chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
950a170
)
import: make image verification optional
author
Lennart Poettering
<lennart@poettering.net>
Tue, 20 Jan 2015 15:36:40 +0000
(16:36 +0100)
committer
Lennart Poettering
<lennart@poettering.net>
Tue, 20 Jan 2015 19:40:44 +0000
(20:40 +0100)
src/import/import-raw.c
patch
|
blob
|
history
src/import/import-raw.h
patch
|
blob
|
history
src/import/import-util.c
patch
|
blob
|
history
src/import/import-util.h
patch
|
blob
|
history
src/import/import.c
patch
|
blob
|
history
diff --git
a/src/import/import-raw.c
b/src/import/import-raw.c
index 8ca10919afa27d2882f80b26f2ff8e29680030d6..6fb088278a7454caa2e5e112eb5976b26d5ea266 100644
(file)
--- a/
src/import/import-raw.c
+++ b/
src/import/import-raw.c
@@
-56,6
+56,8
@@
struct RawImport {
char *temp_path;
char *final_path;
char *temp_path;
char *final_path;
+
+ ImportVerify verify;
};
RawImport* raw_import_unref(RawImport *i) {
};
RawImport* raw_import_unref(RawImport *i) {
@@
-251,6
+253,7
@@
static int raw_import_verify_sha256sum(RawImport *i) {
int r;
assert(i);
int r;
assert(i);
+ assert(i->verify != IMPORT_VERIFY_NO);
assert(i->raw_job);
assert(i->raw_job->sha256);
assert(i->raw_job);
assert(i->raw_job->sha256);
@@
-291,10
+294,12
@@
static int raw_import_finalize(RawImport *i) {
assert(i);
if (!IMPORT_JOB_STATE_IS_COMPLETE(i->raw_job) ||
assert(i);
if (!IMPORT_JOB_STATE_IS_COMPLETE(i->raw_job) ||
-
!IMPORT_JOB_STATE_IS_COMPLETE(i->sha256sums_job
))
+
(i->verify != IMPORT_VERIFY_NO && !IMPORT_JOB_STATE_IS_COMPLETE(i->sha256sums_job)
))
return 0;
return 0;
- if (!i->raw_job->etag_exists) {
+ if (i->verify != IMPORT_VERIFY_NO &&
+ i->raw_job->etag_exists) {
+
assert(i->temp_path);
assert(i->final_path);
assert(i->raw_job->disk_fd >= 0);
assert(i->temp_path);
assert(i->final_path);
assert(i->raw_job->disk_fd >= 0);
@@
-379,7
+384,10
@@
static void raw_import_sha256sums_job_on_finished(ImportJob *j) {
assert(j->userdata);
i = j->userdata;
assert(j->userdata);
i = j->userdata;
+ assert(i->verify != IMPORT_VERIFY_NO);
+
if (j->error != 0) {
if (j->error != 0) {
+ log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify.");
r = j->error;
goto finish;
}
r = j->error;
goto finish;
}
@@
-425,11
+433,13
@@
static int raw_import_raw_job_on_open_disk(ImportJob *j) {
return 0;
}
return 0;
}
-int raw_import_pull(RawImport *i, const char *url, const char *local, bool force_local) {
+int raw_import_pull(RawImport *i, const char *url, const char *local, bool force_local
, ImportVerify verify
) {
_cleanup_free_ char *sha256sums_url = NULL;
int r;
assert(i);
_cleanup_free_ char *sha256sums_url = NULL;
int r;
assert(i);
+ assert(verify < _IMPORT_VERIFY_MAX);
+ assert(verify >= 0);
if (i->raw_job)
return -EBUSY;
if (i->raw_job)
return -EBUSY;
@@
-444,6
+454,7
@@
int raw_import_pull(RawImport *i, const char *url, const char *local, bool force
if (r < 0)
return r;
i->force_local = force_local;
if (r < 0)
return r;
i->force_local = force_local;
+ i->verify = verify;
/* Queue job for the image itself */
r = import_job_new(&i->raw_job, url, i->glue, i);
/* Queue job for the image itself */
r = import_job_new(&i->raw_job, url, i->glue, i);
@@
-458,23
+469,25
@@
int raw_import_pull(RawImport *i, const char *url, const char *local, bool force
if (r < 0)
return r;
if (r < 0)
return r;
- /* Queue job for the SHA256SUMS file for the image */
- r = import_url_change_last_component(url, "SHA256SUMS", &sha256sums_url);
- if (r < 0)
- return r;
+ if (verify != IMPORT_VERIFY_NO) {
