packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pull: verify summary signatures also when not mirroring 

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2015-05-27 10:12:11 +02:00
parent 6284beb2b6
commit 6bf067411d
1 changed files with 99 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/libostree/ostree-repo-pull.c
View File

@ -1602,6 +1602,7 @@ ostree_repo_pull_with_options (OstreeRepo *self,
gboolean ret = FALSE;
GHashTableIter hash_iter;
gpointer key, value;
g_autoptr(GBytes) bytes_summary = NULL;
g_autofree char *remote_key = NULL;
g_autofree char *path = NULL;
g_autofree char *metalink_url_str = NULL;
@ -1778,18 +1779,28 @@ ostree_repo_pull_with_options (OstreeRepo *self,
pull_data->static_delta_superblocks = g_ptr_array_new_with_free_func ((GDestroyNotify)g_variant_unref);
if (pull_data->is_mirror && !refs_to_fetch && !configured_branches)
{
SoupURI *uri = NULL;
g_autoptr(GBytes) bytes = NULL;
g_autoptr(GBytes) bytes_sig = NULL;
g_autofree char *ret_contents = NULL;
gsize i, n;
g_autoptr(GVariant) refs = NULL;
g_autoptr(GVariant) deltas = NULL;
g_autoptr(GVariant) additional_metadata = NULL;
if (!pull_data->summary)
{
uri = suburi_new (pull_data->base_uri, "summary", NULL);
if (!fetch_uri_contents_membuf_sync (pull_data, uri, FALSE, TRUE,
&bytes, cancellable, error))
&bytes_summary, cancellable, error))
goto out;
soup_uri_free (uri);
}
if (bytes_summary)
{
pull_data->summary_data = g_bytes_ref (bytes_summary);
pull_data->summary = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT, bytes_summary, FALSE);
uri = suburi_new (pull_data->base_uri, "summary.sig", NULL);
if (!fetch_uri_contents_membuf_sync (pull_data, uri, FALSE, TRUE,
@ -1797,26 +1808,17 @@ ostree_repo_pull_with_options (OstreeRepo *self,
goto out;
soup_uri_free (uri);
if (bytes)
{
g_autoptr(GVariant) refs = NULL;
g_autoptr(GVariant) additional_metadata = NULL;
g_autoptr(GVariant) deltas = NULL;
gsize i, n;
pull_data->summary_data = g_bytes_ref (bytes);
if (bytes_sig)
pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
if (pull_data->gpg_verify && bytes_sig)
{
glnx_unref_object OstreeGpgVerifyResult *result = NULL;
g_autoptr(GVariant) sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT,
bytes_sig,
FALSE);
g_autoptr(GVariant) sig_variant = NULL;
pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT, bytes_sig, FALSE);
result = _ostree_repo_gpg_verify_with_metadata (self,
bytes,
bytes_summary,
sig_variant,
NULL,
remote_name_or_baseurl,
NULL,
NULL,
cancellable,
@ -1831,8 +1833,10 @@ ostree_repo_pull_with_options (OstreeRepo *self,
goto out;
}
}
}
pull_data->summary = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT, bytes, FALSE);
if (pull_data->summary)
{
refs = g_variant_get_child_value (pull_data->summary, 0);
n = g_variant_n_children (refs);
for (i = 0; i < n; i++)
@ -1870,7 +1874,11 @@ ostree_repo_pull_with_options (OstreeRepo *self,
csum_data);
}
}
else
}
if (pull_data->is_mirror && !refs_to_fetch && !configured_branches)
{
if (!bytes_summary)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Fetching all refs was requested in mirror mode, but remote repository does not have a summary");