static GBytes *
load_file (const gchar *filename,
GError **error)
{
GError *local_error = NULL;
GMappedFile *mapped;
GBytes *bytes;
mapped = g_mapped_file_new (filename, FALSE, &local_error);
if (g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_NOENT) ||
g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_ISDIR) ||
g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_NAMETOOLONG) ||
g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_LOOP) ||
g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_INVAL))
{
g_clear_error (&local_error);
return NULL;
}
/* A real error to stop on */
else if (local_error)
{
g_propagate_error (error, local_error);
return NULL;
}
bytes = g_mapped_file_get_bytes (mapped);
g_mapped_file_unref (mapped);
return bytes;
}
int
main (int argc, char **argv)
{
GError *local_error = NULL;
GError **error = &local_error;
GBytes *from_bytes = NULL;
GBytes *to_bytes = NULL;
const char *from_path;
const char *to_path;
OstreeRollsumMatches *matches;
GMappedFile *mfile;
g_setenv ("GIO_USE_VFS", "local", TRUE);
if (argc < 3)
exit (EXIT_FAILURE);
from_path = argv[1];
to_path = argv[2];
mfile = g_mapped_file_new (from_path, FALSE, error);
if (!mfile)
goto out;
from_bytes = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
mfile = g_mapped_file_new (to_path, FALSE, error);
if (!mfile)
goto out;
to_bytes = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
matches = _ostree_compute_rollsum_matches (from_bytes, to_bytes);
g_printerr ("rollsum crcs=%u bufs=%u total=%u matchsize=%llu\n",
matches->crcmatches,
matches->bufmatches,
matches->total, (unsigned long long)matches->match_size);
out:
if (local_error)
{
g_printerr ("%s\n", local_error->message);
g_error_free (local_error);
return 1;
}
return 0;
}
static void
send_login_html (CockpitWebResponse *response,
CockpitHandlerData *ws)
{
GHashTable *headers = NULL;
GList *l, *output = NULL;
gchar *login_html;
GMappedFile *file;
GError *error = NULL;
GBytes *body = NULL;
gsize length;
login_html = g_build_filename (ws->static_roots[0], "login.html", NULL);
file = g_mapped_file_new (login_html, FALSE, &error);
if (file == NULL)
{
g_warning ("%s: %s", login_html, error->message);
cockpit_web_response_error (response, 500, NULL, NULL);
g_clear_error (&error);
goto out;
}
body = g_mapped_file_get_bytes (file);
output = cockpit_template_expand (body, substitute_environment, ws->os_release);
length = 0;
for (l = output; l != NULL; l = g_list_next (l))
length += g_bytes_get_size (l->data);
headers = cockpit_web_server_new_table ();
g_hash_table_insert (headers, g_strdup ("Content-Type"), g_strdup ("text/html; charset=utf8"));
cockpit_web_response_headers_full (response, 200, "OK", length, headers);
for (l = output; l != NULL; l = g_list_next (l))
{
if (!cockpit_web_response_queue (response, l->data))
break;
}
if (l == NULL)
cockpit_web_response_complete (response);
out:
g_list_free_full (output, (GDestroyNotify)g_bytes_unref);
if (headers)
g_hash_table_unref (headers);
g_free (login_html);
if (body)
g_bytes_unref (body);
if (file)
g_mapped_file_unref (file);
}
static JsonObject *
read_package_manifest (const gchar *directory,
const gchar *package)
{
JsonObject *manifest = NULL;
GError *error = NULL;
GMappedFile *mapped;
gchar *filename;
GBytes *bytes;
filename = g_build_filename (directory, "manifest.json", NULL);
mapped = g_mapped_file_new (filename, FALSE, &error);
if (!mapped)
{
if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT))
g_debug ("no manifest found: %s", filename);
else if (!g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOTDIR))
g_message ("%s: %s", package, error->message);
g_clear_error (&error);
}
else
{
if (!validate_package (package))
{
g_warning ("package has invalid name: %s", package);
}
else
{
bytes = g_mapped_file_get_bytes (mapped);
manifest = cockpit_json_parse_bytes (bytes, &error);
g_bytes_unref (bytes);
if (!manifest)
{
g_message ("%s: invalid manifest: %s", package, error->message);
g_clear_error (&error);
}
}
g_mapped_file_unref (mapped);
}
g_free (filename);
return manifest;
}
/**
* gs_file_map_readonly:
* @file: a #GFile
* @cancellable:
* @error:
*
* Return a #GBytes which references a readonly view of the contents of
* @file. This function uses #GMappedFile internally.
