[PATCH v2 2/2] snapshot: support tar signature for compressed tar

Christian Hesse list at eworm.de
Thu Jun 7 17:14:52 CEST 2018 

From: Christian Hesse <mail at eworm.de>

This adds support for kernel.org style signatures where the uncompressed
tar archive is signed and compressed later. The signature is valid for
all tar* snapshots.

We have a filter which snapshots may be generated and downloaded. This has
to allow tar signatures now even if tar itself is not allowed. To simplify
things we allow all signatures.

Signed-off-by: Christian Hesse <mail at eworm.de>
---
 ui-shared.c   | 8 ++++++++
 ui-snapshot.c | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ui-shared.c b/ui-shared.c
index 8a786e0..72c0a33 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -1139,6 +1139,14 @@ void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref,
 			cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
 					   filename.buf);
 			html(")");
+		} else if (f->base == CGIT_SNAPSHOT_TAR && cgit_snapshot_get_sig(ref, &cgit_snapshot_formats[0])) {
+			int suf_len = strlen(f->suffix);
+			strbuf_remove(&filename, strlen(filename.buf) - suf_len, suf_len);
+			strbuf_addstr(&filename, ".tar.asc");
+			html(" (");
+			cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
+					   filename.buf);
+			html(")");
 		}
 		html(separator);
 	}
diff --git a/ui-snapshot.c b/ui-snapshot.c
index c9ec1f3..07a6447 100644
--- a/ui-snapshot.c
+++ b/ui-snapshot.c
@@ -86,7 +86,7 @@ static int write_tar_xz_archive(const char *hex, const char *prefix)
 }
 
 const struct cgit_snapshot_format cgit_snapshot_formats[] = {
-	/* Keep tar the first! */
+	/* Keep tar the first! Signature download relies on this. */
 	{ ".tar",	"application/x-tar",	write_tar_archive,
 		CGIT_SNAPSHOT_NONE,	CGIT_SNAPSHOT_TAR	},
 	{ ".tar.gz",	"application/x-gzip",	write_tar_gzip_archive,
@@ -269,7 +269,7 @@ void cgit_print_snapshot(const char *head, const char *hex,
 	}
 
 	f = get_format(filename);
-	if (!f || !(ctx.repo->snapshots & f->bit)) {
+	if (!f || (!sig_filename && !(ctx.repo->snapshots & f->bit))) {
 		cgit_print_error_page(400, "Bad request",
 				"Unsupported snapshot format: %s", filename);
 		return;

More information about the CGit mailing list