Commit Graph

11 Commits

Author SHA1 Message Date
Colin Walters
41b97e9c12 fsck: Only print "marking commit partial" once
Let's only print if the commit isn't already partial; this
addresses a spam of "marking commit partial" from fsck.

Closes: #1548
Approved by: cgwalters
2018-04-23 17:23:40 +00:00
Alexander Larsson
474556b955 fsck: Mark commits with missing or deleted object partial
This means we can later use various operations to heal the repository
because ostree does not assume all objects are there.

This the begining of a fix for https://github.com/ostreedev/ostree/pull/345

Closes: #1533
Approved by: cgwalters
2018-04-14 15:36:21 +00:00
Marcus Folkesson
6bf4b3e1d8 Add SPDX-License-Identifier to source files
SPDX License List is a list of (common) open source
licenses that can be referred to by a “short identifier”.
It has several advantages compared to the common "license header texts"
usually found in source files.

Some of the advantages:
* It is precise; there is no ambiguity due to variations in license header
  text
* It is language neutral
* It is easy to machine process
* It is concise
* It is simple and can be used without much cost in interpreted
  environments like java Script, etc.
* An SPDX license identifier is immutable.
* It provides simple guidance for developers who want to make sure the
  license for their code is respected

See http://spdx.org for further reading.

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>

Closes: #1439
Approved by: cgwalters
2018-01-30 20:03:42 +00:00
Colin Walters
f3ae36ff43 lib/checkout: Validate pathnames during checkout
While we do protect against path traversal during pull, let's also validate
during checkout; it's a cheap operation and provides good last-mile protection.

Closes: #1412
Approved by: jlebon
2018-01-12 19:38:34 +00:00
Colin Walters
2b78df25f4 tests: Add a test case for path traversal in a dirtree
I was reading about a recent security issue with both EMC and VMWare:
https://arstechnica.com/information-technology/2018/01/emc-vmware-security-bugs-throw-gasoline-on-cloud-security-fire/

It's a classic path traversal problem, and that made me think more about our
handling of this in libostree.  Fortunately of course, not being new to
this rodeo, long ago I *did* consider path traversal.  Inside the pull
code, we call `ot_util_filename_validate()`.  Also, `fsck` does this too.

I have further followups here, but let's add some test cases for this. I crafted
a repository with a `../` in a dirtree object by patching libostree to inject
it, and that's included as a tarball.

This patch covers the two cases where we do already have checks; pulling
via HTTP, and in `fsck`.

Closes: #1412
Approved by: jlebon
2018-01-12 19:38:34 +00:00
Colin Walters
d102cd7db0 tests: Change test-corruption to use fatal()
It's clearer.

Closes: #1364
Approved by: jlebon
2017-12-12 14:03:09 +00:00
Colin Walters
73d910e82e Add public API for fsck, use it before loading metadata
A while ago I did `truncate -s 0 /path/to/repo/00/123.commit`, and expected a
checksum error, but I actually got a validation error due to us loading the
commit into a variant and trying to parse out the parent checksum, etc.

I first started by changing the `load_and_fsck_one_object()` function to
checksum before loading, but the problem is that we do a traverse of all objects
first. Fixing this is going to require an `OSTREE_REPO_COMMIT_TRAVER_FLAG_FSCK`
or something.

In the meantime at least though, let's add a public API to fsck a single object
which *does* checksum cleanly before parsing the object, and change the `fsck`
command to use it.

We then change the fsck binary to do this while iterating over the refs
and finding the commit object.  This way we'll at least get a checksum
first for commit objects, even if not dirtree/dirmeta.

Closes: #1364
Approved by: jlebon
2017-12-12 14:03:09 +00:00
Colin Walters
86963334bd fsck: Check for refs missing corresponding commit
Just doing this one quickly since it was easy.

Closes: https://github.com/ostreedev/ostree/issues/831

Closes: #841
Approved by: jlebon
2017-05-09 14:05:46 +00:00
Colin Walters
5ebe43859d tests: Use "bash strict mode"
I noticed in the static deltas tests, there were some tests that
should have been under `-o pipefail` to ensure we properly propagate
errors.

There were a few places where we were referencing undefined variables.

Overall, this is clearly a good idea IMO.
2016-01-27 11:44:10 -05:00
Colin Walters
f0c5a5f334 main: Add --delete option to fsck
This is useful for clearing out all corrupted objects locally.
2013-07-18 12:09:44 -04:00
Colin Walters
43d69ac8a3 tests: Drop numeric prefix
Theoretically it's useful to have layers of tests, but in practice
it's just annoying to assign numbers.
2013-07-09 10:41:07 -04:00