf, len) != len) { 486 warnx("Short read when extracing +CONTENTS"); 487 free(buf); 488 archive_read_finish(a); 489 return NULL; 490 } 491 buf[len] = '\0'; 492 493 archive_read_finish(a); 494 495 parse_plist(&plist, buf); 496 free(buf); 497 p = find_plist(&plist, PLIST_NAME); 498 if (p != NULL) { 499 buf = xstrdup(p->name); 500 } else { 501 warnx("Invalid PLIST: missing @name"); 502 buf = NULL; 503 } 504 free_plist(&plist); 505 506 if (lseek(fd, 0, SEEK_SET) != 0) { 507 warn("Cannot seek in archive"); 508 free(buf); 509 return NULL; 510 } 511 512 return buf; 513 } 514 515 static const char hash_template[] = 516 "pkgsrc signature\n" 517 "\n" 518 "version: 1\n" 519 "pkgname: %s\n" 520 "algorithm: SHA512\n" 521 "block size: 65536\n" 522 "file size: %lld\n" 523 "\n"; 524 525 static const char hash_trailer[] = "end pkgsrc signature\n"; 526 527 #ifdef HAVE_SSL 528 void 529 pkg_sign_x509(const char *name, const char *output, const char *key_file, const char *cert_file) 530 { 531 struct archive *pkg; 532 struct archive_entry *entry, *hash_entry, *sign_entry; 533 int fd; 534 struct stat sb; 535 char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 536 unsigned char block[65536]; 537 off_t i, size; 538 size_t block_len, signature_len; 539 540 if ((fd = open(name, O_RDONLY)) == -1) 541 err(EXIT_FAILURE, "Cannot open binary package %s", name); 542 if (fstat(fd, &sb) == -1) 543 err(EXIT_FAILURE, "Cannot stat %s", name); 544 545 entry = archive_entry_new(); 546 archive_entry_copy_stat(entry, &sb); 547 548 pkgname = extract_pkgname(fd); 549 hash_file = xasprintf(hash_template, pkgname, 550 (long long)archive_entry_size(entry)); 551 free(pkgname); 552 553 for (i = 0; i < archive_entry_size(entry); i += block_len) { 554 if (i + (off_t)sizeof(block) < archive_entry_size(entry)) 555 block_len = sizeof(block); 556 else 557 block_len = archive_entry_size(entry) % sizeof(block); 558 if (read(fd, block, block_len) != (ssize_t)block_len) 559 err(2, "short read"); 560 hash_block(block, block_len, hash); 561 tmp = xasprintf("%s%s\n", hash_file, hash); 562 free(hash_file); 563 hash_file = tmp; 564 } 565 tmp = xasprintf("%s%s", hash_file, hash_trailer); 566 free(hash_file); 567 hash_file = tmp; 568 569 if (easy_pkcs7_sign(hash_file, strlen(hash_file), &signature_file, 570 &signature_len, key_file, cert_file)) 571 err(EXIT_FAILURE, "Cannot sign hash file"); 572 573 lseek(fd, 0, SEEK_SET); 574 575 sign_entry = archive_entry_clone(entry); 576 hash_entry = archive_entry_clone(entry); 577 pkgname = strrchr(name, '/'); 578 archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 579 archive_entry_set_pathname(hash_entry, HASH_FNAME); 580 archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME); 581 archive_entry_set_size(hash_entry, strlen(hash_file)); 582 archive_entry_set_size(sign_entry, signature_len); 583 584 pkg = archive_write_new(); 585 archive_write_set_compression_none(pkg); 586 archive_write_set_format_ar_bsd(pkg); 587 archive_write_open_filename(pkg, output); 588 589 archive_write_header(pkg, hash_entry); 590 archive_write_data(pkg, hash_file, strlen(hash_file)); 591 archive_write_finish_entry(pkg); 592 archive_entry_free(hash_entry); 593 594 archive_write_header(pkg, sign_entry); 595 archive_write_data(pkg, signature_file, signature_len); 596 archive_write_finish_entry(pkg); 597 archive_entry_free(sign_entry); 598 599 size = archive_entry_size(entry); 600 archive_write_header(pkg, entry); 601 602 