After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 764125 - Add support for untrusted local pulls
Add support for untrusted local pulls
Status: RESOLVED FIXED
Product: ostree
Classification: Infrastructure
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: OSTree maintainer(s)
OSTree maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2016-03-24 09:05 UTC by Alexander Larsson
Modified: 2016-03-25 18:17 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
pull: Add OSTREE_REPO_PULL_FLAGS_UNTRUSTED flag (10.29 KB, patch)
2016-03-24 09:06 UTC, Alexander Larsson
reviewed Details | Review
Add --untrusted option to pull and pull-local (5.33 KB, patch)
2016-03-24 09:06 UTC, Alexander Larsson
reviewed Details | Review
Add test for untrusted local pulls (2.93 KB, patch)
2016-03-24 09:06 UTC, Alexander Larsson
none Details | Review

Description Alexander Larsson 2016-03-24 09:05:36 UTC
Right now a local pull is always trusted. I.e. we don't verify checksums, and we make hardlinks from the source repository. In some cases you have a local repository that you *don't* trust. For instance, it may be owned by another user.

This adds a --untrusted mode that makes sure we veryfy checksums and don't hardlink.
Comment 1 Alexander Larsson 2016-03-24 09:06:02 UTC
Created attachment 324656 [details] [review]
pull: Add OSTREE_REPO_PULL_FLAGS_UNTRUSTED flag

If this is set we verify all objects we pull, even for local remotes,
and we avoid hard-linking into local source repos.
Comment 2 Alexander Larsson 2016-03-24 09:06:07 UTC
Created attachment 324657 [details] [review]
Add --untrusted option to pull and pull-local
Comment 3 Alexander Larsson 2016-03-24 09:06:12 UTC
Created attachment 324658 [details] [review]
Add test for untrusted local pulls
Comment 4 Colin Walters 2016-03-24 21:11:56 UTC
Review of attachment 324656 [details] [review]:

Looks good, just a note we're now using a symbol file.

Oh and don't forget the gtk-doc sections.txt.

::: src/libostree/ostree-repo.h
@@ +425,3 @@
                                               GError              **error);
+_OSTREE_PUBLIC
+gboolean      ostree_repo_import_object_from_with_trust (OstreeRepo           *self,

This will need to be added to the libostree.sym file now.
Comment 5 Colin Walters 2016-03-24 21:12:52 UTC
Review of attachment 324657 [details] [review]:

Would be nice to have a test case for this, corrupting an object in a repo should be relatively easy right?

Otherwise LGTMare
Comment 6 Colin Walters 2016-03-24 21:13:43 UTC
Ah, nevermind, you did do a test =)  Any reason to have the tests separate from the commandline addition?  I'd prefer one commit.
Comment 7 Colin Walters 2016-03-24 21:14:20 UTC
Actually this is all easy enough I can just take care of it on my end.  I'll need to push to github now as a PR so that Homu can merge it.
Comment 8 Colin Walters 2016-03-25 01:14:05 UTC
Imported this patchset to https://github.com/ostreedev/ostree/pull/221

Squashed the last two, and added two fixups.  The find command was finding directories with links, I had to add -type f.  Do the `fixup!`s look ok?
Comment 9 Alexander Larsson 2016-03-25 12:46:14 UTC
looks good