packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deltas: Verify checksums in apply-offline unless skip_validate is TRUE

This commit is contained in:
Alexander Larsson 2015-10-15 19:36:30 +02:00
parent 7a4fb1b2f1
commit 78f14555c8
4 changed files with 114 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libostree/ostree-repo-pull.c
View File

@ -977,6 +977,7 @@ static_deltapart_fetch_on_complete (GObject *object,
_ostree_static_delta_part_execute_async (pull_data->repo, _ostree_static_delta_part_execute_async (pull_data->repo,
fetch_data->objects, fetch_data->objects,
delta_data, delta_data,
TRUE,
pull_data->cancellable, pull_data->cancellable,
on_static_delta_written, on_static_delta_written,
fetch_data); fetch_data);
@ -1628,6 +1629,7 @@ process_one_static_delta (OtPullData *pull_data,
_ostree_static_delta_part_execute_async (pull_data->repo, _ostree_static_delta_part_execute_async (pull_data->repo,
fetch_data->objects, fetch_data->objects,
delta_data, delta_data,
TRUE,
pull_data->cancellable, pull_data->cancellable,
on_static_delta_written, on_static_delta_written,
fetch_data); fetch_data);

2
src/libostree/ostree-repo-static-delta-core.c
View File

@ -365,7 +365,7 @@ ostree_repo_static_delta_execute_offline (OstreeRepo *self,
goto out; goto out;
} }
if (!_ostree_static_delta_part_execute (self, objects, bytes, if (!_ostree_static_delta_part_execute (self, objects, bytes, skip_validation,
cancellable, error)) cancellable, error))
{ {
g_prefix_error (error, "executing delta part %i: ", i); g_prefix_error (error, "executing delta part %i: ", i);

3
src/libostree/ostree-repo-static-delta-private.h
View File

@ -113,18 +113,21 @@ gboolean _ostree_static_delta_part_validate (OstreeRepo *repo,
gboolean _ostree_static_delta_part_execute (OstreeRepo *repo, gboolean _ostree_static_delta_part_execute (OstreeRepo *repo,
GVariant *header, GVariant *header,
GBytes *partdata, GBytes *partdata,
gboolean trusted,
GCancellable *cancellable, GCancellable *cancellable,
GError **error); GError **error);
gboolean _ostree_static_delta_part_execute_raw (OstreeRepo *repo, gboolean _ostree_static_delta_part_execute_raw (OstreeRepo *repo,
GVariant *header, GVariant *header,
GVariant *part, GVariant *part,
gboolean trusted,
GCancellable *cancellable, GCancellable *cancellable,
GError **error); GError **error);
void _ostree_static_delta_part_execute_async (OstreeRepo *repo, void _ostree_static_delta_part_execute_async (OstreeRepo *repo,
GVariant *header, GVariant *header,
GBytes *partdata, GBytes *partdata,
gboolean trusted,
GCancellable *cancellable, GCancellable *cancellable,
GAsyncReadyCallback callback, GAsyncReadyCallback callback,
gpointer user_data); gpointer user_data);

