static gchar *
get_commit_checksum_from_summary (GVariant *summary,
const gchar *ref,
GError **error)
{
g_autoptr(GVariant) refs_v = NULL;
g_autoptr(GVariant) ref_v = NULL;
g_autoptr(GVariant) ref_data_v = NULL;
g_autoptr(GVariant) checksum_v = NULL;
gsize ref_idx;
/* summary variant is (a(s(taya{sv}))a{sv}) */
/* this gets the a(s(taya{sv})) variant */
refs_v = g_variant_get_child_value (summary, 0);
if (!bsearch_variant (refs_v, ref, &ref_idx))
{
g_set_error (error,
G_IO_ERROR,
G_IO_ERROR_FAILED,
"No ref '%s' in summary",
ref);
return NULL;
}
/* this gets the (s(taya{sv})) variant */
ref_v = g_variant_get_child_value (refs_v, ref_idx);
/* this gets the (taya{sv}) variant */
ref_data_v = g_variant_get_child_value (ref_v, 1);
g_variant_get (ref_data_v, "(t@ay@a{sv})", NULL, &checksum_v, NULL);
if (!ostree_validate_structureof_csum_v (checksum_v, error))
return NULL;
return ostree_checksum_from_bytes_v (checksum_v);
};
static gboolean
do_print_related (OstreeRepo *repo,
const char *rev,
const char *resolved_rev,
GError **error)
{
gboolean ret = FALSE;
const char *name;
gs_unref_variant GVariant *csum_v = NULL;
gs_unref_variant GVariant *variant = NULL;
gs_unref_variant GVariant *related = NULL;
GVariantIter *viter = NULL;
if (!ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT,
resolved_rev, &variant, error))
goto out;
/* PARSE OSTREE_SERIALIZED_COMMIT_VARIANT */
related = g_variant_get_child_value (variant, 2);
viter = g_variant_iter_new (related);
while (g_variant_iter_loop (viter, "(&s@ay)", &name, &csum_v))
{
gs_free char *checksum = ostree_checksum_from_bytes_v (csum_v);
g_print ("%s %s\n", name, checksum);
}
csum_v = NULL;
ret = TRUE;
out:
if (viter)
g_variant_iter_free (viter);
return ret;
}
static gboolean
do_print_related (OstreeRepo *repo,
const char *rev,
const char *resolved_rev,
GError **error)
{
g_autoptr(GVariant) variant = NULL;
if (!ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT,
resolved_rev, &variant, error))
return FALSE;
/* PARSE OSTREE_SERIALIZED_COMMIT_VARIANT */
g_autoptr(GVariant) related = g_variant_get_child_value (variant, 2);
g_autoptr(GVariantIter) viter = g_variant_iter_new (related);
const char *name;
GVariant* csum_v;
while (g_variant_iter_loop (viter, "(&s@ay)", &name, &csum_v))
{
g_autofree char *checksum = ostree_checksum_from_bytes_v (csum_v);
g_print ("%s %s\n", name, checksum);
}
return TRUE;
}
static gboolean
scan_dirtree_object (OtPullData *pull_data,
const char *checksum,
int recursion_depth,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
int i, n;
gs_unref_variant GVariant *tree = NULL;
gs_unref_variant GVariant *files_variant = NULL;
gs_unref_variant GVariant *dirs_variant = NULL;
if (recursion_depth > OSTREE_MAX_RECURSION)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Exceeded maximum recursion");
goto out;
}
if (!ostree_repo_load_variant (pull_data->repo, OSTREE_OBJECT_TYPE_DIR_TREE, checksum,
&tree, error))
goto out;
/* PARSE OSTREE_SERIALIZED_TREE_VARIANT */
files_variant = g_variant_get_child_value (tree, 0);
dirs_variant = g_variant_get_child_value (tree, 1);
n = g_variant_n_children (files_variant);
for (i = 0; i < n; i++)
{
const char *filename;
gboolean file_is_stored;
gs_unref_variant GVariant *csum = NULL;
gs_free char *file_checksum = NULL;
g_variant_get_child (files_variant, i, "(&s@ay)", &filename, &csum);
if (!ot_util_filename_validate (filename, error))
goto out;
file_checksum = ostree_checksum_from_bytes_v (csum);
if (!ostree_repo_has_object (pull_data->repo, OSTREE_OBJECT_TYPE_FILE, file_checksum,
&file_is_stored, cancellable, error))
goto out;
if (!file_is_stored && !g_hash_table_lookup (pull_data->requested_content, file_checksum))
{
g_hash_table_insert (pull_data->requested_content, file_checksum, file_checksum);
ot_waitable_queue_push (pull_data->metadata_objects_to_fetch,
