]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/import/pull-common.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
zsh: remove _files prefixes
[thirdparty/systemd.git] / src / import / pull-common.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
56ebfaf1 2
9412e9e9 3#include "sd-id128.h"
98c38001 4
b5efdb8a 5#include "alloc-util.h"
a0956174 6#include "dirent-util.h"
4f5dd394 7#include "escape.h"
3ffd4af2 8#include "fd-util.h"
c004493c 9#include "io-util.h"
9412e9e9 10#include "log.h"
e8b08edc 11#include "memory-util.h"
9412e9e9 12#include "os-util.h"
bb15fafe 13#include "path-util.h"
0b452006 14#include "process-util.h"
3ffd4af2 15#include "pull-common.h"
4f5dd394
LP		 16#include "pull-job.h"
17#include "rm-rf.h"
9818005d 18#include "siphash24.h"
07630cea 19#include "string-util.h"
4f5dd394 20#include "strv.h"
bf37a69c 21#include "tmpfile-util.h"
49cf4170 22#include "web-util.h"
56ebfaf1
LP		 23
24#define FILENAME_ESCAPE "/.#\"\'"
9818005d 25#define HASH_URL_THRESHOLD_LENGTH (_POSIX_PATH_MAX - 16)
56ebfaf1 26
9854730b
LP		 27int pull_find_old_etags(
28 const char *url,
29 const char *image_root,
30 int dt,
31 const char *prefix,
32 const char *suffix,
33 char ***etags) {
34
56ebfaf1
LP		 35 int r;
36
37 assert(url);
7af5785d 38 assert(image_root);
56ebfaf1
LP		 39 assert(etags);
40
e437538f 41 _cleanup_free_ char *escaped_url = xescape(url, FILENAME_ESCAPE);
56ebfaf1
LP		 42 if (!escaped_url)
43 return -ENOMEM;
44
e437538f 45 _cleanup_closedir_ DIR *d = opendir(image_root);
56ebfaf1
LP		 46 if (!d) {
47 if (errno == ENOENT) {
48 *etags = NULL;
49 return 0;
50 }
51
52 return -errno;
53 }
54
e437538f 55 _cleanup_strv_free_ char **ans = NULL;
e437538f 56
56ebfaf1 57 FOREACH_DIRENT_ALL(de, d, return -errno) {
6abdec98 58 _cleanup_free_ char *u = NULL;
56ebfaf1 59 const char *a, *b;
56ebfaf1
LP		 60
61 if (de->d_type != DT_UNKNOWN &&
62 de->d_type != dt)
63 continue;
64
65 if (prefix) {
66 a = startswith(de->d_name, prefix);
67 if (!a)
68 continue;
69 } else
70 a = de->d_name;
71
72 a = startswith(a, escaped_url);
73 if (!a)
74 continue;
75
76 a = startswith(a, ".");
77 if (!a)
78 continue;
79
80 if (suffix) {
81 b = endswith(de->d_name, suffix);
82 if (!b)
83 continue;
84 } else
85 b = strchr(de->d_name, 0);
86
87 if (a >= b)
88 continue;
89
e437538f
ZJS		 90 ssize_t l = cunescape_length(a, b - a, 0, &u);
91 if (l < 0) {
92 assert(l >= INT8_MIN);
93 return l;
94 }
56ebfaf1 95
6abdec98 96 if (!http_etag_is_valid(u))
56ebfaf1 97 continue;
56ebfaf1 98
e437538f 99 r = strv_consume(&ans, TAKE_PTR(u));
56ebfaf1
LP		 100 if (r < 0)
101 return r;
102 }
103
e437538f 104 *etags = TAKE_PTR(ans);
56ebfaf1
LP		 105
106 return 0;
107}
108
9818005d
JS		 109static int hash_url(const char *url, char **ret) {
110 uint64_t h;
111 static const sd_id128_t k = SD_ID128_ARRAY(df,89,16,87,01,cc,42,30,98,ab,4a,19,a6,a5,63,4f);
112
113 assert(url);
114
933f9cae 115 h = siphash24(url, strlen(url), k.bytes);
9818005d
JS		 116 if (asprintf(ret, "%"PRIx64, h) < 0)
117 return -ENOMEM;
118
119 return 0;
120}
121
dc2c282b 122int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret) {
