[PATCH v2 2/2] snapshot: support tar signature for compressed tar

Thu Jun 7 17:21:44 CEST 2018

On Thu, Jun 07, 2018 at 05:14:52PM +0200, Christian Hesse wrote:
> From: Christian Hesse <mail at eworm.de>
> 
> This adds support for kernel.org style signatures where the uncompressed
> tar archive is signed and compressed later. The signature is valid for
> all tar* snapshots.
> 
> We have a filter which snapshots may be generated and downloaded. This has
> to allow tar signatures now even if tar itself is not allowed. To simplify
> things we allow all signatures.
> 
> Signed-off-by: Christian Hesse <mail at eworm.de>
> ---
>  ui-shared.c   | 8 ++++++++
>  ui-snapshot.c | 4 ++--
>  2 files changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/ui-shared.c b/ui-shared.c
> index 8a786e0..72c0a33 100644
> --- a/ui-shared.c
> +++ b/ui-shared.c
> @@ -1139,6 +1139,14 @@ void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref,
>  			cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
>  					   filename.buf);
>  			html(")");
> +		} else if (f->base == CGIT_SNAPSHOT_TAR && cgit_snapshot_get_sig(ref, &cgit_snapshot_formats[0])) {

I was thinking we could just to the lookup here, so walk the array to
find the base signature type.  That avoids the dependency on the order
of the table.

What I'd really like to do is avoid storing the "bit" field in the array
and just calculate it from the index, something like:

	1u << (fmt - &cgit_snapshot_formats[0])

but I haven't followed all of the consumers of the snapshots array to
figure out if it's easy to convert them.

> +			int suf_len = strlen(f->suffix);
> +			strbuf_remove(&filename, strlen(filename.buf) - suf_len, suf_len);
> +			strbuf_addstr(&filename, ".tar.asc");
> +			html(" (");
> +			cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
> +					   filename.buf);
> +			html(")");
>  		}
>  		html(separator);
>  	}
> diff --git a/ui-snapshot.c b/ui-snapshot.c
> index c9ec1f3..07a6447 100644
> --- a/ui-snapshot.c
> +++ b/ui-snapshot.c
> @@ -86,7 +86,7 @@ static int write_tar_xz_archive(const char *hex, const char *prefix)
>  }
>  
>  const struct cgit_snapshot_format cgit_snapshot_formats[] = {
> -	/* Keep tar the first! */
> +	/* Keep tar the first! Signature download relies on this. */
>  	{ ".tar",	"application/x-tar",	write_tar_archive,
>  		CGIT_SNAPSHOT_NONE,	CGIT_SNAPSHOT_TAR	},
>  	{ ".tar.gz",	"application/x-gzip",	write_tar_gzip_archive,
> @@ -269,7 +269,7 @@ void cgit_print_snapshot(const char *head, const char *hex,
>  	}
>  
>  	f = get_format(filename);
> -	if (!f || !(ctx.repo->snapshots & f->bit)) {
> +	if (!f || (!sig_filename && !(ctx.repo->snapshots & f->bit))) {
>  		cgit_print_error_page(400, "Bad request",
>  				"Unsupported snapshot format: %s", filename);
>  		return;