From 75b17937cf69fbb215d3b18b6e6afba4dd9df82a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 3 Aug 2021 16:33:28 -0400 Subject: [PATCH 1/3] lib/sign-dummy: Handle incorrect signatures correctly We need to check all signatures for one which passes, not just fail on the first one. Reported-by: Seth Arnold --- src/libostree/ostree-sign-dummy.c | 7 ++++--- tests/test-delta-sign.sh | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/libostree/ostree-sign-dummy.c b/src/libostree/ostree-sign-dummy.c index 56f10d6e..55f28f11 100644 --- a/src/libostree/ostree-sign-dummy.c +++ b/src/libostree/ostree-sign-dummy.c @@ -171,7 +171,8 @@ gboolean ostree_sign_dummy_data_verify (OstreeSign *self, if (!g_variant_is_of_type (signatures, (GVariantType *) OSTREE_SIGN_METADATA_DUMMY_TYPE)) return glnx_throw (error, "signature: dummy: wrong type passed for verification"); - for (gsize i = 0; i < g_variant_n_children(signatures); i++) + gsize n = g_variant_n_children(signatures); + for (gsize i = 0; i < n; i++) { g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i); g_autoptr (GBytes) signature = g_variant_get_data_as_bytes(child); @@ -188,9 +189,9 @@ gboolean ostree_sign_dummy_data_verify (OstreeSign *self, *out_success_message = g_strdup ("dummy: Signature verified"); return TRUE; } - else - return glnx_throw (error, "signature: dummy: incorrect signature %" G_GSIZE_FORMAT, i); } + if (n) + return glnx_throw (error, "signature: dummy: incorrect signatures found: %" G_GSIZE_FORMAT, n); return glnx_throw (error, "signature: dummy: no signatures"); } diff --git a/tests/test-delta-sign.sh b/tests/test-delta-sign.sh index 86f12f96..ed471db9 100755 --- a/tests/test-delta-sign.sh +++ b/tests/test-delta-sign.sh @@ -169,6 +169,6 @@ ostree_repo_init repo2 --mode=bare-user ${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev} ${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null ${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --sign-type=dummy repo/deltas/${deltaprefix}/${deltadir} badsign 2> apply-offline-bad-key.txt && exit 1 -assert_file_has_content apply-offline-bad-key.txt "signature: dummy: incorrect signature" +assert_file_has_content apply-offline-bad-key.txt "signature: dummy: incorrect signatures found: 1" echo 'ok apply offline failed with dummy and bad key' From 738831c50b8a10383bf945283755120f4d68292d Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 3 Aug 2021 16:34:11 -0400 Subject: [PATCH 2/3] lib/sysroot: Fix error message about creating `/var/lib` Reported-by: Seth Arnold --- src/libostree/ostree-sysroot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libostree/ostree-sysroot.c b/src/libostree/ostree-sysroot.c index 2fcd4323..be5306b7 100644 --- a/src/libostree/ostree-sysroot.c +++ b/src/libostree/ostree-sysroot.c @@ -1790,7 +1790,7 @@ ostree_sysroot_init_osname (OstreeSysroot *self, return glnx_throw_errno_prefix (error, "fchmod %s", "var/tmp"); if (mkdirat (dfd, "var/lib", 0777) < 0) - return glnx_throw_errno_prefix (error, "Creating %s", "var/tmp"); + return glnx_throw_errno_prefix (error, "Creating %s", "var/lib"); /* This needs to be available and properly labeled early during the boot * process (before tmpfiles.d kicks in), so that journald can flush logs from From 0f95e4e5eeff2da8b89157a24a550f0a9e3fc382 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 3 Aug 2021 16:34:32 -0400 Subject: [PATCH 3/3] ostree/dump: Fix free'ing a static string Reported-by: Seth Arnold --- src/ostree/ot-dump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ostree/ot-dump.c b/src/ostree/ot-dump.c index a8ed54a2..ac1a2b34 100644 --- a/src/ostree/ot-dump.c +++ b/src/ostree/ot-dump.c @@ -136,8 +136,8 @@ dump_commit (GVariant *variant, g_print ("Parent: %s\n", parent); } - g_autofree char *contents = ostree_commit_get_content_checksum (variant) ?: ""; - g_print ("ContentChecksum: %s\n", contents); + g_autofree char *contents = ostree_commit_get_content_checksum (variant); + g_print ("ContentChecksum: %s\n", contents ?: ""); g_print ("Date: %s\n", str); if ((version = ot_admin_checksum_version (variant)))