pull_worker_message_new (PULL_MSG_FETCH,
ostree_object_name_serialize (file_checksum, OSTREE_OBJECT_TYPE_FILE)));
file_checksum = NULL; /* Transfer ownership to hash */
}
}
n = g_variant_n_children (dirs_variant);
for (i = 0; i < n; i++)
{
const char *dirname;
gs_unref_variant GVariant *tree_csum = NULL;
gs_unref_variant GVariant *meta_csum = NULL;
g_variant_get_child (dirs_variant, i, "(&s@ay@ay)",
&dirname, &tree_csum, &meta_csum);
if (!ot_util_filename_validate (dirname, error))
goto out;
if (!scan_one_metadata_object (pull_data, ostree_checksum_bytes_peek (tree_csum),
OSTREE_OBJECT_TYPE_DIR_TREE, recursion_depth + 1,
cancellable, error))
goto out;
if (!scan_one_metadata_object (pull_data, ostree_checksum_bytes_peek (meta_csum),
OSTREE_OBJECT_TYPE_DIR_META, recursion_depth + 1,
cancellable, error))
goto out;
}
ret = TRUE;
out:
return ret;
}
/**
* ostree_repo_static_delta_execute_offline:
* @self: Repo
* @dir_or_file: Path to a directory containing static delta data, or directly to the superblock
* @skip_validation: If %TRUE, assume data integrity
* @cancellable: Cancellable
* @error: Error
*
* Given a directory representing an already-downloaded static delta
* on disk, apply it, generating a new commit. The directory must be
* named with the form "FROM-TO", where both are checksums, and it
* must contain a file named "superblock", along with at least one part.
*/
gboolean
ostree_repo_static_delta_execute_offline (OstreeRepo *self,
GFile *dir_or_file,
gboolean skip_validation,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
guint i, n;
const char *dir_or_file_path = NULL;
glnx_fd_close int meta_fd = -1;
glnx_fd_close int dfd = -1;
g_autoptr(GVariant) meta = NULL;
g_autoptr(GVariant) headers = NULL;
g_autoptr(GVariant) metadata = NULL;
g_autoptr(GVariant) fallback = NULL;
g_autofree char *to_checksum = NULL;
g_autofree char *from_checksum = NULL;
g_autofree char *basename = NULL;
dir_or_file_path = gs_file_get_path_cached (dir_or_file);
/* First, try opening it as a directory */
dfd = glnx_opendirat_with_errno (AT_FDCWD, dir_or_file_path, TRUE);
if (dfd < 0)
{
if (errno != ENOTDIR)
{
glnx_set_error_from_errno (error);
goto out;
}
else
{
g_autofree char *dir = dirname (g_strdup (dir_or_file_path));
basename = g_path_get_basename (dir_or_file_path);
if (!glnx_opendirat (AT_FDCWD, dir, TRUE, &dfd, error))
goto out;
}
}
else
basename = g_strdup ("superblock");
meta_fd = openat (dfd, basename, O_RDONLY | O_CLOEXEC);
if (meta_fd < 0)
{
glnx_set_error_from_errno (error);
goto out;
}
if (!ot_util_variant_map_fd (meta_fd, 0, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT),
FALSE, &meta, error))
goto out;
/* Parsing OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT */
metadata = g_variant_get_child_value (meta, 0);
/* Write the to-commit object */
{
g_autoptr(GVariant) to_csum_v = NULL;
g_autoptr(GVariant) from_csum_v = NULL;
g_autoptr(GVariant) to_commit = NULL;
gboolean have_to_commit;
gboolean have_from_commit;
to_csum_v = g_variant_get_child_value (meta, 3);
if (!ostree_validate_structureof_csum_v (to_csum_v, error))
goto out;
to_checksum = ostree_checksum_from_bytes_v (to_csum_v);
from_csum_v = g_variant_get_child_value (meta, 2);
if (g_variant_n_children (from_csum_v) > 0)
{
if (!ostree_validate_structureof_csum_v (from_csum_v, error))
goto out;
from_checksum = ostree_checksum_from_bytes_v (from_csum_v);
if (!ostree_repo_has_object (self, OSTREE_OBJECT_TYPE_COMMIT, from_checksum,
&have_from_commit, cancellable, error))
goto out;
if (!have_from_commit)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Commit %s, which is the delta source, is not in repository", from_checksum);
goto out;
}
}
if (!ostree_repo_has_object (self, OSTREE_OBJECT_TYPE_COMMIT, to_checksum,
&have_to_commit, cancellable, error))
goto out;
if (!have_to_commit)
{