+ /* Queue job for the SHA256SUMS file for the image */
+ r = import_url_change_last_component(url, "SHA256SUMS", &sha256sums_url);
+ if (r < 0)
+ return r;
- r = import_job_new(&i->sha256sums_job, sha256sums_url, i->glue, i);
- if (r < 0)
- return r;
+
r = import_job_new(&i->sha256sums_job, sha256sums_url, i->glue, i);
+
if (r < 0)
+
return r;
- i->sha256sums_job->on_finished = raw_import_sha256sums_job_on_finished;
- i->sha256sums_job->uncompressed_max = i->sha256sums_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
+
i->sha256sums_job->on_finished = raw_import_sha256sums_job_on_finished;
+
i->sha256sums_job->uncompressed_max = i->sha256sums_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
- r = import_job_begin(i->raw_job);
- if (r < 0)
- return r;
+ r = import_job_begin(i->sha256sums_job);
+ if (r < 0)
+ return r;
+ }
- r = import_job_begin(i->
sha256sums
_job);
+ r = import_job_begin(i->
raw
_job);
if (r < 0)
return r;
if (r < 0)
return r;
diff --git
a/src/import/import-raw.h
b/src/import/import-raw.h
index 9e23142fee665a609b1122e7531736eccf566514..ae2c29991ff69401ecec6d3fe699eaee49bc39ff 100644
(file)
--- a/
src/import/import-raw.h
+++ b/
src/import/import-raw.h
@@
-23,6
+23,7
@@
#include "sd-event.h"
#include "macro.h"
#include "sd-event.h"
#include "macro.h"
+#include "import-util.h"
typedef struct RawImport RawImport;
typedef struct RawImport RawImport;
@@
-33,4
+34,4
@@
RawImport* raw_import_unref(RawImport *import);
DEFINE_TRIVIAL_CLEANUP_FUNC(RawImport*, raw_import_unref);
DEFINE_TRIVIAL_CLEANUP_FUNC(RawImport*, raw_import_unref);
-int raw_import_pull(RawImport *import, const char *url, const char *local, bool force_local);
+int raw_import_pull(RawImport *import, const char *url, const char *local, bool force_local
, ImportVerify verify
);
diff --git
a/src/import/import-util.c
b/src/import/import-util.c
index 1212025d437ef5b39daf2f964a5ba2ff4e7bda89..79c60b376dfd91609b05eb7ddb45ed70a60c92cb 100644
(file)
--- a/
src/import/import-util.c
+++ b/
src/import/import-util.c
@@
-270,3
+270,11
@@
int import_url_change_last_component(const char *url, const char *suffix, char *
*ret = s;
return 0;
}
*ret = s;
return 0;
}
+
+static const char* const import_verify_table[_IMPORT_VERIFY_MAX] = {
+ [IMPORT_VERIFY_NO] = "no",
+ [IMPORT_VERIFY_SUM] = "sum",
+ [IMPORT_VERIFY_SIGNATURE] = "signature",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(import_verify, ImportVerify);
diff --git
a/src/import/import-util.h
b/src/import/import-util.h
index a8a5ca5699369687a14427bb4e28ec82ec24771d..811f3fa6d2764ae3a5ed570519d2e85b888c110c 100644
(file)
--- a/
src/import/import-util.h
+++ b/
src/import/import-util.h
@@
-23,6
+23,14
@@
#include <stdbool.h>
#include <stdbool.h>
+typedef enum ImportVerify {
+ IMPORT_VERIFY_NO,
+ IMPORT_VERIFY_SUM,
+ IMPORT_VERIFY_SIGNATURE,
+ _IMPORT_VERIFY_MAX,
+ _IMPORT_VERIFY_INVALID = -1,
+} ImportVerify;
+
bool http_etag_is_valid(const char *etag);
int import_make_local_copy(const char *final, const char *root, const char *local, bool force_local);
bool http_etag_is_valid(const char *etag);
int import_make_local_copy(const char *final, const char *root, const char *local, bool force_local);
@@
-36,3
+44,6
@@
int import_make_path(const char *url, const char *etag, const char *image_root,
int import_url_last_component(const char *url, char **ret);
int import_url_change_last_component(const char *url, const char *suffix, char **ret);
int import_url_last_component(const char *url, char **ret);
