katolaz
/
cgit-70
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

snapshot: support archive signatures

Browse Source 
Read signatures from the notes refs refs/notes/signatures/$FORMAT where
FORMAT is one of our archive formats ("tar", "tar.gz", ...).  The note
is expected to simply contain the signature content to be returned when
the snapshot "${filename}.asc" is requested, so the signature for
cgit-1.1.tar.xz can be stored against the v1.1 tag with:

	git notes --ref=refs/notes/signatures/tar.xz add -C "$(
		gpg --output - --armor --detach-sign cgit-1.1.tar.xz |
		git hash-object -w --stdin
	)" v1.1

and then downloaded by simply appending ".asc" to the archive URL.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
upstream
John Keeping 7 years ago committed by Jason A. Donenfeld
parent 71d14d9c98
commit c712d5ac43
3 changed files with 84 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      cgit.h
  2. 7
      ui-shared.c
  3. 76
      ui-snapshot.c

2
cgit.h
Unescape View File

@ -374,6 +374,8 @@ extern void cgit_parse_url(const char *url);
extern const char *cgit_repobasename(const char *reponame);
extern int cgit_parse_snapshots_mask(const char *str);
extern const struct object_id *cgit_snapshot_get_sig(const char *ref,
const struct cgit_snapshot_format *f);
extern int cgit_open_filter(struct cgit_filter *filter, ...);
extern int cgit_close_filter(struct cgit_filter *filter);

7
ui-shared.c
Unescape View File

@ -1133,6 +1133,13 @@ void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref,
strbuf_addstr(&filename, f->suffix);
cgit_snapshot_link(filename.buf, NULL, NULL, NULL, NULL,
filename.buf);
if (cgit_snapshot_get_sig(ref, f)) {
strbuf_addstr(&filename, ".asc");
html(" (");
cgit_snapshot_link("sig", NULL, NULL, NULL, NULL,
filename.buf);
html(")");
}
html(separator);
}
strbuf_release(&filename);

76
ui-snapshot.c
Unescape View File

@ -94,6 +94,31 @@ const struct cgit_snapshot_format cgit_snapshot_formats[] = {
{ NULL }
};
static struct notes_tree snapshot_sig_notes[ARRAY_SIZE(cgit_snapshot_formats)];
const struct object_id *cgit_snapshot_get_sig(const char *ref,
const struct cgit_snapshot_format *f)
{
struct notes_tree *tree;
struct object_id oid;
if (get_oid(ref, &oid))
return NULL;
tree = &snapshot_sig_notes[f - &cgit_snapshot_formats[0]];
if (!tree->initialized) {
struct strbuf notes_ref = STRBUF_INIT;
strbuf_addf(&notes_ref, "refs/notes/signatures/%s",
f->suffix + 1);
init_notes(tree, notes_ref.buf, combine_notes_ignore, 0);
strbuf_release(&notes_ref);
}
return get_note(tree, &oid);
}
static const struct cgit_snapshot_format *get_format(const char *filename)
{
const struct cgit_snapshot_format *fmt;
@ -129,6 +154,39 @@ static int make_snapshot(const struct cgit_snapshot_format *format,
return 0;
}
static int write_sig(const struct cgit_snapshot_format *format,
const char *hex, const char *archive,
const char *filename)
{
const struct object_id *note = cgit_snapshot_get_sig(hex, format);
enum object_type type;
unsigned long size;
char *buf;
if (!note) {
cgit_print_error_page(404, "Not found",
"No signature for %s", archive);
return 0;
}
buf = read_sha1_file(note->hash, &type, &size);
if (!buf) {
cgit_print_error_page(404, "Not found", "Not found");
return 0;
}
html("X-Content-Type-Options: nosniff\n");
html("Content-Security-Policy: default-src 'none'\n");
ctx.page.etag = oid_to_hex(note);
ctx.page.mimetype = xstrdup("application/pgp-signature");
ctx.page.filename = xstrdup(filename);
cgit_print_http_headers();
html_raw(buf, size);
free(buf);
return 0;
}
/* Try to guess the requested revision from the requested snapshot name.
* First the format extension is stripped, e.g. "cgit-0.7.2.tar.gz" become
* "cgit-0.7.2". If this is a valid commit object name we've got a winner.
@ -185,6 +243,8 @@ void cgit_print_snapshot(const char *head, const char *hex,
const char *filename, int dwim)
{
const struct cgit_snapshot_format* f;
const char *sig_filename = NULL;
char *adj_filename = NULL;
char *prefix = NULL;
if (!filename) {
@ -193,6 +253,15 @@ void cgit_print_snapshot(const char *head, const char *hex,
return;
}
if (ends_with(filename, ".asc")) {
sig_filename = filename;
/* Strip ".asc" from filename for common format processing */
adj_filename = xstrdup(filename);
adj_filename[strlen(adj_filename) - 4] = '\0';
filename = adj_filename;
}
f = get_format(filename);
if (!f || !(ctx.repo->snapshots & f->bit)) {
cgit_print_error_page(400, "Bad request",
@ -216,6 +285,11 @@ void cgit_print_snapshot(const char *head, const char *hex,
if (!prefix)
prefix = xstrdup(cgit_snapshot_prefix(ctx.repo));
make_snapshot(f, hex, prefix, filename);
if (sig_filename)
write_sig(f, hex, filename, sig_filename);
else
make_snapshot(f, hex, prefix, filename);
free(prefix);
free(adj_filename);
}

Write Preview
Loading…
Cancel
Save