697be0be15
In order to verify a pulled container or disk image, importd only supports SHA256SUMS files with the detached signature in SHA256SUMS.gpg. SUSE is using an inline signed file with the name of the image itself and the suffix .sha256 instead. This commit adds support for this type of signature files. It is first attempted to pull the .sha256 file. If this fails with error 404, the SHA256SUMS and SHA256SUMS.gpg files are pulled and used for verification.
115 lines
3.1 KiB
C
115 lines
3.1 KiB
C
#pragma once
|
|
|
|
/***
|
|
This file is part of systemd.
|
|
|
|
Copyright 2015 Lennart Poettering
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
***/
|
|
|
|
#include <gcrypt.h>
|
|
|
|
#include "curl-util.h"
|
|
#include "import-compress.h"
|
|
#include "macro.h"
|
|
|
|
typedef struct PullJob PullJob;
|
|
|
|
typedef void (*PullJobFinished)(PullJob *job);
|
|
typedef int (*PullJobOpenDisk)(PullJob *job);
|
|
typedef int (*PullJobHeader)(PullJob *job, const char *header, size_t sz);
|
|
typedef void (*PullJobProgress)(PullJob *job);
|
|
|
|
typedef enum PullJobState {
|
|
PULL_JOB_INIT,
|
|
PULL_JOB_ANALYZING, /* Still reading into ->payload, to figure out what we have */
|
|
PULL_JOB_RUNNING, /* Writing to destination */
|
|
PULL_JOB_DONE,
|
|
PULL_JOB_FAILED,
|
|
_PULL_JOB_STATE_MAX,
|
|
_PULL_JOB_STATE_INVALID = -1,
|
|
} PullJobState;
|
|
|
|
typedef enum VerificationStyle {
|
|
VERIFICATION_STYLE_UNSET,
|
|
VERIFICATION_PER_FILE, /* SuSE-style ".sha256" files with inline signature */
|
|
VERIFICATION_PER_DIRECTORY, /* Ubuntu-style SHA256SUM files with detach SHA256SUM.gpg signatures */
|
|
} VerificationStyle;
|
|
|
|
#define PULL_JOB_IS_COMPLETE(j) (IN_SET((j)->state, PULL_JOB_DONE, PULL_JOB_FAILED))
|
|
|
|
struct PullJob {
|
|
PullJobState state;
|
|
int error;
|
|
|
|
char *url;
|
|
|
|
void *userdata;
|
|
PullJobFinished on_finished;
|
|
PullJobOpenDisk on_open_disk;
|
|
PullJobHeader on_header;
|
|
PullJobProgress on_progress;
|
|
|
|
CurlGlue *glue;
|
|
CURL *curl;
|
|
struct curl_slist *request_header;
|
|
|
|
char *etag;
|
|
char **old_etags;
|
|
bool etag_exists;
|
|
|
|
uint64_t content_length;
|
|
uint64_t written_compressed;
|
|
uint64_t written_uncompressed;
|
|
|
|
uint64_t uncompressed_max;
|
|
uint64_t compressed_max;
|
|
|
|
uint8_t *payload;
|
|
size_t payload_size;
|
|
size_t payload_allocated;
|
|
|
|
int disk_fd;
|
|
|
|
usec_t mtime;
|
|
|
|
ImportCompress compress;
|
|
|
|
unsigned progress_percent;
|
|
usec_t start_usec;
|
|
usec_t last_status_usec;
|
|
|
|
bool allow_sparse;
|
|
|
|
bool calc_checksum;
|
|
gcry_md_hd_t checksum_context;
|
|
|
|
char *checksum;
|
|
|
|
bool grow_machine_directory;
|
|
uint64_t written_since_last_grow;
|
|
|
|
VerificationStyle style;
|
|
};
|
|
|
|
int pull_job_new(PullJob **job, const char *url, CurlGlue *glue, void *userdata);
|
|
PullJob* pull_job_unref(PullJob *job);
|
|
|
|
int pull_job_begin(PullJob *j);
|
|
|
|
void pull_job_curl_on_finished(CurlGlue *g, CURL *curl, CURLcode result);
|
|
|
|
DEFINE_TRIVIAL_CLEANUP_FUNC(PullJob*, pull_job_unref);
|