Commit Graph

17 Commits

Author SHA1 Message Date
Joseph Marrero
581a58067b Update FSF license notices to use URL instead of address 2021-12-07 08:34:25 -05:00
Marcus Folkesson
6bf4b3e1d8 Add SPDX-License-Identifier to source files
SPDX License List is a list of (common) open source
licenses that can be referred to by a “short identifier”.
It has several advantages compared to the common "license header texts"
usually found in source files.

Some of the advantages:
* It is precise; there is no ambiguity due to variations in license header
  text
* It is language neutral
* It is easy to machine process
* It is concise
* It is simple and can be used without much cost in interpreted
  environments like java Script, etc.
* An SPDX license identifier is immutable.
* It provides simple guidance for developers who want to make sure the
  license for their code is respected

See http://spdx.org for further reading.

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>

Closes: #1439
Approved by: cgwalters
2018-01-30 20:03:42 +00:00
Colin Walters
73d910e82e Add public API for fsck, use it before loading metadata
A while ago I did `truncate -s 0 /path/to/repo/00/123.commit`, and expected a
checksum error, but I actually got a validation error due to us loading the
commit into a variant and trying to parse out the parent checksum, etc.

I first started by changing the `load_and_fsck_one_object()` function to
checksum before loading, but the problem is that we do a traverse of all objects
first. Fixing this is going to require an `OSTREE_REPO_COMMIT_TRAVER_FLAG_FSCK`
or something.

In the meantime at least though, let's add a public API to fsck a single object
which *does* checksum cleanly before parsing the object, and change the `fsck`
command to use it.

We then change the fsck binary to do this while iterating over the refs
and finding the commit object.  This way we'll at least get a checksum
first for commit objects, even if not dirtree/dirmeta.

Closes: #1364
Approved by: jlebon
2017-12-12 14:03:09 +00:00
Colin Walters
e744f2ad6f lib: Use a common helper function to compare checksums
So we get a consistent error message; came up in a PR review.

Closes: #1277
Approved by: jlebon
2017-10-17 05:06:07 +00:00
Colin Walters
9c4106f166 bin/local-pull: Clarify docs, add more tests for corrupted local pulls
I was reading the pull-local command docs and realized it was somewhat unclear
that `--untrusted` *only* applied to local repo pulls; in other words that we
always treat non-local pulls as untrusted.

Tweak the docstring, and add tests that verify this explicitly.

Closes: #1130
Approved by: jlebon
2017-09-07 15:30:11 +00:00
Colin Walters
88b25dc65c tree-wide: Replace archive-z2 with archive
In almost all places. There are just a few exceptions; one tricky bit for
example is that the repo config must still have `mode=archive-z2`, since
`archive` used to mean something else. (We could very likely just get rid of
that check, but eh, later).

I also added a test that one can still do `ostree repo init --mode=archive-z2`.

Closes: #1125
Approved by: jlebon
2017-09-01 20:54:12 +00:00
Colin Walters
455cc5e892 repo+tests: Add [core]disable-xattrs=true, use it on overlayfs
There are a lot of things suboptimal about this approach, but
on the other hand we need to get our CI back up and running.

The basic approach is to - in the test suite, detect if we're on overlayfs. If
so, set a flag in the repo, which gets picked up by a few strategic places in
the core to turn on "ignore xattrs".

I also had to add a variant of this for the sysroot work.

The core problem here is while overlayfs will let us read and
see the SELinux labels, it won't let us write them.

Down the line, we should improve this so that we can selectively ignore e.g.
`security.*` attributes but not `user.*` say.

Closes: https://github.com/ostreedev/ostree/issues/758

Closes: #759
Approved by: jlebon
2017-03-24 22:16:43 +00:00
Colin Walters
12db46e5af tests: More TAP fixups
Hopefully getting closer now.
2016-03-03 18:00:54 -05:00
Colin Walters
0174224a2d tests: Convert two more exit 77 instances into TAP-compatible SKIP
Followup to https://github.com/GNOME/ostree/pull/194
2016-03-03 14:19:10 -05:00
Colin Walters
5ebe43859d tests: Use "bash strict mode"
I noticed in the static deltas tests, there were some tests that
should have been under `-o pipefail` to ensure we properly propagate
errors.

There were a few places where we were referencing undefined variables.

Overall, this is clearly a good idea IMO.
2016-01-27 11:44:10 -05:00
Giuseppe Scrivano
75cdbb8e82 tests: skip tests using gjs/parallel if they are not installed
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes #131
2015-08-05 10:58:00 -04:00
Colin Walters
47610b45c2 Limit metadata to 10 MiB
If fetching GPG-signed commits over plain HTTP, a MitM attacker can
fill up the drive of targets by simply returning an enormous stream
for the commit object.

Related to this, an attacker can also cause OSTree to perform large
memory allocations by returning enormous GVariants in the metadata.

This helps close that attack by limiting all metadata objects to 10
MiB, so the initial fetch will be truncated.

But now the attack is only slightly more difficult as the attacker
will have to return a correctly formed commit object, then return a
large stream of < 10 MiB dirmeta/dirtree objects.

https://bugzilla.gnome.org/show_bug.cgi?id=725921
2014-05-27 14:15:27 -04:00
Colin Walters
3802a0679b tests/pull-corruption: Ensure we corrupt an object to be pulled
This test had some nondeterminism because we chose a random
object to corrupt, but because there were multiple commits, it
was possible that we chose an object that was not being pulled.

Fix this by writing some custom GJS code to find an explicitly random
object that exists in a given ref, an change a random byte offset.
This adds a lot more randomness to the testing too.
2014-01-19 13:19:10 -05:00
Colin Walters
0a9f246016 tests: Small tweaks to pull corruption test
This one is failing here, I suspect it's the generic pull race
condition, but these fixes should make it slightly more reliable.
2014-01-19 11:48:27 -05:00
Jeremy Whiting
7f9eefb62d pull: Verify commits with gpg signatures from detached metadata
This uses gpgv for verification against DATADIR/ostree/pubring.gpg by
default.  The keyring can be overridden by specifying OSTREE_GPG_HOME.

Add a unit test for commit signing with gpg key and verifying on pull;
to implement this we ship a test GPG key generated with no password
for Ostree Tester <test@test.com>.

Change all of the existing tests to disable GPG verification.
2013-09-29 14:49:47 -04:00
Jeremy Whiting
902848cd71 test: Improve pull corruption test
To verify pull with a second repo works.
2013-08-27 20:35:45 -04:00
Colin Walters
420763e90d tests: Add a test of corruption during a pull process
These corruption tests could be a lot better...like randomly try
single bit flips, range flips.  Better, content-aware fuzzing.  But
this is useful for now.
2013-07-09 11:28:49 -04:00