From: Alberto Leiva Popper Date: Thu, 15 May 2025 22:56:47 +0000 (-0600) Subject: Deprecate and no-op the incidences module X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e02b2ac6237b31af00e20996bc7b4bf520e7875;p=thirdparty%2FFORT-validator.git Deprecate and no-op the incidences module The few almost useful incidences left were workarounds for the old cache implementation. --- diff --git a/src/Makefile.am b/src/Makefile.am index 548584a4..f6779578 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -31,7 +31,6 @@ fort_SOURCES += ext.h ext.c fort_SOURCES += file.h file.c fort_SOURCES += hash.h hash.c fort_SOURCES += http.h http.c -fort_SOURCES += incidence.h incidence.c fort_SOURCES += init.h init.c fort_SOURCES += json_handler.h json_handler.c fort_SOURCES += json_util.c json_util.h diff --git a/src/algorithm.c b/src/algorithm.c index cf400c60..d402d02b 100644 --- a/src/algorithm.c +++ b/src/algorithm.c @@ -109,18 +109,11 @@ validate_cms_hash_algorithm(AlgorithmIdentifier_t *id, char const *what) * some implementations encode parameters as a NULL element * while others omit them entirely. The correct encoding is to omit the * parameters field; - * - * We will treat NULL object parameters as one type of error, and any - * other type of present parameters as a different error. The former - * will be silenceable, because many people are breaking the rule. */ if (id->parameters != NULL) { error = is_asn1_null_object(id->parameters) - ? incidence(INID_HASHALG_HAS_PARAMS, - "The hash algorithm of the '%s' has a NULL object as parameters", - what) - : pr_val_err("The hash algorithm of the '%s' has parameters", - what); + ? pr_val_err("The hash algorithm of the '%s' has a NULL object as parameters", what) + : pr_val_err("The hash algorithm of the '%s' has parameters", what); } return error; diff --git a/src/config/incidences.c b/src/config/incidences.c index 7d20fe07..ae0d3ee7 100644 --- a/src/config/incidences.c +++ b/src/config/incidences.c @@ -1,18 +1,19 @@ #include "config/incidences.h" -#include "incidence.h" +#include "log.h" static void incidences_print(struct option_field const *field, void *_value) { - incidence_print(); + /* Empty */ } static int incidences_parse_json(struct option_field const *opt, json_t *json, void *_result) { - return incidence_update(json); + pr_op_warn("Incidences are deprecated; please delete them from your configuration."); + return 0; } const struct global_type gt_incidences = { diff --git a/src/file.h b/src/file.h index e96012dc..013779b2 100644 --- a/src/file.h +++ b/src/file.h @@ -44,7 +44,7 @@ struct cache_sequence { char *prefix; unsigned long next_id; size_t pathlen; - bool free_prefix; // XXX seems to be always false + bool free_prefix; }; void cseq_init(struct cache_sequence *, char *, unsigned long, bool); diff --git a/src/incidence.c b/src/incidence.c deleted file mode 100644 index b9a35b2c..00000000 --- a/src/incidence.c +++ /dev/null @@ -1,177 +0,0 @@ -#include "incidence.h" - -#include - -#include "json_util.h" -#include "log.h" -#include "types/array.h" - -struct incidence { - const enum incidence_id id; - char const *const name; - char const *const description; - const enum incidence_action default_action; - enum incidence_action action; -}; - -static struct incidence incidences[__INID_MAX] = { - { - INID_HASHALG_HAS_PARAMS, - "incid-hashalg-has-params", - "Signed Object's hash algorithm has NULL object as