Merge pull request #2079 from cgwalters/pull-split-sign-verify

lib: Move gpg/signapi bits into ostree-repo-pull-verify.c
ostreedev · Apr 18, 2020 · 391ad0e · 391ad0e
2 parents 7d51cee + 1b8fed2
commit 391ad0e
Show file tree

Hide file tree

Showing 4 changed files with 451 additions and 389 deletions.
diff --git a/Makefile-libostree.am b/Makefile-libostree.am
@@ -95,6 +95,7 @@ libostree_1_la_SOURCES = \
 	src/libostree/ostree-repo-commit.c \
 	src/libostree/ostree-repo-pull.c \
 	src/libostree/ostree-repo-pull-private.h \
+	src/libostree/ostree-repo-pull-verify.c \
 	src/libostree/ostree-repo-libarchive.c \
 	src/libostree/ostree-repo-prune.c \
 	src/libostree/ostree-repo-refs.c \

diff --git a/src/libostree/ostree-repo-pull-private.h b/src/libostree/ostree-repo-pull-private.h
@@ -21,9 +21,148 @@
 
 #pragma once
 
-#include "ostree-core.h"
+#include "ostree-repo-private.h"
+#include "ostree-fetcher-util.h"
+#include "ostree-remote-private.h"
 
 G_BEGIN_DECLS
 
+typedef enum {
+  OSTREE_FETCHER_SECURITY_STATE_CA_PINNED,
+  OSTREE_FETCHER_SECURITY_STATE_TLS,
+  OSTREE_FETCHER_SECURITY_STATE_INSECURE,
+} OstreeFetcherSecurityState;
+
+typedef struct {
+  OstreeRepo   *repo;
+  int           tmpdir_dfd;
+  OstreeRepoPullFlags flags;
+  char          *remote_name;
+  char          *remote_refspec_name;
+  OstreeRepoMode remote_mode;
+  OstreeFetcher *fetcher;
+  OstreeFetcherSecurityState fetcher_security_state;
+
+  GPtrArray     *meta_mirrorlist;    /* List of base URIs for fetching metadata */
+  GPtrArray     *content_mirrorlist; /* List of base URIs for fetching content */
+  OstreeRepo   *remote_repo_local;
+  GPtrArray    *localcache_repos; /* Array<OstreeRepo> */
+
+  GMainContext    *main_context;
+  GCancellable *cancellable;
+  OstreeAsyncProgress *progress;
+
+  GVariant         *extra_headers;
+  char             *append_user_agent;
+
+  gboolean      dry_run;
+  gboolean      dry_run_emitted_progress;
+  gboolean      legacy_transaction_resuming;
+  guint         n_network_retries;
+  enum {
+    OSTREE_PULL_PHASE_FETCHING_REFS,
+    OSTREE_PULL_PHASE_FETCHING_OBJECTS
+  }             phase;
+  gint          n_scanned_metadata;
+
+  gboolean          gpg_verify;
+  gboolean          gpg_verify_summary;
+  gboolean          sign_verify;
+  gboolean          sign_verify_summary;
+  gboolean          require_static_deltas;
+  gboolean          disable_static_deltas;
+  gboolean          has_tombstone_commits;
+
+  GBytes           *summary_data;
+  GBytes           *summary_data_sig;
+  GVariant         *summary;
+  GHashTable       *summary_deltas_checksums;
+  GHashTable       *ref_original_commits; /* Maps checksum to commit, used by timestamp checks */
+  GHashTable       *verified_commits; /* Set<checksum> of commits that have been verified */
+  GHashTable       *ref_keyring_map; /* Maps OstreeCollectionRef to keyring remote name */
+  GPtrArray        *static_delta_superblocks;
+  GHashTable       *expected_commit_sizes; /* Maps commit checksum to known size */
+  GHashTable       *commit_to_depth; /* Maps commit checksum maximum depth */
+  GHashTable       *scanned_metadata; /* Maps object name to itself */
+  GHashTable       *fetched_detached_metadata; /* Map<checksum,GVariant> */
+  GHashTable       *requested_metadata; /* Maps object name to itself */
+  GHashTable       *requested_content; /* Maps checksum to itself */
+  GHashTable       *requested_fallback_content; /* Maps checksum to itself */
+  GHashTable       *pending_fetch_metadata; /* Map<ObjectName,FetchObjectData> */
+  GHashTable       *pending_fetch_content; /* Map<checksum,FetchObjectData> */
+  GHashTable       *pending_fetch_delta_superblocks; /* Set<FetchDeltaSuperData> */
+  GHashTable       *pending_fetch_deltaparts; /* Set<FetchStaticDeltaData> */
+  guint             n_outstanding_metadata_fetches;
+  guint             n_outstanding_metadata_write_requests;
+  guint             n_outstanding_content_fetches;
+  guint             n_outstanding_content_write_requests;
+  guint             n_outstanding_deltapart_fetches;
+  guint             n_outstanding_deltapart_write_requests;
+  guint             n_total_deltaparts;
+  guint             n_total_delta_fallbacks;
+  guint64           fetched_deltapart_size; /* How much of the delta we have now */
+  guint64           total_deltapart_size;
+  guint64           total_deltapart_usize;
+  gint              n_requested_metadata;
+  gint              n_requested_content;
+  guint             n_fetched_deltaparts;
+  guint             n_fetched_deltapart_fallbacks;
+  guint             n_fetched_metadata;
+  guint             n_fetched_content;
+  /* Objects imported via hardlink/reflink/copying or  --localcache-repo*/
+  guint             n_imported_metadata;
+  guint             n_imported_content;
+
+  gboolean          timestamp_check; /* Verify commit timestamps */
+  int               maxdepth;
+  guint64           max_metadata_size;
+  guint64           start_time;
+
+  gboolean          is_mirror;
+  gboolean          trusted_http_direct;
+  gboolean          is_commit_only;
+  OstreeRepoImportFlags importflags;
+
+  GPtrArray        *dirs;
+
+  gboolean      have_previous_bytes;
+  guint64       previous_bytes_sec;
+  guint64       previous_total_downloaded;
+
+  GError       *cached_async_error;
+  GError      **async_error;
+  gboolean      caught_error;
+
+  GQueue scan_object_queue;
+  GSource *idle_src;
+} OtPullData;
+
+gboolean
+_sign_verify_for_remote (OstreeRepo *repo,
+                          const gchar *remote_name,
+                          GBytes *signed_data,
+                          GVariant *metadata,
+                          GError **error);
+
+gboolean
+_signapi_load_public_keys (OstreeSign *sign,
+                           OstreeRepo *repo,
+                           const gchar *remote_name,
+                           GError **error);
+
+gboolean
+_verify_unwritten_commit (OtPullData                 *pull_data,
+                          const char                 *checksum,
+                          GVariant                   *commit,
+                          GVariant                   *detached_metadata,
+                          const OstreeCollectionRef  *ref,
+                          GCancellable               *cancellable,
+                          GError                    **error);
+
+gboolean
+_process_gpg_verify_result (OtPullData            *pull_data,
+                            const char            *checksum,
+                            OstreeGpgVerifyResult *result,
+                            GError               **error);
 
 G_END_DECLS