142
src/libostree/ostree-repo-static-delta-processing.c
View File

@ -39,6 +39,7 @@
G_STATIC_ASSERT (sizeof (guint) >= sizeof (guint32)); G_STATIC_ASSERT (sizeof (guint) >= sizeof (guint32));
typedef struct { typedef struct {
gboolean trusted;
OstreeRepo *repo; OstreeRepo *repo;
guint checksum_index; guint checksum_index;
const guint8 *checksums; const guint8 *checksums;
@ -182,6 +183,7 @@ gboolean
_ostree_static_delta_part_execute_raw (OstreeRepo *repo, _ostree_static_delta_part_execute_raw (OstreeRepo *repo,
GVariant *objects, GVariant *objects,
GVariant *part, GVariant *part,
gboolean trusted,
GCancellable *cancellable, GCancellable *cancellable,
GError **error) GError **error)
{ {
@ -198,6 +200,7 @@ _ostree_static_delta_part_execute_raw (OstreeRepo *repo,
state->repo = repo; state->repo = repo;
state->async_error = error; state->async_error = error;
state->trusted = trusted;
if (!_ostree_static_delta_parse_checksum_array (objects, if (!_ostree_static_delta_parse_checksum_array (objects,
&checksums_data, &checksums_data,
@ -308,6 +311,7 @@ gboolean
_ostree_static_delta_part_execute (OstreeRepo *repo, _ostree_static_delta_part_execute (OstreeRepo *repo,
GVariant *header, GVariant *header,
GBytes *part_bytes, GBytes *part_bytes,
gboolean trusted,
GCancellable *cancellable, GCancellable *cancellable,
GError **error) GError **error)
{ {
@ -356,7 +360,7 @@ _ostree_static_delta_part_execute (OstreeRepo *repo,
payload = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_PART_PAYLOAD_FORMAT_V0), payload = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_PART_PAYLOAD_FORMAT_V0),
payload_data, FALSE); payload_data, FALSE);
if (!_ostree_static_delta_part_execute_raw (repo, header, payload, if (!_ostree_static_delta_part_execute_raw (repo, header, payload, trusted,
cancellable, error)) cancellable, error))
goto out; goto out;
@ -371,6 +375,7 @@ typedef struct {
GBytes *partdata; GBytes *partdata;
GCancellable *cancellable; GCancellable *cancellable;
GSimpleAsyncResult *result; GSimpleAsyncResult *result;
gboolean trusted;
} StaticDeltaPartExecuteAsyncData; } StaticDeltaPartExecuteAsyncData;
static void static void
@ -397,6 +402,7 @@ static_delta_part_execute_thread (GSimpleAsyncResult *res,
if (!_ostree_static_delta_part_execute (data->repo, if (!_ostree_static_delta_part_execute (data->repo,
data->header, data->header,
data->partdata, data->partdata,
data->trusted,
cancellable, &error)) cancellable, &error))
g_simple_async_result_take_error (res, error); g_simple_async_result_take_error (res, error);
} }
@ -405,6 +411,7 @@ void
_ostree_static_delta_part_execute_async (OstreeRepo *repo, _ostree_static_delta_part_execute_async (OstreeRepo *repo,
GVariant *header, GVariant *header,
GBytes *partdata, GBytes *partdata,
gboolean trusted,
GCancellable *cancellable, GCancellable *cancellable,
GAsyncReadyCallback callback, GAsyncReadyCallback callback,
gpointer user_data) gpointer user_data)
@ -415,6 +422,7 @@ _ostree_static_delta_part_execute_async (OstreeRepo *repo,
asyncdata->repo = g_object_ref (repo); asyncdata->repo = g_object_ref (repo);
asyncdata->header = g_variant_ref (header); asyncdata->header = g_variant_ref (header);
asyncdata->partdata = g_bytes_ref (partdata); asyncdata->partdata = g_bytes_ref (partdata);
asyncdata->trusted = trusted;
asyncdata->cancellable = cancellable ? g_object_ref (cancellable) : NULL; asyncdata->cancellable = cancellable ? g_object_ref (cancellable) : NULL;
asyncdata->result = g_simple_async_result_new ((GObject*) repo, asyncdata->result = g_simple_async_result_new ((GObject*) repo,
@ -591,13 +599,27 @@ dispatch_open_splice_and_close (OstreeRepo *repo,
metadata = g_variant_new_from_data (ostree_metadata_variant_type (state->output_objtype), metadata = g_variant_new_from_data (ostree_metadata_variant_type (state->output_objtype),