parameters", - INAC_IGNORE, - }, - { - INID_OBJ_NOT_DER, - "incid-obj-not-der-encoded", - "Object isn't DER encoded", - INAC_IGNORE, - }, - { - INID_MFT_FILE_NOT_FOUND, - "incid-file-at-mft-not-found", - "File listed at manifest doesn't exist", - INAC_ERROR, - }, - { - INID_MFT_FILE_HASH_NOT_MATCH, - "incid-file-at-mft-hash-not-match", - "File hash listed at manifest doesn't match the actual file hash", - INAC_ERROR, - }, - { - INID_MFT_STALE, - "incid-mft-stale", - "The current time is after the nextUpdate field at the manifest", - INAC_ERROR, - }, -}; - -static int -name2id(char const *name, enum incidence_id *id) -{ - array_index i; - - for (i = 0; i < __INID_MAX; i++) { - if (strcmp(name, incidences[i].name) == 0) { - *id = i; - return 0; - } - } - - return pr_op_err("Unknown incidence name: %s", name); -} - -static char const * -action2str(enum incidence_action action) -{ - switch (action) { - case INAC_IGNORE: - return "ignore"; - case INAC_WARN: - return "warn"; - case INAC_ERROR: - return "error"; - } - - return "unknown"; -} - -static int -init_action(json_t *json) -{ - enum incidence_id id; - char const *name; - char const *action_str; - enum incidence_action action; - int error; - - id = __INID_MAX; - error = json_get_str(json, "name", &name); - if (error < 0) - return error; - if (error > 0) - return pr_op_err("Incidence is missing the 'name' tag."); - error = name2id(name, &id); - if (error) - return error; - error = json_get_str(json, "action", &action_str); - if (error < 0) - return error; - if (error > 0) - return pr_op_err("Incidence '%s' is missing the 'action' tag.", - name); - - if (strcmp("ignore", action_str) == 0) - action = INAC_IGNORE; - else if (strcmp("warn", action_str) == 0) - action = INAC_WARN; - else if (strcmp("error", action_str) == 0) - action = INAC_ERROR; - else - return pr_op_err("Unknown incidence action: '%s'", action_str); - - incidences[id].action = action; - return 0; -} - -/** - * Concurrent inits are allowed. - */ -int -incidence_init(void) -{ - array_index i; - - /* Make sure the programmer didn't desync the id enum and the array. */ - assert(__INID_MAX == ARRAY_LEN(incidences)); - for (i = 0; i < __INID_MAX; i++) { - assert(i == incidences[i].id); - /* Also init. */ - incidences[i].action = incidences[i].default_action; - } - - return 0; -} - -/** - * Concurrent calls to this function are allowed. - */ -int -incidence_update(json_t *json) -{ - array_index i; - json_t *child; - int error; - - if (!json_is_array(json)) - return pr_op_err("The incidences JSON element is supposed to be an array."); - - json_array_foreach(json, i, child) { - error = init_action(child); - if (error) - return error; - } - - return 0; -} - -void -incidence_print(void) -{ - array_index i; - - pr_op_info("Custom incidences:"); - - for (i = 0; i < __INID_MAX; i++) { - pr_op_info(" %s (%s): %s", incidences[i].name, - incidences[i].description, - action2str(incidences[i].action)); - } -} - -enum incidence_action -incidence_get_action(enum incidence_id id) -{ - return incidences[id].action; -} diff --git a/src/incidence.h b/src/incidence.h deleted file mode 100644 index f0170aea..00000000 --- a/src/incidence.h +++ /dev/null @@ -1,45 +0,0 @@ -#ifndef SRC_INCIDENCE_INCIDENCE_H_ -#define SRC_INCIDENCE_INCIDENCE_H_ - -#include - -/* - * Note: If you need to add, modify or delete an element from this enum, - * remember that you also need to add it to the incidences array. That's all. - */ -enum