Merge pull request #105 from monstermunchkin/fix/various
definition: Add Source.SkipVerification
This commit is contained in:
commit
375d44646d
@ -42,15 +42,16 @@ type DefinitionImage struct {
|
||||
|
||||
// A DefinitionSource specifies the download type and location
|
||||
type DefinitionSource struct {
|
||||
Downloader string `yaml:"downloader"`
|
||||
URL string `yaml:"url,omitempty"`
|
||||
Keys []string `yaml:"keys,omitempty"`
|
||||
Keyserver string `yaml:"keyserver,omitempty"`
|
||||
Variant string `yaml:"variant,omitempty"`
|
||||
Suite string `yaml:"suite,omitempty"`
|
||||
SameAs string `yaml:"same_as,omitempty"`
|
||||
AptSources string `yaml:"apt_sources,omitempty"`
|
||||
IgnoreRelease bool `yaml:"ignore_release,omitempty"`
|
||||
Downloader string `yaml:"downloader"`
|
||||
URL string `yaml:"url,omitempty"`
|
||||
Keys []string `yaml:"keys,omitempty"`
|
||||
Keyserver string `yaml:"keyserver,omitempty"`
|
||||
Variant string `yaml:"variant,omitempty"`
|
||||
Suite string `yaml:"suite,omitempty"`
|
||||
SameAs string `yaml:"same_as,omitempty"`
|
||||
AptSources string `yaml:"apt_sources,omitempty"`
|
||||
IgnoreRelease bool `yaml:"ignore_release,omitempty"`
|
||||
SkipVerification bool `yaml:"skip_verification,omitempty"`
|
||||
}
|
||||
|
||||
// A DefinitionTargetLXCConfig represents the config part of the metadata.
|
||||
@ -114,7 +115,7 @@ type Definition struct {
|
||||
}
|
||||
|
||||
// SetValue writes the provided value to a field represented by the yaml tag 'key'.
|
||||
func (d *Definition) SetValue(key string, value interface{}) error {
|
||||
func (d *Definition) SetValue(key string, value string) error {
|
||||
// Walk through the definition and find the field with the given key
|
||||
field, err := getFieldByTag(reflect.ValueOf(d).Elem(), reflect.TypeOf(d).Elem(), key)
|
||||
if err != nil {
|
||||
@ -126,22 +127,29 @@ func (d *Definition) SetValue(key string, value interface{}) error {
|
||||
return fmt.Errorf("Cannot set value for %s", key)
|
||||
}
|
||||
|
||||
if reflect.TypeOf(value).Kind() != field.Kind() {
|
||||
return fmt.Errorf("Cannot assign %s value to %s",
|
||||
reflect.TypeOf(value).Kind(), field.Kind())
|
||||
}
|
||||
|
||||
switch reflect.TypeOf(value).Kind() {
|
||||
switch field.Kind() {
|
||||
case reflect.Bool:
|
||||
field.SetBool(value.(bool))
|
||||
v, err := strconv.ParseBool(value)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
field.SetBool(v)
|
||||
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
|
||||
field.SetInt(value.(int64))
|
||||
v, err := strconv.ParseInt(value, 10, 64)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
field.SetInt(v)
|
||||
case reflect.String:
|
||||
field.SetString(value.(string))
|
||||
field.SetString(value)
|
||||
case reflect.Uint, reflect.Uintptr, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
|
||||
field.SetUint(value.(uint64))
|
||||
v, err := strconv.ParseUint(value, 10, 64)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
field.SetUint(v)
|
||||
default:
|
||||
return fmt.Errorf("Unknown value type %s", reflect.TypeOf(value).Kind())
|
||||
return fmt.Errorf("Unsupported type '%s'", field.Kind())
|
||||
}
|
||||
|
||||
return nil
|
||||
|
@ -234,9 +234,10 @@ func TestDefinitionSetValue(t *testing.T) {
|
||||
Release: "artful",
|
||||
},
|
||||
Source: DefinitionSource{
|
||||
Downloader: "debootstrap",
|
||||
URL: "https://ubuntu.com",
|
||||
Keys: []string{"0xCODE"},
|
||||
Downloader: "debootstrap",
|
||||
URL: "https://ubuntu.com",
|
||||
Keys: []string{"0xCODE"},
|
||||
IgnoreRelease: true,
|
||||
},
|
||||
Packages: DefinitionPackages{
|
||||
Manager: "apt",
|
||||
@ -277,7 +278,15 @@ func TestDefinitionSetValue(t *testing.T) {
|
||||
|
||||
// Nonsense
|
||||
err = d.SetValue("image", "[foo: bar]")
|
||||
if err == nil || err.Error() != "Cannot assign string value to struct" {
|
||||
if err == nil || err.Error() != "Unsupported type 'struct'" {
|
||||
t.Fatal("Expected unsupported assignment")
|
||||
}
|
||||
|
||||
err = d.SetValue("source.ignore_release", "true")
|
||||
if err != nil {
|
||||
t.Fatalf("Unexpected error: %s", err)
|
||||
}
|
||||
if !d.Source.IgnoreRelease {
|
||||
t.Fatalf("Expected '%v', got '%v'", true, d.Source.IgnoreRelease)
|
||||
}
|
||||
}
|
||||
|
@ -56,17 +56,22 @@ func (s *AlpineLinuxHTTP) Run(definition shared.Definition, rootfsDir string) er
|
||||
return err
|
||||
}
|
||||
|
||||
if url.Scheme != "https" && len(definition.Source.Keys) == 0 {
|
||||
if !definition.Source.SkipVerification && url.Scheme != "https" &&
|
||||
len(definition.Source.Keys) == 0 {
|
||||
return errors.New("GPG keys are required if downloading from HTTP")
|
