static gboolean decompress_all (GConverter *converter, GBytes *data, GBytes **out_uncompressed, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; g_autoptr(GMemoryInputStream) memin = (GMemoryInputStream*)g_memory_input_stream_new_from_bytes (data); g_autoptr(GMemoryOutputStream) memout = (GMemoryOutputStream*)g_memory_output_stream_new (NULL, 0, g_realloc, g_free); g_autoptr(GInputStream) convin = g_converter_input_stream_new ((GInputStream*)memin, converter); { gssize n_bytes_written = g_output_stream_splice ((GOutputStream*)memout, convin, G_OUTPUT_STREAM_SPLICE_CLOSE_SOURCE | G_OUTPUT_STREAM_SPLICE_CLOSE_TARGET, cancellable, error); if (n_bytes_written < 0) goto out; } ret = TRUE; *out_uncompressed = g_memory_output_stream_steal_as_bytes (memout); out: return ret; }
static gboolean load_snap_icon (GsApp *app, SnapdClient *client, SnapdSnap *snap, GCancellable *cancellable) { const gchar *icon_url; g_autoptr(SnapdIcon) icon = NULL; g_autoptr(GInputStream) input_stream = NULL; g_autoptr(GdkPixbuf) pixbuf = NULL; g_autoptr(GError) error = NULL; icon_url = snapd_snap_get_icon (snap); if (icon_url == NULL || strcmp (icon_url, "") == 0) return FALSE; icon = snapd_client_get_icon_sync (client, gs_app_get_metadata_item (app, "snap::name"), cancellable, &error); if (icon == NULL) { g_warning ("Failed to load snap icon: %s", error->message); return FALSE; } input_stream = g_memory_input_stream_new_from_bytes (snapd_icon_get_data (icon)); pixbuf = gdk_pixbuf_new_from_stream_at_scale (input_stream, 64, 64, TRUE, cancellable, &error); if (pixbuf == NULL) { g_warning ("Failed to decode snap icon %s: %s", icon_url, error->message); return FALSE; } gs_app_set_pixbuf (app, pixbuf); return TRUE; }
static gboolean gtk_css_image_url_parse (GtkCssImage *image, GtkCssParser *parser) { GtkCssImageUrl *self = GTK_CSS_IMAGE_URL (image); char *url, *scheme; url = gtk_css_parser_consume_url (parser); if (url == NULL) return FALSE; scheme = g_uri_parse_scheme (url); if (scheme && g_ascii_strcasecmp (scheme, "data") == 0) { GInputStream *stream; GdkPixbuf *pixbuf; GBytes *bytes; GError *error = NULL; bytes = gtk_css_data_url_parse (url, NULL, &error); if (bytes) { stream = g_memory_input_stream_new_from_bytes (bytes); pixbuf = gdk_pixbuf_new_from_stream (stream, NULL, &error); g_object_unref (stream); if (pixbuf == NULL) { gtk_css_parser_emit_error (parser, gtk_css_parser_get_start_location (parser), gtk_css_parser_get_end_location (parser), error); g_clear_error (&error); } else { GdkTexture *texture = gdk_texture_new_for_pixbuf (pixbuf); self->loaded_image = gtk_css_image_paintable_new (GDK_PAINTABLE (texture), GDK_PAINTABLE (texture)); g_object_unref (texture); g_object_unref (pixbuf); } } } else { self->file = gtk_css_parser_resolve_url (parser, url); } g_free (url); g_free (scheme); return TRUE; }
static GInputStream * gdk_pixbuf_load (GLoadableIcon *icon, int size, char **type, GCancellable *cancellable, GError **error) { GInputStream *stream; GBytes *bytes; bytes = gdk_pixbuf_make_bytes (GDK_PIXBUF (icon), error); if (!bytes) return NULL; stream = g_memory_input_stream_new_from_bytes (bytes); g_bytes_unref (bytes); if (type) *type = g_strdup ("image/png"); return stream; }
/** * ostree_repo_static_delta_execute_offline: * @self: Repo * @dir_or_file: Path to a directory containing static delta data, or directly to the superblock * @skip_validation: If %TRUE, assume data integrity * @cancellable: Cancellable * @error: Error * * Given a directory representing an already-downloaded static delta * on disk, apply it, generating a new commit. The directory must be * named with the form "FROM-TO", where both are checksums, and it * must contain a file named "superblock", along with at least one part. */ gboolean ostree_repo_static_delta_execute_offline (OstreeRepo *self, GFile *dir_or_file, gboolean