9818005d 123 _cleanup_free_ char *escaped_url = NULL, *escaped_etag = NULL;
56ebfaf1
LP		 124 char *path;
125
126 assert(url);
7af5785d 127 assert(image_root);
56ebfaf1
LP		 128 assert(ret);
129
56ebfaf1
LP		 130 escaped_url = xescape(url, FILENAME_ESCAPE);
131 if (!escaped_url)
132 return -ENOMEM;
133
134 if (etag) {
56ebfaf1
LP		 135 escaped_etag = xescape(etag, FILENAME_ESCAPE);
136 if (!escaped_etag)
137 return -ENOMEM;
9818005d 138 }
56ebfaf1 139
9818005d 140 path = strjoin(image_root, "/", strempty(prefix), escaped_url, escaped_etag ? "." : "",
4600a396 141 strempty(escaped_etag), strempty(suffix));
56ebfaf1
LP		 142 if (!path)
143 return -ENOMEM;
144
9818005d
JS		 145 /* URLs might make the path longer than the maximum allowed length for a file name.
146 * When that happens, a URL hash is used instead. Paths returned by this function
147 * can be later used with tempfn_random() which adds 16 bytes to the resulting name. */
148 if (strlen(path) >= HASH_URL_THRESHOLD_LENGTH) {
149 _cleanup_free_ char *hash = NULL;
150 int r;
151
152 free(path);
153
154 r = hash_url(url, &hash);
155 if (r < 0)
156 return r;
157
158 path = strjoin(image_root, "/", strempty(prefix), hash, escaped_etag ? "." : "",
4600a396 159 strempty(escaped_etag), strempty(suffix));
9818005d
JS		 160 if (!path)
161 return -ENOMEM;
162 }
163
56ebfaf1
LP		 164 *ret = path;
165 return 0;
166}
85dbc41d 167
91359193 168int pull_make_auxiliary_job(
9854730b
LP		 169 PullJob **ret,
170 const char *url,
91359193
LP		 171 int (*strip_suffixes)(const char *name, char **ret),
172 const char *suffix,
c40d82ab 173 ImportVerify verify,
9854730b 174 CurlGlue *glue,
c40d82ab 175 PullJobOpenDisk on_open_disk,
9854730b
LP		 176 PullJobFinished on_finished,
177 void *userdata) {
178
91359193 179 _cleanup_free_ char *last_component = NULL, *ll = NULL, *auxiliary_url = NULL;
9854730b
LP		 180 _cleanup_(pull_job_unrefp) PullJob *job = NULL;
181 const char *q;
182 int r;
183
184 assert(ret);
185 assert(url);
91359193 186 assert(strip_suffixes);
9854730b
LP		 187 assert(glue);
188
189 r = import_url_last_component(url, &last_component);
190 if (r < 0)
191 return r;
192
91359193 193 r = strip_suffixes(last_component, &ll);
9854730b
LP		 194 if (r < 0)
195 return r;
196
91359193 197 q = strjoina(ll, suffix);
9854730b 198
91359193 199 r = import_url_change_last_component(url, q, &auxiliary_url);
9854730b
LP		 200 if (r < 0)
201 return r;
202
91359193 203 r = pull_job_new(&job, auxiliary_url, glue, userdata);
9854730b
LP		 204 if (r < 0)
205 return r;
206
c40d82ab 207 job->on_open_disk = on_open_disk;
9854730b
LP		 208 job->on_finished = on_finished;
209 job->compressed_max = job->uncompressed_max = 1ULL * 1024ULL * 1024ULL;
c40d82ab 210 job->calc_checksum = IN_SET(verify, IMPORT_VERIFY_CHECKSUM, IMPORT_VERIFY_SIGNATURE);
9854730b 211
1cc6c93a 212 *ret = TAKE_PTR(job);
9854730b
LP		 213 return 0;
214}
215
c40d82ab
LP		 216static bool is_checksum_file(const char *fn) {
217 /* Returns true if the specified filename refers to a checksum file we grok */
218
219 if (!fn)
220 return false;
221
222 return streq(fn, "SHA256SUMS") || endswith(fn, ".sha256");
223}
224