g_autofree char *detached_path = _ostree_get_relative_static_delta_path (from_checksum, to_checksum, "commitmeta");
g_autoptr(GVariant) detached_data = NULL;
detached_data = g_variant_lookup_value (metadata, detached_path, G_VARIANT_TYPE("a{sv}"));
if (detached_data && !ostree_repo_write_commit_detached_metadata (self,
to_checksum,
detached_data,
cancellable,
error))
goto out;
to_commit = g_variant_get_child_value (meta, 4);
if (!ostree_repo_write_metadata (self, OSTREE_OBJECT_TYPE_COMMIT,
to_checksum, to_commit, NULL,
cancellable, error))
goto out;
}
}
fallback = g_variant_get_child_value (meta, 7);
if (g_variant_n_children (fallback) > 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Cannot execute delta offline: contains nonempty http fallback entries");
goto out;
}
headers = g_variant_get_child_value (meta, 6);
n = g_variant_n_children (headers);
for (i = 0; i < n; i++)
{
guint32 version;
guint64 size;
guint64 usize;
const guchar *csum;
char checksum[OSTREE_SHA256_STRING_LEN+1];
gboolean have_all;
g_autoptr(GInputStream) part_in = NULL;
g_autoptr(GVariant) inline_part_data = NULL;
g_autoptr(GVariant) header = NULL;
g_autoptr(GVariant) csum_v = NULL;
g_autoptr(GVariant) objects = NULL;
g_autoptr(GVariant) part = NULL;
g_autofree char *deltapart_path = NULL;
OstreeStaticDeltaOpenFlags delta_open_flags =
skip_validation ? OSTREE_STATIC_DELTA_OPEN_FLAGS_SKIP_CHECKSUM : 0;
header = g_variant_get_child_value (headers, i);
g_variant_get (header, "(u@aytt@ay)", &version, &csum_v, &size, &usize, &objects);
if (version > OSTREE_DELTAPART_VERSION)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Delta part has too new version %u", version);
goto out;
}
if (!_ostree_repo_static_delta_part_have_all_objects (self, objects, &have_all,
cancellable, error))
goto out;
/* If we already have these objects, don't bother executing the
* static delta.
*/
if (have_all)
continue;
csum = ostree_checksum_bytes_peek_validate (csum_v, error);
if (!csum)
goto out;
ostree_checksum_inplace_from_bytes (csum, checksum);
deltapart_path =
_ostree_get_relative_static_delta_part_path (from_checksum, to_checksum, i);
inline_part_data = g_variant_lookup_value (metadata, deltapart_path, G_VARIANT_TYPE("(yay)"));
if (inline_part_data)
{
g_autoptr(GBytes) inline_part_bytes = g_variant_get_data_as_bytes (inline_part_data);
part_in = g_memory_input_stream_new_from_bytes (inline_part_bytes);
/* For inline parts, we don't checksum, because it's
* included with the metadata, so we're not trying to
* protect against MITM or such. Non-security related
* checksums should be done at the underlying storage layer.
*/
delta_open_flags |= OSTREE_STATIC_DELTA_OPEN_FLAGS_SKIP_CHECKSUM;
if (!_ostree_static_delta_part_open (part_in, inline_part_bytes,
delta_open_flags,
NULL,
&part,
cancellable, error))
goto out;
}
else
{
g_autofree char *relpath = g_strdup_printf ("%u", i); /* TODO avoid malloc here */
glnx_fd_close int part_fd = openat (dfd, relpath, O_RDONLY | O_CLOEXEC);
if (part_fd < 0)
{
glnx_set_error_from_errno (error);
g_prefix_error (error, "Opening deltapart '%s': ", deltapart_path);
goto out;
}
part_in = g_unix_input_stream_new (part_fd, FALSE);
if (!_ostree_static_delta_part_open (part_in, NULL,
delta_open_flags,
checksum,
&part,
cancellable, error))
goto out;
}
if (!_ostree_static_delta_part_execute (self, objects, part, skip_validation,
NULL, cancellable, error))
{
g_prefix_error (error, "Executing delta part %i: ", i);
goto out;
}
}
ret = TRUE;
out:
return ret;
}
/**
* ostree_repo_resolve_rev:
* @self: Repo
* @refspec: A refspec
* @allow_noent: Do not throw an error if refspec does not exist
* @out_rev: (out) (transfer full): A checksum,or %NULL if @allow_noent is true and it does not exist
* @error: Error
*
* Look up the given refspec, returning the checksum it references in
* the parameter @out_rev.
