snapshot: support tar signature for compressed tar

This adds support for kernel.org style signatures where the uncompressed
tar archive is signed and compressed later. The signature is valid for
all tar* snapshots.

We have a filter which snapshots may be generated and downloaded. This has
to allow tar signatures now even if tar itself is not allowed. To simplify
things we allow all signatures.

Signed-off-by: Christian Hesse <mail@eworm.de>
This commit is contained in:
Christian Hesse 2018-06-07 21:31:28 +02:00 committed by Jason A. Donenfeld
vanhempi b522a302c9
commit 7ba41963dd
2 muutettua tiedostoa jossa 10 lisäystä ja 2 poistoa

Näytä tiedosto

@ -1114,7 +1114,7 @@ void cgit_compose_snapshot_prefix(struct strbuf *filename, const char *base,
void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref, void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref,
const char *separator) const char *separator)
{ {
const struct cgit_snapshot_format* f; const struct cgit_snapshot_format *f;
struct strbuf filename = STRBUF_INIT; struct strbuf filename = STRBUF_INIT;
const char *basename; const char *basename;
size_t prefixlen; size_t prefixlen;
@ -1139,6 +1139,13 @@ void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref,
cgit_snapshot_link("sig", NULL, NULL, NULL, NULL, cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
filename.buf); filename.buf);
html(")"); html(")");
} else if (starts_with(f->suffix, ".tar") && cgit_snapshot_get_sig(ref, &cgit_snapshot_formats[0])) {
strbuf_setlen(&filename, strlen(filename.buf) - strlen(f->suffix));
strbuf_addstr(&filename, ".tar.asc");
html(" (");
cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
filename.buf);
html(")");
} }
html(separator); html(separator);
} }

Näytä tiedosto

@ -86,6 +86,7 @@ static int write_tar_xz_archive(const char *hex, const char *prefix)
} }
const struct cgit_snapshot_format cgit_snapshot_formats[] = { const struct cgit_snapshot_format cgit_snapshot_formats[] = {
/* .tar must remain the 0 index */
{ ".tar", "application/x-tar", write_tar_archive }, { ".tar", "application/x-tar", write_tar_archive },
{ ".tar.gz", "application/x-gzip", write_tar_gzip_archive }, { ".tar.gz", "application/x-gzip", write_tar_gzip_archive },
{ ".tar.bz2", "application/x-bzip2", write_tar_bzip2_archive }, { ".tar.bz2", "application/x-bzip2", write_tar_bzip2_archive },
@ -268,7 +269,7 @@ void cgit_print_snapshot(const char *head, const char *hex,
} }
f = get_format(filename); f = get_format(filename);
if (!f || !(ctx.repo->snapshots & cgit_snapshot_format_bit(f))) { if (!f || (!sig_filename && !(ctx.repo->snapshots & cgit_snapshot_format_bit(f)))) {
cgit_print_error_page(400, "Bad request", cgit_print_error_page(400, "Bad request",
"Unsupported snapshot format: %s", filename); "Unsupported snapshot format: %s", filename);
return; return;