skip_validation, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; guint i, n; const char *dir_or_file_path = NULL; glnx_fd_close int meta_fd = -1; glnx_fd_close int dfd = -1; g_autoptr(GVariant) meta = NULL; g_autoptr(GVariant) headers = NULL; g_autoptr(GVariant) metadata = NULL; g_autoptr(GVariant) fallback = NULL; g_autofree char *to_checksum = NULL; g_autofree char *from_checksum = NULL; g_autofree char *basename = NULL; dir_or_file_path = gs_file_get_path_cached (dir_or_file); /* First, try opening it as a directory */ dfd = glnx_opendirat_with_errno (AT_FDCWD, dir_or_file_path, TRUE); if (dfd < 0) { if (errno != ENOTDIR) { glnx_set_error_from_errno (error); goto out; } else { g_autofree char *dir = dirname (g_strdup (dir_or_file_path)); basename = g_path_get_basename (dir_or_file_path); if (!glnx_opendirat (AT_FDCWD, dir, TRUE, &dfd, error)) goto out; } } else basename = g_strdup ("superblock"); meta_fd = openat (dfd, basename, O_RDONLY | O_CLOEXEC); if (meta_fd < 0) { glnx_set_error_from_errno (error); goto out; } if (!ot_util_variant_map_fd (meta_fd, 0, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), FALSE, &meta, error)) goto out; /* Parsing OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT */ metadata = g_variant_get_child_value (meta, 0); /* Write the to-commit object */ { g_autoptr(GVariant) to_csum_v = NULL; g_autoptr(GVariant) from_csum_v = NULL; g_autoptr(GVariant) to_commit = NULL; gboolean have_to_commit; gboolean have_from_commit; to_csum_v = g_variant_get_child_value (meta, 3); if (!ostree_validate_structureof_csum_v (to_csum_v, error)) goto out; to_checksum = ostree_checksum_from_bytes_v (to_csum_v); from_csum_v = g_variant_get_child_value (meta, 2); if (g_variant_n_children (from_csum_v) > 0) { if (!ostree_validate_structureof_csum_v (from_csum_v, error)) goto out; from_checksum = ostree_checksum_from_bytes_v (from_csum_v); if (!ostree_repo_has_object (self, OSTREE_OBJECT_TYPE_COMMIT, from_checksum, &have_from_commit, cancellable, error)) goto out; if (!have_from_commit) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Commit %s, which is the delta source, is not in repository", from_checksum); goto out; } } if (!ostree_repo_has_object (self, OSTREE_OBJECT_TYPE_COMMIT, to_checksum, &have_to_commit, cancellable, error)) goto out; if (!have_to_commit) { g_autofree char *detached_path = _ostree_get_relative_static_delta_path (from_checksum, to_checksum, "commitmeta"); g_autoptr(GVariant) detached_data = NULL; detached_data = g_variant_lookup_value (metadata, detached_path, G_VARIANT_TYPE("a{sv}")); if (detached_data && !ostree_repo_write_commit_detached_metadata (self, to_checksum, detached_data, cancellable, error)) goto out; to_commit = g_variant_get_child_value (meta, 4); if (!ostree_repo_write_metadata (self, OSTREE_OBJECT_TYPE_COMMIT, to_checksum, to_commit, NULL, cancellable, error)) goto out; } } fallback = g_variant_get_child_value (meta, 7); if (g_variant_n_children (fallback) > 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Cannot execute delta offline: contains nonempty http fallback entries"); goto out; } headers = g_variant_get_child_value (meta, 6); n = g_variant_n_children (headers); for (i = 0; i < n; i++) { guint32 version; guint64 size; guint64 usize; const guchar *csum; char checksum[OSTREE_SHA256_STRING_LEN+1]; gboolean have_all; g_autoptr(GInputStream) part_in = NULL; g_autoptr(GVariant) inline_part_data = NULL; g_autoptr(GVariant) header = NULL; g_autoptr(GVariant) csum_v = NULL; g_autoptr(GVariant) objects = NULL; g_autoptr(GVariant) part = NULL; g_autofree char *deltapart_path = NULL; OstreeStaticDeltaOpenFlags delta_open_flags = skip_validation ? OSTREE_STATIC_DELTA_OPEN_FLAGS_SKIP_CHECKSUM : 0; header = g_variant_get_child_value (headers, i); g_variant_get (header, "(u@aytt@ay)", &version, &csum_v, &size, &usize, &objects); if (version > OSTREE_DELTAPART_VERSION) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Delta part has too new version %u", version); goto out; } if (!