diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-06-09 17:19:15 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-08-17 10:09:04 +0200 |
commit | c40d82abf7b23803aa7394a7a7e24c40c32af851 (patch) | |
tree | 3b5ded27e3f43491361f507571f139c6951b2126 /src/import/pull-common.h | |
parent | d32a5841fb1aabc0e2fd138d78b5f66d31b3ba77 (diff) | |
download | systemd-c40d82abf7b23803aa7394a7a7e24c40c32af851.tar.gz |
pull: add --direct mode + make various eatures optional + explicit checksum verification
This does what the previous commit did for systemd-import the same way
for systemd-pull.
It also adds one more thing: the checksum validation is extended, in
addition of doing SHA256SUMS/gpg verification it is now possible to
immediately specify a hash value on the command line that the download
needs to match. This is particularly useful in --direct mode as we can
download/decompress/unpack arbitrary files and check the hash of the
downloaded file on-the-fly.
Diffstat (limited to 'src/import/pull-common.h')
-rw-r--r-- | src/import/pull-common.h | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/src/import/pull-common.h b/src/import/pull-common.h index 3902e29f2b..2347db3bac 100644 --- a/src/import/pull-common.h +++ b/src/import/pull-common.h @@ -7,27 +7,31 @@ #include "pull-job.h" typedef enum PullFlags { - PULL_FORCE = 1 << 0, /* replace existing image */ - PULL_SETTINGS = 1 << 1, /* .nspawn settings file */ - PULL_ROOTHASH = 1 << 2, /* only for raw: .roothash file for verity */ - PULL_ROOTHASH_SIGNATURE = 1 << 3, /* only for raw: .roothash.p7s file for verity */ - PULL_VERITY = 1 << 4, /* only for raw: .verity file for verity */ + PULL_FORCE = 1 << 0, /* replace existing image */ + PULL_READ_ONLY = 1 << 1, /* make generated image read-only */ + PULL_SETTINGS = 1 << 1, /* download .nspawn settings file */ + PULL_ROOTHASH = 1 << 2, /* only for raw: download .roothash file for verity */ + PULL_ROOTHASH_SIGNATURE = 1 << 3, /* only for raw: download .roothash.p7s file for verity */ + PULL_VERITY = 1 << 4, /* only for raw: download .verity file for verity */ + PULL_BTRFS_SUBVOL = 1 << 2, /* tar: preferably create images as btrfs subvols */ + PULL_BTRFS_QUOTA = 1 << 3, /* tar: set up btrfs quota for new subvolume as child of parent subvolume */ + PULL_CONVERT_QCOW2 = 1 << 4, /* raw: if we detect a qcow2 image, unpack it */ + PULL_DIRECT = 1 << 5, /* download without rename games */ + PULL_SYNC = 1 << 6, /* fsync() right before we are done */ /* The supported flags for the tar and the raw pulling */ - PULL_FLAGS_MASK_TAR = PULL_FORCE|PULL_SETTINGS, - PULL_FLAGS_MASK_RAW = PULL_FORCE|PULL_SETTINGS|PULL_ROOTHASH|PULL_ROOTHASH_SIGNATURE|PULL_VERITY, + PULL_FLAGS_MASK_TAR = PULL_FORCE|PULL_READ_ONLY|PULL_SETTINGS|PULL_BTRFS_SUBVOL|PULL_BTRFS_QUOTA|PULL_DIRECT|PULL_SYNC, + PULL_FLAGS_MASK_RAW = PULL_FORCE|PULL_READ_ONLY|PULL_SETTINGS|PULL_ROOTHASH|PULL_ROOTHASH_SIGNATURE|PULL_VERITY|PULL_CONVERT_QCOW2|PULL_DIRECT|PULL_SYNC, } PullFlags; -int pull_make_local_copy(const char *final, const char *root, const char *local, PullFlags flags); - int pull_find_old_etags(const char *url, const char *root, int dt, const char *prefix, const char *suffix, char ***etags); int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret); -int pull_make_auxiliary_job(PullJob **ret, const char *url, int (*strip_suffixes)(const char *name, char **ret), const char *suffix, CurlGlue *glue, PullJobFinished on_finished, void *userdata); -int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata); +int pull_make_auxiliary_job(PullJob **ret, const char *url, int (*strip_suffixes)(const char *name, char **ret), const char *suffix, ImportVerify verify, CurlGlue *glue, PullJobOpenDisk on_open_disk, PullJobFinished on_finished, void *userdata); +int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *checksum, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata); -int pull_verify(ImportVerify verify, PullJob *main_job, PullJob *checksum_job, PullJob *signature_job, PullJob *settings_job, PullJob *roothash_job, PullJob *roothash_signature_job, PullJob *verity_job); +int pull_verify(ImportVerify verify, const char *checksum, PullJob *main_job, PullJob *checksum_job, PullJob *signature_job, PullJob *settings_job, PullJob *roothash_job, PullJob *roothash_signature_job, PullJob *verity_job); typedef enum VerificationStyle { VERIFICATION_PER_FILE, /* SuSE-style ".sha256" files with inline gpg signature */ @@ -39,3 +43,7 @@ typedef enum VerificationStyle { int verification_style_from_url(const char *url, VerificationStyle *style); int pull_job_restart_with_sha256sum(PullJob *job, char **ret); + +bool pull_validate_local(const char *name, PullFlags flags); + +int pull_url_needs_checksum(const char *url); |