int import_url_change_last_component(const char *url, const char *suffix, char **ret);
+
+const char* import_verify_to_string(ImportVerify v) _const_;
+ImportVerify import_verify_from_string(const char *s) _pure_;
diff --git
a/src/import/import.c
b/src/import/import.c
index 3362f4a9efa2d547a4076bf613cb4643d07b3c02..f44d47df9d23eeadff1b5f9f2e7538b4005b92f9 100644
(file)
--- a/
src/import/import.c
+++ b/
src/import/import.c
@@
-33,7
+33,7
@@
static bool arg_force = false;
static const char *arg_image_root = "/var/lib/machines";
static bool arg_force = false;
static const char *arg_image_root = "/var/lib/machines";
-
+static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
static const char* arg_dkr_index_url = DEFAULT_DKR_INDEX_URL;
static void on_tar_finished(TarImport *import, int error, void *userdata) {
static const char* arg_dkr_index_url = DEFAULT_DKR_INDEX_URL;
static void on_tar_finished(TarImport *import, int error, void *userdata) {
@@
-263,7
+263,7
@@
static int pull_raw(int argc, char *argv[], void *userdata) {
if (r < 0)
return log_error_errno(r, "Failed to allocate importer: %m");
if (r < 0)
return log_error_errno(r, "Failed to allocate importer: %m");
- r = raw_import_pull(import, url, local, arg_force);
+ r = raw_import_pull(import, url, local, arg_force
, arg_verify
);
if (r < 0)
return log_error_errno(r, "Failed to pull image: %m");
if (r < 0)
return log_error_errno(r, "Failed to pull image: %m");
@@
-299,6
+299,11
@@
static int pull_dkr(int argc, char *argv[], void *userdata) {
return -EINVAL;
}
return -EINVAL;
}
+ if (arg_verify != IMPORT_VERIFY_NO) {
+ log_error("Imports from dkr do not support image verification, please pass --verify=no.");
+ return -EINVAL;
+ }
+
tag = strchr(argv[1], ':');
if (tag) {
name = strndupa(argv[1], tag - argv[1]);
tag = strchr(argv[1], ':');
if (tag) {
name = strndupa(argv[1], tag - argv[1]);
@@
-384,6
+389,8
@@
static int help(int argc, char *argv[], void *userdata) {
" -h --help Show this help\n"
" --version Show package version\n"
" --force Force creation of image\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --force Force creation of image\n"
+ " --verify= Verify downloaded image, one of: 'no', 'sum'\n"
+ " 'signature'.\n"
" --image-root= Image root directory\n"
" --dkr-index-url=URL Specify index URL to use for downloads\n\n"
"Commands:\n"
" --image-root= Image root directory\n"
" --dkr-index-url=URL Specify index URL to use for downloads\n\n"
"Commands:\n"
@@
-402,6
+409,7
@@
static int parse_argv(int argc, char *argv[]) {
ARG_FORCE,
ARG_DKR_INDEX_URL,
ARG_IMAGE_ROOT,
ARG_FORCE,
ARG_DKR_INDEX_URL,
ARG_IMAGE_ROOT,
+ ARG_VERIFY,
};
static const struct option options[] = {
};
static const struct option options[] = {
@@
-410,6
+418,7
@@
static int parse_argv(int argc, char *argv[]) {
{ "force", no_argument, NULL, ARG_FORCE },
{ "dkr-index-url", required_argument, NULL, ARG_DKR_INDEX_URL },
{ "image-root", required_argument, NULL, ARG_IMAGE_ROOT },
{ "force", no_argument, NULL, ARG_FORCE },
{ "dkr-index-url", required_argument, NULL, ARG_DKR_INDEX_URL },
{ "image-root", required_argument, NULL, ARG_IMAGE_ROOT },
+ { "verify", required_argument, NULL, ARG_VERIFY },
{}
};
{}
};
@@
-447,6
+456,15
@@
static int parse_argv(int argc, char *argv[]) {
arg_image_root = optarg;
break;
arg_image_root = optarg;
break;
+ case ARG_VERIFY:
+ arg_verify = import_verify_from_string(optarg);
+ if (arg_verify < 0) {
+ log_error("Invalid verification setting '%s'", optarg);
+ return -EINVAL;
+ }
+
+ break;
+
case '?':
return -EINVAL;
case '?':
return -EINVAL;