incidence_id { - INID_HASHALG_HAS_PARAMS, - INID_OBJ_NOT_DER, - INID_MFT_FILE_NOT_FOUND, // XXX deprecate and no-op - INID_MFT_FILE_HASH_NOT_MATCH, // XXX deprecate and no-op - INID_MFT_STALE, - // XXX Document elimination of INID_CRL_STALE - - __INID_MAX, -}; - -enum incidence_action { - /** - * Do not print error message, continue validation as if nothing - * happened. - */ - INAC_IGNORE, - /** - * Print error message in warning log level, continue validation as if - * nothing happened. - */ - INAC_WARN, - /** - * Print error message in error log level, fail validation of the - * offending object (and all of its children). - */ - INAC_ERROR, -}; - -int incidence_init(void); /* incidence_destroy() is not needed. */ -int incidence_update(json_t *); - -void incidence_print(void); -enum incidence_action incidence_get_action(enum incidence_id); - -#endif /* SRC_INCIDENCE_INCIDENCE_H_ */ diff --git a/src/log.c b/src/log.c index 8a8f02dd..9c3c8679 100644 --- a/src/log.c +++ b/src/log.c @@ -569,27 +569,3 @@ pr_crit(const char *format, ...) print_stack_trace(NULL); exit(-1); } - -/** - * Prints the [format, ...] error message using the configured logging severity - * of the @id incidence. - */ -int -incidence(enum incidence_id id, const char *format, ...) -{ - enum incidence_action action; - - action = incidence_get_action(id); - switch (action) { - case INAC_IGNORE: - return 0; - case INAC_WARN: - PR_SIMPLE(LOG_WARNING, val_config); - return 0; - case INAC_ERROR: - PR_SIMPLE(LOG_ERR, val_config); - return EINVAL; - } - - pr_crit("Unknown incidence action: %u", action); -} diff --git a/src/log.h b/src/log.h index 453899d2..d6fa4340 100644 --- a/src/log.h +++ b/src/log.h @@ -4,8 +4,6 @@ #include #include -#include "incidence.h" - #define PR_COLOR_DBG "\x1B[36m" /* Cyan */ #define PR_COLOR_INF "\x1B[37m" /* White */ #define PR_COLOR_WRN "\x1B[33m" /* Yellow */ @@ -105,8 +103,6 @@ __dead void enomem_panic(void); /* Programming errors */ __dead void pr_crit(const char *, ...) CHECK_FORMAT(1, 2); -int incidence(enum incidence_id, const char *, ...) CHECK_FORMAT(2, 3); - /* * Quick and dirty debugging messages. * diff --git a/src/main.c b/src/main.c index 11b0bb19..d81751cc 100644 --- a/src/main.c +++ b/src/main.c @@ -132,9 +132,6 @@ main(int argc, char **argv) register_signal_handlers(); error = thvar_init(); - if (error) - goto revert_rsync; - error = incidence_init(); if (error) goto revert_rsync; error = nid_init(); diff --git a/src/object/manifest.c b/src/object/manifest.c index 87fe274f..1eb9bbad 100644 --- a/src/object/manifest.c +++ b/src/object/manifest.c @@ -94,8 +94,7 @@ validate_dates(GeneralizedTime_t *this, GeneralizedTime_t *next, TM_ARGS(thisUpdate)); } if (tm_cmp(&now, &nextUpdate) > 0) { - return incidence(INID_MFT_STALE, - "Manifest is stale. (nextUpdate: " TM_FMT ")", + return pr_val_err("Manifest is stale. (nextUpdate: " TM_FMT ")", TM_ARGS(nextUpdate)); } diff --git a/test/mock.c b/test/mock.c index bc881cba..47c3c8a9 100644 --- a/test/mock.c +++ b/test/mock.c @@ -4,7 +4,6 @@ #include #include #include "config.h" -#include "incidence.h" #include "log.h" #include "thread_var.h" @@ -64,13 +63,6 @@ MOCK_INT_PRINT(pr_val_warn, PR_COLOR_WRN, 0) MOCK_INT_PRINT(pr_val_err, PR_COLOR_ERR, EINVAL) MOCK_INT_PRINT(val_crypto_err, PR_COLOR_ERR, EINVAL) -int -incidence(enum incidence_id id, const char *format, ...) -{ - MOCK_PRINT(PR_COLOR_ERR); - return EINVAL; -} - void enomem_panic(void) {