ac9edf99
TK		 225static SignatureStyle signature_style_from_filename(const char *fn) {
226 /* Returns true if the specified filename refers to a signature file we grok */
c40d82ab
LP		 227
228 if (!fn)
ac9edf99
TK		 229 return _SIGNATURE_STYLE_INVALID;
230
231 if (streq(fn, "SHA256SUMS.gpg"))
232 return SIGNATURE_GPG_PER_DIRECTORY;
233
234 if (streq(fn, "SHA256SUMS.asc"))
235 return SIGNATURE_ASC_PER_DIRECTORY;
236
237 if (endswith(fn, ".sha256.gpg"))
238 return SIGNATURE_GPG_PER_FILE;
c40d82ab 239
ac9edf99
TK		 240 if (endswith(fn, ".sha256.asc"))
241 return SIGNATURE_ASC_PER_FILE;
242
243 return _SIGNATURE_STYLE_INVALID;
c40d82ab
LP		 244}
245
dc2c282b
LP		 246int pull_make_verification_jobs(
247 PullJob **ret_checksum_job,
248 PullJob **ret_signature_job,
98c38001 249 ImportVerify verify,
c40d82ab 250 const char *checksum, /* set if literal checksum verification is requested, in which case 'verify' is set to _IMPORT_VERIFY_INVALID */
98c38001
LP		 251 const char *url,
252 CurlGlue *glue,
dc2c282b 253 PullJobFinished on_finished,
98c38001
LP		 254 void *userdata) {
255
dc2c282b 256 _cleanup_(pull_job_unrefp) PullJob *checksum_job = NULL, *signature_job = NULL;
c40d82ab 257 _cleanup_free_ char *fn = NULL;
98c38001
LP		 258 int r;
259
260 assert(ret_checksum_job);
261 assert(ret_signature_job);
c40d82ab
LP		 262 assert(verify == _IMPORT_VERIFY_INVALID || verify < _IMPORT_VERIFY_MAX);
263 assert(verify == _IMPORT_VERIFY_INVALID || verify >= 0);
264 assert((verify < 0) || !checksum);
98c38001
LP		 265 assert(url);
266 assert(glue);
267
c40d82ab
LP		 268 /* If verification is turned off, or if the checksum to validate is already specified we don't need
269 * to download a checksum file or signature, hence shortcut things */
270 if (verify == IMPORT_VERIFY_NO || checksum) {
271 *ret_checksum_job = *ret_signature_job = NULL;
272 return 0;
273 }
274
275 r = import_url_last_component(url, &fn);
276 if (r < 0 && r != -EADDRNOTAVAIL) /* EADDRNOTAVAIL means there was no last component, which is OK for
277 * us, we'll just assume it's not a checksum/signature file */
278 return r;
279
280 /* Acquire the checksum file if verification or signature verification is requested and the main file
281 * to acquire isn't a checksum or signature file anyway */
ac9edf99 282 if (verify != IMPORT_VERIFY_NO && !is_checksum_file(fn) && signature_style_from_filename(fn) < 0) {
c40d82ab
LP		 283 _cleanup_free_ char *checksum_url = NULL;
284 const char *suffixed = NULL;
98c38001 285
697be0be 286 /* Queue jobs for the checksum file for the image. */
697be0be 287
c40d82ab
LP		 288 if (fn)
289 suffixed = strjoina(fn, ".sha256"); /* Start with the suse-style checksum (if there's a base filename) */
290 else
291 suffixed = "SHA256SUMS";
697be0be 292
c40d82ab 293 r = import_url_change_last_component(url, suffixed, &checksum_url);
98c38001
LP		 294 if (r < 0)
295 return r;
296
dc2c282b 297 r = pull_job_new(&checksum_job, checksum_url, glue, userdata);
98c38001
LP		 298 if (r < 0)
299 return r;
300
301 checksum_job->on_finished = on_finished;
302 checksum_job->uncompressed_max = checksum_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