||||
}
|
||||
|
||||
err = shared.DownloadSha256(tarball, tarball+".sha256")
|
||||
if definition.Source.SkipVerification {
|
||||
err = shared.DownloadSha256(tarball, "")
|
||||
} else {
|
||||
err = shared.DownloadSha256(tarball, tarball+".sha256")
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Force gpg checks when using http
|
||||
if url.Scheme != "https" {
|
||||
if !definition.Source.SkipVerification && url.Scheme != "https" {
|
||||
shared.DownloadSha256(tarball+".asc", "")
|
||||
valid, err := shared.VerifyFile(
|
||||
filepath.Join(os.TempDir(), fname),
|
||||
|
@ -33,7 +33,8 @@ func (s *ArchLinuxHTTP) Run(definition shared.Definition, rootfsDir string) erro
|
||||
return err
|
||||
}
|
||||
|
||||
if url.Scheme != "https" && len(definition.Source.Keys) == 0 {
|
||||
if !definition.Source.SkipVerification && url.Scheme != "https" &&
|
||||
len(definition.Source.Keys) == 0 {
|
||||
return errors.New("GPG keys are required if downloading from HTTP")
|
||||
}
|
||||
|
||||
@ -43,7 +44,7 @@ func (s *ArchLinuxHTTP) Run(definition shared.Definition, rootfsDir string) erro
|
||||
}
|
||||
|
||||
// Force gpg checks when using http
|
||||
if url.Scheme != "https" {
|
||||
if !definition.Source.SkipVerification && url.Scheme != "https" {
|
||||
shared.DownloadSha256(tarball+".sig", "")
|
||||
|
||||
valid, err := shared.VerifyFile(
|
||||
|
@ -45,21 +45,23 @@ func (s *CentOSHTTP) Run(definition shared.Definition, rootfsDir string) error {
|
||||
}
|
||||
|
||||
checksumFile := ""
|
||||
// Force gpg checks when using http
|
||||
if url.Scheme != "https" {
|
||||
if len(definition.Source.Keys) == 0 {
|
||||
return errors.New("GPG keys are required if downloading from HTTP")
|
||||
}
|
||||
if !definition.Source.SkipVerification {
|
||||
// Force gpg checks when using http
|
||||
if url.Scheme != "https" {
|
||||
if len(definition.Source.Keys) == 0 {
|
||||
return errors.New("GPG keys are required if downloading from HTTP")
|
||||
}
|
||||
|
||||
checksumFile = "sha256sum.txt.asc"
|
||||
shared.DownloadSha256(baseURL+checksumFile, "")
|
||||
valid, err := shared.VerifyFile(filepath.Join(os.TempDir(), checksumFile), "",
|
||||
definition.Source.Keys, definition.Source.Keyserver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !valid {
|
||||
return errors.New("Failed to verify tarball")
|
||||
checksumFile = "sha256sum.txt"
|
||||
shared.DownloadSha256(baseURL+checksumFile, "")
|
||||
valid, err := shared.VerifyFile(filepath.Join(os.TempDir(), checksumFile), "",
|
||||
definition.Source.Keys, definition.Source.Keyserver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !valid {
|
||||
return errors.New("Failed to verify tarball")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -33,6 +33,10 @@ func (s *Debootstrap) Run(definition shared.Definition, rootfsDir string) error
|
||||
args = append(args, "--arch", definition.Image.ArchitectureMapped)
|
||||
}
|
||||
|
||||
if definition.Source.SkipVerification {
|
||||
args = append(args, "--no-check-gpg")
|
||||
}
|
||||
|
||||
if len(definition.Source.Keys) > 0 {
|
||||
keyring, err := shared.CreateGPGKeyring(definition.Source.Keyserver, definition.Source.Keys)
|
||||
if err != nil {
|
||||
|
@ -44,17 +44,22 @@ func (s *GentooHTTP) Run(definition shared.Definition, rootfsDir string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if url.Scheme != "https" && len(definition.Source.Keys) == 0 {
|
||||
if !definition.Source.SkipVerification && url.Scheme != "https" &&
|
||||
len(definition.Source.Keys) == 0 {
|
||||
return errors.New("GPG keys are required if downloading from HTTP")
|
||||
}
|
||||
|
||||
err = shared.DownloadSha512(tarball, tarball+".DIGESTS")
|
||||
if definition.Source.SkipVerification {
|
||||
err = shared.DownloadSha512(tarball, "")
|
||||
} else {
|
||||
err = shared.DownloadSha512(tarball, tarball+".DIGESTS")
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Force gpg checks when using http
|
||||
if url.Scheme != "https" {
|
||||
if !definition.Source.SkipVerification && url.Scheme != "https" {
|
||||
shared.DownloadSha512(tarball+".DIGESTS.asc", "")
|
||||
valid, err := shared.VerifyFile(
|
||||
filepath.Join(os.TempDir(), fname+".DIGESTS.asc"),
|
||||
|
@ -51,7 +51,7 @@ func (s *UbuntuHTTP) Run(definition shared.Definition, rootfsDir string) error {
|
||||
|
||||
checksumFile := ""
|
||||
// Force gpg checks when using http
|
||||
if url.Scheme != "https" {
|
||||
if !definition.Source.SkipVerification && url.Scheme != "https" {
|
||||
if len(definition.Source.Keys) == 0 {
|
||||
return errors.New("GPG keys are required if downloading from HTTP")
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user