packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ostree/tests
History
Colin Walters 8e6e64a5ad lib: Validate metadata structure more consistently during pull 
Previously we were doing e.g. `ot_util_filename_validate()` specifically inline
in dirtree objects, but only *after* writing them into the staging directory (by
default). In (non-default) cases such as not using a transaction, such an object
could be written directly into the repo.

A notable gap here is that `pull-local --untrusted` was *not* doing
this verification, just checksums.  We harden that (and also the
static delta writing path, really *everything* that calls
`ostree_repo_write_metadata()` to also do "structure" validation
which includes path traversal checks.  Basically, let's try hard
to avoid having badly structured objects even in the repo.

One thing that sucks in this patch is that we need to allocate a "bounce buffer"
for metadata in the static delta path, because GVariant imposes alignment
requirements, which I screwed up and didn't fulfill when designing deltas. It
actually didn't matter before because we weren't parsing them, but now we are.
In theory we could check alignment but ...eh, not worth it, at least not until
we change the delta compiler to emit aligned metadata which actually may be
quite tricky.  (Big picture I doubt this really matters much right now
but I'm not going to pull out a profiler yet for this)

The pull test was extended to check we didn't even write a dirtree
with path traversal into the staging directory.

There's a bit of code motion in extracting
`_ostree_validate_structureof_metadata()` from `fsck_metadata_object()`.

Then `_ostree_verify_metadata_object()` builds on that to do checksum
verification too.