c40d82ab 303 checksum_job->on_not_found = pull_job_restart_with_sha256sum; /* if this fails, look for ubuntu-style checksum */
98c38001
LP		 304 }
305
ac9edf99 306 if (verify == IMPORT_VERIFY_SIGNATURE && signature_style_from_filename(fn) < 0) {
98c38001 307 _cleanup_free_ char *signature_url = NULL;
ac9edf99
TK		 308 const char *suffixed = NULL;
309
310 if (fn)
311 suffixed = strjoina(fn, ".sha256.asc"); /* Start with the suse-style checksum (if there's a base filename) */
312 else
313 suffixed = "SHA256SUMS.gpg";
98c38001 314
ac9edf99
TK		 315 /* Queue job for the signature file for the image. */
316 r = import_url_change_last_component(url, suffixed, &signature_url);
98c38001
LP		 317 if (r < 0)
318 return r;
319
dc2c282b 320 r = pull_job_new(&signature_job, signature_url, glue, userdata);
98c38001
LP		 321 if (r < 0)
322 return r;
323
324 signature_job->on_finished = on_finished;
325 signature_job->uncompressed_max = signature_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
ac9edf99 326 signature_job->on_not_found = pull_job_restart_with_signature;
98c38001
LP		 327 }
328
c20307fd
LP		 329 *ret_checksum_job = TAKE_PTR(checksum_job);
330 *ret_signature_job = TAKE_PTR(signature_job);
98c38001
LP		 331 return 0;
332}
333
91359193 334static int verify_one(PullJob *checksum_job, PullJob *job) {
98c38001 335 _cleanup_free_ char *fn = NULL;
91359193 336 const char *line, *p;
98c38001
LP		 337 int r;
338
91359193 339 assert(checksum_job);
98c38001 340
91359193 341 if (!job)
98c38001
LP		 342 return 0;
343
91359193 344 assert(IN_SET(job->state, PULL_JOB_DONE, PULL_JOB_FAILED));
98c38001 345
91359193
LP		 346 /* Don't verify the checksum if we didn't actually successfully download something new */
347 if (job->state != PULL_JOB_DONE)
348 return 0;
349 if (job->error != 0)
350 return 0;
351 if (job->etag_exists)
352 return 0;
98c38001 353
91359193
LP		 354 assert(job->calc_checksum);
355 assert(job->checksum);
356
357 r = import_url_last_component(job->url, &fn);
98c38001 358 if (r < 0)
c40d82ab 359 return log_error_errno(r, "Failed to extract filename from URL '%s': %m", job->url);
98c38001 360
baaa35ad
ZJS		 361 if (!filename_is_valid(fn))
362 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
363 "Cannot verify checksum, could not determine server-side file name.");
98c38001 364
ac9edf99 365 if (is_checksum_file(fn) || signature_style_from_filename(fn) >= 0) /* We cannot verify checksum files or signature files with a checksum file */
c40d82ab
LP		 366 return log_error_errno(SYNTHETIC_ERRNO(ELOOP),
367 "Cannot verify checksum/signature files via themselves.");
98c38001 368
c40d82ab 369 line = strjoina(job->checksum, " *", fn, "\n"); /* string for binary mode */
e8b08edc
LP		 370 p = memmem_safe(checksum_job->payload,
371 checksum_job->payload_size,
372 line,
373 strlen(line));
697be0be 374 if (!p) {
c40d82ab 375 line = strjoina(job->checksum, " ", fn, "\n"); /* string for text mode */
e8b08edc
LP		 376 p = memmem_safe(checksum_job->payload,
377 checksum_job->payload_size,
378 line,
379 strlen(line));
697be0be
TB		 380 }
381
c40d82ab 382 /* Only counts if found at beginning of a line */
