#include <sys/xattr.h>
#include <linux/fs.h>
#include <curl/curl.h>
-#include <gcrypt.h>
#include "utf8.h"
#include "strv.h"
#include "util.h"
#include "macro.h"
#include "mkdir.h"
+#include "import-util.h"
#include "curl-util.h"
#include "qcow2-util.h"
#include "import-job.h"
-#include "import-util.h"
+#include "import-common.h"
#include "import-raw.h"
typedef struct RawImportFile RawImportFile;
char *image_root;
ImportJob *raw_job;
- ImportJob *sha256sums_job;
+ ImportJob *checksum_job;
+ ImportJob *signature_job;
RawImportFinished on_finished;
void *userdata;
return NULL;
import_job_unref(i->raw_job);
+ import_job_unref(i->checksum_job);
+ import_job_unref(i->signature_job);
curl_glue_unref(i->glue);
sd_event_unref(i->event);
return NULL;
}
-int raw_import_new(RawImport **ret, sd_event *event, const char *image_root, RawImportFinished on_finished, void *userdata) {
+int raw_import_new(
+ RawImport **ret,
+ sd_event *event,
+ const char *image_root,
+ RawImportFinished on_finished,
+ void *userdata) {
+
_cleanup_(raw_import_unrefp) RawImport *i = NULL;
int r;
return 0;
}
-static int raw_import_verify_sha256sum(RawImport *i) {
- _cleanup_free_ char *fn = NULL;
- const char *p, *line;
- int r;
-
+static bool raw_import_is_done(RawImport *i) {
assert(i);
- assert(i->verify != IMPORT_VERIFY_NO);
-
assert(i->raw_job);
- assert(i->raw_job->sha256);
- assert(i->sha256sums_job);
- assert(i->sha256sums_job->payload);
- assert(i->sha256sums_job->payload_size > 0);
-
- r = import_url_last_component(i->raw_job->url, &fn);
- if (r < 0)
- return log_oom();
-
- if (!filename_is_valid(fn)) {
- log_error("Cannot verify checksum, could not determine valid server-side file name.");
- return -EBADMSG;
- }
-
- line = strappenda(i->raw_job->sha256, " *", fn, "\n");
-
- p = memmem(i->sha256sums_job->payload,
- i->sha256sums_job->payload_size,
- line,
- strlen(line));
-
- if (!p || (p != (char*) i->sha256sums_job->payload && p[-1] != '\n')) {
- log_error("Checksum did not check out, payload has been tempered with.");
- return -EBADMSG;
- }
+ if (i->raw_job->state != IMPORT_JOB_DONE)
+ return false;
+ if (i->checksum_job && i->checksum_job->state != IMPORT_JOB_DONE)
+ return false;
+ if (i->signature_job && i->signature_job->state != IMPORT_JOB_DONE)
+ return false;
- log_info("SHA256 checksum of %s is valid.", i->raw_job->url);
-
- return 0;
+ return true;
}
-static int raw_import_finalize(RawImport *i) {
- int r;
-
- assert(i);
-
- if (!IMPORT_JOB_STATE_IS_COMPLETE(i->raw_job) ||
- (i->verify != IMPORT_VERIFY_NO && !IMPORT_JOB_STATE_IS_COMPLETE(i->sha256sums_job)))
- return 0;
-
- if (i->verify != IMPORT_VERIFY_NO &&
- i->raw_job->etag_exists) {
-
- assert(i->temp_path);
- assert(i->final_path);
- assert(i->raw_job->disk_fd >= 0);
-
- r = raw_import_verify_sha256sum(i);
- if (r < 0)
- return r;
-
- r = rename(i->temp_path, i->final_path);
- if (r < 0)
- return log_error_errno(errno, "Failed to move RAW file into place: %m");
-
- free(i->temp_path);
- i->temp_path = NULL;
- }
-
- r = raw_import_make_local_copy(i);
- if (r < 0)
- return r;
-
- i->raw_job->disk_fd = safe_close(i->raw_job->disk_fd);
-
- return 1;
-}
-
-static void raw_import_invoke_finished(RawImport *i, int r) {
- assert(i);
-
- if (i->on_finished)
- i->on_finished(i, r, i->userdata);
- else
- sd_event_exit(i->event, r);
-}
-
-static void raw_import_raw_job_on_finished(ImportJob *j) {
+static void raw_import_job_on_finished(ImportJob *j) {
RawImport *i;
int r;
i = j->userdata;
if (j->error != 0) {
+ if (j == i->checksum_job)
+ log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
+ else if (j == i->signature_job)
+ log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
+ else
+ log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
+
r = j->error;
goto finish;
}
/* This is invoked if either the download completed
* successfully, or the download was skipped because we
* already have the etag. In this case ->etag_exists is
- * true. */
+ * true.
