From mboxrd@z Thu Jan 1 00:00:00 1970 From: john at keeping.me.uk (John Keeping) Date: Thu, 7 Jun 2018 16:21:44 +0100 Subject: [PATCH v2 2/2] snapshot: support tar signature for compressed tar In-Reply-To: <20180607151452.24300-2-list@eworm.de> References: <20180607171302.5fedf42f@leda> <20180607151452.24300-1-list@eworm.de> <20180607151452.24300-2-list@eworm.de> Message-ID: <20180607152144.GF1922@john.keeping.me.uk> On Thu, Jun 07, 2018 at 05:14:52PM +0200, Christian Hesse wrote: > From: Christian Hesse > > This adds support for kernel.org style signatures where the uncompressed > tar archive is signed and compressed later. The signature is valid for > all tar* snapshots. > > We have a filter which snapshots may be generated and downloaded. This has > to allow tar signatures now even if tar itself is not allowed. To simplify > things we allow all signatures. > > Signed-off-by: Christian Hesse > --- > ui-shared.c | 8 ++++++++ > ui-snapshot.c | 4 ++-- > 2 files changed, 10 insertions(+), 2 deletions(-) > > diff --git a/ui-shared.c b/ui-shared.c > index 8a786e0..72c0a33 100644 > --- a/ui-shared.c > +++ b/ui-shared.c > @@ -1139,6 +1139,14 @@ void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref, > cgit_snapshot_link("sig", NULL, NULL, NULL, NULL, > filename.buf); > html(")"); > + } else if (f->base == CGIT_SNAPSHOT_TAR && cgit_snapshot_get_sig(ref, &cgit_snapshot_formats[0])) { I was thinking we could just to the lookup here, so walk the array to find the base signature type. That avoids the dependency on the order of the table. What I'd really like to do is avoid storing the "bit" field in the array and just calculate it from the index, something like: 1u << (fmt - &cgit_snapshot_formats[0]) but I haven't followed all of the consumers of the snapshots array to figure out if it's easy to convert them. > + int suf_len = strlen(f->suffix); > + strbuf_remove(&filename, strlen(filename.buf) - suf_len, suf_len); > + strbuf_addstr(&filename, ".tar.asc"); > + html(" ("); > + cgit_snapshot_link("sig", NULL, NULL, NULL, NULL, > + filename.buf); > + html(")"); > } > html(separator); > } > diff --git a/ui-snapshot.c b/ui-snapshot.c > index c9ec1f3..07a6447 100644 > --- a/ui-snapshot.c > +++ b/ui-snapshot.c > @@ -86,7 +86,7 @@ static int write_tar_xz_archive(const char *hex, const char *prefix) > } > > const struct cgit_snapshot_format cgit_snapshot_formats[] = { > - /* Keep tar the first! */ > + /* Keep tar the first! Signature download relies on this. */ > { ".tar", "application/x-tar", write_tar_archive, > CGIT_SNAPSHOT_NONE, CGIT_SNAPSHOT_TAR }, > { ".tar.gz", "application/x-gzip", write_tar_gzip_archive, > @@ -269,7 +269,7 @@ void cgit_print_snapshot(const char *head, const char *hex, > } > > f = get_format(filename); > - if (!f || !(ctx.repo->snapshots & f->bit)) { > + if (!f || (!sig_filename && !(ctx.repo->snapshots & f->bit))) { > cgit_print_error_page(400, "Bad request", > "Unsupported snapshot format: %s", filename); > return;