From mboxrd@z Thu Jan 1 00:00:00 1970 From: john at keeping.me.uk (John Keeping) Date: Wed, 27 Jun 2018 21:14:19 +0100 Subject: [PATCH v3 1/1] snapshot: support tar signature for compressed tar In-Reply-To: References: <20180607213645.4c5938ff@leda> <20180607193844.18784-1-list@eworm.de> Message-ID: <20180627201419.GS6584@john.keeping.me.uk> On Wed, Jun 27, 2018 at 06:34:56PM +0200, Jason A. Donenfeld wrote: > I've merged all the surrounding changes, but I'm not quite satisfied > with the implementation of this one. > > > + for (f_tar = cgit_snapshot_formats; strcmp(f_tar->suffix, ".tar") != 0; f_tar++) > > + /* nothing */ ; > > + > > + } else if (starts_with(f->suffix, ".tar") && cgit_snapshot_get_sig(ref, f_tar)) { > > + strbuf_setlen(&filename, strlen(filename.buf) - strlen(f->suffix)); > > + strbuf_addstr(&filename, ".tar.asc"); > > + html(" ("); > > + cgit_snapshot_link("sig", NULL, NULL, NULL, NULL, > > + filename.buf); > > + html(")"); > > Can we, instead, _not_ special case .tar, but rather just allow for > all signatures, if the note .asc exists? We don't want to serve > arbitrary tarballs and archives, because this means load and bandwidth > for the server that wasn't explicitly opted in by the admin, but all > signatures are necessarily explicitly uploaded, so why restrict them > from being downloaded? I'm not quite sure what you're asking here, this is just printing the signature link after the snapshow download link. The idea here is that if you are downloading a .tar.gz then the signature for the base .tar is better (it's easier to consistently generate a .tar than it is a .tar.gz), so the admin will choose to provide .tar.asc instead of .tar.gz.asc. I would quite like to avoid special-casing .tar in the code like this and instead allow a fallback option (or even bitmask) in the formats table as a more generic implementation, but I don't think that's your complaint here (I also don't think we'll ever add it for other formats, so hardcoding .tar isn't too bad). John