From 94360d3d1cfc4969d086ae1e84e885fd9b299883 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 28 Apr 2015 18:47:21 +0200 Subject: [PATCH] pull: get rid of detached metadata for deltas Once the summary file will be signed, we can validate the superblock from there. Signed-off-by: Giuseppe Scrivano --- doc/ostree-static-delta.xml | 16 ------- src/libostree/ostree-repo-pull.c | 48 --------------------- src/libostree/ostree-repo.c | 63 +++------------------------- src/ostree/ot-builtin-static-delta.c | 21 ---------- 4 files changed, 5 insertions(+), 143 deletions(-) diff --git a/doc/ostree-static-delta.xml b/doc/ostree-static-delta.xml index 13730899..d410a2d6 100644 --- a/doc/ostree-static-delta.xml +++ b/doc/ostree-static-delta.xml @@ -95,22 +95,6 @@ Boston, MA 02111-1307, USA. - - =KEYID - - - GPG Key ID to sign the delta with. - - - - - =HOMEDIR - - - GPG Homedir to use when looking for keyrings. - - - =SIZE diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c index bb48186d..2995cb2a 100644 --- a/src/libostree/ostree-repo-pull.c +++ b/src/libostree/ostree-repo-pull.c @@ -1302,44 +1302,6 @@ load_remote_repo_config (OtPullData *pull_data, return ret; } -static gboolean -fetch_metadata_to_verify_delta_superblock (OtPullData *pull_data, - const char *from_revision, - const char *checksum, - GBytes *superblock_data, - GCancellable *cancellable, - GError **error) -{ - gboolean ret = FALSE; - g_autofree char *meta_path = _ostree_get_relative_static_delta_detachedmeta_path (from_revision, checksum); - g_autoptr(GBytes) detached_meta_data = NULL; - SoupURI *target_uri = NULL; - g_autoptr(GVariant) metadata = NULL; - - target_uri = suburi_new (pull_data->base_uri, meta_path, NULL); - - if (!fetch_uri_contents_membuf_sync (pull_data, target_uri, FALSE, FALSE, - &detached_meta_data, - pull_data->cancellable, error)) - { - g_prefix_error (error, "GPG verification enabled, but failed to fetch metadata: "); - goto out; - } - - metadata = g_variant_new_from_bytes (G_VARIANT_TYPE ("a{sv}"), - detached_meta_data, - FALSE); - - if (!_ostree_repo_gpg_verify_with_metadata (pull_data->repo, superblock_data, - metadata, NULL, NULL, - cancellable, error)) - goto out; - - ret = TRUE; - out: - return ret; -} - static gboolean request_static_delta_superblock_sync (OtPullData *pull_data, const char *from_revision, @@ -1366,16 +1328,6 @@ request_static_delta_superblock_sync (OtPullData *pull_data, if (delta_superblock_data) { - if (pull_data->gpg_verify) - { - if (!fetch_metadata_to_verify_delta_superblock (pull_data, - from_revision, - to_revision, - delta_superblock_data, - pull_data->cancellable, error)) - goto out; - } - { gs_free gchar *delta = NULL; gs_free guchar *ret_csum = NULL; diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c index 3e0a3d8e..0346a3df 100644 --- a/src/libostree/ostree-repo.c +++ b/src/libostree/ostree-repo.c @@ -3329,6 +3329,7 @@ out: * @cancellable: A #GCancellable * @error: a #GError * + * This function is deprecated, sign the summary file instead. * Add a GPG signature to a static delta. */ gboolean @@ -3339,66 +3340,12 @@ ostree_repo_sign_delta (OstreeRepo *self, const gchar *homedir, GCancellable *cancellable, GError **error) -{ - gboolean ret = FALSE; - g_autoptr(GBytes) delta_data = NULL; - g_autoptr(GBytes) signature_data = NULL; - g_autoptr(GVariant) commit_variant = NULL; - g_autofree char *delta_path = NULL; - g_autoptr(GFile) delta_file = NULL; - g_autofree char *detached_metadata_relpath = NULL; - g_autoptr(GFile) detached_metadata_path = NULL; - g_autoptr(GVariant) existing_detached_metadata = NULL; - g_autoptr(GVariant) normalized = NULL; - g_autoptr(GVariant) new_metadata = NULL; - GError *temp_error = NULL; - - detached_metadata_relpath = - _ostree_get_relative_static_delta_detachedmeta_path (from_commit, to_commit); - detached_metadata_path = g_file_resolve_relative_path (self->repodir, detached_metadata_relpath); - - delta_path = _ostree_get_relative_static_delta_superblock_path (from_commit, to_commit); - delta_file = g_file_resolve_relative_path (self->repodir, delta_path); - delta_data = gs_file_map_readonly (delta_file, cancellable, error); - if (!delta_data) - goto out; - - if (!ot_util_variant_map (detached_metadata_path, G_VARIANT_TYPE ("a{sv}"), - TRUE, &existing_detached_metadata, &temp_error)) - { - if (g_error_matches (temp_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND)) - { - g_clear_error (&temp_error); - } - else - { - g_propagate_error (error, temp_error); - goto out; - } - } - - if (!sign_data (self, delta_data, key_id, homedir, - &signature_data, - cancellable, error)) - goto out; - - new_metadata = _ostree_detached_metadata_append_gpg_sig (existing_detached_metadata, signature_data); - - normalized = g_variant_get_normal_form (new_metadata); - - if (!g_file_replace_contents (detached_metadata_path, - g_variant_get_data (normalized), - g_variant_get_size (normalized), - NULL, FALSE, 0, NULL, - cancellable, error)) - goto out; - - ret = TRUE; - out: - return ret; +{ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, + "ostree_repo_sign_delta is deprecated"); + return FALSE; } -OstreeGpgVerifyResult * + OstreeGpgVerifyResult * _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self, GBytes *signed_data, GVariant *metadata, diff --git a/src/ostree/ot-builtin-static-delta.c b/src/ostree/ot-builtin-static-delta.c index a136a007..04aab0b5 100644 --- a/src/ostree/ot-builtin-static-delta.c +++ b/src/ostree/ot-builtin-static-delta.c @@ -28,8 +28,6 @@ static char *opt_from_rev; static char *opt_to_rev; -static char **opt_key_ids; -static char *opt_gpg_homedir; static char *opt_min_fallback_size; static char *opt_max_chunk_size; static gboolean opt_empty; @@ -56,8 +54,6 @@ static GOptionEntry generate_options[] = { { "empty", 0, 0, G_OPTION_ARG_NONE, &opt_empty, "Create delta from scratch", NULL }, { "to", 0, 0, G_OPTION_ARG_STRING, &opt_to_rev, "Create delta to revision REV", "REV" }, { "disable-bsdiff", 0, 0, G_OPTION_ARG_NONE, &opt_disable_bsdiff, "Disable use of bsdiff", NULL }, - { "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_key_ids, "GPG Key ID to sign the delta with", "key-id"}, - { "gpg-homedir", 0, 0, G_OPTION_ARG_STRING, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "homedir"}, { "min-fallback-size", 0, 0, G_OPTION_ARG_STRING, &opt_min_fallback_size, "Minimum uncompressed size in megabytes for individual HTTP request", NULL}, { "max-chunk-size", 0, 0, G_OPTION_ARG_STRING, &opt_max_chunk_size, "Maximum size of delta chunks in megabytes", NULL}, { NULL } @@ -212,23 +208,6 @@ ot_static_delta_builtin_generate (int argc, char **argv, GCancellable *cancellab cancellable, error)) goto out; - if (opt_key_ids) - { - char **iter; - - for (iter = opt_key_ids; iter && *iter; iter++) - { - const char *keyid = *iter; - - if (!ostree_repo_sign_delta (repo, - from_resolved, to_resolved, - keyid, - opt_gpg_homedir, - cancellable, - error)) - goto out; - } - } } ret = TRUE;