for (i = 0; i < size; i += block_len) { 603 if (i + (off_t)sizeof(block) < size) 604 block_len = sizeof(block); 605 else 606 block_len = size % sizeof(block); 607 if (read(fd, block, block_len) != (ssize_t)block_len) 608 err(2, "short read"); 609 archive_write_data(pkg, block, block_len); 610 } 611 archive_write_finish_entry(pkg); 612 archive_entry_free(entry); 613 614 archive_write_finish(pkg); 615 616 close(fd); 617 618 exit(0); 619 } 620 #endif 621 622 void 623 pkg_sign_gpg(const char *name, const char *output) 624 { 625 struct archive *pkg; 626 struct archive_entry *entry, *hash_entry, *sign_entry; 627 int fd; 628 struct stat sb; 629 char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 630 unsigned char block[65536]; 631 off_t i, size; 632 size_t block_len, signature_len; 633 634 if ((fd = open(name, O_RDONLY)) == -1) 635 err(EXIT_FAILURE, "Cannot open binary package %s", name); 636 if (fstat(fd, &sb) == -1) 637 err(EXIT_FAILURE, "Cannot stat %s", name); 638 639 entry = archive_entry_new(); 640 archive_entry_copy_stat(entry, &sb); 641 642 pkgname = extract_pkgname(fd); 643 hash_file = xasprintf(hash_template, pkgname, 644 (long long)archive_entry_size(entry)); 645 free(pkgname); 646 647 for (i = 0; i < archive_entry_size(entry); i += block_len) { 648 if (i + (off_t)sizeof(block) < archive_entry_size(entry)) 649 block_len = sizeof(block); 650 else 651 block_len = archive_entry_size(entry) % sizeof(block); 652 if (read(fd, block, block_len) != (ssize_t)block_len) 653 err(2, "short read"); 654 hash_block(block, block_len, hash); 655 tmp = xasprintf("%s%s\n", hash_file, hash); 656 free(hash_file); 657 hash_file = tmp; 658 } 659 tmp = xasprintf("%s%s", hash_file, hash_trailer); 660 free(hash_file); 661 hash_file = tmp; 662 663 if (detached_gpg_sign(hash_file, strlen(hash_file), &signature_file, 664 &signature_len, gpg_keyring_sign, gpg_sign_as)) 665 err(EXIT_FAILURE, "Cannot sign hash file"); 666 667 lseek(fd, 0, SEEK_SET); 668 669 sign_entry = archive_entry_clone(entry); 670 hash_entry = archive_entry_clone(entry); 671 pkgname = strrchr(name, '/'); 672 archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 673 archive_entry_set_pathname(hash_entry, HASH_FNAME); 674 archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME); 675 archive_entry_set_size(hash_entry, strlen(hash_file)); 676 archive_entry_set_size(sign_entry, signature_len); 677 678 pkg = archive_write_new(); 679 archive_write_set_compression_none(pkg); 680 archive_write_set_format_ar_bsd(pkg); 681 archive_write_open_filename(pkg, output); 682 683 archive_write_header(pkg, hash_entry); 684 archive_write_data(pkg, hash_file, strlen(hash_file)); 685 archive_write_finish_entry(pkg); 686 archive_entry_free(hash_entry); 687 688 archive_write_header(pkg, sign_entry); 689 archive_write_data(pkg, signature_file, signature_len); 690 archive_write_finish_entry(pkg); 691 archive_entry_free(sign_entry); 692 693 size = archive_entry_size(entry); 694 archive_write_header(pkg, entry); 695 696 for (i = 0; i < size; i += block_len) { 697 if (i + (off_t)sizeof(block) < size) 698 block_len = sizeof(block); 699 else 700 block_len = size % sizeof(block); 701 if (read(fd, block, block_len) != (ssize_t)block_len) 702 err(2, "short read"); 703 archive_write_data(pkg, block, block_len); 704 } 705 archive_write_finish_entry(pkg); 706 archive_entry_free(entry); 707 708 archive_write_finish(pkg); 709 710 close(fd); 711 712 exit(0); 713 } 714