+ *
+ * We only do something when we got all three files */
- if (!j->etag_exists) {
- assert(j->disk_fd >= 0);
+ if (!raw_import_is_done(i))
+ return;
- r = raw_import_maybe_convert_qcow2(i);
+ if (!i->raw_job->etag_exists) {
+ /* This is a new download, verify it, and move it into place */
+ assert(i->raw_job->disk_fd >= 0);
+
+ r = import_verify(i->raw_job, i->checksum_job, i->signature_job);
if (r < 0)
goto finish;
- r = import_make_read_only_fd(j->disk_fd);
+ r = raw_import_maybe_convert_qcow2(i);
if (r < 0)
goto finish;
- }
-
- r = raw_import_finalize(i);
- if (r < 0)
- goto finish;
- if (r == 0)
- return;
-
- r = 0;
-
-finish:
- raw_import_invoke_finished(i, r);
-}
-
-static void raw_import_sha256sums_job_on_finished(ImportJob *j) {
- RawImport *i;
- int r;
- assert(j);
- assert(j->userdata);
+ r = import_make_read_only_fd(i->raw_job->disk_fd);
+ if (r < 0)
+ goto finish;
- i = j->userdata;
- assert(i->verify != IMPORT_VERIFY_NO);
+ r = rename(i->temp_path, i->final_path);
+ if (r < 0) {
+ r = log_error_errno(errno, "Failed to move RAW file into place: %m");
+ goto finish;
+ }
- if (j->error != 0) {
- log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify.");
- r = j->error;
- goto finish;
+ free(i->temp_path);
+ i->temp_path = NULL;
}
- r = raw_import_finalize(i);
+ r = raw_import_make_local_copy(i);
if (r < 0)
goto finish;
- if (r == 0)
- return;
r = 0;
+
finish:
- raw_import_invoke_finished(i, r);
+ if (i->on_finished)
+ i->on_finished(i, r, i->userdata);
+ else
+ sd_event_exit(i->event, r);
}
-static int raw_import_raw_job_on_open_disk(ImportJob *j) {
+static int raw_import_job_on_open_disk(ImportJob *j) {
RawImport *i;
int r;
assert(j->userdata);
i = j->userdata;
+ assert(i->raw_job == j);
+ assert(!i->final_path);
+ assert(!i->temp_path);
r = import_make_path(j->url, j->etag, i->image_root, ".raw-", ".raw", &i->final_path);
if (r < 0)
}
int raw_import_pull(RawImport *i, const char *url, const char *local, bool force_local, ImportVerify verify) {
- _cleanup_free_ char *sha256sums_url = NULL;
int r;
assert(i);
assert(verify < _IMPORT_VERIFY_MAX);
assert(verify >= 0);
- if (i->raw_job)
- return -EBUSY;
-
if (!http_url_is_valid(url))
return -EINVAL;
if (local && !machine_name_is_valid(local))
return -EINVAL;
+ if (i->raw_job)
+ return -EBUSY;
+
r = free_and_strdup(&i->local, local);
if (r < 0)
return r;
if (r < 0)
return r;
- i->raw_job->on_finished = raw_import_raw_job_on_finished;
- i->raw_job->on_open_disk = raw_import_raw_job_on_open_disk;
- i->raw_job->calc_hash = true;
+ i->raw_job->on_finished = raw_import_job_on_finished;
+ i->raw_job->on_open_disk = raw_import_job_on_open_disk;
+ i->raw_job->calc_checksum = verify != IMPORT_VERIFY_NO;
r = import_find_old_etags(url, i->image_root, DT_REG, ".raw-", ".raw", &i->raw_job->old_etags);
if (r < 0)
return r;
- if (verify != IMPORT_VERIFY_NO) {
- /* Queue job for the SHA256SUMS file for the image */
- r = import_url_change_last_component(url, "SHA256SUMS", &sha256sums_url);
- if (r < 0)
- return r;
+ r = import_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, raw_import_job_on_finished, i);
+ if (r < 0)
+ return r;
+
+ r = import_job_begin(i->raw_job);
+ if (r < 0)
+ return r;
- r = import_job_new(&i->sha256sums_job, sha256sums_url, i->glue, i);
+ if (i->checksum_job) {
+ r = import_job_begin(i->checksum_job);
if (r < 0)
return r;
+ }
- i->sha256sums_job->on_finished = raw_import_sha256sums_job_on_finished;
- i->sha256sums_job->uncompressed_max = i->sha256sums_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
-
- r = import_job_begin(i->sha256sums_job);
+ if (i->signature_job) {
+ r = import_job_begin(i->signature_job);
if (r < 0)
return r;
}
- r = import_job_begin(i->raw_job);
- if (r < 0)
- return r;
-
return 0;
}