[PATCH 1/1] snapshot: support tar signature for compressed tar
Christian Hesse
list at eworm.de
Thu Jun 7 17:13:02 CEST 2018
John Keeping <john at keeping.me.uk> on Thu, 2018/06/07 14:17:
> On Thu, Jun 07, 2018 at 02:15:34PM +0200, Christian Hesse wrote:
> > From: Christian Hesse <mail at eworm.de>
> >
> > This adds support for kernel.org style signatures where the uncompressed
> > tar archive is signed and compressed later. The signature is valid for
> > all tar* snapshots.
> >
> > Signed-off-by: Christian Hesse <mail at eworm.de>
> > ---
> > ui-shared.c | 8 ++++++++
> > ui-snapshot.c | 2 +-
> > 2 files changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/ui-shared.c b/ui-shared.c
> > index 8a786e0..40935ae 100644
> > --- a/ui-shared.c
> > +++ b/ui-shared.c
> > @@ -1139,6 +1139,14 @@ void cgit_print_snapshot_links(const struct
> > cgit_repo *repo, const char *ref, cgit_snapshot_link("sig", NULL, NULL,
> > NULL, NULL, filename.buf);
> > html(")");
> > + } else if (f->bit & 0x16 && cgit_snapshot_get_sig(ref,
> > &cgit_snapshot_formats[3])) {
>
> This works, but it feels far too magic and likely to break in the
> future. I'd rather add a new field for base snapshot type, either as a
> const char * set that to ".tar" for the relevant archive formats or as a
> bitmask which is set to 0x08 for now to allow fallback to tar. If we do
> that, we should extract at least that bit value to a named constant to
> make it clear what is going on.
Already working on that. ;)
What concerns me a lot more is the fact that we rely on the array position.
If anybody decides to insert a new element in cgit_snapshot_formats before
the tar element things break.
I decided to reorder the element and add a comment about what we rely on...
Wondering whether or not you like it and if there are any better ideas. :-p
I prefer this order anyway.
> > + int suf_len = strlen(f->suffix);
> > + strbuf_remove(&filename, strlen(filename.buf) -
> > suf_len, suf_len);
> > + strbuf_addstr(&filename, ".tar.asc");
> > + html(" (");
> > + cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
> > + filename.buf);
> > + html(")");
> > }
> > html(separator);
> > }
> > diff --git a/ui-snapshot.c b/ui-snapshot.c
> > index c7611e8..76d0573 100644
> > --- a/ui-snapshot.c
> > +++ b/ui-snapshot.c
> > @@ -263,7 +263,7 @@ void cgit_print_snapshot(const char *head, const char
> > *hex, }
> >
> > f = get_format(filename);
> > - if (!f || !(ctx.repo->snapshots & f->bit)) {
> > + if (!f || (!sig_filename && !(ctx.repo->snapshots & f->bit))) {
>
> This bypasses the permitted snapshots configuration, but I guess that's
> ok because signature lookup is cheap unlike archive creation.
It does, but for signatures only. I think it is not worth the trouble making
the condition even more complex to deny ".zip.asc".
> > cgit_print_error_page(400, "Bad request",
> > "Unsupported snapshot format: %s",
> > filename); return;
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];)
putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20180607/81e256ab/attachment.asc>
More information about the CGit
mailing list