shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-03-19 22:50:35 +03:00
Code Issues Projects Releases Wiki Activity

pull: get rid of detached metadata for deltas

Browse Source 
Once the summary file will be signed, we can validate the superblock
from there.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2015-04-28 18:47:21 +02:00
parent 8c3d4eb7b2
commit 94360d3d1c
4 changed files with 5 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/ostree-static-delta.xml
View File

@ -95,22 +95,6 @@ Boston, MA 02111-1307, USA.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--gpg-sign</option>=KEYID</term>
<listitem><para>
GPG Key ID to sign the delta with.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--gpg-homedir</option>=HOMEDIR</term>
<listitem><para>
GPG Homedir to use when looking for keyrings.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--max-usize</option>=SIZE</term>

48
src/libostree/ostree-repo-pull.c
View File

@ -1302,44 +1302,6 @@ load_remote_repo_config (OtPullData *pull_data,
return ret;
}
static gboolean
fetch_metadata_to_verify_delta_superblock (OtPullData *pull_data,
const char *from_revision,
const char *checksum,
GBytes *superblock_data,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
g_autofree char *meta_path = _ostree_get_relative_static_delta_detachedmeta_path (from_revision, checksum);
g_autoptr(GBytes) detached_meta_data = NULL;
SoupURI *target_uri = NULL;
g_autoptr(GVariant) metadata = NULL;
target_uri = suburi_new (pull_data->base_uri, meta_path, NULL);
if (!fetch_uri_contents_membuf_sync (pull_data, target_uri, FALSE, FALSE,
&detached_meta_data,
pull_data->cancellable, error))
{
g_prefix_error (error, "GPG verification enabled, but failed to fetch metadata: ");
goto out;
}
metadata = g_variant_new_from_bytes (G_VARIANT_TYPE ("a{sv}"),
detached_meta_data,
FALSE);
if (!_ostree_repo_gpg_verify_with_metadata (pull_data->repo, superblock_data,
metadata, NULL, NULL,
cancellable, error))
goto out;
ret = TRUE;
out:
return ret;
}
static gboolean
request_static_delta_superblock_sync (OtPullData *pull_data,
const char *from_revision,
@ -1366,16 +1328,6 @@ request_static_delta_superblock_sync (OtPullData *pull_data,
if (delta_superblock_data)
{
if (pull_data->gpg_verify)
{
if (!fetch_metadata_to_verify_delta_superblock (pull_data,
from_revision,
to_revision,
delta_superblock_data,
pull_data->cancellable, error))
goto out;
}
{
gs_free gchar *delta = NULL;
gs_free guchar *ret_csum = NULL;

63
src/libostree/ostree-repo.c
View File

@ -3329,6 +3329,7 @@ out:
* @cancellable: A #GCancellable
* @error: a #GError
*
* This function is deprecated, sign the summary file instead.
* Add a GPG signature to a static delta.
*/
gboolean
@ -3339,66 +3340,12 @@ ostree_repo_sign_delta (OstreeRepo *self,
const gchar *homedir,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
g_autoptr(GBytes) delta_data = NULL;
g_autoptr(GBytes) signature_data = NULL;
g_autoptr(GVariant) commit_variant = NULL;
g_autofree char *delta_path = NULL;
g_autoptr(GFile) delta_file = NULL;
g_autofree char *detached_metadata_relpath = NULL;
g_autoptr(GFile) detached_metadata_path = NULL;
g_autoptr(GVariant) existing_detached_metadata = NULL;
g_autoptr(GVariant) normalized = NULL;
g_autoptr(GVariant) new_metadata = NULL;
GError *temp_error = NULL;
detached_metadata_relpath =
_ostree_get_relative_static_delta_detachedmeta_path (from_commit, to_commit);
detached_metadata_path = g_file_resolve_relative_path (self->repodir, detached_metadata_relpath);
delta_path = _ostree_get_relative_static_delta_superblock_path (from_commit, to_commit);
delta_file = g_file_resolve_relative_path (self->repodir, delta_path);
delta_data = gs_file_map_readonly (delta_file, cancellable, error);
if (!delta_data)
goto out;
if (!ot_util_variant_map (detached_metadata_path, G_VARIANT_TYPE ("a{sv}"),
TRUE, &existing_detached_metadata, &temp_error))
{
if (g_error_matches (temp_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
{
g_clear_error (&temp_error);
}
else
{
g_propagate_error (error, temp_error);
goto out;
}
}
if (!sign_data (self, delta_data, key_id, homedir,
&signature_data,
cancellable, error))
goto out;
new_metadata = _ostree_detached_metadata_append_gpg_sig (existing_detached_metadata, signature_data);
normalized = g_variant_get_normal_form (new_metadata);
if (!g_file_replace_contents (detached_metadata_path,
g_variant_get_data (normalized),
g_variant_get_size (normalized),
NULL, FALSE, 0, NULL,
cancellable, error))
goto out;
ret = TRUE;
out:
return ret;
{ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"ostree_repo_sign_delta is deprecated");
return FALSE;
}
OstreeGpgVerifyResult *
OstreeGpgVerifyResult *
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GBytes *signed_data,
GVariant *metadata,

21
src/ostree/ot-builtin-static-delta.c
View File

@ -28,8 +28,6 @@
static char *opt_from_rev;
static char *opt_to_rev;
static char **opt_key_ids;
static char *opt_gpg_homedir;
static char *opt_min_fallback_size;
static char *opt_max_chunk_size;
static gboolean opt_empty;
@ -56,8 +54,6 @@ static GOptionEntry generate_options[] = {
{ "empty", 0, 0, G_OPTION_ARG_NONE, &opt_empty, "Create delta from scratch", NULL },
{ "to", 0, 0, G_OPTION_ARG_STRING, &opt_to_rev, "Create delta to revision REV", "REV" },
{ "disable-bsdiff", 0, 0, G_OPTION_ARG_NONE, &opt_disable_bsdiff, "Disable use of bsdiff", NULL },
{ "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_key_ids, "GPG Key ID to sign the delta with", "key-id"},
{ "gpg-homedir", 0, 0, G_OPTION_ARG_STRING, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "homedir"},
{ "min-fallback-size", 0, 0, G_OPTION_ARG_STRING, &opt_min_fallback_size, "Minimum uncompressed size in megabytes for individual HTTP request", NULL},
{ "max-chunk-size", 0, 0, G_OPTION_ARG_STRING, &opt_max_chunk_size, "Maximum size of delta chunks in megabytes", NULL},
{ NULL }
@ -212,23 +208,6 @@ ot_static_delta_builtin_generate (int argc, char **argv, GCancellable *cancellab
cancellable, error))
goto out;
if (opt_key_ids)
{
char **iter;
for (iter = opt_key_ids; iter && *iter; iter++)
{
const char *keyid = *iter;
if (!ostree_repo_sign_delta (repo,
from_resolved, to_resolved,
keyid,
opt_gpg_homedir,
cancellable,
error))
goto out;
}
}
}
ret = TRUE;