char *temp_path;
char *final_path;
+
+ ImportVerify verify;
};
RawImport* raw_import_unref(RawImport *i) {
int r;
assert(i);
+ assert(i->verify != IMPORT_VERIFY_NO);
assert(i->raw_job);
assert(i->raw_job->sha256);
assert(i);
if (!IMPORT_JOB_STATE_IS_COMPLETE(i->raw_job) ||
- !IMPORT_JOB_STATE_IS_COMPLETE(i->sha256sums_job))
+ (i->verify != IMPORT_VERIFY_NO && !IMPORT_JOB_STATE_IS_COMPLETE(i->sha256sums_job)))
return 0;
- if (!i->raw_job->etag_exists) {
+ if (i->verify != IMPORT_VERIFY_NO &&
+ i->raw_job->etag_exists) {
+
assert(i->temp_path);
assert(i->final_path);
assert(i->raw_job->disk_fd >= 0);
assert(j->userdata);
i = j->userdata;
+ assert(i->verify != IMPORT_VERIFY_NO);
+
if (j->error != 0) {
+ log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify.");
r = j->error;
goto finish;
}
return 0;
}
-int raw_import_pull(RawImport *i, const char *url, const char *local, bool force_local) {
+int raw_import_pull(RawImport *i, const char *url, const char *local, bool force_local, ImportVerify verify) {
_cleanup_free_ char *sha256sums_url = NULL;
int r;
assert(i);
+ assert(verify < _IMPORT_VERIFY_MAX);
+ assert(verify >= 0);
if (i->raw_job)
return -EBUSY;
if (r < 0)
return r;
i->force_local = force_local;
+ i->verify = verify;
/* Queue job for the image itself */
r = import_job_new(&i->raw_job, url, i->glue, i);
if (r < 0)
return r;
- /* Queue job for the SHA256SUMS file for the image */
- r = import_url_change_last_component(url, "SHA256SUMS", &sha256sums_url);
- if (r < 0)
- return r;
+ if (verify != IMPORT_VERIFY_NO) {
+ /* Queue job for the SHA256SUMS file for the image */
+ r = import_url_change_last_component(url, "SHA256SUMS", &sha256sums_url);
+ if (r < 0)
+ return r;
- r = import_job_new(&i->sha256sums_job, sha256sums_url, i->glue, i);
- if (r < 0)
- return r;
+ r = import_job_new(&i->sha256sums_job, sha256sums_url, i->glue, i);
+ if (r < 0)
+ return r;
- i->sha256sums_job->on_finished = raw_import_sha256sums_job_on_finished;
- i->sha256sums_job->uncompressed_max = i->sha256sums_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
+ i->sha256sums_job->on_finished = raw_import_sha256sums_job_on_finished;
+ i->sha256sums_job->uncompressed_max = i->sha256sums_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
- r = import_job_begin(i->raw_job);
- if (r < 0)
- return r;
+ r = import_job_begin(i->sha256sums_job);
+ if (r < 0)
+ return r;
+ }
- r = import_job_begin(i->sha256sums_job);
+ r = import_job_begin(i->raw_job);
if (r < 0)
return r;
#include "sd-event.h"
#include "macro.h"
+#include "import-util.h"
typedef struct RawImport RawImport;
DEFINE_TRIVIAL_CLEANUP_FUNC(RawImport*, raw_import_unref);
-int raw_import_pull(RawImport *import, const char *url, const char *local, bool force_local);
+int raw_import_pull(RawImport *import, const char *url, const char *local, bool force_local, ImportVerify verify);
*ret = s;
return 0;
}
+
+static const char* const import_verify_table[_IMPORT_VERIFY_MAX] = {
+ [IMPORT_VERIFY_NO] = "no",
+ [IMPORT_VERIFY_SUM] = "sum",
+ [IMPORT_VERIFY_SIGNATURE] = "signature",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(import_verify, ImportVerify);
#include <stdbool.h>
+typedef enum ImportVerify {
+ IMPORT_VERIFY_NO,
+ IMPORT_VERIFY_SUM,
+ IMPORT_VERIFY_SIGNATURE,
+ _IMPORT_VERIFY_MAX,
+ _IMPORT_VERIFY_INVALID = -1,
+} ImportVerify;
+
bool http_etag_is_valid(const char *etag);
int import_make_local_copy(const char *final, const char *root, const char *local, bool force_local);
int import_url_last_component(const char *url, char **ret);
int import_url_change_last_component(const char *url, const char *suffix, char **ret);
+
+const char* import_verify_to_string(ImportVerify v) _const_;
+ImportVerify import_verify_from_string(const char *s) _pure_;
static bool arg_force = false;
static const char *arg_image_root = "/var/lib/machines";
-
+static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
static const char* arg_dkr_index_url = DEFAULT_DKR_INDEX_URL;
static void on_tar_finished(TarImport *import, int error, void *userdata) {
if (r < 0)
return log_error_errno(r, "Failed to allocate importer: %m");
- r = raw_import_pull(import, url, local, arg_force);
+ r = raw_import_pull(import, url, local, arg_force, arg_verify);
if (r < 0)
return log_error_errno(r, "Failed to pull image: %m");
return -EINVAL;
}
+ if (arg_verify != IMPORT_VERIFY_NO) {
+ log_error("Imports from dkr do not support image verification, please pass --verify=no.");
+ return -EINVAL;
+ }
+
tag = strchr(argv[1], ':');
if (tag) {
name = strndupa(argv[1], tag - argv[1]);
" -h --help Show this help\n"
" --version Show package version\n"
" --force Force creation of image\n"
+ " --verify= Verify downloaded image, one of: 'no', 'sum'\n"
+ " 'signature'.\n"
" --image-root= Image root directory\n"
" --dkr-index-url=URL Specify index URL to use for downloads\n\n"
"Commands:\n"
ARG_FORCE,
ARG_DKR_INDEX_URL,
ARG_IMAGE_ROOT,
+ ARG_VERIFY,
};
static const struct option options[] = {
{ "force", no_argument, NULL, ARG_FORCE },
{ "dkr-index-url", required_argument, NULL, ARG_DKR_INDEX_URL },
{ "image-root", required_argument, NULL, ARG_IMAGE_ROOT },
+ { "verify", required_argument, NULL, ARG_VERIFY },
{}
};
arg_image_root = optarg;
break;
+ case ARG_VERIFY:
+ arg_verify = import_verify_from_string(optarg);
+ if (arg_verify < 0) {
+ log_error("Invalid verification setting '%s'", optarg);
+ return -EINVAL;
+ }
+
+ break;
+
case '?':
return -EINVAL;
~ianmdlvl / elogind.git / commitdiff