GNOME Bugzilla – Bug 764125
Add support for untrusted local pulls
Last modified: 2016-03-25 18:17:05 UTC
Right now a local pull is always trusted. I.e. we don't verify checksums, and we make hardlinks from the source repository. In some cases you have a local repository that you *don't* trust. For instance, it may be owned by another user. This adds a --untrusted mode that makes sure we veryfy checksums and don't hardlink.
Created attachment 324656 [details] [review] pull: Add OSTREE_REPO_PULL_FLAGS_UNTRUSTED flag If this is set we verify all objects we pull, even for local remotes, and we avoid hard-linking into local source repos.
Created attachment 324657 [details] [review] Add --untrusted option to pull and pull-local
Created attachment 324658 [details] [review] Add test for untrusted local pulls
Review of attachment 324656 [details] [review]: Looks good, just a note we're now using a symbol file. Oh and don't forget the gtk-doc sections.txt. ::: src/libostree/ostree-repo.h @@ +425,3 @@ GError **error); +_OSTREE_PUBLIC +gboolean ostree_repo_import_object_from_with_trust (OstreeRepo *self, This will need to be added to the libostree.sym file now.
Review of attachment 324657 [details] [review]: Would be nice to have a test case for this, corrupting an object in a repo should be relatively easy right? Otherwise LGTMare
Ah, nevermind, you did do a test =) Any reason to have the tests separate from the commandline addition? I'd prefer one commit.
Actually this is all easy enough I can just take care of it on my end. I'll need to push to github now as a PR so that Homu can merge it.
Imported this patchset to https://github.com/ostreedev/ostree/pull/221 Squashed the last two, and added two fixups. The find command was finding directories with links, I had to add -type f. Do the `fixup!`s look ok?
looks good