*
* Returns: (transfer full): a newly referenced #GBytes
*/
GBytes *
gs_file_map_readonly (GFile *file,
GCancellable *cancellable,
GError **error)
{
GMappedFile *mfile;
GBytes *ret;
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return NULL;
mfile = g_mapped_file_new (gs_file_get_path_cached (file), FALSE, error);
if (!mfile)
return NULL;
ret = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
return ret;
}
GBytes *
ot_file_mapat_bytes (int dfd,
const char *path,
GError **error)
{
glnx_fd_close int fd = openat (dfd, path, O_RDONLY | O_CLOEXEC);
g_autoptr(GMappedFile) mfile = NULL;
if (fd < 0)
{
glnx_set_error_from_errno (error);
return FALSE;
}
mfile = g_mapped_file_new_from_fd (fd, FALSE, error);
if (!mfile)
return FALSE;
return g_mapped_file_get_bytes (mfile);
}
static void
send_index_response (CockpitWebResponse *response,
CockpitWebService *service,
JsonObject *modules)
{
GHashTable *out_headers;
GError *error = NULL;
GMappedFile *file = NULL;
GBytes *body = NULL;
GBytes *prefix = NULL;
GBytes *environ = NULL;
GBytes *suffix = NULL;
gchar *index_html;
const gchar *needle;
const gchar *data;
const gchar *pos;
gsize needle_len;
gsize length;
gsize offset;
/*
* Since the index file cannot be properly cached, it can change on
* each request, so we include full environment information directly
* rather than making the client do another round trip later.
*
* If the caller is already logged in, then this is included in the
* environment.
*/
index_html = g_build_filename (cockpit_ws_static_directory, "index.html", NULL);
file = g_mapped_file_new (index_html, FALSE, &error);
if (file == NULL)
{
g_warning ("%s: %s", index_html, error->message);
cockpit_web_response_error (response, 500, NULL, NULL);
g_clear_error (&error);
goto out;
}
body = g_mapped_file_get_bytes (file);
data = g_bytes_get_data (body, &length);
needle = "cockpit_environment_info";
pos = g_strstr_len (data, length, needle);
if (!pos)
{
g_warning ("couldn't find 'cockpit_environment_info' string in index.html");
cockpit_web_response_error (response, 500, NULL, NULL);
goto out;
}
environ = build_environment (service, modules);
offset = (pos - data);
prefix = g_bytes_new_from_bytes (body, 0, offset);
needle_len = strlen (needle);
suffix = g_bytes_new_from_bytes (body, offset + needle_len,
length - (offset + needle_len));
out_headers = cockpit_web_server_new_table ();
g_hash_table_insert (out_headers, g_strdup ("Content-Type"), g_strdup ("text/html; charset=utf8"));
cockpit_web_response_content (response, out_headers, prefix, environ, suffix, NULL);
g_hash_table_unref (out_headers);
out:
g_free (index_html);
if (prefix)
g_bytes_unref (prefix);
if (body)
g_bytes_unref (body);
if (environ)
g_bytes_unref (environ);
if (suffix)
g_bytes_unref (suffix);
if (file)
g_mapped_file_unref (file);
}
/**
* cockpit_web_response_file:
* @response: the response
* @path: escaped path, or NULL to get from response
* @roots: directories to look for file in
*
* Serve a file from disk as an HTTP response.
*/
void
cockpit_web_response_file (CockpitWebResponse *response,
const gchar *escaped,
const gchar **roots)
{
const gchar *csp_header;
GError *error = NULL;
gchar *unescaped = NULL;
gchar *path = NULL;
GMappedFile *file = NULL;
const gchar *root;
GBytes *body;
g_return_if_fail (COCKPIT_IS_WEB_RESPONSE (response));
if (!escaped)
escaped = cockpit_web_response_get_path (response);
g_return_if_fail (escaped != NULL);
/* Someone is trying to escape the root directory, or access hidden files? */
unescaped = g_uri_unescape_string (escaped, NULL);
if (strstr (unescaped, "/.") || strstr (unescaped, "../") || strstr (unescaped, "//"))
{
g_debug ("%s: invalid path request", escaped);
cockpit_web_response_error (response, 404, NULL, "Not Found");
goto out;
}
again:
root = *(roots++);
if (root == NULL)
{
cockpit_web_response_error (response, 404, NULL, "Not Found");
goto out;
}
g_free (path);
path = g_build_filename (root, unescaped, NULL);
if (g_file_test (path, G_FILE_TEST_IS_DIR))
{
cockpit_web_response_error (response, 403, NULL, "Directory Listing Denied");
goto out;
}
/* As a double check of above behavior */
g_assert (path_has_prefix (path, root));
g_clear_error (&error);
file = g_mapped_file_new (path, FALSE, &error);
if (file == NULL)
{
if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT) ||
g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NAMETOOLONG))
{
g_debug ("%s: file not found in root: %s", escaped, root);
goto again;
}
else if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_PERM) ||
g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES) ||
g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ISDIR))
{
cockpit_web_response_error (response, 403, NULL, "Access denied");
goto out;
}
else
{
g_warning ("%s: %s", path, error->message);
cockpit_web_response_error (response, 500, NULL, "Internal server error");
goto out;
}
}
body = g_mapped_file_get_bytes (file);
/*
* The default Content-Security-Policy for .html files allows
* the site to have inline <script> and <style> tags. This code
* is not used when serving resources once logged in, only for
* static resources when we don't yet have a session.
*/
csp_header = NULL;
if (g_str_has_suffix (unescaped, ".html"))
csp_header = "Content-Security-Policy";
cockpit_web_response_headers (response, 200, "OK", g_bytes_get_size (body),
csp_header, "default-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss:",
NULL);
if (cockpit_web_response_queue (response, body))
cockpit_web_response_complete (response);
g_bytes_unref (body);
out:
g_free (unescaped);
g_clear_error (&error);
g_free (path);
if (file)
g_mapped_file_unref (file);
}
static gboolean
rewrite_delta (OstreeRepo *src_repo,
const char *src_commit,
OstreeRepo *dst_repo,
const char *dst_commit,
GVariant *dst_commitv,
const char *from,
GError **error)
{
g_autoptr(GFile) src_delta_file = NULL;
g_autoptr(GFile) dst_delta_file = NULL;
g_autofree char *src_detached_key = _ostree_get_relative_static_delta_path (from, src_commit, "commitmeta");
g_autofree char *dst_detached_key = _ostree_get_relative_static_delta_path (from, dst_commit, "commitmeta");
g_autofree char *src_delta_dir = _ostree_get_relative_static_delta_path (from, src_commit, NULL);
g_autofree char *dst_delta_dir = _ostree_get_relative_static_delta_path (from, dst_commit, NULL);
g_autofree char *src_superblock_path = _ostree_get_relative_static_delta_path (from, src_commit, "superblock");
g_autofree char *dst_superblock_path = _ostree_get_relative_static_delta_path (from, dst_commit, "superblock");
GMappedFile *mfile = NULL;
g_auto(GVariantBuilder) superblock_builder = FLATPAK_VARIANT_BUILDER_INITIALIZER;
g_autoptr(GVariant) src_superblock = NULL;
g_autoptr(GVariant) dst_superblock = NULL;
g_autoptr(GBytes) bytes = NULL;
g_autoptr(GVariant) dst_detached = NULL;
g_autoptr(GVariant) src_metadata = NULL;
g_autoptr(GVariant) src_recurse = NULL;
g_autoptr(GVariant) src_parts = NULL;
g_auto(GVariantDict) dst_metadata_dict = FLATPAK_VARIANT_DICT_INITIALIZER;
int i;
src_delta_file = g_file_resolve_relative_path (ostree_repo_get_path (src_repo), src_superblock_path);
mfile = g_mapped_file_new (flatpak_file_get_path_cached (src_delta_file), FALSE, NULL);
if (mfile == NULL)
return TRUE; /* No superblock, not an error */
bytes = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
src_superblock = g_variant_ref_sink (g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), bytes, FALSE));
src_metadata = g_variant_get_child_value (src_superblock, 0);
src_recurse = g_variant_get_child_value (src_superblock, 5);
src_parts = g_variant_get_child_value (src_superblock, 6);
if (g_variant_n_children (src_recurse) != 0)
return flatpak_fail (error, "Recursive deltas not supported, ignoring");
g_variant_builder_init (&superblock_builder, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT));
g_variant_dict_init (&dst_metadata_dict, src_metadata);
g_variant_dict_remove (&dst_metadata_dict, src_detached_key);
if (ostree_repo_read_commit_detached_metadata (dst_repo, dst_commit, &dst_detached, NULL, NULL) &&
dst_detached != NULL)
g_variant_dict_insert_value (&dst_metadata_dict, dst_detached_key, dst_detached);
g_variant_builder_add_value (&superblock_builder, g_variant_dict_end (&dst_metadata_dict));
g_variant_builder_add_value (&superblock_builder, g_variant_get_child_value (src_superblock, 1)); /* timestamp */
g_variant_builder_add_value (&superblock_builder, from ? ostree_checksum_to_bytes_v (from) : new_bytearray ((guchar *) "", 0));
g_variant_builder_add_value (&superblock_builder, ostree_checksum_to_bytes_v (dst_commit));
g_variant_builder_add_value (&superblock_builder, dst_commitv);
g_variant_builder_add_value (&superblock_builder, src_recurse);
g_variant_builder_add_value (&superblock_builder, src_parts);
g_variant_builder_add_value (&superblock_builder, g_variant_get_child_value (src_superblock, 7)); /* fallback */
dst_superblock = g_variant_ref_sink (g_variant_builder_end (&superblock_builder));
if (!glnx_shutil_mkdir_p_at (ostree_repo_get_dfd (dst_repo), dst_delta_dir, 0755, NULL, error))
return FALSE;
for (i = 0; i < g_variant_n_children (src_parts); i++)
{
g_autofree char *src_part_path = g_strdup_printf ("%s/%d", src_delta_dir, i);
g_autofree char *dst_part_path = g_strdup_printf ("%s/%d", dst_delta_dir, i);
if (!glnx_file_copy_at (ostree_repo_get_dfd (src_repo),
src_part_path,
NULL,
ostree_repo_get_dfd (dst_repo),
dst_part_path,
GLNX_FILE_COPY_OVERWRITE | GLNX_FILE_COPY_NOXATTRS,
NULL, error))
return FALSE;
}
dst_delta_file = g_file_resolve_relative_path (ostree_repo_get_path (dst_repo), dst_superblock_path);
if (!flatpak_variant_save (dst_delta_file, dst_superblock, NULL, error))
return FALSE;
return TRUE;
}
/**
* cockpit_web_response_file:
* @response: the response
* @path: escaped path, or NULL to get from response
* @roots: directories to look for file in
*
* Serve a file from disk as an HTTP response.
*/
void
cockpit_web_response_file (CockpitWebResponse *response,
const gchar *escaped,
gboolean cache_forever,
const gchar **roots)
{
const gchar *cache_control;
GError *error = NULL;
gchar *unescaped;
char *path = NULL;
gchar *built = NULL;
GMappedFile *file = NULL;
const gchar *root;
GBytes *body;
g_return_if_fail (COCKPIT_IS_WEB_RESPONSE (response));
if (!escaped)
escaped = cockpit_web_response_get_path (response);
g_return_if_fail (escaped != NULL);
again:
root = *(roots++);
if (root == NULL)
{
cockpit_web_response_error (response, 404, NULL, "Not Found");
goto out;
}
unescaped = g_uri_unescape_string (escaped, NULL);
built = g_build_filename (root, unescaped, NULL);
g_free (unescaped);
path = realpath (built, NULL);
g_free (built);
if (path == NULL)
{
if (errno == ENOENT || errno == ENOTDIR || errno == ELOOP || errno == ENAMETOOLONG)
{
g_debug ("%s: file not found in root: %s", escaped, root);
goto again;
}
else if (errno == EACCES)
{
cockpit_web_response_error (response, 403, NULL, "Access Denied");
goto out;
}
else
{
g_warning ("%s: resolving path failed: %m", escaped);
cockpit_web_response_error (response, 500, NULL, "Internal Server Error");
goto out;
}
}
/* Double check that realpath() did the right thing */
g_return_if_fail (strstr (path, "../") == NULL);
g_return_if_fail (!g_str_has_suffix (path, "/.."));
/* Someone is trying to escape the root directory */
if (!path_has_prefix (path, root) &&
!path_has_prefix (path, cockpit_web_exception_escape_root))
{
g_debug ("%s: request tried to escape the root directory: %s: %s", escaped, root, path);
cockpit_web_response_error (response, 404, NULL, "Not Found");
goto out;
}
if (g_file_test (path, G_FILE_TEST_IS_DIR))
{
cockpit_web_response_error (response, 403, NULL, "Directory Listing Denied");
goto out;
}
file = g_mapped_file_new (path, FALSE, &error);
if (file == NULL)
{
if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_PERM) ||
g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES) ||
g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ISDIR))
{
cockpit_web_response_error (response, 403, NULL, "Access denied");
g_clear_error (&error);
goto out;
}
else
{
g_warning ("%s: %s", path, error->message);
cockpit_web_response_error (response, 500, NULL, "Internal server error");
g_clear_error (&error);
goto out;
}
}
body = g_mapped_file_get_bytes (file);
cache_control = cache_forever ? "max-age=31556926, public" : NULL;
cockpit_web_response_headers (response, 200, "OK", g_bytes_get_size (body),
"Cache-Control", cache_control,
NULL);
if (cockpit_web_response_queue (response, body))
cockpit_web_response_complete (response);
g_bytes_unref (body);
out:
free (path);
if (file)
g_mapped_file_unref (file);
}
static gboolean
package_checksum_file (GChecksum *checksum,
GHashTable *depends,
const gchar *root,
const gchar *filename)
{
gchar *path = NULL;
const gchar *string;
GError *error = NULL;
GChecksum *inner = NULL;
GMappedFile *mapped = NULL;
gboolean ret = FALSE;
GList *output = NULL;
GBytes *bytes;
GList *l;
if (!validate_path (filename))
{
g_warning ("package has an invalid path name: %s", filename);
goto out;
}
path = g_build_filename (root, filename, NULL);
if (g_file_test (path, G_FILE_TEST_IS_DIR))
{
ret = package_checksum_directory (checksum, depends, root, filename);
goto out;
}
mapped = g_mapped_file_new (path, FALSE, &error);
if (error)
{
g_warning ("couldn't open file: %s: %s", path, error->message);
g_error_free (error);
goto out;
}
bytes = g_mapped_file_get_bytes (mapped);
output = cockpit_template_expand (bytes, gather_depends, depends);
g_bytes_unref (bytes);
inner = g_checksum_new (G_CHECKSUM_SHA1);
for (l = output; l != NULL; l = g_list_next (l))
{
g_checksum_update (inner,
g_bytes_get_data (l->data, NULL),
g_bytes_get_size (l->data));
}
string = g_checksum_get_string (inner);
/*
* Place file name and hex checksum into checksum,
* include the null terminators so these values
* cannot be accidentally have a boundary discrepancy.
*/
g_checksum_update (checksum, (const guchar *)filename,
strlen (filename) + 1);
g_checksum_update (checksum, (const guchar *)string,
strlen (string) + 1);
ret = TRUE;
out:
g_list_free_full (output, (GDestroyNotify)g_bytes_unref);
g_checksum_free (inner);
if (mapped)
g_mapped_file_unref (mapped);
g_free (path);
return ret;
}
/**
* ostree_repo_static_delta_execute_offline:
* @self: Repo
* @dir: Path to a directory containing static delta data
* @skip_validation: If %TRUE, assume data integrity
* @cancellable: Cancellable
* @error: Error
*
* Given a directory representing an already-downloaded static delta
* on disk, apply it, generating a new commit. The directory must be
* named with the form "FROM-TO", where both are checksums, and it
* must contain a file named "superblock", along with at least one part.
*/
gboolean
ostree_repo_static_delta_execute_offline (OstreeRepo *self,
GFile *dir,
gboolean skip_validation,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
guint i, n;
gs_unref_object GFile *meta_file = g_file_get_child (dir, "superblock");
gs_unref_variant GVariant *meta = NULL;
gs_unref_variant GVariant *headers = NULL;
gs_unref_variant GVariant *fallback = NULL;
if (!ot_util_variant_map (meta_file, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT),
FALSE, &meta, error))
goto out;
/* Parsing OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT */
/* Write the to-commit object */
{
gs_unref_variant GVariant *to_csum_v = NULL;
gs_free char *to_checksum = NULL;
gs_unref_variant GVariant *to_commit = NULL;
gboolean have_to_commit;
to_csum_v = g_variant_get_child_value (meta, 3);
if (!ostree_validate_structureof_csum_v (to_csum_v, error))
goto out;
to_checksum = ostree_checksum_from_bytes_v (to_csum_v);
if (!ostree_repo_has_object (self, OSTREE_OBJECT_TYPE_COMMIT, to_checksum,
&have_to_commit, cancellable, error))
goto out;
if (!have_to_commit)
{
to_commit = g_variant_get_child_value (meta, 4);
if (!ostree_repo_write_metadata (self, OSTREE_OBJECT_TYPE_COMMIT,
to_checksum, to_commit, NULL,
cancellable, error))
goto out;
}
}
fallback = g_variant_get_child_value (meta, 7);
if (g_variant_n_children (fallback) > 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Cannot execute delta offline: contains nonempty http fallback entries");
goto out;
}
headers = g_variant_get_child_value (meta, 6);
n = g_variant_n_children (headers);
for (i = 0; i < n; i++)
{
guint64 size;
guint64 usize;
const guchar *csum;
gboolean have_all;
gs_unref_variant GVariant *header = NULL;
gs_unref_variant GVariant *csum_v = NULL;
gs_unref_variant GVariant *objects = NULL;
gs_unref_object GFile *part_path = NULL;
gs_unref_object GInputStream *raw_in = NULL;
gs_unref_object GInputStream *in = NULL;
header = g_variant_get_child_value (headers, i);
g_variant_get (header, "(@aytt@ay)", &csum_v, &size, &usize, &objects);
if (!_ostree_repo_static_delta_part_have_all_objects (self, objects, &have_all,
cancellable, error))
goto out;
/* If we already have these objects, don't bother executing the
* static delta.
*/
if (have_all)
continue;
csum = ostree_checksum_bytes_peek_validate (csum_v, error);
if (!csum)
goto out;
part_path = ot_gfile_resolve_path_printf (dir, "%u", i);
in = (GInputStream*)g_file_read (part_path, cancellable, error);
if (!in)
goto out;
if (!skip_validation)
{
gs_free char *expected_checksum = ostree_checksum_from_bytes (csum);
if (!_ostree_static_delta_part_validate (self, part_path, i,
expected_checksum,
cancellable, error))
goto out;
}
{
GMappedFile *mfile = gs_file_map_noatime (part_path, cancellable, error);
gs_unref_bytes GBytes *bytes = NULL;
if (!mfile)
goto out;
bytes = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
if (!_ostree_static_delta_part_execute (self, objects, bytes,
cancellable, error))
{
g_prefix_error (error, "executing delta part %i: ", i);
goto out;
}
}
}
ret = TRUE;
out:
return ret;
}
gboolean
install_bundle (XdgAppDir *dir,
GOptionContext *context,
int argc, char **argv,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
g_autoptr(GFile) deploy_base = NULL;
g_autoptr(GFile) file = NULL;
g_autoptr(GFile) gpg_tmp_file = NULL;
const char *filename;
g_autofree char *ref = NULL;
g_autofree char *origin = NULL;
gboolean created_deploy_base = FALSE;
gboolean added_remote = FALSE;
g_autofree char *to_checksum = NULL;
g_auto(GStrv) parts = NULL;
g_autoptr(GBytes) gpg_data = NULL;
g_autofree char *remote = NULL;
OstreeRepo *repo;
g_autoptr(OstreeGpgVerifyResult) gpg_result = NULL;
g_autoptr(GError) my_error = NULL;
g_auto(GLnxLockFile) lock = GLNX_LOCK_FILE_INIT;
if (argc < 2)
return usage_error (context, "bundle filename must be specified", error);
filename = argv[1];
repo = xdg_app_dir_get_repo (dir);
if (!xdg_app_supports_bundles (repo))
return xdg_app_fail (error, "Your version of ostree is too old to support single-file bundles");
if (!xdg_app_dir_lock (dir, &lock,
cancellable, error))
goto out;
file = g_file_new_for_commandline_arg (filename);
{
g_autoptr(GVariant) delta = NULL;
g_autoptr(GVariant) metadata = NULL;
g_autoptr(GBytes) bytes = NULL;
g_autoptr(GVariant) to_csum_v = NULL;
g_autoptr(GVariant) gpg_value = NULL;
GMappedFile *mfile = g_mapped_file_new (gs_file_get_path_cached (file), FALSE, error);
if (mfile == NULL)
return FALSE;
bytes = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
delta = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), bytes, FALSE);
g_variant_ref_sink (delta);
to_csum_v = g_variant_get_child_value (delta, 3);
if (!ostree_validate_structureof_csum_v (to_csum_v, error))
return FALSE;
to_checksum = ostree_checksum_from_bytes_v (to_csum_v);
metadata = g_variant_get_child_value (delta, 0);
if (!g_variant_lookup (metadata, "ref", "s", &ref))
return xdg_app_fail (error, "Invalid bundle, no ref in metadata");
if (!g_variant_lookup (metadata, "origin", "s", &origin))
origin = NULL;
gpg_value = g_variant_lookup_value (metadata, "gpg-keys", G_VARIANT_TYPE("ay"));
if (gpg_value)
{
gsize n_elements;
const char *data = g_variant_get_fixed_array (gpg_value, &n_elements, 1);
gpg_data = g_bytes_new (data, n_elements);
}
}
parts = xdg_app_decompose_ref (ref, error);
if (parts == NULL)
return FALSE;
deploy_base = xdg_app_dir_get_deploy_dir (dir, ref);
if (g_file_query_exists (deploy_base, cancellable))
return xdg_app_fail (error, "%s branch %s already installed", parts[1], parts[3]);
if (opt_gpg_file != NULL)
{
/* Override gpg_data from file */
gpg_data = read_gpg_data (cancellable, error);
if (gpg_data == NULL)
return FALSE;
}
/* Add a remote for later updates */
if (origin != NULL)
{
g_auto(GStrv) remotes = ostree_repo_remote_list (repo, NULL);
int version = 0;
do
{
g_autofree char *name = NULL;
if (version == 0)
name = g_strdup_printf ("%s-origin", parts[1]);
else
name = g_strdup_printf ("%s-%d-origin", parts[1], version);
version++;
if (remotes == NULL ||
!g_strv_contains ((const char * const *) remotes, name))
remote = g_steal_pointer (&name);
}
while (remote == NULL);
}
if (!ostree_repo_prepare_transaction (repo, NULL, cancellable, error))
return FALSE;
ostree_repo_transaction_set_ref (repo, remote, ref, to_checksum);
if (!ostree_repo_static_delta_execute_offline (repo,
file,
FALSE,
cancellable,
error))
return FALSE;
if (gpg_data)
{
g_autoptr(GFileIOStream) stream;
GOutputStream *o;
gpg_tmp_file = g_file_new_tmp (".xdg-app-XXXXXX", &stream, error);
if (gpg_tmp_file == NULL)
return FALSE;
o = g_io_stream_get_output_stream (G_IO_STREAM (stream));
if (!g_output_stream_write_all (o, g_bytes_get_data (gpg_data, NULL), g_bytes_get_size (gpg_data), NULL, cancellable, error))
return FALSE;
}
gpg_result = ostree_repo_verify_commit_ext (repo,
to_checksum,
NULL, gpg_tmp_file, cancellable, &my_error);
if (gpg_tmp_file)
g_file_delete (gpg_tmp_file, cancellable, NULL);
if (gpg_result == NULL)
{
/* NOT_FOUND means no gpg signature, we ignore this *if* there
* is no gpg key specified in the bundle or by the user */
if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND) &&
gpg_data == NULL)
g_clear_error (&my_error);
else
{
g_propagate_error (error, g_steal_pointer (&my_error));
return FALSE;
}
}
else
{
/* If there is no valid gpg signature we fail, unless there is no gpg
key specified (on the command line or in the file) because then we
trust the source bundle. */
if (ostree_gpg_verify_result_count_valid (gpg_result) == 0 &&
gpg_data != NULL)
return xdg_app_fail (error, "GPG signatures found, but none are in trusted keyring");
}
if (!ostree_repo_commit_transaction (repo, NULL, cancellable, error))
return FALSE;
if (!g_file_make_directory_with_parents (deploy_base, cancellable, error))
return FALSE;
/* From here we need to goto out on error, to clean up */
created_deploy_base = TRUE;
if (remote)
{
g_autoptr(GVariantBuilder) optbuilder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
g_autofree char *basename = g_file_get_basename (file);
g_variant_builder_add (optbuilder, "{s@v}",
"xa.title",
g_variant_new_variant (g_variant_new_string (basename)));
g_variant_builder_add (optbuilder, "{s@v}",
"xa.noenumerate",
g_variant_new_variant (g_variant_new_boolean (TRUE)));
g_variant_builder_add (optbuilder, "{s@v}",
"xa.prio",
g_variant_new_variant (g_variant_new_string ("0")));
if (!ostree_repo_remote_add (repo,
remote, origin, g_variant_builder_end (optbuilder), cancellable, error))
goto out;
added_remote = TRUE;
if (gpg_data)
{
g_autoptr(GInputStream) gpg_data_as_stream = g_memory_input_stream_new_from_bytes (gpg_data);
if (!ostree_repo_remote_gpg_import (repo, remote, gpg_data_as_stream,
NULL, NULL, cancellable, error))
goto out;
}
if (!xdg_app_dir_set_origin (dir, ref, remote, cancellable, error))
goto out;
}
if (!xdg_app_dir_deploy (dir, ref, to_checksum, cancellable, error))
goto out;
if (!xdg_app_dir_make_current_ref (dir, ref, cancellable, error))
goto out;
if (strcmp (parts[0], "app") == 0)
{
if (!xdg_app_dir_update_exports (dir, parts[1], cancellable, error))
goto out;
}
glnx_release_lock_file (&lock);
xdg_app_dir_cleanup_removed (dir, cancellable, NULL);
if (!xdg_app_dir_mark_changed (dir, error))
goto out;
ret = TRUE;
out:
if (created_deploy_base && !ret)
gs_shutil_rm_rf (deploy_base, cancellable, NULL);
if (added_remote && !ret)
ostree_repo_remote_delete (repo, remote, NULL, NULL);
return ret;
}
/**
* cockpit_web_response_file:
* @response: the response
* @path: escaped path, or NULL to get from response
* @roots: directories to look for file in
*
* Serve a file from disk as an HTTP response.
*/
void
cockpit_web_response_file (CockpitWebResponse *response,
const gchar *escaped,
gboolean cache_forever,
const gchar **roots)
{
const gchar *cache_control;
GError *error = NULL;
gchar *unescaped = NULL;
gchar *path = NULL;
GMappedFile *file = NULL;
const gchar *root;
GBytes *body;
g_return_if_fail (COCKPIT_IS_WEB_RESPONSE (response));
if (!escaped)
escaped = cockpit_web_response_get_path (response);
g_return_if_fail (escaped != NULL);
/* Someone is trying to escape the root directory, or access hidden files? */
unescaped = g_uri_unescape_string (escaped, NULL);
if (strstr (unescaped, "/.") || strstr (unescaped, "../") || strstr (unescaped, "//"))
{
g_debug ("%s: invalid path request", escaped);
cockpit_web_response_error (response, 404, NULL, "Not Found");
goto out;
}
again:
root = *(roots++);
if (root == NULL)
{
cockpit_web_response_error (response, 404, NULL, "Not Found");
goto out;
}
g_free (path);
path = g_build_filename (root, unescaped, NULL);
if (g_file_test (path, G_FILE_TEST_IS_DIR))
{
cockpit_web_response_error (response, 403, NULL, "Directory Listing Denied");
goto out;
}
/* As a double check of above behavior */
g_assert (path_has_prefix (path, root));
g_clear_error (&error);
file = g_mapped_file_new (path, FALSE, &error);
if (file == NULL)
{
if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT) ||
g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NAMETOOLONG))
{
g_debug ("%s: file not found in root: %s", escaped, root);
goto again;
}
else if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_PERM) ||
g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES) ||
g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ISDIR))
{
cockpit_web_response_error (response, 403, NULL, "Access denied");
goto out;
}
else
{
g_warning ("%s: %s", path, error->message);
cockpit_web_response_error (response, 500, NULL, "Internal server error");
goto out;
}
}
body = g_mapped_file_get_bytes (file);
cache_control = cache_forever ? "max-age=31556926, public" : NULL;
cockpit_web_response_headers (response, 200, "OK", g_bytes_get_size (body),
"Cache-Control", cache_control,
NULL);
if (cockpit_web_response_queue (response, body))
cockpit_web_response_complete (response);
g_bytes_unref (body);
out:
g_free (unescaped);
g_clear_error (&error);
g_free (path);
if (file)
g_mapped_file_unref (file);
}
