shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-28 02:50:16 +03:00
Code

import: properly verify roothash_signature + verity download, too

Browse Source 
Follow-up for 133b34f69a72dc90d4e336837d699245390c9f50 where this was
forgotten.

While we are at it, bring the parameters into the same order as we
declare them in the PullRaw/PullTar objects, i.e. match them to the
canonical order.
This commit is contained in:
Lennart Poettering 2021-01-29 16:24:14 +01:00
parent c9b6ebef8c
commit ff2f779758
4 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/import/pull-common.c
View File

@ -490,12 +490,15 @@ finish:
int pull_verify(ImportVerify verify,
PullJob *main_job,
PullJob *roothash_job,
PullJob *settings_job,
PullJob *checksum_job,
PullJob *signature_job) {
PullJob *signature_job,
PullJob *settings_job,
PullJob *roothash_job,
PullJob *roothash_signature_job,
PullJob *verity_job) {
VerificationStyle style;
PullJob *j;
int r;
assert(main_job);
@ -513,17 +516,11 @@ int pull_verify(ImportVerify verify,
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
"Checksum is empty, cannot verify.");
r = verify_one(checksum_job, main_job);
if (r < 0)
return r;
r = verify_one(checksum_job, roothash_job);
if (r < 0)
return r;
r = verify_one(checksum_job, settings_job);
if (r < 0)
return r;
FOREACH_POINTER(j, main_job, settings_job, roothash_job, roothash_signature_job, verity_job) {
r = verify_one(checksum_job, j);
if (r < 0)
return r;
}
if (verify == IMPORT_VERIFY_CHECKSUM)
return 0;

2
src/import/pull-common.h
View File

@ -27,7 +27,7 @@ int pull_make_path(const char *url, const char *etag, const char *image_root, co
int pull_make_auxiliary_job(PullJob **ret, const char *url, int (*strip_suffixes)(const char *name, char **ret), const char *suffix, CurlGlue *glue, PullJobFinished on_finished, void *userdata);
int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata);
int pull_verify(ImportVerify verify, PullJob *main_job, PullJob *roothash_job, PullJob *settings_job, PullJob *checksum_job, PullJob *signature_job);
int pull_verify(ImportVerify verify, PullJob *main_job, PullJob *checksum_job, PullJob *signature_job, PullJob *settings_job, PullJob *roothash_job, PullJob *roothash_signature_job, PullJob *verity_job);
typedef enum VerificationStyle {
VERIFICATION_PER_FILE, /* SuSE-style ".sha256" files with inline gpg signature */

9
src/import/pull-raw.c
View File

@ -542,7 +542,14 @@ static void raw_pull_job_on_finished(PullJob *j) {
raw_pull_report_progress(i, RAW_VERIFYING);
r = pull_verify(i->verify, i->raw_job, i->roothash_job, i->settings_job, i->checksum_job, i->signature_job);
r = pull_verify(i->verify,
i->raw_job,
i->checksum_job,
i->signature_job,
i->settings_job,
i->roothash_job,
i->roothash_signature_job,
i->verity_job);
if (r < 0)
goto finish;

9
src/import/pull-tar.c
View File

@ -336,7 +336,14 @@ static void tar_pull_job_on_finished(PullJob *j) {
tar_pull_report_progress(i, TAR_VERIFYING);
r = pull_verify(i->verify, i->tar_job, NULL, i->settings_job, i->checksum_job, i->signature_job);
r = pull_verify(i->verify,
i->tar_job,
i->checksum_job,
i->signature_job,
i->settings_job,
/* roothash_job = */ NULL,
/* roothash_signature_job = */ NULL,
/* verity_job = */ NULL);
if (r < 0)
goto finish;