state->payload_data + offset, length, TRUE, NULL, NULL); state->payload_data + offset, length, TRUE, NULL, NULL);
if (!ostree_repo_write_metadata_trusted (state->repo, state->output_objtype, if (state->trusted)
state->checksum, {
metadata, if (!ostree_repo_write_metadata_trusted (state->repo, state->output_objtype,
cancellable, state->checksum,
error)) metadata,
goto out; cancellable,
error))
goto out;
}
else
{
g_autofree guchar *actual_csum = NULL;
if (!ostree_repo_write_metadata (state->repo, state->output_objtype,
state->checksum,
metadata, &actual_csum,
cancellable,
error))
goto out;
}
} }
else else
{ {
@ -622,13 +644,26 @@ dispatch_open_splice_and_close (OstreeRepo *repo,
(repo->mode == OSTREE_REPO_MODE_BARE || (repo->mode == OSTREE_REPO_MODE_BARE ||
repo->mode == OSTREE_REPO_MODE_BARE_USER)) repo->mode == OSTREE_REPO_MODE_BARE_USER))
{ {
if (!_ostree_repo_open_trusted_content_bare (repo, state->checksum, if (state->trusted)
state->content_size, {
&state->barecommitstate, if (!_ostree_repo_open_trusted_content_bare (repo, state->checksum,
&state->content_out, state->content_size,
&state->have_obj, &state->barecommitstate,
cancellable, error)) &state->content_out,
goto out; &state->have_obj,
cancellable, error))
goto out;
}
else
{
if (!_ostree_repo_open_untrusted_content_bare (repo, state->checksum,
state->content_size,
&state->barecommitstate,
&state->content_out,
&state->have_obj,
cancellable, error))
goto out;
}
if (!state->have_obj) if (!state->have_obj)
{ {
@ -665,13 +700,28 @@ dispatch_open_splice_and_close (OstreeRepo *repo,
cancellable, error)) cancellable, error))
goto out; goto out;
if (!ostree_repo_write_content_trusted (state->repo, if (state->trusted)
state->checksum, {
object_input, if (!ostree_repo_write_content_trusted (state->repo,
objlen, state->checksum,
cancellable, object_input,
error)) objlen,
goto out; cancellable,
error))
goto out;
}
else
{
g_autofree guchar *actual_csum = NULL;
if (!ostree_repo_write_content (state->repo,
state->checksum,
object_input,
objlen,
&actual_csum,
cancellable,
error))
goto out;
}
} }
} }
@ -707,13 +757,26 @@ dispatch_open (OstreeRepo *repo,
if (!read_varuint64 (state, &state->content_size, error)) if (!read_varuint64 (state, &state->content_size, error))
goto out; goto out;
if (!_ostree_repo_open_trusted_content_bare (repo, state->checksum, if (state->trusted)
state->content_size, {
&state->barecommitstate, if (!_ostree_repo_open_trusted_content_bare (repo, state->checksum,
&state->content_out, state->content_size,
&state->have_obj, &state->barecommitstate,
cancellable, error)) &state->content_out,
goto out; &state->have_obj,
cancellable, error))
goto out;
}
else
{
if (!_ostree_repo_open_untrusted_content_bare (repo, state->checksum,
state->content_size,
&state->barecommitstate,
&state->content_out,
&state->have_obj,
cancellable, error))
goto out;
}
ret = TRUE; ret = TRUE;
out: out:
@ -868,11 +931,22 @@ dispatch_close (OstreeRepo *repo,
if (!g_output_stream_flush (state->content_out, cancellable, error)) if (!g_output_stream_flush (state->content_out, cancellable, error))
goto out; goto out;
if (!_ostree_repo_commit_trusted_content_bare (repo, state->checksum, &state->barecommitstate, if (state->trusted)
state->uid, state->gid, state->mode, {
state->xattrs, if (!_ostree_repo_commit_trusted_content_bare (repo, state->checksum, &state->barecommitstate,
cancellable, error)) state->uid, state->gid, state->mode,
goto out; state->xattrs,
cancellable, error))
goto out;
}
else
{
if (!_ostree_repo_commit_untrusted_content_bare (repo, state->checksum, &state->barecommitstate,
state->uid, state->gid, state->mode,
state->xattrs,
cancellable, error))
goto out;
}
} }
if (!dispatch_unset_read_source (repo, state, cancellable, error)) if (!dispatch_unset_read_source (repo, state, cancellable, error))