diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-01-15 16:45:29 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-01-19 18:29:59 +0100 |
| commit | f14717a7e2d9331010a091baeae6cf9e99f4bb5c (patch) | |
| tree | e47c6f43244cdd7d60439d253eb02e090ece2588 /src/import/pull-common.h | |
| parent | import: use TAKE_PTR() where available (diff) | |
| download | systemd-f14717a7e2d9331010a091baeae6cf9e99f4bb5c.tar.xz systemd-f14717a7e2d9331010a091baeae6cf9e99f4bb5c.zip | |
import: rework how verification works
Previously the PullJob object took internal care of rerequested the
SHA256SUMS file, if requesting <image>.sha256 didn't work. This was a
weird a non-abstraction only used when actually getting the checksum
files.
Let's move this out of the PullJob, so that it is generic again, and
does roughly the same stuff for all resources it is used for: let's
define a generic .on_not_found() handler that can be set on a PullJob
object, and is called whenever with see HTTP 404, and may be used to
provide a new URL to try if the first didn't work.
This is also preparation for later work to support PKCS#7 signatures
instead of gpg signatures, where a similar logic is needed, and we thus
should have a generic infrastructure place.
This gets rid of the VerificationStyle field in the PullJob object:
instead of storing this non-generic field we just derive the same
information from the URL itself, which is safe, since we generated it
ourselves earlier.
Diffstat (limited to 'src/import/pull-common.h')
| -rw-r--r-- | src/import/pull-common.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/import/pull-common.h b/src/import/pull-common.h index 025bcee2bd..a83e9b7e14 100644 --- a/src/import/pull-common.h +++ b/src/import/pull-common.h @@ -16,3 +16,14 @@ int pull_make_auxiliary_job(PullJob **ret, const char *url, int (*strip_suffixes int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata); int pull_verify(PullJob *main_job, PullJob *roothash_job, PullJob *settings_job, PullJob *checksum_job, PullJob *signature_job); + +typedef enum VerificationStyle { + VERIFICATION_PER_FILE, /* SuSE-style ".sha256" files with inline gpg signature */ + VERIFICATION_PER_DIRECTORY, /* Ubuntu-style SHA256SUM files with detached SHA256SUM.gpg signatures */ + _VERIFICATION_STYLE_MAX, + _VERIFICATION_STYLE_INVALID = -1, +} VerificationStyle; + +int verification_style_from_url(const char *url, VerificationStyle *style); + +int pull_job_restart_with_sha256sum(PullJob *job, char **ret); |