From e5061f54d68ea95ab0b953e6cec6eeca26b01a12 Mon Sep 17 00:00:00 2001 From: Dan Nicholson Date: Thu, 2 Aug 2018 15:15:28 -0500 Subject: [PATCH] lib/pull: Fetch summary if cached version doesn't match signature If for some reason the cached summary doesn't match the cached signature then fetch the remote summary and verify again. Since commit c4c2b5eb this is unlikely to happen since the summary will only be cached if it matches the signature. However, if the summary cache has been corrupted for any other reason then it's best to be safe and fetch the remote summary again. This is essentially the corollary to c4c2b5eb. Where that commit helps you from getting into the corrupted summary cache in the first place, this helps you get out of it. Without this the client can get wedged until a prune or the remote server republishes the summary. Closes: #1698 Approved by: cgwalters --- src/libostree/ostree-repo-pull.c | 37 +++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c index 9eac6376..f692874d 100644 --- a/src/libostree/ostree-repo-pull.c +++ b/src/libostree/ostree-repo-pull.c @@ -4027,12 +4027,43 @@ ostree_repo_pull_with_options (OstreeRepo *self, if (pull_data->gpg_verify_summary && bytes_summary && bytes_sig) { g_autoptr(OstreeGpgVerifyResult) result = NULL; + g_autoptr(GError) temp_error = NULL; result = ostree_repo_verify_summary (self, pull_data->remote_name, bytes_summary, bytes_sig, - cancellable, error); - if (!ostree_gpg_verify_result_require_valid_signature (result, error)) - goto out; + cancellable, &temp_error); + if (!ostree_gpg_verify_result_require_valid_signature (result, &temp_error)) + { + if (summary_from_cache) + { + /* The cached summary doesn't match, fetch a new one and verify again */ + summary_from_cache = FALSE; + g_clear_pointer (&bytes_summary, (GDestroyNotify)g_bytes_unref); + g_debug ("Remote %s cached summary invalid, pulling new version", + pull_data->remote_name); + if (!_ostree_fetcher_mirrored_request_to_membuf (pull_data->fetcher, + pull_data->meta_mirrorlist, + "summary", + OSTREE_FETCHER_REQUEST_OPTIONAL_CONTENT, + pull_data->n_network_retries, + &bytes_summary, + OSTREE_MAX_METADATA_SIZE, + cancellable, error)) + goto out; + + g_autoptr(OstreeGpgVerifyResult) retry = + ostree_repo_verify_summary (self, pull_data->remote_name, + bytes_summary, bytes_sig, + cancellable, error); + if (!ostree_gpg_verify_result_require_valid_signature (retry, error)) + goto out; + } + else + { + g_propagate_error (error, g_steal_pointer (&temp_error)); + goto out; + } + } } if (bytes_summary)