baaa35ad
ZJS		 383 if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n'))
384 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
c40d82ab 385 "DOWNLOAD INVALID: Checksum of %s file did not check out, file has been tampered with.", fn);
98c38001 386
91359193
LP		 387 log_info("SHA256 checksum of %s is valid.", job->url);
388 return 1;
389}
98c38001 390
ac71ece3
LP		 391static int verify_gpg(
392 const void *payload, size_t payload_size,
393 const void *signature, size_t signature_size) {
9854730b 394
71136404 395 _cleanup_close_pair_ int gpg_pipe[2] = EBADF_PAIR;
bf37a69c
LP		 396 _cleanup_(rm_rf_physical_and_freep) char *gpg_home = NULL;
397 char sig_file_path[] = "/tmp/sigXXXXXX";
91359193 398 _cleanup_(sigkill_waitp) pid_t pid = 0;
91359193 399 int r;
9854730b 400
ac71ece3
LP		 401 assert(payload || payload_size == 0);
402 assert(signature || signature_size == 0);
98c38001
LP		 403
404 r = pipe2(gpg_pipe, O_CLOEXEC);
405 if (r < 0)
0100b6e1 406 return log_error_errno(errno, "Failed to create pipe for gpg: %m");
98c38001 407
ac71ece3 408 if (signature_size > 0) {
5bb1d7fb 409 _cleanup_close_ int sig_file = -EBADF;
98c38001 410
ac71ece3
LP		 411 sig_file = mkostemp(sig_file_path, O_RDWR);
412 if (sig_file < 0)
413 return log_error_errno(errno, "Failed to create temporary file: %m");
414
e22c60a9 415 r = loop_write(sig_file, signature, signature_size);
ac71ece3
LP		 416 if (r < 0) {
417 log_error_errno(r, "Failed to write to temporary file: %m");
418 goto finish;
419 }
98c38001
LP		 420 }
421
bf37a69c
LP		 422 r = mkdtemp_malloc("/tmp/gpghomeXXXXXX", &gpg_home);
423 if (r < 0) {
424 log_error_errno(r, "Failed to create temporary home for gpg: %m");
0acfdffe
LP		 425 goto finish;
426 }
427
0c2aedb4
YW		 428 r = safe_fork_full("(gpg)",
429 (int[]) { gpg_pipe[0], -EBADF, STDERR_FILENO },
430 NULL, 0,
e9ccae31 431 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE,
0c2aedb4 432 &pid);
4c253ed1 433 if (r < 0)
b6e1fff1 434 return r;
4c253ed1 435 if (r == 0) {
98c38001
LP		 436 const char *cmd[] = {
437 "gpg",
438 "--no-options",
439 "--no-default-keyring",
440 "--no-auto-key-locate",
441 "--no-auto-check-trustdb",
442 "--batch",
443 "--trust-model=always",
0acfdffe
LP		 444 NULL, /* --homedir= */
445 NULL, /* --keyring= */
98c38001
LP		 446 NULL, /* --verify */
447 NULL, /* signature file */
448 NULL, /* dash */
449 NULL /* trailing NULL */
450 };
ac71ece3 451 size_t k = ELEMENTSOF(cmd) - 6;
98c38001
LP		 452
453 /* Child */
454
0acfdffe
LP		 455 cmd[k++] = strjoina("--homedir=", gpg_home);
456
ac71ece3 457 /* We add the user keyring only to the command line arguments, if it's around since gpg fails
98c38001
LP		 458 * otherwise. */
459 if (access(USER_KEYRING_PATH, F_OK) >= 0)
460 cmd[k++] = "--keyring=" USER_KEYRING_PATH;
ff401d5d
LB		 461 else if (access(USER_KEYRING_PATH_LEGACY, F_OK) >= 0)
462 cmd[k++] = "--keyring=" USER_KEYRING_PATH_LEGACY;
1c49d1ba
LP		 463 else
464 cmd[k++] = "--keyring=" VENDOR_KEYRING_PATH;
98c38001
LP		 465
466 cmd[k++] = "--verify";
ac71ece3 467 if (signature) {
697be0be
TB		 468 cmd[k++] = sig_file_path;
469 cmd[k++] = "-";