*/
gboolean
ostree_repo_resolve_rev (OstreeRepo *self,
const char *refspec,
gboolean allow_noent,
char **out_rev,
GError **error)
{
gboolean ret = FALSE;
gs_free char *ret_rev = NULL;
g_return_val_if_fail (refspec != NULL, FALSE);
if (ostree_validate_checksum_string (refspec, NULL))
{
ret_rev = g_strdup (refspec);
}
else
{
if (g_str_has_suffix (refspec, "^"))
{
gs_free char *parent_refspec = NULL;
gs_free char *parent_rev = NULL;
gs_unref_variant GVariant *commit = NULL;
gs_unref_variant GVariant *parent_csum_v = NULL;
parent_refspec = g_strdup (refspec);
parent_refspec[strlen(parent_refspec) - 1] = '\0';
if (!ostree_repo_resolve_rev (self, parent_refspec, allow_noent, &parent_rev, error))
goto out;
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT, parent_rev,
&commit, error))
goto out;
g_variant_get_child (commit, 1, "@ay", &parent_csum_v);
if (g_variant_n_children (parent_csum_v) == 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Commit %s has no parent", parent_rev);
goto out;
}
ret_rev = ostree_checksum_from_bytes_v (parent_csum_v);
}
else
{
gs_free char *remote = NULL;
gs_free char *ref = NULL;
if (!ostree_parse_refspec (refspec, &remote, &ref, error))
goto out;
if (!resolve_refspec (self, remote, ref, allow_noent,
&ret_rev, error))
goto out;
}
}
ret = TRUE;
ot_transfer_out_value (out_rev, &ret_rev);
out:
return ret;
}
/**
* ostree_repo_static_delta_execute_offline:
* @self: Repo
* @dir: Path to a directory containing static delta data
* @skip_validation: If %TRUE, assume data integrity
* @cancellable: Cancellable
* @error: Error
*
* Given a directory representing an already-downloaded static delta
* on disk, apply it, generating a new commit. The directory must be
* named with the form "FROM-TO", where both are checksums, and it
* must contain a file named "superblock", along with at least one part.
*/
gboolean
ostree_repo_static_delta_execute_offline (OstreeRepo *self,
GFile *dir,
gboolean skip_validation,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
guint i, n;
gs_unref_object GFile *meta_file = g_file_get_child (dir, "superblock");
gs_unref_variant GVariant *meta = NULL;
gs_unref_variant GVariant *headers = NULL;
gs_unref_variant GVariant *fallback = NULL;
if (!ot_util_variant_map (meta_file, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT),
FALSE, &meta, error))
goto out;
/* Parsing OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT */
/* Write the to-commit object */
{
gs_unref_variant GVariant *to_csum_v = NULL;
gs_free char *to_checksum = NULL;
gs_unref_variant GVariant *to_commit = NULL;
gboolean have_to_commit;
to_csum_v = g_variant_get_child_value (meta, 3);
if (!ostree_validate_structureof_csum_v (to_csum_v, error))
goto out;
to_checksum = ostree_checksum_from_bytes_v (to_csum_v);
if (!ostree_repo_has_object (self, OSTREE_OBJECT_TYPE_COMMIT, to_checksum,
&have_to_commit, cancellable, error))
goto out;
if (!have_to_commit)
{
to_commit = g_variant_get_child_value (meta, 4);
if (!ostree_repo_write_metadata (self, OSTREE_OBJECT_TYPE_COMMIT,
to_checksum, to_commit, NULL,
cancellable, error))
goto out;
}
}
fallback = g_variant_get_child_value (meta, 7);
if (g_variant_n_children (fallback) > 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Cannot execute delta offline: contains nonempty http fallback entries");
goto out;
}
headers = g_variant_get_child_value (meta, 6);
n = g_variant_n_children (headers);
for (i = 0; i < n; i++)
{
guint64 size;
guint64 usize;
const guchar *csum;
gboolean have_all;
gs_unref_variant GVariant *header = NULL;
gs_unref_variant GVariant *csum_v = NULL;
gs_unref_variant GVariant *objects = NULL;
gs_unref_object GFile *part_path = NULL;
gs_unref_object GInputStream *raw_in = NULL;
gs_unref_object GInputStream *in = NULL;
header = g_variant_get_child_value (headers, i);
g_variant_get (header, "(@aytt@ay)", &csum_v, &size, &usize, &objects);
if (!_ostree_repo_static_delta_part_have_all_objects (self, objects, &have_all,
cancellable, error))
goto out;
/* If we already have these objects, don't bother executing the
* static delta.
*/
if (have_all)
continue;
csum = ostree_checksum_bytes_peek_validate (csum_v, error);
if (!csum)
goto out;
part_path = ot_gfile_resolve_path_printf (dir, "%u", i);
in = (GInputStream*)g_file_read (part_path, cancellable, error);
if (!in)
goto out;
if (!skip_validation)
{
gs_free char *expected_checksum = ostree_checksum_from_bytes (csum);
if (!_ostree_static_delta_part_validate (self, part_path, i,
expected_checksum,
cancellable, error))
goto out;
}
{
GMappedFile *mfile = gs_file_map_noatime (part_path, cancellable, error);
gs_unref_bytes GBytes *bytes = NULL;
if (!mfile)
goto out;
bytes = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
if (!_ostree_static_delta_part_execute (self, objects, bytes,
cancellable, error))
{
g_prefix_error (error, "executing delta part %i: ", i);
goto out;
}
}
}
ret = TRUE;
out:
return ret;
}
gboolean
install_bundle (XdgAppDir *dir,
GOptionContext *context,
int argc, char **argv,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
g_autoptr(GFile) deploy_base = NULL;
g_autoptr(GFile) file = NULL;
g_autoptr(GFile) gpg_tmp_file = NULL;
const char *filename;
g_autofree char *ref = NULL;
g_autofree char *origin = NULL;
gboolean created_deploy_base = FALSE;
gboolean added_remote = FALSE;
g_autofree char *to_checksum = NULL;
g_auto(GStrv) parts = NULL;
g_autoptr(GBytes) gpg_data = NULL;
g_autofree char *remote = NULL;
OstreeRepo *repo;
g_autoptr(OstreeGpgVerifyResult) gpg_result = NULL;
g_autoptr(GError) my_error = NULL;
g_auto(GLnxLockFile) lock = GLNX_LOCK_FILE_INIT;
if (argc < 2)
return usage_error (context, "bundle filename must be specified", error);
filename = argv[1];
repo = xdg_app_dir_get_repo (dir);
if (!xdg_app_supports_bundles (repo))
return xdg_app_fail (error, "Your version of ostree is too old to support single-file bundles");
if (!xdg_app_dir_lock (dir, &lock,
cancellable, error))
goto out;
file = g_file_new_for_commandline_arg (filename);
{
g_autoptr(GVariant) delta = NULL;
g_autoptr(GVariant) metadata = NULL;
g_autoptr(GBytes) bytes = NULL;
g_autoptr(GVariant) to_csum_v = NULL;
g_autoptr(GVariant) gpg_value = NULL;
GMappedFile *mfile = g_mapped_file_new (gs_file_get_path_cached (file), FALSE, error);
if (mfile == NULL)
return FALSE;
bytes = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
delta = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), bytes, FALSE);
g_variant_ref_sink (delta);
to_csum_v = g_variant_get_child_value (delta, 3);
if (!ostree_validate_structureof_csum_v (to_csum_v, error))
return FALSE;
to_checksum = ostree_checksum_from_bytes_v (to_csum_v);
metadata = g_variant_get_child_value (delta, 0);
if (!g_variant_lookup (metadata, "ref", "s", &ref))
return xdg_app_fail (error, "Invalid bundle, no ref in metadata");
if (!g_variant_lookup (metadata, "origin", "s", &origin))
origin = NULL;
gpg_value = g_variant_lookup_value (metadata, "gpg-keys", G_VARIANT_TYPE("ay"));
if (gpg_value)
{
gsize n_elements;
const char *data = g_variant_get_fixed_array (gpg_value, &n_elements, 1);
gpg_data = g_bytes_new (data, n_elements);
}
}
parts = xdg_app_decompose_ref (ref, error);
if (parts == NULL)
return FALSE;
deploy_base = xdg_app_dir_get_deploy_dir (dir, ref);
if (g_file_query_exists (deploy_base, cancellable))
return xdg_app_fail (error, "%s branch %s already installed", parts[1], parts[3]);
if (opt_gpg_file != NULL)
{
/* Override gpg_data from file */
gpg_data = read_gpg_data (cancellable, error);
if (gpg_data == NULL)
return FALSE;
}
/* Add a remote for later updates */
if (origin != NULL)
{
g_auto(GStrv) remotes = ostree_repo_remote_list (repo, NULL);
int version = 0;
do
{
g_autofree char *name = NULL;
if (version == 0)
name = g_strdup_printf ("%s-origin", parts[1]);
else
name = g_strdup_printf ("%s-%d-origin", parts[1], version);
version++;
if (remotes == NULL ||
!g_strv_contains ((const char * const *) remotes, name))
remote = g_steal_pointer (&name);
}
while (remote == NULL);
}
if (!ostree_repo_prepare_transaction (repo, NULL, cancellable, error))
return FALSE;
ostree_repo_transaction_set_ref (repo, remote, ref, to_checksum);
if (!ostree_repo_static_delta_execute_offline (repo,
file,
FALSE,
cancellable,
error))
return FALSE;
if (gpg_data)
{
g_autoptr(GFileIOStream) stream;
GOutputStream *o;
gpg_tmp_file = g_file_new_tmp (".xdg-app-XXXXXX", &stream, error);
if (gpg_tmp_file == NULL)
return FALSE;
o = g_io_stream_get_output_stream (G_IO_STREAM (stream));
if (!g_output_stream_write_all (o, g_bytes_get_data (gpg_data, NULL), g_bytes_get_size (gpg_data), NULL, cancellable, error))
return FALSE;
}
gpg_result = ostree_repo_verify_commit_ext (repo,
to_checksum,
NULL, gpg_tmp_file, cancellable, &my_error);
if (gpg_tmp_file)
g_file_delete (gpg_tmp_file, cancellable, NULL);
if (gpg_result == NULL)
{
/* NOT_FOUND means no gpg signature, we ignore this *if* there
* is no gpg key specified in the bundle or by the user */
if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND) &&
gpg_data == NULL)
g_clear_error (&my_error);
else
{
g_propagate_error (error, g_steal_pointer (&my_error));
return FALSE;
}
}
else
{
/* If there is no valid gpg signature we fail, unless there is no gpg
key specified (on the command line or in the file) because then we
trust the source bundle. */
if (ostree_gpg_verify_result_count_valid (gpg_result) == 0 &&
gpg_data != NULL)
return xdg_app_fail (error, "GPG signatures found, but none are in trusted keyring");
}
if (!ostree_repo_commit_transaction (repo, NULL, cancellable, error))
return FALSE;
if (!g_file_make_directory_with_parents (deploy_base, cancellable, error))
return FALSE;
/* From here we need to goto out on error, to clean up */
created_deploy_base = TRUE;
if (remote)
{
g_autoptr(GVariantBuilder) optbuilder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
g_autofree char *basename = g_file_get_basename (file);
g_variant_builder_add (optbuilder, "{s@v}",
"xa.title",
g_variant_new_variant (g_variant_new_string (basename)));
g_variant_builder_add (optbuilder, "{s@v}",
"xa.noenumerate",
g_variant_new_variant (g_variant_new_boolean (TRUE)));
g_variant_builder_add (optbuilder, "{s@v}",
"xa.prio",
g_variant_new_variant (g_variant_new_string ("0")));
if (!ostree_repo_remote_add (repo,
remote, origin, g_variant_builder_end (optbuilder), cancellable, error))
goto out;
added_remote = TRUE;
if (gpg_data)
{
g_autoptr(GInputStream) gpg_data_as_stream = g_memory_input_stream_new_from_bytes (gpg_data);
if (!ostree_repo_remote_gpg_import (repo, remote, gpg_data_as_stream,
NULL, NULL, cancellable, error))
goto out;
}
if (!xdg_app_dir_set_origin (dir, ref, remote, cancellable, error))
goto out;
}
if (!xdg_app_dir_deploy (dir, ref, to_checksum, cancellable, error))
goto out;
if (!xdg_app_dir_make_current_ref (dir, ref, cancellable, error))
goto out;
if (strcmp (parts[0], "app") == 0)
{
if (!xdg_app_dir_update_exports (dir, parts[1], cancellable, error))
goto out;
}
glnx_release_lock_file (&lock);
xdg_app_dir_cleanup_removed (dir, cancellable, NULL);
if (!xdg_app_dir_mark_changed (dir, error))
goto out;
ret = TRUE;
out:
if (created_deploy_base && !ret)
gs_shutil_rm_rf (deploy_base, cancellable, NULL);
if (added_remote && !ret)
ostree_repo_remote_delete (repo, remote, NULL, NULL);
return ret;
}