[PATCH 1/1] snapshot: support tar signature for compressed tar

John Keeping john at keeping.me.uk
Thu Jun 7 15:17:14 CEST 2018 

On Thu, Jun 07, 2018 at 02:15:34PM +0200, Christian Hesse wrote:
> From: Christian Hesse <mail at eworm.de>
> 
> This adds support for kernel.org style signatures where the uncompressed
> tar archive is signed and compressed later. The signature is valid for
> all tar* snapshots.
> 
> Signed-off-by: Christian Hesse <mail at eworm.de>
> ---
>  ui-shared.c   | 8 ++++++++
>  ui-snapshot.c | 2 +-
>  2 files changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/ui-shared.c b/ui-shared.c
> index 8a786e0..40935ae 100644
> --- a/ui-shared.c
> +++ b/ui-shared.c
> @@ -1139,6 +1139,14 @@ void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref,
>  			cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
>  					   filename.buf);
>  			html(")");
> +		} else if (f->bit & 0x16 && cgit_snapshot_get_sig(ref, &cgit_snapshot_formats[3])) {

This works, but it feels far too magic and likely to break in the
future.  I'd rather add a new field for base snapshot type, either as a
const char * set that to ".tar" for the relevant archive formats or as a
bitmask which is set to 0x08 for now to allow fallback to tar.  If we do
that, we should extract at least that bit value to a named constant to
make it clear what is going on.

> +			int suf_len = strlen(f->suffix);
> +			strbuf_remove(&filename, strlen(filename.buf) - suf_len, suf_len);
> +			strbuf_addstr(&filename, ".tar.asc");
> +			html(" (");
> +			cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
> +					   filename.buf);
> +			html(")");
>  		}
>  		html(separator);
>  	}
> diff --git a/ui-snapshot.c b/ui-snapshot.c
> index c7611e8..76d0573 100644
> --- a/ui-snapshot.c
> +++ b/ui-snapshot.c
> @@ -263,7 +263,7 @@ void cgit_print_snapshot(const char *head, const char *hex,
>  	}
>  
>  	f = get_format(filename);
> -	if (!f || !(ctx.repo->snapshots & f->bit)) {
> +	if (!f || (!sig_filename && !(ctx.repo->snapshots & f->bit))) {

This bypasses the permitted snapshots configuration, but I guess that's
ok because signature lookup is cheap unlike archive creation.

>  		cgit_print_error_page(400, "Bad request",
>  				"Unsupported snapshot format: %s", filename);
>  		return;

More information about the CGit mailing list