470 cmd[k++] = NULL;
471 }
98c38001 472
0acfdffe 473 execvp("gpg2", (char * const *) cmd);
98c38001
LP		 474 execvp("gpg", (char * const *) cmd);
475 log_error_errno(errno, "Failed to execute gpg: %m");
476 _exit(EXIT_FAILURE);
477 }
478
479 gpg_pipe[0] = safe_close(gpg_pipe[0]);
480
e22c60a9 481 r = loop_write(gpg_pipe[1], payload, payload_size);
98c38001
LP		 482 if (r < 0) {
483 log_error_errno(r, "Failed to write to pipe: %m");
484 goto finish;
485 }
486
487 gpg_pipe[1] = safe_close(gpg_pipe[1]);
488
8f03de53 489 r = wait_for_terminate_and_check("gpg", TAKE_PID(pid), WAIT_LOG_ABNORMAL);
98c38001
LP		 490 if (r < 0)
491 goto finish;
c40d82ab
LP		 492 if (r != EXIT_SUCCESS)
493 r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
494 "DOWNLOAD INVALID: Signature verification failed.");
495 else {
98c38001
LP		 496 log_info("Signature verification succeeded.");
497 r = 0;
498 }
499
500finish:
ac71ece3
LP		 501 if (signature_size > 0)
502 (void) unlink(sig_file_path);
98c38001
LP		 503
504 return r;
505}
f14717a7 506
ac71ece3 507int pull_verify(ImportVerify verify,
c40d82ab 508 const char *checksum, /* Verify with literal checksum */
ac71ece3 509 PullJob *main_job,
ac71ece3 510 PullJob *checksum_job,
ff2f7797
LP		 511 PullJob *signature_job,
512 PullJob *settings_job,
513 PullJob *roothash_job,
514 PullJob *roothash_signature_job,
515 PullJob *verity_job) {
ac71ece3 516
c40d82ab 517 _cleanup_free_ char *fn = NULL;
ac71ece3 518 VerificationStyle style;
c40d82ab 519 PullJob *verify_job;
ac71ece3
LP		 520 int r;
521
c40d82ab
LP		 522 assert(verify == _IMPORT_VERIFY_INVALID || verify < _IMPORT_VERIFY_MAX);
523 assert(verify == _IMPORT_VERIFY_INVALID || verify >= 0);
524 assert((verify < 0) || !checksum);
ac71ece3
LP		 525 assert(main_job);
526 assert(main_job->state == PULL_JOB_DONE);
527
c40d82ab 528 if (verify == IMPORT_VERIFY_NO) /* verification turned off */
ac71ece3
LP		 529 return 0;
530
c40d82ab
LP		 531 if (checksum) {
532 /* Verification by literal checksum */
533 assert(!checksum_job);
534 assert(!signature_job);
535 assert(!settings_job);
536 assert(!roothash_job);
537 assert(!roothash_signature_job);
538 assert(!verity_job);
ac71ece3 539
c40d82ab
LP		 540 assert(main_job->calc_checksum);
541 assert(main_job->checksum);
ac71ece3 542
c40d82ab
LP		 543 if (!strcaseeq(checksum, main_job->checksum))
544 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
545 "DOWNLOAD INVALID: Checksum of %s file did not check out, file has been tampered with.",
546 main_job->url);
547
548 return 0;
ff2f7797 549 }
ac71ece3 550
c40d82ab
LP		 551 r = import_url_last_component(main_job->url, &fn);
552 if (r < 0)
553 return log_error_errno(r, "Failed to extract filename from URL '%s': %m", main_job->url);
554
ac9edf99 555 if (signature_style_from_filename(fn) >= 0)
c40d82ab
LP		 556 return log_error_errno(SYNTHETIC_ERRNO(ELOOP),
557 "Main download is a signature file, can't verify it.");
558
559 if (is_checksum_file(fn)) {
560 log_debug("Main download is a checksum file, can't validate its checksum with itself, skipping.");
561 verify_job = main_job;
562 } else {
c40d82ab
LP		 563 assert(main_job->calc_checksum);