_ostree_repo_static_delta_part_have_all_objects (self, objects, &have_all, cancellable, error)) goto out; /* If we already have these objects, don't bother executing the * static delta. */ if (have_all) continue; csum = ostree_checksum_bytes_peek_validate (csum_v, error); if (!csum) goto out; ostree_checksum_inplace_from_bytes (csum, checksum); deltapart_path = _ostree_get_relative_static_delta_part_path (from_checksum, to_checksum, i); inline_part_data = g_variant_lookup_value (metadata, deltapart_path, G_VARIANT_TYPE("(yay)")); if (inline_part_data) { g_autoptr(GBytes) inline_part_bytes = g_variant_get_data_as_bytes (inline_part_data); part_in = g_memory_input_stream_new_from_bytes (inline_part_bytes); /* For inline parts, we don't checksum, because it's * included with the metadata, so we're not trying to * protect against MITM or such. Non-security related * checksums should be done at the underlying storage layer. */ delta_open_flags |= OSTREE_STATIC_DELTA_OPEN_FLAGS_SKIP_CHECKSUM; if (!_ostree_static_delta_part_open (part_in, inline_part_bytes, delta_open_flags, NULL, &part, cancellable, error)) goto out; } else { g_autofree char *relpath = g_strdup_printf ("%u", i); /* TODO avoid malloc here */ glnx_fd_close int part_fd = openat (dfd, relpath, O_RDONLY | O_CLOEXEC); if (part_fd < 0) { glnx_set_error_from_errno (error); g_prefix_error (error, "Opening deltapart '%s': ", deltapart_path); goto out; } part_in = g_unix_input_stream_new (part_fd, FALSE); if (!_ostree_static_delta_part_open (part_in, NULL, delta_open_flags, checksum, &part, cancellable, error)) goto out; } if (!_ostree_static_delta_part_execute (self, objects, part, skip_validation, NULL, cancellable, error)) { g_prefix_error (error, "Executing delta part %i: ", i); goto out; } } ret = TRUE; out: return ret; }
gboolean rpmostree_compose_builtin_sign (int argc, char **argv, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; GOptionContext *context = g_option_context_new ("- Use rpm-sign to sign an OSTree commit"); gs_unref_object GFile *repopath = NULL; gs_unref_object OstreeRepo *repo = NULL; gs_unref_object GFile *tmp_commitdata_file = NULL; gs_unref_object GFileIOStream *tmp_sig_stream = NULL; gs_unref_object GFile *tmp_sig_file = NULL; gs_unref_object GFileIOStream *tmp_commitdata_stream = NULL; GOutputStream *tmp_commitdata_output = NULL; gs_unref_object GInputStream *commit_data = NULL; gs_free char *checksum = NULL; gs_unref_variant GVariant *commit_variant = NULL; gs_unref_bytes GBytes *commit_bytes = NULL; if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, error)) goto out; if (!(opt_repo_path && opt_key_id && opt_rev)) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Missing required argument"); goto out; } repopath = g_file_new_for_path (opt_repo_path); repo = ostree_repo_new (repopath); if (!ostree_repo_open (repo, cancellable, error)) goto out; if (!ostree_repo_resolve_rev (repo, opt_rev, FALSE, &checksum, error)) goto out; if (!ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT, checksum, &commit_variant, error)) goto out; commit_bytes = g_variant_get_data_as_bytes (commit_variant); commit_data = (GInputStream*)g_memory_input_stream_new_from_bytes (commit_bytes); tmp_commitdata_file = g_file_new_tmp ("tmpsigXXXXXX", &tmp_commitdata_stream, error); if (!tmp_commitdata_file) goto out; tmp_commitdata_output = (GOutputStream*)g_io_stream_get_output_stream ((GIOStream*)tmp_commitdata_stream); if (g_output_stream_splice ((GOutputStream*)tmp_commitdata_output, commit_data, G_OUTPUT_STREAM_SPLICE_CLOSE_SOURCE | G_OUTPUT_STREAM_SPLICE_CLOSE_TARGET, cancellable, error) < 0) goto out; tmp_sig_file = g_file_new_tmp ("tmpsigoutXXXXXX", &tmp_sig_stream, error); if (!tmp_sig_file) goto out; (void) g_io_stream_close ((GIOStream*)tmp_sig_stream, NULL, NULL); if (!gs_subprocess_simple_run_sync (NULL, GS_SUBPROCESS_STREAM_DISPOSITION_NULL, cancellable, error, "rpm-sign", "--key", opt_key_id, "--detachsign", gs_file_get_path_cached (tmp_commitdata_file), "--output", gs_file_get_path_cached (tmp_sig_file), NULL)) goto out; { char *sigcontent = NULL; gsize len; gs_unref_bytes GBytes *sigbytes = NULL; if (!g_file_load_contents (tmp_sig_file, cancellable, &sigcontent, &len, NULL, error)) goto out; sigbytes = g_bytes_new_take (sigcontent, len); if (!ostree_repo_append_gpg_signature (repo, checksum, sigbytes, cancellable, error)) goto out; } g_print ("Successfully signed OSTree commit=%s with key=%s\n", checksum, opt_key_id); ret = TRUE; out: if (tmp_commitdata_file) (void) gs_file_unlink (tmp_commitdata_file, NULL, NULL); if (tmp_sig_file) (void) gs_file_unlink (tmp_sig_file, NULL, NULL); return ret; }
/** * gs_plugin_file_to_app: */ gboolean gs_plugin_file_to_app (GsPlugin *plugin, GList **list, GFile *file, GCancellable *cancellable, GError **error) { g_autofree gchar *content_type = NULL; g_autofree gchar *id_prefixed = NULL; g_autoptr(GBytes) appstream_gz = NULL; g_autoptr(GBytes) icon_data = NULL; g_autoptr(GBytes) metadata = NULL; g_autoptr(GsApp) app = NULL; g_autoptr(XdgAppBundleRef) xref_bundle = NULL; const gchar *mimetypes[] = { "application/vnd.xdgapp", NULL }; /* does this match any of the mimetypes we support */ content_type = gs_utils_get_content_type (file, cancellable, error); if (content_type == NULL) return FALSE; if (!g_strv_contains (mimetypes, content_type)) return TRUE; /* load bundle */ xref_bundle = xdg_app_bundle_ref_new (file, error); if (xref_bundle == NULL) { g_prefix_error (error, "error loading bundle: "); return FALSE; } /* create a virtual ID */ id_prefixed = gs_plugin_xdg_app_build_id (XDG_APP_REF (xref_bundle)); /* load metadata */ app = gs_app_new (id_prefixed); gs_app_set_kind (app, AS_APP_KIND_DESKTOP); gs_app_set_state (app, AS_APP_STATE_AVAILABLE_LOCAL); gs_app_set_size_installed (app, xdg_app_bundle_ref_get_installed_size (xref_bundle)); gs_plugin_xdg_app_set_metadata (app, XDG_APP_REF (xref_bundle)); metadata = xdg_app_bundle_ref_get_metadata (xref_bundle); if (!gs_plugin_xdg_app_set_app_metadata (app, g_bytes_get_data (metadata, NULL), g_bytes_get_size (metadata), error)) return FALSE; /* load AppStream */ appstream_gz = xdg_app_bundle_ref_get_appstream (xref_bundle); if (appstream_gz != NULL) { g_autoptr(GZlibDecompressor) decompressor = NULL; g_autoptr(GInputStream) stream_gz = NULL; g_autoptr(GInputStream) stream_data = NULL; g_autoptr(GBytes) appstream = NULL; g_autoptr(AsStore) store = NULL; g_autofree gchar *id = NULL; AsApp *item; /* decompress data */ decompressor = g_zlib_decompressor_new (G_ZLIB_COMPRESSOR_FORMAT_GZIP); stream_gz = g_memory_input_stream_new_from_bytes (appstream_gz); if (stream_gz == NULL) return FALSE; stream_data = g_converter_input_stream_new (stream_gz, G_CONVERTER (decompressor)); appstream = g_input_stream_read_bytes (stream_data, 0x100000, /* 1Mb */ cancellable, error); if (appstream == NULL) return FALSE; store = as_store_new (); if (!as_store_from_bytes (store, appstream, cancellable, error)) return FALSE; /* find app */ id = g_strdup_printf ("%s.desktop", gs_app_get_xdgapp_name (app)); item = as_store_get_app_by_id (store, id); if (item == NULL) { g_set_error (error, GS_PLUGIN_ERROR, GS_PLUGIN_ERROR_FAILED, "application %s not found", id); return FALSE; } /* copy details from AppStream to app */ if (!gs_appstream_refine_app (plugin, app, item, error)) return FALSE; } /* load icon */ icon_data = xdg_app_bundle_ref_get_icon (xref_bundle, 64 * gs_plugin_get_scale (plugin)); if (icon_data == NULL) icon_data = xdg_app_bundle_ref_get_icon (xref_bundle, 64); if (icon_data != NULL) { g_autoptr(GInputStream) stream_icon = NULL; g_autoptr(GdkPixbuf) pixbuf = NULL; stream_icon = g_memory_input_stream_new_from_bytes (icon_data); pixbuf = gdk_pixbuf_new_from_stream (stream_icon, cancellable, error); if (pixbuf == NULL) return FALSE; gs_app_set_pixbuf (app, pixbuf); } else { g_autoptr(AsIcon) icon = NULL; icon = as_icon_new (); as_icon_set_kind (icon, AS_ICON_KIND_STOCK); as_icon_set_name (icon, "application-x-executable"); gs_app_set_icon (app, icon); } /* not quite true: this just means we can update this specific app */ if (xdg_app_bundle_ref_get_origin (xref_bundle)) gs_app_add_quirk (app, AS_APP_QUIRK_HAS_SOURCE); g_debug ("created local app: %s", gs_app_to_string (app)); gs_app_list_add (list, app); return TRUE; }
gboolean install_bundle (XdgAppDir *dir, GOptionContext *context, int argc, char **argv, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; g_autoptr(GFile) deploy_base = NULL; g_autoptr(GFile) file = NULL; g_autoptr(GFile) gpg_tmp_file = NULL; const char *filename; g_autofree char *ref = NULL; g_autofree char *origin = NULL; gboolean created_deploy_base = FALSE; gboolean added_remote = FALSE; g_autofree char *to_checksum = NULL; g_auto(GStrv) parts = NULL; g_autoptr(GBytes) gpg_data = NULL; g_autofree char *remote = NULL; OstreeRepo *repo; g_autoptr(OstreeGpgVerifyResult) gpg_result = NULL; g_autoptr(GError) my_error = NULL; g_auto(GLnxLockFile) lock = GLNX_LOCK_FILE_INIT; if (argc < 2) return usage_error (context, "bundle filename must be specified", error); filename = argv[1]; repo = xdg_app_dir_get_repo (dir); if (!xdg_app_supports_bundles (repo)) return xdg_app_fail (error, "Your version of ostree is too old to support single-file bundles"); if (!xdg_app_dir_lock (dir, &lock, cancellable, error)) goto out; file = g_file_new_for_commandline_arg (filename); { g_autoptr(GVariant) delta = NULL; g_autoptr(GVariant) metadata = NULL; g_autoptr(GBytes) bytes = NULL; g_autoptr(GVariant) to_csum_v = NULL; g_autoptr(GVariant) gpg_value = NULL; GMappedFile *mfile = g_mapped_file_new (gs_file_get_path_cached (file), FALSE, error); if (mfile == NULL) return FALSE; bytes = g_mapped_file_get_bytes (mfile); g_mapped_file_unref (mfile); delta = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), bytes, FALSE); g_variant_ref_sink (delta); to_csum_v = g_variant_get_child_value (delta, 3); if (!ostree_validate_structureof_csum_v (to_csum_v, error)) return FALSE; to_checksum = ostree_checksum_from_bytes_v (to_csum_v); metadata = g_variant_get_child_value (delta, 0); if (!g_variant_lookup (metadata, "ref", "s", &ref)) return xdg_app_fail (error, "Invalid bundle, no ref in metadata"); if (!g_variant_lookup (metadata, "origin", "s", &origin)) origin = NULL; gpg_value = g_variant_lookup_value (metadata, "gpg-keys", G_VARIANT_TYPE("ay")); if (gpg_value) { gsize n_elements; const char *data = g_variant_get_fixed_array (gpg_value, &n_elements, 1); gpg_data = g_bytes_new (data, n_elements); } } parts = xdg_app_decompose_ref (ref, error); if (parts == NULL) return FALSE; deploy_base = xdg_app_dir_get_deploy_dir (dir, ref); if (g_file_query_exists (deploy_base, cancellable)) return xdg_app_fail (error, "%s branch %s already installed", parts[1], parts[3]); if (opt_gpg_file != NULL) { /* Override gpg_data from file */ gpg_data = read_gpg_data (cancellable, error); if (gpg_data == NULL) return FALSE; } /* Add a remote for later updates */ if (origin != NULL) { g_auto(GStrv) remotes = ostree_repo_remote_list (repo, NULL); int version = 0; do { g_autofree char *name = NULL; if (version == 0) name = g_strdup_printf ("%s-origin", parts[1]); else name = g_strdup_printf ("%s-%d-origin", parts[1], version); version++; if (remotes == NULL || !g_strv_contains ((const char * const *) remotes, name)) remote = g_steal_pointer (&name); } while (remote == NULL); } if (!ostree_repo_prepare_transaction (repo, NULL, cancellable, error)) return FALSE; ostree_repo_transaction_set_ref (repo, remote, ref, to_checksum); if (!ostree_repo_static_delta_execute_offline (repo, file, FALSE, cancellable, error)) return FALSE; if (gpg_data) { g_autoptr(GFileIOStream) stream; GOutputStream *o; gpg_tmp_file = g_file_new_tmp (".xdg-app-XXXXXX", &stream, error); if (gpg_tmp_file == NULL) return FALSE; o = g_io_stream_get_output_stream (G_IO_STREAM (stream)); if (!g_output_stream_write_all (o, g_bytes_get_data (gpg_data, NULL), g_bytes_get_size (gpg_data), NULL, cancellable, error)) return FALSE; } gpg_result = ostree_repo_verify_commit_ext (repo, to_checksum, NULL, gpg_tmp_file, cancellable, &my_error); if (gpg_tmp_file) g_file_delete (gpg_tmp_file, cancellable, NULL); if (gpg_result == NULL) { /* NOT_FOUND means no gpg signature, we ignore this *if* there * is no gpg key specified in the bundle or by the user */ if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND) && gpg_data == NULL) g_clear_error (&my_error); else { g_propagate_error (error, g_steal_pointer (&my_error)); return FALSE; } } else { /* If there is no valid gpg signature we fail, unless there is no gpg key specified (on the command line or in the file) because then we trust the source bundle. */ if (ostree_gpg_verify_result_count_valid (gpg_result) == 0 && gpg_data != NULL) return xdg_app_fail (error, "GPG signatures found, but none are in trusted keyring"); } if (!ostree_repo_commit_transaction (repo, NULL, cancellable, error)) return FALSE; if (!g_file_make_directory_with_parents (deploy_base, cancellable, error)) return FALSE; /* From here we need to goto out on error, to clean up */ created_deploy_base = TRUE; if (remote) { g_autoptr(GVariantBuilder) optbuilder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}")); g_autofree char *basename = g_file_get_basename (file); g_variant_builder_add (optbuilder, "{s@v}", "xa.title", g_variant_new_variant (g_variant_new_string (basename))); g_variant_builder_add (optbuilder, "{s@v}", "xa.noenumerate", g_variant_new_variant (g_variant_new_boolean (TRUE))); g_variant_builder_add (optbuilder, "{s@v}", "xa.prio", g_variant_new_variant (g_variant_new_string ("0"))); if (!ostree_repo_remote_add (repo, remote, origin, g_variant_builder_end (optbuilder), cancellable, error)) goto out; added_remote = TRUE; if (gpg_data) { g_autoptr(GInputStream) gpg_data_as_stream = g_memory_input_stream_new_from_bytes (gpg_data); if (!ostree_repo_remote_gpg_import (repo, remote, gpg_data_as_stream, NULL, NULL, cancellable, error)) goto out; } if (!xdg_app_dir_set_origin (dir, ref, remote, cancellable, error)) goto out; } if (!xdg_app_dir_deploy (dir, ref, to_checksum, cancellable, error)) goto out; if (!xdg_app_dir_make_current_ref (dir, ref, cancellable, error)) goto out; if (strcmp (parts[0], "app") == 0) { if (!xdg_app_dir_update_exports (dir, parts[1], cancellable, error)) goto out; } glnx_release_lock_file (&lock); xdg_app_dir_cleanup_removed (dir, cancellable, NULL); if (!xdg_app_dir_mark_changed (dir, error)) goto out; ret = TRUE; out: if (created_deploy_base && !ret) gs_shutil_rm_rf (deploy_base, cancellable, NULL); if (added_remote && !ret) ostree_repo_remote_delete (repo, remote, NULL, NULL); return ret; }