Closes: #1412
Approved by: jlebon
 		2018-01-12 19:38:34 +00:00
..
coccinelle Add Coccinelle usage: one for blacklisting, one for patch collection 2017-03-30 19:19:54 +00:00
gpg-verify-data gpg: Regenerate test data for test-gpg-verify-result 2015-03-19 12:43:04 -04:00
gpghome tests: Port to glib-tap.mk, make `make check` run all of the tests 2016-03-03 08:50:19 -05:00
installed lib/commit: Fix hardlink checkout commit with bare-user + mod xattrs 2017-10-23 17:02:28 +00:00
.gitignore create-usb: Add a create-usb command to complement OstreeRepoFinderMount 2017-09-27 14:44:00 +00:00
admin-test.sh core: Add standard SOURCE_TITLE metadata key 2017-10-23 14:19:41 +00:00
archive-test.sh repo+tests: Add [core]disable-xattrs=true, use it on overlayfs 2017-03-24 22:16:43 +00:00
basic-test.sh bin/commit: add --keep-metadata option 2018-01-10 01:42:56 +00:00
bootloader-entries-crosscheck.py Introducing ostree-grub-generator 2016-04-04 14:19:35 +00:00
coccinelle.sh Add Coccinelle usage: one for blacklisting, one for patch collection 2017-03-30 19:19:54 +00:00
corrupt-repo-ref.js tests: Fix JavaScript tests with gjs 1.50.0 2017-09-15 18:51:43 +00:00
fah-deltadata-new.tar.xz tests: Add a "pull-test2" that uses slightly more realistic content 2017-11-01 17:38:26 +00:00
fah-deltadata-old.tar.xz tests: Add a "pull-test2" that uses slightly more realistic content 2017-11-01 17:38:26 +00:00
get-byte-order.c tests: Assert that byte-order is swapped on LE but not BE CPUs 2018-01-04 12:32:47 +00:00
glib.supp glib.supp: Suppress g_task -> thread leaks 2016-07-28 10:10:17 +00:00
grub2-entries-crosscheck.py tests: Add a test script to cross-check loader config vs GRUB2 2015-05-28 14:21:30 -04:00
libostreetest.c Cope with xattr syscalls raising EOPNOTSUPP 2017-10-16 13:08:06 +00:00
libostreetest.h tests: check for relabeling rather than overlay 2017-09-30 00:05:07 +00:00
libtest-core.sh tests/libtest-core: support multiple literal checks 2018-01-11 21:30:22 +00:00
libtest.sh tests: Add a "pull-test2" that uses slightly more realistic content 2017-11-01 17:38:26 +00:00
ostree-grub-generator Introducing ostree-grub-generator 2016-04-04 14:19:35 +00:00
ostree-path-traverse.tar.gz tests: Add a test case for path traversal in a dirtree 2018-01-12 19:38:34 +00:00
ostree.supp tests: Modernize valgrind infrastructure 2016-06-09 21:10:35 +00:00
pre-endian-deltas-repo-big.tar.xz deltas: Heuristically detect endianness for older deltas 2016-02-26 08:19:01 -05:00
pre-endian-deltas-repo-little.tar.xz deltas: Heuristically detect endianness for older deltas 2016-02-26 08:19:01 -05:00
pull-test.sh lib: Validate metadata structure more consistently during pull 2018-01-12 19:38:34 +00:00
pull-test2.sh tests: Add a "pull-test2" that uses slightly more realistic content 2017-11-01 17:38:26 +00:00
readdir-rand.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
repo-finder-mount.c create-usb: Add a create-usb command to complement OstreeRepoFinderMount 2017-09-27 14:44:00 +00:00
test-admin-deploy-2.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-deploy-bootid-gc.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-deploy-clean.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-deploy-etcmerge-cornercases.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-deploy-grub2.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-deploy-karg.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-deploy-switch.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-deploy-syslinux.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-deploy-uboot.sh core: Add standard SOURCE_TITLE metadata key 2017-10-23 14:19:41 +00:00
test-admin-instutil-set-kargs.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-locking.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-pull-deploy-commit.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-pull-deploy-split.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-upgrade-endoflife.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-upgrade-not-backwards.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-admin-upgrade-unconfigured.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-archivez.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-auto-summary.sh tests: Remove extra $CMD_PREFIX from test-auto-summary.sh 2016-06-27 20:20:21 +00:00
test-basic-c.c lib/core: Add a "break hardlink" API 2017-12-14 21:56:26 +00:00
test-basic-root.sh checkout: Merge union/add logic for copies during checkout 2017-04-25 13:52:35 +00:00
test-basic-user-only.sh tests,ci: Move "test-basic" (bare mode) to installed test 2017-09-27 13:13:14 +00:00
test-basic-user.sh tests: Don't assume uid == primary gid 2018-01-02 14:31:36 +00:00
test-basic.sh tests,ci: Move "test-basic" (bare mode) to installed test 2017-09-27 13:13:14 +00:00
test-bloom.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-bsdiff.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-checksum.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-commit-sign.sh tests/commit-sign: Update a bit to more modern style 2017-09-27 19:04:11 +00:00
test-concurrency.py lib/repo: Disable locking by default, add locking=true boolean 2017-12-14 15:48:38 +00:00
test-core.js tests: More fixes for gjs tests 2017-07-21 15:45:27 +00:00
test-corruption.sh lib/checkout: Validate pathnames during checkout 2018-01-12 19:38:34 +00:00
test-create-usb.sh create-usb: Add a create-usb command to complement OstreeRepoFinderMount 2017-09-27 14:44:00 +00:00
test-delta.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-demo-buildsystem.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-export.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-find-remotes.sh tests: Use --finders option for find-remotes 2018-01-11 02:19:07 +00:00