564 assert(main_job->checksum);
565 assert(checksum_job);
566 assert(checksum_job->state == PULL_JOB_DONE);
567
568 if (!checksum_job->payload || checksum_job->payload_size <= 0)
569 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
570 "Checksum is empty, cannot verify.");
571
2d708781
MY		 572 PullJob *j;
573 FOREACH_ARGUMENT(j, main_job, settings_job, roothash_job, roothash_signature_job, verity_job) {
c40d82ab
LP		 574 r = verify_one(checksum_job, j);
575 if (r < 0)
576 return r;
577 }
578
579 verify_job = checksum_job;
580 }
581
582 if (verify != IMPORT_VERIFY_SIGNATURE)
ac71ece3
LP		 583 return 0;
584
c40d82ab
LP		 585 assert(verify_job);
586
587 r = verification_style_from_url(verify_job->url, &style);
ac71ece3 588 if (r < 0)
c40d82ab 589 return log_error_errno(r, "Failed to determine verification style from URL '%s': %m", verify_job->url);
ac71ece3 590
ac9edf99
TK		 591 assert(signature_job);
592 assert(signature_job->state == PULL_JOB_DONE);
ac71ece3 593
ac9edf99
TK		 594 if (!signature_job->payload || signature_job->payload_size <= 0)
595 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
596 "Signature is empty, cannot verify.");
ac71ece3 597
ac9edf99 598 return verify_gpg(verify_job->payload, verify_job->payload_size, signature_job->payload, signature_job->payload_size);
ac71ece3
LP		 599}
600
f14717a7
LP		 601int verification_style_from_url(const char *url, VerificationStyle *ret) {
602 _cleanup_free_ char *last = NULL;
603 int r;
604
605 assert(url);
606 assert(ret);
607
608 /* Determines which kind of verification style is appropriate for this url */
609
610 r = import_url_last_component(url, &last);
611 if (r < 0)
612 return r;
613
614 if (streq(last, "SHA256SUMS")) {
615 *ret = VERIFICATION_PER_DIRECTORY;
616 return 0;
617 }
618
619 if (endswith(last, ".sha256")) {
620 *ret = VERIFICATION_PER_FILE;
621 return 0;
622 }
623
624 return -EINVAL;
625}
626
627int pull_job_restart_with_sha256sum(PullJob *j, char **ret) {
628 VerificationStyle style;
629 int r;
630
631 assert(j);
632
633 /* Generic implementation of a PullJobNotFound handler, that restarts the job requesting SHA256SUMS */
634
635 r = verification_style_from_url(j->url, &style);
636 if (r < 0)
637 return log_error_errno(r, "Failed to determine verification style of URL '%s': %m", j->url);
638
ac9edf99
TK		 639 if (style == VERIFICATION_PER_DIRECTORY) { /* Nothing to do anymore */
640 *ret = NULL;
f14717a7 641 return 0;
ac9edf99 642 }
f14717a7
LP		 643
644 assert(style == VERIFICATION_PER_FILE); /* This must have been .sha256 style URL before */
645
ac9edf99 646 log_debug("Got 404 for '%s', now trying to get SHA256SUMS instead.", j->url);
f14717a7
LP		 647
648 r = import_url_change_last_component(j->url, "SHA256SUMS", ret);
649 if (r < 0)
650 return log_error_errno(r, "Failed to replace SHA256SUMS suffix: %m");
651
652 return 1;
653}
c40d82ab 654
ac9edf99
TK		 655int signature_style_from_url(const char *url, SignatureStyle *ret, char **ret_filename) {
656 _cleanup_free_ char *last = NULL;
657 SignatureStyle style;
658 int r;
659
660 assert(url);
661 assert(ret);
662 assert(ret_filename);
663