/** * ot_file_replace_contents_at: * * Like g_file_replace_contents(), except using a fd-relative * directory, and optionally enforces use of fdatasync(). */ gboolean ot_file_replace_contents_at (int dfd, const char *path, GBytes *contents, gboolean datasync, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; int fd; g_autofree char *tmpname = NULL; g_autoptr(GOutputStream) stream = NULL; g_autoptr(GInputStream) instream = NULL; if (!gs_file_open_in_tmpdir_at (dfd, 0644, &tmpname, &stream, cancellable, error)) goto out; g_assert (G_IS_FILE_DESCRIPTOR_BASED (stream)); fd = g_file_descriptor_based_get_fd (G_FILE_DESCRIPTOR_BASED (stream)); instream = g_memory_input_stream_new_from_bytes (contents); if (g_bytes_get_size (contents) > 0) { int r = posix_fallocate (fd, 0, g_bytes_get_size (contents)); if (r != 0) { /* posix_fallocate is a weird deviation from errno standards */ errno = r; glnx_set_error_from_errno (error); goto out; } } if (g_output_stream_splice (stream, instream, 0, cancellable, error) < 0) goto out; if (datasync && fdatasync (fd) != 0) { glnx_set_error_from_errno (error); goto out; } if (!g_output_stream_close (stream, cancellable, error)) goto out; if (renameat (dfd, tmpname, dfd, path) == -1) { glnx_set_error_from_errno (error); goto out; } g_clear_pointer (&tmpname, g_free); ret = TRUE; out: if (tmpname) (void) unlinkat (dfd, tmpname, 0); return ret; }
static gboolean as_store_cab_from_bytes_with_origin (AsStore *store, GBytes *bytes, const gchar *basename, GCancellable *cancellable, GError **error) { g_autoptr(GCabCabinet) gcab = NULL; g_autoptr(GError) error_local = NULL; g_autofree gchar *tmp_path = NULL; g_autoptr(GFile) tmp_file = NULL; g_autoptr(GInputStream) input_stream = NULL; g_autoptr(GPtrArray) filelist = NULL; guint i; /* open the file */ gcab = gcab_cabinet_new (); input_stream = g_memory_input_stream_new_from_bytes (bytes); if (!gcab_cabinet_load (gcab, input_stream, NULL, &error_local)) { g_set_error (error, AS_STORE_ERROR, AS_STORE_ERROR_FAILED, "cannot load .cab file: %s", error_local->message); return FALSE; } /* decompress to /tmp */ tmp_path = g_dir_make_tmp ("appstream-glib-XXXXXX", &error_local); if (tmp_path == NULL) { g_set_error (error, AS_STORE_ERROR, AS_STORE_ERROR_FAILED, "failed to create temp dir: %s", error_local->message); return FALSE; } /* extract the entire cab file */ filelist = g_ptr_array_new_with_free_func (g_free); tmp_file = g_file_new_for_path (tmp_path); if (!gcab_cabinet_extract_simple (gcab, tmp_file, as_store_cab_cb, filelist, NULL, &error_local)) { g_set_error (error, AS_STORE_ERROR, AS_STORE_ERROR_FAILED, "failed to extract .cab file: %s", error_local->message); return FALSE; } /* loop through each file looking for components */ for (i = 0; i < filelist->len; i++) { AsRelease *rel; AsChecksum *csum_tmp; const gchar *fn; g_autofree gchar *tmp_fn = NULL; g_autoptr(AsApp) app = NULL; /* debug */ fn = g_ptr_array_index (filelist, i); g_debug ("found file %u\t%s", i, fn); /* if inf or metainfo, add */ if (as_format_guess_kind (fn) != AS_FORMAT_KIND_METAINFO) continue; tmp_fn = g_build_filename (tmp_path, fn, NULL); app = as_app_new (); if (!as_app_parse_file (app, tmp_fn, AS_APP_PARSE_FLAG_NONE, &error_local)) { g_set_error (error, AS_STORE_ERROR, AS_STORE_ERROR_FAILED, "%s could not be loaded: %s", tmp_fn, error_local->message); return FALSE; } /* only process the latest release */ rel = as_app_get_release_default (app); if (rel == NULL) { g_set_error_literal (error, AS_STORE_ERROR, AS_STORE_ERROR_FAILED, "no releases in metainfo file"); return FALSE; } /* ensure we always have a container checksum */ csum_tmp = as_release_get_checksum_by_target (rel, AS_CHECKSUM_TARGET_CONTAINER); if (csum_tmp == NULL) { g_autoptr(AsChecksum) csum = NULL; csum = as_checksum_new (); as_checksum_set_target (csum, AS_CHECKSUM_TARGET_CONTAINER); if (basename != NULL) as_checksum_set_filename (csum, basename); as_release_add_checksum (rel, csum); } /* set the container checksum */ if (!as_store_cab_verify_checksum_cab (rel, bytes, error)) return FALSE; /* this is the size of the cab file itself */ if (as_release_get_size (rel, AS_SIZE_KIND_DOWNLOAD) == 0) as_release_set_size (rel, AS_SIZE_KIND_DOWNLOAD, g_bytes_get_size (bytes)); /* ensure we always have a content checksum */ csum_tmp = as_release_get_checksum_by_target (rel, AS_CHECKSUM_TARGET_CONTENT); if (csum_tmp == NULL) { g_autoptr(AsChecksum) csum = NULL; csum = as_checksum_new (); as_checksum_set_target (csum, AS_CHECKSUM_TARGET_CONTENT); /* if this isn't true, a firmware needs to set in * the metainfo.xml file something like: * <checksum target="content" filename="FLASH.ROM"/> */ as_checksum_set_filename (csum, "firmware.bin"); as_release_add_checksum (rel, csum); csum_tmp = csum; } if (!as_store_cab_verify_checksum_fw (csum_tmp, tmp_path, error)) return FALSE; /* set blobs */ if (!as_store_cab_set_release_blobs (rel, tmp_path, error)) return FALSE; /* add any component to the store */ as_store_add_app (store, app); } /* delete temp files */ for (i = 0; i < filelist->len; i++) { const gchar *fn; g_autofree gchar *tmp_fn = NULL; fn = g_ptr_array_index (filelist, i); tmp_fn = g_build_filename (tmp_path, fn, NULL); g_unlink (tmp_fn); } g_rmdir (tmp_path); /* success */ return TRUE; }
int rpmostree_compose_builtin_sign (int argc, char **argv, GCancellable *cancellable, GError **error) { int exit_status = EXIT_FAILURE; GOptionContext *context = g_option_context_new ("- Use rpm-sign to sign an OSTree commit"); g_autoptr(GFile) repopath = NULL; glnx_unref_object OstreeRepo *repo = NULL; g_autoptr(GFile) tmp_commitdata_file = NULL; g_autoptr(GFileIOStream) tmp_sig_stream = NULL; g_autoptr(GFile) tmp_sig_file = NULL; g_autoptr(GFileIOStream) tmp_commitdata_stream = NULL; GOutputStream *tmp_commitdata_output = NULL; g_autoptr(GInputStream) commit_data = NULL; g_autofree char *checksum = NULL; g_autoptr(GVariant) commit_variant = NULL; g_autoptr(GBytes) commit_bytes = NULL; if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD, cancellable, NULL, error)) goto out; if (!(opt_repo_path && opt_key_id && opt_rev)) { rpmostree_usage_error (context, "Missing required argument", error); goto out; } repopath = g_file_new_for_path (opt_repo_path); repo = ostree_repo_new (repopath); if (!ostree_repo_open (repo, cancellable, error)) goto out; if (!ostree_repo_resolve_rev (repo, opt_rev, FALSE, &checksum, error)) goto out; if (!ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT, checksum, &commit_variant, error)) goto out; commit_bytes = g_variant_get_data_as_bytes (commit_variant); commit_data = (GInputStream*)g_memory_input_stream_new_from_bytes (commit_bytes); tmp_commitdata_file = g_file_new_tmp ("tmpsigXXXXXX", &tmp_commitdata_stream, error); if (!tmp_commitdata_file) goto out; tmp_commitdata_output = (GOutputStream*)g_io_stream_get_output_stream ((GIOStream*)tmp_commitdata_stream); if (g_output_stream_splice ((GOutputStream*)tmp_commitdata_output, commit_data, G_OUTPUT_STREAM_SPLICE_CLOSE_SOURCE | G_OUTPUT_STREAM_SPLICE_CLOSE_TARGET, cancellable, error) < 0) goto out; tmp_sig_file = g_file_new_tmp ("tmpsigoutXXXXXX", &tmp_sig_stream, error); if (!tmp_sig_file) goto out; (void) g_io_stream_close ((GIOStream*)tmp_sig_stream, NULL, NULL); { const char *child_argv[] = { "rpm-sign", "--key", opt_key_id, "--detachsign", gs_file_get_path_cached (tmp_commitdata_file), "--output", gs_file_get_path_cached (tmp_sig_file), NULL }; int estatus; if (!g_spawn_sync (NULL, (char**)child_argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL, &estatus, error)) goto out; if (!g_spawn_check_exit_status (estatus, error)) goto out; } { char *sigcontent = NULL; gsize len; g_autoptr(GBytes) sigbytes = NULL; if (!g_file_load_contents (tmp_sig_file, cancellable, &sigcontent, &len, NULL, error)) goto out; sigbytes = g_bytes_new_take (sigcontent, len); if (!ostree_repo_append_gpg_signature (repo, checksum, sigbytes, cancellable, error)) goto out; } g_print ("Successfully signed OSTree commit=%s with key=%s\n", checksum, opt_key_id); exit_status = EXIT_SUCCESS; out: if (tmp_commitdata_file) (void) unlink (gs_file_get_path_cached (tmp_commitdata_file)); if (tmp_sig_file) (void) unlink (gs_file_get_path_cached (tmp_sig_file)); return exit_status; }