diff options
| author | tblume <Thomas.Blume@suse.com> | 2017-04-24 20:37:11 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2017-04-24 20:37:11 +0200 |
| commit | 697be0be15df33e421e29c3b60b10b40c413bb8b (patch) | |
| tree | 25cc20fe22d75c46b013d65af1a27965cc8a0f11 /src/import/pull-tar.c | |
| parent | 8ea9aa9e88b043aaa48eed4b482ac58342457e16 (diff) | |
importd: support SUSE style checksums (#5206)
In order to verify a pulled container or disk image, importd only supports
SHA256SUMS files with the detached signature in SHA256SUMS.gpg.
SUSE is using an inline signed file with the name of the image itself and the
suffix .sha256 instead.
This commit adds support for this type of signature files.
It is first attempted to pull the .sha256 file.
If this fails with error 404, the SHA256SUMS and SHA256SUMS.gpg files are
pulled and used for verification.
Diffstat (limited to 'src/import/pull-tar.c')
| -rw-r--r-- | src/import/pull-tar.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/import/pull-tar.c b/src/import/pull-tar.c index 91833d6174..d4b599ba95 100644 --- a/src/import/pull-tar.c +++ b/src/import/pull-tar.c @@ -298,11 +298,9 @@ static void tar_pull_job_on_finished(PullJob *j) { if (j == i->settings_job) { if (j->error != 0) log_info_errno(j->error, "Settings file could not be retrieved, proceeding without."); - } else if (j->error != 0) { + } else if (j->error != 0 && j != i->signature_job) { if (j == i->checksum_job) log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)"); - else if (j == i->signature_job) - log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)"); else log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)"); @@ -317,6 +315,13 @@ static void tar_pull_job_on_finished(PullJob *j) { if (!tar_pull_is_done(i)) return; + if (i->checksum_job->style == VERIFICATION_PER_DIRECTORY && i->signature_job->error != 0) { + log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)"); + + r = i->signature_job->error; + goto finish; + } + i->tar_job->disk_fd = safe_close(i->tar_job->disk_fd); if (i->settings_job) i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd); @@ -547,6 +552,7 @@ int tar_pull_start( if (i->checksum_job) { i->checksum_job->on_progress = tar_pull_job_on_progress; + i->checksum_job->style = VERIFICATION_PER_FILE; r = pull_job_begin(i->checksum_job); if (r < 0) |