test-fsck-collections.sh bin/fsck: Make ref binding verification optional 2017-12-14 18:41:00 +00:00
test-gpg-signed-commit.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-gpg-verify-result.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-help.sh ostree: Describe subcommands in help output 2017-10-20 12:59:32 +00:00
test-init-collections.sh tests: Add integration tests for collections 2017-06-26 15:56:07 +00:00
test-keyfile-utils.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-libarchive-import.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-libarchive.sh libarchive: Add support for translating paths during commit 2017-08-30 14:30:30 +00:00
test-local-pull-depth.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-local-pull.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-lzma.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-mock-gio.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-mock-gio.h tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-mutable-tree.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-no-initramfs.sh Tests: test-no-initramfs: Test both legacy and new kernel locations 2018-01-10 13:52:58 +00:00
test-oldstyle-partial.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-ot-opt-utils.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-ot-tool-util.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-ot-unix-utils.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-parent.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-prune-collections.sh tests: Add integration tests for collections 2017-06-26 15:56:07 +00:00
test-prune.sh bin/prune: Add --only-branch 2017-09-18 17:20:38 +00:00
test-pull-bare.sh tests: Run pull tests for bare/bare-user 2017-07-10 14:18:18 +00:00
test-pull-bareuser.sh test-pull-bareuser.sh: This test uses bare-user, hence needs xattrs 2017-08-29 19:08:59 +00:00
test-pull-bareuseronly.sh tests: Add test-pull-bareuseronly 2017-10-17 15:20:08 +00:00
test-pull-c.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-pull-collections.sh tests: New tests for creating commits with bindings and pulling them 2017-07-06 19:08:14 +00:00
test-pull-commit-only.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-contenturl.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-corruption.sh Add public API for fsck, use it before loading metadata 2017-12-12 14:03:09 +00:00
test-pull-depth.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-large-metadata.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-localcache.sh pull: mark commits from local cache as partial 2017-08-14 12:04:42 +00:00
test-pull-metalink.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-mirror-summary.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-mirrorlist.sh fetcher/curl: Stop using CURLOPT_LOW_SPEED_TIME/_LIMIT 2017-11-27 22:31:22 +00:00
test-pull-override-url.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-repeated.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-resume.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-subpath.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-summary-sigs.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-pull-untrusted.sh lib: Validate metadata structure more consistently during pull 2018-01-12 19:38:34 +00:00
test-pull2-bareuseronly.sh tests: Add a "pull-test2" that uses slightly more realistic content 2017-11-01 17:38:26 +00:00
test-refs-collections.sh tests: Check "refs -c PREFIX" behavior 2017-09-07 18:49:55 +00:00
test-refs.sh bin/refs: Disallow aliases to remote refs 2017-12-14 22:22:39 +00:00
test-remote-add-collections.sh tests: Add integration tests for collections 2017-06-26 15:56:07 +00:00
test-remote-add.sh lib/repo: Properly list remotes of parent repos 2017-12-08 19:40:19 +00:00
test-remote-cookies.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-remote-gpg-import.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-remote-headers.sh pull: complete detached meta fetch before scanning 2017-05-18 01:14:15 +00:00
test-remotes-config-dir.js repo: Ensure new config doesn't set remotes in separate file 2017-09-13 16:03:25 +00:00
test-repo-finder-avahi.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-repo-finder-config.c lib/remote: Add a method to return the URL 2017-11-28 18:53:25 +00:00
test-repo-finder-mount-integration.sh tests: Use --finders option for find-remotes 2018-01-11 02:19:07 +00:00
test-repo-finder-mount.c tree-wide: Update to new libglnx fd APIs 2017-10-11 19:26:10 +00:00
test-repo.c tests/repo: Drop modeline from top of file 2017-09-28 14:08:40 +00:00
test-reset-nonlinear.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00
test-rofiles-fuse.sh rofiles: Fix --copyup when creating a new file 2018-01-08 15:21:29 +00:00
test-rollsum-cli.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-rollsum.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-sizes.js tests: More fixes for gjs tests 2017-07-21 15:45:27 +00:00
test-summary-collections.sh lib/repo-refs: Include remote refs when using collections 2017-08-24 19:57:33 +00:00
test-summary-update.sh ostree/summary: Generate an ostree-metadata ref when updating summary 2017-10-02 13:39:41 +00:00
test-summary-view.sh bin/summary: Fix --raw option 2017-11-09 17:15:59 +00:00
test-switchroot.sh test-switchroot.sh: skip if no busybox 2017-06-27 21:45:34 +00:00
test-symbols.sh Release 2017.15 2017-12-19 16:10:26 +00:00
test-sysroot-c.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-sysroot.js tests: Fix JavaScript tests with gjs 1.50.0 2017-09-15 18:51:43 +00:00
test-varint.c tree-wide: Remove Emacs modelines 2017-09-21 21:38:34 +00:00
test-xattrs.sh tree-wide: Replace archive-z2 with archive 2017-09-01 20:54:12 +00:00