664 /* Determines which kind of signature style is appropriate for this url */
665
666 r = import_url_last_component(url, &last);
667 if (r < 0)
668 return r;
669
670 style = signature_style_from_filename(last);
671 if (style < 0)
672 return style;
673
674 *ret_filename = TAKE_PTR(last);
675 *ret = style;
676 return 0;
677}
678
679int pull_job_restart_with_signature(PullJob *j, char **ret) {
680 _cleanup_free_ char *last = NULL;
681 SignatureStyle style;
682 int r;
683
684 assert(j);
685
686 /* Generic implementation of a PullJobNotFound handler, that restarts the job requesting a different
687 * signature file. After the initial file, additional *.sha256.gpg, SHA256SUMS.gpg and SHA256SUMS.asc
688 * are tried in this order. */
689
690 r = signature_style_from_url(j->url, &style, &last);
691 if (r < 0)
692 return log_error_errno(r, "Failed to determine signature style of URL '%s': %m", j->url);
693
694 switch (style) {
695
696 case SIGNATURE_ASC_PER_DIRECTORY: /* Nothing to do anymore */
697 *ret = NULL;
698 return 0;
699
700 case SIGNATURE_ASC_PER_FILE: { /* Try .sha256.gpg next */
701 char *ext;
702
703 log_debug("Got 404 for '%s', now trying to get .sha256.gpg instead.", j->url);
704
705 ext = endswith(last, ".asc");
706 assert(ext);
707 strcpy(ext, ".gpg");
708
709 r = import_url_change_last_component(j->url, last, ret);
710 if (r < 0)
711 return log_error_errno(r, "Failed to replace .sha256.asc suffix: %m");
712 break;
713 }
714
715 case SIGNATURE_GPG_PER_FILE: /* Try SHA256SUMS.gpg next */
716 log_debug("Got 404 for '%s', now trying to get SHA256SUMS.gpg instead.", j->url);
717 r = import_url_change_last_component(j->url, "SHA256SUMS.gpg", ret);
718 if (r < 0)
719 return log_error_errno(r, "Failed to replace SHA256SUMS suffix: %m");
720 break;
721
722 case SIGNATURE_GPG_PER_DIRECTORY:
723 log_debug("Got 404 for '%s', now trying to get SHA256SUMS.asc instead.", j->url);
724 r = import_url_change_last_component(j->url, "SHA256SUMS.asc", ret);
725 if (r < 0)
726 return log_error_errno(r, "Failed to replace SHA256SUMS.gpg suffix: %m");
727 break;
728
729 default:
730 assert_not_reached();
731 }
732
733 return 1;
734}
735
83d74112 736bool pull_validate_local(const char *name, ImportFlags flags) {
c40d82ab 737
83d74112 738 if (FLAGS_SET(flags, IMPORT_DIRECT))
c40d82ab
LP		 739 return path_is_valid(name);
740
8f20b498 741 return image_name_is_valid(name);
c40d82ab
LP		 742}
743
744int pull_url_needs_checksum(const char *url) {
745 _cleanup_free_ char *fn = NULL;
746 int r;
747
748 /* Returns true if we need to validate this resource via a hash value. This returns true for all
749 * files — except for gpg signature files and SHA256SUMS files and the like, which are validated with
750 * a validation tool like gpg. */
751
752 r = import_url_last_component(url, &fn);
753 if (r == -EADDRNOTAVAIL) /* no last component? then let's assume it's not a signature/checksum file */
754 return false;
755 if (r < 0)
756 return r;
757
ac9edf99 758 return !is_checksum_file(fn) && signature_style_from_filename(fn) < 0;
c40d82ab 759}
Unnamed repository; edit this file 'description' to name the repository.