From: Lennart Poettering Date: Wed, 5 Nov 2025 21:24:01 +0000 (+0100) Subject: pull: now that PullJob can verify expected digests, let's rely on it for tar/raw... X-Git-Tag: v259-rc1~127^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5bba33f5e9251a4e97ceac085091244df5c9e711;p=thirdparty%2Fsystemd.git pull: now that PullJob can verify expected digests, let's rely on it for tar/raw pulling Instead of authenticating the downloaded image explicity in the tar and in the raw downloader, we can now rely on the checksum checking in the generic PullJob code. Hence do so: drop tep the checksum field from TarPull and RawPull, and just initialized the ->expected_checksum in the relevant PullJob instead. --- diff --git a/src/import/pull-common.c b/src/import/pull-common.c index 61ac57e5555..a58b8b8185f 100644 --- a/src/import/pull-common.c +++ b/src/import/pull-common.c @@ -248,7 +248,6 @@ int pull_make_verification_jobs( PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, - const struct iovec *checksum, /* set if literal checksum verification is requested, in which case 'verify' is set to _IMPORT_VERIFY_INVALID */ const char *url, CurlGlue *glue, PullJobFinished on_finished, @@ -262,13 +261,13 @@ int pull_make_verification_jobs( assert(ret_signature_job); assert(verify == _IMPORT_VERIFY_INVALID || verify < _IMPORT_VERIFY_MAX); assert(verify == _IMPORT_VERIFY_INVALID || verify >= 0); - assert((verify < 0) || !checksum); assert(url); assert(glue); /* If verification is turned off, or if the checksum to validate is already specified we don't need * to download a checksum file or signature, hence shortcut things */ - if (verify == IMPORT_VERIFY_NO || iovec_is_set(checksum)) { + if (verify < 0 || /* verification already done (via literal checksum) */ + verify == IMPORT_VERIFY_NO) { /* verification turned off */ *ret_checksum_job = *ret_signature_job = NULL; return 0; } @@ -515,7 +514,6 @@ finish: } int pull_verify(ImportVerify verify, - const struct iovec *checksum, /* Verify with literal checksum */ PullJob *main_job, PullJob *checksum_job, PullJob *signature_job, @@ -531,33 +529,13 @@ int pull_verify(ImportVerify verify, assert(verify == _IMPORT_VERIFY_INVALID || verify < _IMPORT_VERIFY_MAX); assert(verify == _IMPORT_VERIFY_INVALID || verify >= 0); - assert((verify < 0) || !checksum); assert(main_job); assert(main_job->state == PULL_JOB_DONE); - if (verify == IMPORT_VERIFY_NO) /* verification turned off */ + if (verify < 0 || /* verification already done (via literal checksum) */ + verify == IMPORT_VERIFY_NO) /* verification turned off */ return 0; - if (checksum) { - /* Verification by literal checksum */ - assert(!checksum_job); - assert(!signature_job); - assert(!settings_job); - assert(!roothash_job); - assert(!roothash_signature_job); - assert(!verity_job); - - assert(main_job->calc_checksum); - assert(iovec_is_set(&main_job->checksum)); - - if (iovec_memcmp(checksum, &main_job->checksum) != 0) - return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), - "DOWNLOAD INVALID: Checksum of %s file did not check out, file has been tampered with.", - main_job->url); - - return 0; - } - r = import_url_last_component(main_job->url, &fn); if (r < 0) return log_error_errno(r, "Failed to extract filename from URL '%s': %m", main_job->url); diff --git a/src/import/pull-common.h b/src/import/pull-common.h index 48cb6c5ec4e..ffdabcb2495 100644 --- a/src/import/pull-common.h +++ b/src/import/pull-common.h @@ -14,9 +14,9 @@ int pull_find_old_etags(const char *url, const char *root, int dt, const char *p int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret); int pull_make_auxiliary_job(PullJob **ret, const char *url, int (*strip_suffixes)(const char *name, char **ret), const char *suffix, ImportVerify verify, CurlGlue *glue, PullJobOpenDisk on_open_disk, PullJobFinished on_finished, void *userdata); -int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const struct iovec *checksum, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata); +int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata); -int pull_verify(ImportVerify verify, const struct iovec *checksum, PullJob *main_job, PullJob *checksum_job, PullJob *signature_job, PullJob *settings_job, PullJob *roothash_job, PullJob *roothash_signature_job, PullJob *verity_job); +int pull_verify(ImportVerify verify, PullJob *main_job, PullJob *checksum_job, PullJob *signature_job, PullJob *settings_job, PullJob *roothash_job, PullJob *roothash_signature_job, PullJob *verity_job); typedef enum VerificationStyle { VERIFICATION_PER_FILE, /* SUSE-style ".sha256" files with detached gpg signature */ diff --git a/src/import/pull-raw.c b/src/import/pull-raw.c index 274bd3ec0d6..bf662c24b95 100644 --- a/src/import/pull-raw.c +++ b/src/import/pull-raw.c @@ -67,8 +67,6 @@ typedef struct RawPull { char *verity_path; char *verity_temp_path; - - struct iovec checksum; } RawPull; RawPull* raw_pull_unref(RawPull *i) { @@ -99,7 +97,6 @@ RawPull* raw_pull_unref(RawPull *i) { free(i->verity_path); free(i->image_root); free(i->local); - iovec_done(&i->checksum); return mfree(i); } @@ -585,7 +582,6 @@ static void raw_pull_job_on_finished(PullJob *j) { raw_pull_report_progress(i, RAW_VERIFYING); r = pull_verify(i->verify, - &i->checksum, i->raw_job, i->checksum_job, i->signature_job, @@ -854,9 +850,6 @@ int raw_pull_start( if (r < 0) return r; - if (!iovec_memdup(checksum, &i->checksum)) - return -ENOMEM; - i->flags = flags; i->verify = verify; @@ -868,9 +861,12 @@ int raw_pull_start( i->raw_job->on_finished = raw_pull_job_on_finished; i->raw_job->on_open_disk = raw_pull_job_on_open_disk_raw; - if (iovec_is_set(checksum)) + if (iovec_is_set(checksum)) { + if (!iovec_memdup(checksum, &i->raw_job->expected_checksum)) + return -ENOMEM; + i->raw_job->calc_checksum = true; - else if (verify != IMPORT_VERIFY_NO) { + } else if (verify != IMPORT_VERIFY_NO) { /* Calculate checksum of the main download unless the users asks for a SHA256SUM file or its * signature, which we let gpg verify instead. */ @@ -898,7 +894,6 @@ int raw_pull_start( &i->checksum_job, &i->signature_job, verify, - &i->checksum, url, i->glue, raw_pull_job_on_finished, diff --git a/src/import/pull-tar.c b/src/import/pull-tar.c index a899e9a225d..168ea08de84 100644 --- a/src/import/pull-tar.c +++ b/src/import/pull-tar.c @@ -65,8 +65,6 @@ typedef struct TarPull { char *settings_path; char *settings_temp_path; - struct iovec checksum; - int tree_fd; int userns_fd; @@ -98,7 +96,6 @@ TarPull* tar_pull_unref(TarPull *i) { free(i->settings_path); free(i->image_root); free(i->local); - iovec_done(&i->checksum); safe_close(i->tree_fd); safe_close(i->userns_fd); @@ -478,7 +475,6 @@ static void tar_pull_job_on_finished(PullJob *j) { clear_progress_bar(/* prefix= */ NULL); r = pull_verify(i->verify, - &i->checksum, i->tar_job, i->checksum_job, i->signature_job, @@ -723,9 +719,6 @@ int tar_pull_start( if (r < 0) return r; - if (!iovec_memdup(checksum, &i->checksum)) - return -ENOMEM; - i->flags = flags; i->verify = verify; @@ -736,7 +729,14 @@ int tar_pull_start( i->tar_job->on_finished = tar_pull_job_on_finished; i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar; - i->tar_job->calc_checksum = checksum || IN_SET(verify, IMPORT_VERIFY_CHECKSUM, IMPORT_VERIFY_SIGNATURE); + + if (iovec_is_set(checksum)) { + if (!iovec_memdup(checksum, &i->tar_job->expected_checksum)) + return -ENOMEM; + + i->tar_job->calc_checksum = true; + } else + i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO; if (!FLAGS_SET(flags, IMPORT_DIRECT)) { r = pull_find_old_etags(url, i->image_root, DT_DIR, ".tar-", NULL, &i->tar_job->old_etags); @@ -749,7 +749,6 @@ int tar_pull_start( &i->checksum_job, &i->signature_job, verify, - checksum, url, i->glue, tar_pull_job_on_finished,