[PATCH 1/1] snapshot: support tar signature for compressed tar

Christian Hesse list at eworm.de
Thu Jun 7 17:13:02 CEST 2018


John Keeping <john at keeping.me.uk> on Thu, 2018/06/07 14:17:
> On Thu, Jun 07, 2018 at 02:15:34PM +0200, Christian Hesse wrote:
> > From: Christian Hesse <mail at eworm.de>
> > 
> > This adds support for kernel.org style signatures where the uncompressed
> > tar archive is signed and compressed later. The signature is valid for
> > all tar* snapshots.
> > 
> > Signed-off-by: Christian Hesse <mail at eworm.de>
> > ---
> >  ui-shared.c   | 8 ++++++++
> >  ui-snapshot.c | 2 +-
> >  2 files changed, 9 insertions(+), 1 deletion(-)
> > 
> > diff --git a/ui-shared.c b/ui-shared.c
> > index 8a786e0..40935ae 100644
> > --- a/ui-shared.c
> > +++ b/ui-shared.c
> > @@ -1139,6 +1139,14 @@ void cgit_print_snapshot_links(const struct
> > cgit_repo *repo, const char *ref, cgit_snapshot_link("sig", NULL, NULL,
> > NULL, NULL, filename.buf);
> >  			html(")");
> > +		} else if (f->bit & 0x16 && cgit_snapshot_get_sig(ref,
> > &cgit_snapshot_formats[3])) {  
> 
> This works, but it feels far too magic and likely to break in the
> future.  I'd rather add a new field for base snapshot type, either as a
> const char * set that to ".tar" for the relevant archive formats or as a
> bitmask which is set to 0x08 for now to allow fallback to tar.  If we do
> that, we should extract at least that bit value to a named constant to
> make it clear what is going on.

Already working on that. ;)

What concerns me a lot more is the fact that we rely on the array position.
If anybody decides to insert a new element in cgit_snapshot_formats before
the tar element things break.

I decided to reorder the element and add a comment about what we rely on...
Wondering whether or not you like it and if there are any better ideas. :-p
I prefer this order anyway.

> > +			int suf_len = strlen(f->suffix);
> > +			strbuf_remove(&filename, strlen(filename.buf) -
> > suf_len, suf_len);
> > +			strbuf_addstr(&filename, ".tar.asc");
> > +			html(" (");
> > +			cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
> > +					   filename.buf);
> > +			html(")");
> >  		}
> >  		html(separator);
> >  	}
> > diff --git a/ui-snapshot.c b/ui-snapshot.c
> > index c7611e8..76d0573 100644
> > --- a/ui-snapshot.c
> > +++ b/ui-snapshot.c
> > @@ -263,7 +263,7 @@ void cgit_print_snapshot(const char *head, const char
> > *hex, }
> >  
> >  	f = get_format(filename);
> > -	if (!f || !(ctx.repo->snapshots & f->bit)) {
> > +	if (!f || (!sig_filename && !(ctx.repo->snapshots & f->bit))) {  
> 
> This bypasses the permitted snapshots configuration, but I guess that's
> ok because signature lookup is cheap unlike archive creation.

It does, but for signatures only. I think it is not worth the trouble making
the condition even more complex to deny ".zip.asc".

> >  		cgit_print_error_page(400, "Bad request",
> >  				"Unsupported snapshot format: %s",
> > filename); return;  



-- 
main(a){char*c=/*    Schoene Gruesse                         */"B?IJj;MEH"
"CX:;",b;for(a/*    Best regards             my address:    */=0;b=c[a++];)
putchar(b-1/(/*    Chris            cc -ox -xc - && ./x    */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20180607/81e256ab/attachment.asc>


More information about the CGit mailing list