packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pull: verify summary signatures also when not mirroring 

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2015-05-27 10:12:11 +02:00
parent 6284beb2b6
commit 6bf067411d
1 changed files with 99 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/libostree/ostree-repo-pull.c
View File

@ -1602,6 +1602,7 @@ ostree_repo_pull_with_options (OstreeRepo *self,
gboolean ret = FALSE; gboolean ret = FALSE;
GHashTableIter hash_iter; GHashTableIter hash_iter;
gpointer key, value; gpointer key, value;
g_autoptr(GBytes) bytes_summary = NULL;
g_autofree char *remote_key = NULL; g_autofree char *remote_key = NULL;
g_autofree char *path = NULL; g_autofree char *path = NULL;
g_autofree char *metalink_url_str = NULL; g_autofree char *metalink_url_str = NULL;
@ -1778,18 +1779,28 @@ ostree_repo_pull_with_options (OstreeRepo *self,
pull_data->static_delta_superblocks = g_ptr_array_new_with_free_func ((GDestroyNotify)g_variant_unref); pull_data->static_delta_superblocks = g_ptr_array_new_with_free_func ((GDestroyNotify)g_variant_unref);
if (pull_data->is_mirror && !refs_to_fetch && !configured_branches)
{ {
SoupURI *uri = NULL; SoupURI *uri = NULL;
g_autoptr(GBytes) bytes = NULL;
g_autoptr(GBytes) bytes_sig = NULL; g_autoptr(GBytes) bytes_sig = NULL;
g_autofree char *ret_contents = NULL; g_autofree char *ret_contents = NULL;
gsize i, n;
g_autoptr(GVariant) refs = NULL;
g_autoptr(GVariant) deltas = NULL;
g_autoptr(GVariant) additional_metadata = NULL;
if (!pull_data->summary)
{
uri = suburi_new (pull_data->base_uri, "summary", NULL); uri = suburi_new (pull_data->base_uri, "summary", NULL);
if (!fetch_uri_contents_membuf_sync (pull_data, uri, FALSE, TRUE, if (!fetch_uri_contents_membuf_sync (pull_data, uri, FALSE, TRUE,
&bytes, cancellable, error)) &bytes_summary, cancellable, error))
goto out; goto out;
soup_uri_free (uri); soup_uri_free (uri);
}
if (bytes_summary)
{
pull_data->summary_data = g_bytes_ref (bytes_summary);
pull_data->summary = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT, bytes_summary, FALSE);
uri = suburi_new (pull_data->base_uri, "summary.sig", NULL); uri = suburi_new (pull_data->base_uri, "summary.sig", NULL);
if (!fetch_uri_contents_membuf_sync (pull_data, uri, FALSE, TRUE, if (!fetch_uri_contents_membuf_sync (pull_data, uri, FALSE, TRUE,
@ -1797,26 +1808,17 @@ ostree_repo_pull_with_options (OstreeRepo *self,
goto out; goto out;
soup_uri_free (uri); soup_uri_free (uri);
if (bytes)
{
g_autoptr(GVariant) refs = NULL;
g_autoptr(GVariant) additional_metadata = NULL;
g_autoptr(GVariant) deltas = NULL;
gsize i, n;
pull_data->summary_data = g_bytes_ref (bytes);
if (bytes_sig) if (bytes_sig)
pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
if (pull_data->gpg_verify && bytes_sig)
{ {
glnx_unref_object OstreeGpgVerifyResult *result = NULL; glnx_unref_object OstreeGpgVerifyResult *result = NULL;
g_autoptr(GVariant) sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT, g_autoptr(GVariant) sig_variant = NULL;
bytes_sig, pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
FALSE);
sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT, bytes_sig, FALSE);
result = _ostree_repo_gpg_verify_with_metadata (self, result = _ostree_repo_gpg_verify_with_metadata (self,
bytes, bytes_summary,
sig_variant, sig_variant,
NULL, remote_name_or_baseurl,
NULL, NULL,
NULL, NULL,
cancellable, cancellable,
@ -1831,8 +1833,10 @@ ostree_repo_pull_with_options (OstreeRepo *self,
goto out; goto out;
} }
} }
}
pull_data->summary = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT, bytes, FALSE); if (pull_data->summary)
{
refs = g_variant_get_child_value (pull_data->summary, 0); refs = g_variant_get_child_value (pull_data->summary, 0);
n = g_variant_n_children (refs); n = g_variant_n_children (refs);
for (i = 0; i < n; i++) for (i = 0; i < n; i++)
@ -1870,7 +1874,11 @@ ostree_repo_pull_with_options (OstreeRepo *self,
csum_data); csum_data);
} }
} }
else }
if (pull_data->is_mirror && !refs_to_fetch && !configured_branches)
{
if (!bytes_summary)
{ {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Fetching all refs was requested in mirror mode, but remote repository does not have a summary"); "Fetching all refs was requested in mirror mode, but remote repository does not have a summary");