lib/pull: Extend BAREUSERONLY_FILES flag to HTTP requests
For the flatpak PR: https://github.com/flatpak/flatpak/pull/849 It's really more convenient if this works for HTTP pulls as well, since flatpak does various types of pulling, and we can just set the flag everywhere. Further, we might as well reject the content as early as possible. Closes: #930 Approved by: alexlarsson
This commit is contained in:
Colin Walters
Atomic Bot
parent
0e6d23835b
commit
9529e8d435
|
|
@ -871,7 +871,12 @@ content_fetch_on_complete (GObject *object,
|
||||||
checksum_obj = ostree_object_to_string (checksum, objtype);
|
checksum_obj = ostree_object_to_string (checksum, objtype);
|
||||||
g_debug ("fetch of %s complete", checksum_obj);
|
g_debug ("fetch of %s complete", checksum_obj);
|
||||||
|
|
||||||
if (pull_data->is_mirror && pull_data->repo->mode == OSTREE_REPO_MODE_ARCHIVE_Z2)
|
/* If we're mirroring and writing into an archive repo, we can directly copy
|
||||||
|
* the content rather than paying the cost of exploding it, checksumming, and
|
||||||
|
* re-gzip.
|
||||||
|
*/
|
||||||
|
if (pull_data->is_mirror && pull_data->repo->mode == OSTREE_REPO_MODE_ARCHIVE_Z2
|
||||||
|
&& !pull_data->is_bareuseronly_files)
|
||||||
{
|
{
|
||||||
gboolean have_object;
|
gboolean have_object;
|
||||||
if (!ostree_repo_has_object (pull_data->repo, OSTREE_OBJECT_TYPE_FILE, checksum,
|
if (!ostree_repo_has_object (pull_data->repo, OSTREE_OBJECT_TYPE_FILE, checksum,
|
||||||
|
|
@ -903,11 +908,17 @@ content_fetch_on_complete (GObject *object,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Also, delete it now that we've opened it, we'll hold
|
/* Also, delete it now that we've opened it, we'll hold
|
||||||
* a reference to the fd. If we fail to write later, then
|
* a reference to the fd. If we fail to validate or write, then
|
||||||
* the temp space will be cleaned up.
|
* the temp space will be cleaned up.
|
||||||
*/
|
*/
|
||||||
(void) unlinkat (_ostree_fetcher_get_dfd (fetcher), temp_path, 0);
|
(void) unlinkat (_ostree_fetcher_get_dfd (fetcher), temp_path, 0);
|
||||||
|
|
||||||
|
if (!validate_bareuseronly_mode (pull_data,
|
||||||
|
checksum,
|
||||||
|
g_file_info_get_attribute_uint32 (file_info, "unix::mode"),
|
||||||
|
error))
|
||||||
|
goto out;
|
||||||
|
|
||||||
if (!ostree_raw_file_to_content_stream (file_in, file_info, xattrs,
|
if (!ostree_raw_file_to_content_stream (file_in, file_info, xattrs,
|
||||||
&object_input, &length,
|
&object_input, &length,
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
|
|
@ -3145,12 +3156,6 @@ ostree_repo_pull_with_options (OstreeRepo *self,
|
||||||
pull_data->disable_static_deltas = TRUE;
|
pull_data->disable_static_deltas = TRUE;
|
||||||
|
|
||||||
}
|
}
|
||||||
else if (pull_data->is_bareuseronly_files)
|
|
||||||
{
|
|
||||||
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
|
|
||||||
"Can't use bareuseronly-files with non-local origin repo");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* We can't use static deltas if pulling into an archive-z2 repo. */
|
/* We can't use static deltas if pulling into an archive-z2 repo. */
|
||||||
if (self->mode == OSTREE_REPO_MODE_ARCHIVE_Z2)
|
if (self->mode == OSTREE_REPO_MODE_ARCHIVE_Z2)
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ function verify_initial_contents() {
|
||||||
assert_file_has_content baz/cow '^moo$'
|
assert_file_has_content baz/cow '^moo$'
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "1..21"
|
echo "1..23"
|
||||||
|
|
||||||
# Try both syntaxes
|
# Try both syntaxes
|
||||||
repo_init --no-gpg-verify
|
repo_init --no-gpg-verify
|
||||||
|
|
@ -79,12 +79,34 @@ ${CMD_PREFIX} ostree --repo=mirrorrepo pull origin main
|
||||||
${CMD_PREFIX} ostree --repo=mirrorrepo fsck
|
${CMD_PREFIX} ostree --repo=mirrorrepo fsck
|
||||||
echo "ok pull (refuses deltas)"
|
echo "ok pull (refuses deltas)"
|
||||||
|
|
||||||
if ${CMD_PREFIX} ostree --repo=mirrorrepo \
|
cd ${test_tmpdir}
|
||||||
pull origin main --bareuseronly-files 2>err.txt; then
|
rm mirrorrepo/refs/remotes/* -rf
|
||||||
assert_not_reached "--bareuseronly-files unexpectedly succeeded"
|
${CMD_PREFIX} ostree --repo=mirrorrepo prune --refs-only
|
||||||
|
${CMD_PREFIX} ostree --repo=mirrorrepo pull --bareuseronly-files origin main
|
||||||
|
echo "ok pull (bareuseronly, safe)"
|
||||||
|
|
||||||
|
rm checkout-origin-main -rf
|
||||||
|
$OSTREE --repo=ostree-srv/gnomerepo checkout main checkout-origin-main
|
||||||
|
cat > statoverride.txt <<EOF
|
||||||
|
2048 /some-setuid
|
||||||
|
EOF
|
||||||
|
echo asetuid > checkout-origin-main/some-setuid
|
||||||
|
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo commit -b content-with-suid --statoverride=statoverride.txt --tree=dir=checkout-origin-main
|
||||||
|
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo summary -u
|
||||||
|
# Verify we reject it both when unpacking and when mirroring
|
||||||
|
for flag in "" "--mirror"; do
|
||||||
|
if ${CMD_PREFIX} ostree --repo=mirrorrepo pull ${flag} --bareuseronly-files origin content-with-suid 2>err.txt; then
|
||||||
|
assert_not_reached "pulled unsafe bareuseronly"
|
||||||
fi
|
fi
|
||||||
assert_file_has_content err.txt 'bareuseronly-files with non-local'
|
assert_file_has_content err.txt 'object.*\.file: invalid mode.*with bits 040.*'
|
||||||
echo "ok pull (refuses bareuseronly)"
|
done
|
||||||
|
echo "ok pull (bareuseronly, unsafe)"
|
||||||
|
|
||||||
|
cd ${test_tmpdir}
|
||||||
|
rm mirrorrepo/refs/remotes/* -rf
|
||||||
|
${CMD_PREFIX} ostree --repo=mirrorrepo prune --refs-only
|
||||||
|
${CMD_PREFIX} ostree --repo=mirrorrepo pull --mirror --bareuseronly-files origin main
|
||||||
|
echo "ok pull (bareuseronly mirror)"
|
||||||
|
|
||||||
cd ${test_tmpdir}
|
cd ${test_tmpdir}
|
||||||
rm mirrorrepo/refs/remotes/* -rf
|
rm mirrorrepo/refs/remotes/* -rf
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue