static GBytes * load_file (const gchar *filename, GError **error) { GError *local_error = NULL; GMappedFile *mapped; GBytes *bytes; mapped = g_mapped_file_new (filename, FALSE, &local_error); if (g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_NOENT) || g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_ISDIR) || g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_NAMETOOLONG) || g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_LOOP) || g_error_matches (local_error, G_FILE_ERROR, G_FILE_ERROR_INVAL)) { g_clear_error (&local_error); return NULL; } /* A real error to stop on */ else if (local_error) { g_propagate_error (error, local_error); return NULL; } bytes = g_mapped_file_get_bytes (mapped); g_mapped_file_unref (mapped); return bytes; }
int main (int argc, char **argv) { GError *local_error = NULL; GError **error = &local_error; GBytes *from_bytes = NULL; GBytes *to_bytes = NULL; const char *from_path; const char *to_path; OstreeRollsumMatches *matches; GMappedFile *mfile; g_setenv ("GIO_USE_VFS", "local", TRUE); if (argc < 3) exit (EXIT_FAILURE); from_path = argv[1]; to_path = argv[2]; mfile = g_mapped_file_new (from_path, FALSE, error); if (!mfile) goto out; from_bytes = g_mapped_file_get_bytes (mfile); g_mapped_file_unref (mfile); mfile = g_mapped_file_new (to_path, FALSE, error); if (!mfile) goto out; to_bytes = g_mapped_file_get_bytes (mfile); g_mapped_file_unref (mfile); matches = _ostree_compute_rollsum_matches (from_bytes, to_bytes); g_printerr ("rollsum crcs=%u bufs=%u total=%u matchsize=%llu\n", matches->crcmatches, matches->bufmatches, matches->total, (unsigned long long)matches->match_size); out: if (local_error) { g_printerr ("%s\n", local_error->message); g_error_free (local_error); return 1; } return 0; }
static void send_login_html (CockpitWebResponse *response, CockpitHandlerData *ws) { GHashTable *headers = NULL; GList *l, *output = NULL; gchar *login_html; GMappedFile *file; GError *error = NULL; GBytes *body = NULL; gsize length; login_html = g_build_filename (ws->static_roots[0], "login.html", NULL); file = g_mapped_file_new (login_html, FALSE, &error); if (file == NULL) { g_warning ("%s: %s", login_html, error->message); cockpit_web_response_error (response, 500, NULL, NULL); g_clear_error (&error); goto out; } body = g_mapped_file_get_bytes (file); output = cockpit_template_expand (body, substitute_environment, ws->os_release); length = 0; for (l = output; l != NULL; l = g_list_next (l)) length += g_bytes_get_size (l->data); headers = cockpit_web_server_new_table (); g_hash_table_insert (headers, g_strdup ("Content-Type"), g_strdup ("text/html; charset=utf8")); cockpit_web_response_headers_full (response, 200, "OK", length, headers); for (l = output; l != NULL; l = g_list_next (l)) { if (!cockpit_web_response_queue (response, l->data)) break; } if (l == NULL) cockpit_web_response_complete (response); out: g_list_free_full (output, (GDestroyNotify)g_bytes_unref); if (headers) g_hash_table_unref (headers); g_free (login_html); if (body) g_bytes_unref (body); if (file) g_mapped_file_unref (file); }
static JsonObject * read_package_manifest (const gchar *directory, const gchar *package) { JsonObject *manifest = NULL; GError *error = NULL; GMappedFile *mapped; gchar *filename; GBytes *bytes; filename = g_build_filename (directory, "manifest.json", NULL); mapped = g_mapped_file_new (filename, FALSE, &error); if (!mapped) { if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT)) g_debug ("no manifest found: %s", filename); else if (!g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOTDIR)) g_message ("%s: %s", package, error->message); g_clear_error (&error); } else { if (!validate_package (package)) { g_warning ("package has invalid name: %s", package); } else { bytes = g_mapped_file_get_bytes (mapped); manifest = cockpit_json_parse_bytes (bytes, &error); g_bytes_unref (bytes); if (!manifest) { g_message ("%s: invalid manifest: %s", package, error->message); g_clear_error (&error); } } g_mapped_file_unref (mapped); } g_free (filename); return manifest; }
/** * gs_file_map_readonly: * @file: a #GFile * @cancellable: * @error: * * Return a #GBytes which references a readonly view of the contents of * @file. This function uses #GMappedFile internally. * * Returns: (transfer full): a newly referenced #GBytes */ GBytes * gs_file_map_readonly (GFile *file, GCancellable *cancellable, GError **error) { GMappedFile *mfile; GBytes *ret; if (g_cancellable_set_error_if_cancelled (cancellable, error)) return NULL; mfile = g_mapped_file_new (gs_file_get_path_cached (file), FALSE, error); if (!mfile) return NULL; ret = g_mapped_file_get_bytes (mfile); g_mapped_file_unref (mfile); return ret; }
GBytes * ot_file_mapat_bytes (int dfd, const char *path, GError **error) { glnx_fd_close int fd = openat (dfd, path, O_RDONLY | O_CLOEXEC); g_autoptr(GMappedFile) mfile = NULL; if (fd < 0) { glnx_set_error_from_errno (error); return FALSE; } mfile = g_mapped_file_new_from_fd (fd, FALSE, error); if (!mfile) return FALSE; return g_mapped_file_get_bytes (mfile); }
static void send_index_response (CockpitWebResponse *response, CockpitWebService *service, JsonObject *modules) { GHashTable *out_headers; GError *error = NULL; GMappedFile *file = NULL; GBytes *body = NULL; GBytes *prefix = NULL; GBytes *environ = NULL; GBytes *suffix = NULL; gchar *index_html; const gchar *needle; const gchar *data; const gchar *pos; gsize needle_len; gsize length; gsize offset; /* * Since the index file cannot be properly cached, it can change on * each request, so we include full environment information directly * rather than making the client do another round trip later. * * If the caller is already logged in, then this is included in the * environment. */ index_html = g_build_filename (cockpit_ws_static_directory, "index.html", NULL); file = g_mapped_file_new (index_html, FALSE, &error); if (file == NULL) { g_warning ("%s: %s", index_html, error->message); cockpit_web_response_error (response, 500, NULL, NULL); g_clear_error (&error); goto out; } body = g_mapped_file_get_bytes (file); data = g_bytes_get_data (body, &length); needle = "cockpit_environment_info"; pos = g_strstr_len (data, length, needle); if (!pos) { g_warning ("couldn't find 'cockpit_environment_info' string in index.html"); cockpit_web_response_error (response, 500, NULL, NULL); goto out; } environ = build_environment (service, modules); offset = (pos - data); prefix = g_bytes_new_from_bytes (body, 0, offset); needle_len = strlen (needle); suffix = g_bytes_new_from_bytes (body, offset + needle_len, length - (offset + needle_len)); out_headers = cockpit_web_server_new_table (); g_hash_table_insert (out_headers, g_strdup ("Content-Type"), g_strdup ("text/html; charset=utf8")); cockpit_web_response_content (response, out_headers, prefix, environ, suffix, NULL); g_hash_table_unref (out_headers); out: g_free (index_html); if (prefix) g_bytes_unref (prefix); if (body) g_bytes_unref (body); if (environ) g_bytes_unref (environ); if (suffix) g_bytes_unref (suffix); if (file) g_mapped_file_unref (file); }
/** * cockpit_web_response_file: * @response: the response * @path: escaped path, or NULL to get from response * @roots: directories to look for file in * * Serve a file from disk as an HTTP response. */ void cockpit_web_response_file (CockpitWebResponse *response, const gchar *escaped, const gchar **roots) { const gchar *csp_header; GError *error = NULL; gchar *unescaped = NULL; gchar *path = NULL; GMappedFile *file = NULL; const gchar *root; GBytes *body; g_return_if_fail (COCKPIT_IS_WEB_RESPONSE (response)); if (!escaped) escaped = cockpit_web_response_get_path (response); g_return_if_fail (escaped != NULL); /* Someone is trying to escape the root directory, or access hidden files? */ unescaped = g_uri_unescape_string (escaped, NULL); if (strstr (unescaped, "/.") || strstr (unescaped, "../") || strstr (unescaped, "//")) { g_debug ("%s: invalid path request", escaped); cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } again: root = *(roots++); if (root == NULL) { cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } g_free (path); path = g_build_filename (root, unescaped, NULL); if (g_file_test (path, G_FILE_TEST_IS_DIR)) { cockpit_web_response_error (response, 403, NULL, "Directory Listing Denied"); goto out; } /* As a double check of above behavior */ g_assert (path_has_prefix (path, root)); g_clear_error (&error); file = g_mapped_file_new (path, FALSE, &error); if (file == NULL) { if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NAMETOOLONG)) { g_debug ("%s: file not found in root: %s", escaped, root); goto again; } else if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_PERM) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ISDIR)) { cockpit_web_response_error (response, 403, NULL, "Access denied"); goto out; } else { g_warning ("%s: %s", path, error->message); cockpit_web_response_error (response, 500, NULL, "Internal server error"); goto out; } } body = g_mapped_file_get_bytes (file); /* * The default Content-Security-Policy for .html files allows * the site to have inline <script> and <style> tags. This code * is not used when serving resources once logged in, only for * static resources when we don't yet have a session. */ csp_header = NULL; if (g_str_has_suffix (unescaped, ".html")) csp_header = "Content-Security-Policy"; cockpit_web_response_headers (response, 200, "OK", g_bytes_get_size (body), csp_header, "default-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss:", NULL); if (cockpit_web_response_queue (response, body)) cockpit_web_response_complete (response); g_bytes_unref (body); out: g_free (unescaped); g_clear_error (&error); g_free (path); if (file) g_mapped_file_unref (file); }
static gboolean rewrite_delta (OstreeRepo *src_repo, const char *src_commit, OstreeRepo *dst_repo, const char *dst_commit, GVariant *dst_commitv, const char *from, GError **error) { g_autoptr(GFile) src_delta_file = NULL; g_autoptr(GFile) dst_delta_file = NULL; g_autofree char *src_detached_key = _ostree_get_relative_static_delta_path (from, src_commit, "commitmeta"); g_autofree char *dst_detached_key = _ostree_get_relative_static_delta_path (from, dst_commit, "commitmeta"); g_autofree char *src_delta_dir = _ostree_get_relative_static_delta_path (from, src_commit, NULL); g_autofree char *dst_delta_dir = _ostree_get_relative_static_delta_path (from, dst_commit, NULL); g_autofree char *src_superblock_path = _ostree_get_relative_static_delta_path (from, src_commit, "superblock"); g_autofree char *dst_superblock_path = _ostree_get_relative_static_delta_path (from, dst_commit, "superblock"); GMappedFile *mfile = NULL; g_auto(GVariantBuilder) superblock_builder = FLATPAK_VARIANT_BUILDER_INITIALIZER; g_autoptr(GVariant) src_superblock = NULL; g_autoptr(GVariant) dst_superblock = NULL; g_autoptr(GBytes) bytes = NULL; g_autoptr(GVariant) dst_detached = NULL; g_autoptr(GVariant) src_metadata = NULL; g_autoptr(GVariant) src_recurse = NULL; g_autoptr(GVariant) src_parts = NULL; g_auto(GVariantDict) dst_metadata_dict = FLATPAK_VARIANT_DICT_INITIALIZER; int i; src_delta_file = g_file_resolve_relative_path (ostree_repo_get_path (src_repo), src_superblock_path); mfile = g_mapped_file_new (flatpak_file_get_path_cached (src_delta_file), FALSE, NULL); if (mfile == NULL) return TRUE; /* No superblock, not an error */ bytes = g_mapped_file_get_bytes (mfile); g_mapped_file_unref (mfile); src_superblock = g_variant_ref_sink (g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), bytes, FALSE)); src_metadata = g_variant_get_child_value (src_superblock, 0); src_recurse = g_variant_get_child_value (src_superblock, 5); src_parts = g_variant_get_child_value (src_superblock, 6); if (g_variant_n_children (src_recurse) != 0) return flatpak_fail (error, "Recursive deltas not supported, ignoring"); g_variant_builder_init (&superblock_builder, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT)); g_variant_dict_init (&dst_metadata_dict, src_metadata); g_variant_dict_remove (&dst_metadata_dict, src_detached_key); if (ostree_repo_read_commit_detached_metadata (dst_repo, dst_commit, &dst_detached, NULL, NULL) && dst_detached != NULL) g_variant_dict_insert_value (&dst_metadata_dict, dst_detached_key, dst_detached); g_variant_builder_add_value (&superblock_builder, g_variant_dict_end (&dst_metadata_dict)); g_variant_builder_add_value (&superblock_builder, g_variant_get_child_value (src_superblock, 1)); /* timestamp */ g_variant_builder_add_value (&superblock_builder, from ? ostree_checksum_to_bytes_v (from) : new_bytearray ((guchar *) "", 0)); g_variant_builder_add_value (&superblock_builder, ostree_checksum_to_bytes_v (dst_commit)); g_variant_builder_add_value (&superblock_builder, dst_commitv); g_variant_builder_add_value (&superblock_builder, src_recurse); g_variant_builder_add_value (&superblock_builder, src_parts); g_variant_builder_add_value (&superblock_builder, g_variant_get_child_value (src_superblock, 7)); /* fallback */ dst_superblock = g_variant_ref_sink (g_variant_builder_end (&superblock_builder)); if (!glnx_shutil_mkdir_p_at (ostree_repo_get_dfd (dst_repo), dst_delta_dir, 0755, NULL, error)) return FALSE; for (i = 0; i < g_variant_n_children (src_parts); i++) { g_autofree char *src_part_path = g_strdup_printf ("%s/%d", src_delta_dir, i); g_autofree char *dst_part_path = g_strdup_printf ("%s/%d", dst_delta_dir, i); if (!glnx_file_copy_at (ostree_repo_get_dfd (src_repo), src_part_path, NULL, ostree_repo_get_dfd (dst_repo), dst_part_path, GLNX_FILE_COPY_OVERWRITE | GLNX_FILE_COPY_NOXATTRS, NULL, error)) return FALSE; } dst_delta_file = g_file_resolve_relative_path (ostree_repo_get_path (dst_repo), dst_superblock_path); if (!flatpak_variant_save (dst_delta_file, dst_superblock, NULL, error)) return FALSE; return TRUE; }
/** * cockpit_web_response_file: * @response: the response * @path: escaped path, or NULL to get from response * @roots: directories to look for file in * * Serve a file from disk as an HTTP response. */ void cockpit_web_response_file (CockpitWebResponse *response, const gchar *escaped, gboolean cache_forever, const gchar **roots) { const gchar *cache_control; GError *error = NULL; gchar *unescaped; char *path = NULL; gchar *built = NULL; GMappedFile *file = NULL; const gchar *root; GBytes *body; g_return_if_fail (COCKPIT_IS_WEB_RESPONSE (response)); if (!escaped) escaped = cockpit_web_response_get_path (response); g_return_if_fail (escaped != NULL); again: root = *(roots++); if (root == NULL) { cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } unescaped = g_uri_unescape_string (escaped, NULL); built = g_build_filename (root, unescaped, NULL); g_free (unescaped); path = realpath (built, NULL); g_free (built); if (path == NULL) { if (errno == ENOENT || errno == ENOTDIR || errno == ELOOP || errno == ENAMETOOLONG) { g_debug ("%s: file not found in root: %s", escaped, root); goto again; } else if (errno == EACCES) { cockpit_web_response_error (response, 403, NULL, "Access Denied"); goto out; } else { g_warning ("%s: resolving path failed: %m", escaped); cockpit_web_response_error (response, 500, NULL, "Internal Server Error"); goto out; } } /* Double check that realpath() did the right thing */ g_return_if_fail (strstr (path, "../") == NULL); g_return_if_fail (!g_str_has_suffix (path, "/..")); /* Someone is trying to escape the root directory */ if (!path_has_prefix (path, root) && !path_has_prefix (path, cockpit_web_exception_escape_root)) { g_debug ("%s: request tried to escape the root directory: %s: %s", escaped, root, path); cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } if (g_file_test (path, G_FILE_TEST_IS_DIR)) { cockpit_web_response_error (response, 403, NULL, "Directory Listing Denied"); goto out; } file = g_mapped_file_new (path, FALSE, &error); if (file == NULL) { if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_PERM) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ISDIR)) { cockpit_web_response_error (response, 403, NULL, "Access denied"); g_clear_error (&error); goto out; } else { g_warning ("%s: %s", path, error->message); cockpit_web_response_error (response, 500, NULL, "Internal server error"); g_clear_error (&error); goto out; } } body = g_mapped_file_get_bytes (file); cache_control = cache_forever ? "max-age=31556926, public" : NULL; cockpit_web_response_headers (response, 200, "OK", g_bytes_get_size (body), "Cache-Control", cache_control, NULL); if (cockpit_web_response_queue (response, body)) cockpit_web_response_complete (response); g_bytes_unref (body); out: free (path); if (file) g_mapped_file_unref (file); }
static gboolean package_checksum_file (GChecksum *checksum, GHashTable *depends, const gchar *root, const gchar *filename) { gchar *path = NULL; const gchar *string; GError *error = NULL; GChecksum *inner = NULL; GMappedFile *mapped = NULL; gboolean ret = FALSE; GList *output = NULL; GBytes *bytes; GList *l; if (!validate_path (filename)) { g_warning ("package has an invalid path name: %s", filename); goto out; } path = g_build_filename (root, filename, NULL); if (g_file_test (path, G_FILE_TEST_IS_DIR)) { ret = package_checksum_directory (checksum, depends, root, filename); goto out; } mapped = g_mapped_file_new (path, FALSE, &error); if (error) { g_warning ("couldn't open file: %s: %s", path, error->message); g_error_free (error); goto out; } bytes = g_mapped_file_get_bytes (mapped); output = cockpit_template_expand (bytes, gather_depends, depends); g_bytes_unref (bytes); inner = g_checksum_new (G_CHECKSUM_SHA1); for (l = output; l != NULL; l = g_list_next (l)) { g_checksum_update (inner, g_bytes_get_data (l->data, NULL), g_bytes_get_size (l->data)); } string = g_checksum_get_string (inner); /* * Place file name and hex checksum into checksum, * include the null terminators so these values * cannot be accidentally have a boundary discrepancy. */ g_checksum_update (checksum, (const guchar *)filename, strlen (filename) + 1); g_checksum_update (checksum, (const guchar *)string, strlen (string) + 1); ret = TRUE; out: g_list_free_full (output, (GDestroyNotify)g_bytes_unref); g_checksum_free (inner); if (mapped) g_mapped_file_unref (mapped); g_free (path); return ret; }
/** * ostree_repo_static_delta_execute_offline: * @self: Repo * @dir: Path to a directory containing static delta data * @skip_validation: If %TRUE, assume data integrity * @cancellable: Cancellable * @error: Error * * Given a directory representing an already-downloaded static delta * on disk, apply it, generating a new commit. The directory must be * named with the form "FROM-TO", where both are checksums, and it * must contain a file named "superblock", along with at least one part. */ gboolean ostree_repo_static_delta_execute_offline (OstreeRepo *self, GFile *dir, gboolean skip_validation, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; guint i, n; gs_unref_object GFile *meta_file = g_file_get_child (dir, "superblock"); gs_unref_variant GVariant *meta = NULL; gs_unref_variant GVariant *headers = NULL; gs_unref_variant GVariant *fallback = NULL; if (!ot_util_variant_map (meta_file, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), FALSE, &meta, error)) goto out; /* Parsing OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT */ /* Write the to-commit object */ { gs_unref_variant GVariant *to_csum_v = NULL; gs_free char *to_checksum = NULL; gs_unref_variant GVariant *to_commit = NULL; gboolean have_to_commit; to_csum_v = g_variant_get_child_value (meta, 3); if (!ostree_validate_structureof_csum_v (to_csum_v, error)) goto out; to_checksum = ostree_checksum_from_bytes_v (to_csum_v); if (!ostree_repo_has_object (self, OSTREE_OBJECT_TYPE_COMMIT, to_checksum, &have_to_commit, cancellable, error)) goto out; if (!have_to_commit) { to_commit = g_variant_get_child_value (meta, 4); if (!ostree_repo_write_metadata (self, OSTREE_OBJECT_TYPE_COMMIT, to_checksum, to_commit, NULL, cancellable, error)) goto out; } } fallback = g_variant_get_child_value (meta, 7); if (g_variant_n_children (fallback) > 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Cannot execute delta offline: contains nonempty http fallback entries"); goto out; } headers = g_variant_get_child_value (meta, 6); n = g_variant_n_children (headers); for (i = 0; i < n; i++) { guint64 size; guint64 usize; const guchar *csum; gboolean have_all; gs_unref_variant GVariant *header = NULL; gs_unref_variant GVariant *csum_v = NULL; gs_unref_variant GVariant *objects = NULL; gs_unref_object GFile *part_path = NULL; gs_unref_object GInputStream *raw_in = NULL; gs_unref_object GInputStream *in = NULL; header = g_variant_get_child_value (headers, i); g_variant_get (header, "(@aytt@ay)", &csum_v, &size, &usize, &objects); if (!_ostree_repo_static_delta_part_have_all_objects (self, objects, &have_all, cancellable, error)) goto out; /* If we already have these objects, don't bother executing the * static delta. */ if (have_all) continue; csum = ostree_checksum_bytes_peek_validate (csum_v, error); if (!csum) goto out; part_path = ot_gfile_resolve_path_printf (dir, "%u", i); in = (GInputStream*)g_file_read (part_path, cancellable, error); if (!in) goto out; if (!skip_validation) { gs_free char *expected_checksum = ostree_checksum_from_bytes (csum); if (!_ostree_static_delta_part_validate (self, part_path, i, expected_checksum, cancellable, error)) goto out; } { GMappedFile *mfile = gs_file_map_noatime (part_path, cancellable, error); gs_unref_bytes GBytes *bytes = NULL; if (!mfile) goto out; bytes = g_mapped_file_get_bytes (mfile); g_mapped_file_unref (mfile); if (!_ostree_static_delta_part_execute (self, objects, bytes, cancellable, error)) { g_prefix_error (error, "executing delta part %i: ", i); goto out; } } } ret = TRUE; out: return ret; }
gboolean install_bundle (XdgAppDir *dir, GOptionContext *context, int argc, char **argv, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; g_autoptr(GFile) deploy_base = NULL; g_autoptr(GFile) file = NULL; g_autoptr(GFile) gpg_tmp_file = NULL; const char *filename; g_autofree char *ref = NULL; g_autofree char *origin = NULL; gboolean created_deploy_base = FALSE; gboolean added_remote = FALSE; g_autofree char *to_checksum = NULL; g_auto(GStrv) parts = NULL; g_autoptr(GBytes) gpg_data = NULL; g_autofree char *remote = NULL; OstreeRepo *repo; g_autoptr(OstreeGpgVerifyResult) gpg_result = NULL; g_autoptr(GError) my_error = NULL; g_auto(GLnxLockFile) lock = GLNX_LOCK_FILE_INIT; if (argc < 2) return usage_error (context, "bundle filename must be specified", error); filename = argv[1]; repo = xdg_app_dir_get_repo (dir); if (!xdg_app_supports_bundles (repo)) return xdg_app_fail (error, "Your version of ostree is too old to support single-file bundles"); if (!xdg_app_dir_lock (dir, &lock, cancellable, error)) goto out; file = g_file_new_for_commandline_arg (filename); { g_autoptr(GVariant) delta = NULL; g_autoptr(GVariant) metadata = NULL; g_autoptr(GBytes) bytes = NULL; g_autoptr(GVariant) to_csum_v = NULL; g_autoptr(GVariant) gpg_value = NULL; GMappedFile *mfile = g_mapped_file_new (gs_file_get_path_cached (file), FALSE, error); if (mfile == NULL) return FALSE; bytes = g_mapped_file_get_bytes (mfile); g_mapped_file_unref (mfile); delta = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), bytes, FALSE); g_variant_ref_sink (delta); to_csum_v = g_variant_get_child_value (delta, 3); if (!ostree_validate_structureof_csum_v (to_csum_v, error)) return FALSE; to_checksum = ostree_checksum_from_bytes_v (to_csum_v); metadata = g_variant_get_child_value (delta, 0); if (!g_variant_lookup (metadata, "ref", "s", &ref)) return xdg_app_fail (error, "Invalid bundle, no ref in metadata"); if (!g_variant_lookup (metadata, "origin", "s", &origin)) origin = NULL; gpg_value = g_variant_lookup_value (metadata, "gpg-keys", G_VARIANT_TYPE("ay")); if (gpg_value) { gsize n_elements; const char *data = g_variant_get_fixed_array (gpg_value, &n_elements, 1); gpg_data = g_bytes_new (data, n_elements); } } parts = xdg_app_decompose_ref (ref, error); if (parts == NULL) return FALSE; deploy_base = xdg_app_dir_get_deploy_dir (dir, ref); if (g_file_query_exists (deploy_base, cancellable)) return xdg_app_fail (error, "%s branch %s already installed", parts[1], parts[3]); if (opt_gpg_file != NULL) { /* Override gpg_data from file */ gpg_data = read_gpg_data (cancellable, error); if (gpg_data == NULL) return FALSE; } /* Add a remote for later updates */ if (origin != NULL) { g_auto(GStrv) remotes = ostree_repo_remote_list (repo, NULL); int version = 0; do { g_autofree char *name = NULL; if (version == 0) name = g_strdup_printf ("%s-origin", parts[1]); else name = g_strdup_printf ("%s-%d-origin", parts[1], version); version++; if (remotes == NULL || !g_strv_contains ((const char * const *) remotes, name)) remote = g_steal_pointer (&name); } while (remote == NULL); } if (!ostree_repo_prepare_transaction (repo, NULL, cancellable, error)) return FALSE; ostree_repo_transaction_set_ref (repo, remote, ref, to_checksum); if (!ostree_repo_static_delta_execute_offline (repo, file, FALSE, cancellable, error)) return FALSE; if (gpg_data) { g_autoptr(GFileIOStream) stream; GOutputStream *o; gpg_tmp_file = g_file_new_tmp (".xdg-app-XXXXXX", &stream, error); if (gpg_tmp_file == NULL) return FALSE; o = g_io_stream_get_output_stream (G_IO_STREAM (stream)); if (!g_output_stream_write_all (o, g_bytes_get_data (gpg_data, NULL), g_bytes_get_size (gpg_data), NULL, cancellable, error)) return FALSE; } gpg_result = ostree_repo_verify_commit_ext (repo, to_checksum, NULL, gpg_tmp_file, cancellable, &my_error); if (gpg_tmp_file) g_file_delete (gpg_tmp_file, cancellable, NULL); if (gpg_result == NULL) { /* NOT_FOUND means no gpg signature, we ignore this *if* there * is no gpg key specified in the bundle or by the user */ if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND) && gpg_data == NULL) g_clear_error (&my_error); else { g_propagate_error (error, g_steal_pointer (&my_error)); return FALSE; } } else { /* If there is no valid gpg signature we fail, unless there is no gpg key specified (on the command line or in the file) because then we trust the source bundle. */ if (ostree_gpg_verify_result_count_valid (gpg_result) == 0 && gpg_data != NULL) return xdg_app_fail (error, "GPG signatures found, but none are in trusted keyring"); } if (!ostree_repo_commit_transaction (repo, NULL, cancellable, error)) return FALSE; if (!g_file_make_directory_with_parents (deploy_base, cancellable, error)) return FALSE; /* From here we need to goto out on error, to clean up */ created_deploy_base = TRUE; if (remote) { g_autoptr(GVariantBuilder) optbuilder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}")); g_autofree char *basename = g_file_get_basename (file); g_variant_builder_add (optbuilder, "{s@v}", "xa.title", g_variant_new_variant (g_variant_new_string (basename))); g_variant_builder_add (optbuilder, "{s@v}", "xa.noenumerate", g_variant_new_variant (g_variant_new_boolean (TRUE))); g_variant_builder_add (optbuilder, "{s@v}", "xa.prio", g_variant_new_variant (g_variant_new_string ("0"))); if (!ostree_repo_remote_add (repo, remote, origin, g_variant_builder_end (optbuilder), cancellable, error)) goto out; added_remote = TRUE; if (gpg_data) { g_autoptr(GInputStream) gpg_data_as_stream = g_memory_input_stream_new_from_bytes (gpg_data); if (!ostree_repo_remote_gpg_import (repo, remote, gpg_data_as_stream, NULL, NULL, cancellable, error)) goto out; } if (!xdg_app_dir_set_origin (dir, ref, remote, cancellable, error)) goto out; } if (!xdg_app_dir_deploy (dir, ref, to_checksum, cancellable, error)) goto out; if (!xdg_app_dir_make_current_ref (dir, ref, cancellable, error)) goto out; if (strcmp (parts[0], "app") == 0) { if (!xdg_app_dir_update_exports (dir, parts[1], cancellable, error)) goto out; } glnx_release_lock_file (&lock); xdg_app_dir_cleanup_removed (dir, cancellable, NULL); if (!xdg_app_dir_mark_changed (dir, error)) goto out; ret = TRUE; out: if (created_deploy_base && !ret) gs_shutil_rm_rf (deploy_base, cancellable, NULL); if (added_remote && !ret) ostree_repo_remote_delete (repo, remote, NULL, NULL); return ret; }
/** * cockpit_web_response_file: * @response: the response * @path: escaped path, or NULL to get from response * @roots: directories to look for file in * * Serve a file from disk as an HTTP response. */ void cockpit_web_response_file (CockpitWebResponse *response, const gchar *escaped, gboolean cache_forever, const gchar **roots) { const gchar *cache_control; GError *error = NULL; gchar *unescaped = NULL; gchar *path = NULL; GMappedFile *file = NULL; const gchar *root; GBytes *body; g_return_if_fail (COCKPIT_IS_WEB_RESPONSE (response)); if (!escaped) escaped = cockpit_web_response_get_path (response); g_return_if_fail (escaped != NULL); /* Someone is trying to escape the root directory, or access hidden files? */ unescaped = g_uri_unescape_string (escaped, NULL); if (strstr (unescaped, "/.") || strstr (unescaped, "../") || strstr (unescaped, "//")) { g_debug ("%s: invalid path request", escaped); cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } again: root = *(roots++); if (root == NULL) { cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } g_free (path); path = g_build_filename (root, unescaped, NULL); if (g_file_test (path, G_FILE_TEST_IS_DIR)) { cockpit_web_response_error (response, 403, NULL, "Directory Listing Denied"); goto out; } /* As a double check of above behavior */ g_assert (path_has_prefix (path, root)); g_clear_error (&error); file = g_mapped_file_new (path, FALSE, &error); if (file == NULL) { if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NAMETOOLONG)) { g_debug ("%s: file not found in root: %s", escaped, root); goto again; } else if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_PERM) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ISDIR)) { cockpit_web_response_error (response, 403, NULL, "Access denied"); goto out; } else { g_warning ("%s: %s", path, error->message); cockpit_web_response_error (response, 500, NULL, "Internal server error"); goto out; } } body = g_mapped_file_get_bytes (file); cache_control = cache_forever ? "max-age=31556926, public" : NULL; cockpit_web_response_headers (response, 200, "OK", g_bytes_get_size (body), "Cache-Control", cache_control, NULL); if (cockpit_web_response_queue (response, body)) cockpit_web_response_complete (response); g_bytes_unref (body); out: g_free (unescaped); g_clear_error (&error); g_free (path); if (file) g_mapped_file_unref (file); }