All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 3c776137 authored by Mike Hibler's avatar Mike Hibler

Make sure a regenerated sig file is owned same as image.

Also allow '-V sig' as alternative to -S.
parent 44c485cd
......@@ -44,6 +44,7 @@ sub usage()
print("Usage: imagevalidate [-dfupqRS] [-H hash] [-V str] <imageid> ...\n".
" imagevalidate [-dfupqRS] [-H hash] [-V str] -P pid\n".
" imagevalidate [-dfupqRS] [-H hash] [-V str] -a\n".
"Validate image information in the DB.\n".
"Options:\n".
" -d Turn on debug mode\n".
" -f Only update if DB says an image is out of date\n".
......@@ -56,11 +57,11 @@ sub usage()
" -U Do not modify updater_uid in DB\n".
" -H hash Use the provided hash rather than recalculating\n".
" -V str Comma separated list of fields to validate/update\n".
" valid values: 'hash', 'range', 'size', 'all'\n".
" default is 'all'\n".
" fields: 'hash', 'range', 'size', 'all', 'sig'; default is 'all'\n".
" NOTE: 'sig' is special as it is not a DB field and\n".
" thus is not included in the 'all' option.\n".
" -S Validate/update the image signature\n".
" (this is not a DB field so is not included in the\n".
" default or \"-V all\" validate/update\n");
" This is the same as specifying \"-V sig\".\n");
exit(-1);
}
my $optlist = "dfnupqRaP:UH:V:FS";
......@@ -95,7 +96,7 @@ sub doimage($);
sub makehashfile($$$$);
sub removehashfile($$);
sub checksigfile($$$);
sub makesigfile($$$);
sub makesigfile($$$$);
sub removesigfile($$);
sub removeoldsigfile($);
sub fatal($);
......@@ -180,7 +181,7 @@ if (defined($options{"V"})) {
} else {
$validate{"all"} = 1;
}
if (defined($options{"S"})) {
if (defined($options{"S"}) || $validate{"sig"}) {
$dosig = 1;
}
@images = @ARGV;
......@@ -348,7 +349,7 @@ sub doimage($)
}
makehashfile($pidimage, $path, $hash, $fuid);
if ($dosig && checksigfile($pidimage, $path, $isdelta)) {
makesigfile($pidimage, $path, $isdelta);
makesigfile($pidimage, $path, $isdelta, $fuid);
}
return 0;
}
......@@ -579,7 +580,7 @@ sub doimage($)
if ($update) {
print("$pidimage: sig: ")
if (!$quiet);
if (makesigfile($pidimage, $path, $isdelta) == 0) {
if (makesigfile($pidimage, $path, $isdelta, $fuid) == 0) {
$changed = 1;
print "[FIXED]\n"
if (!$quiet);
......@@ -644,9 +645,9 @@ sub checksigfile($$$)
}
# Return 0 if action is successful
sub makesigfile($$$)
sub makesigfile($$$$)
{
my ($pidimage,$imagepath,$isdelta) = @_;
my ($pidimage,$imagepath,$isdelta,$fuid) = @_;
my $sigfile = "$imagepath.sig";
# XXX get rid of old sigfile
......@@ -676,6 +677,10 @@ sub makesigfile($$$)
unlink($sigfile);
return 1;
}
if (defined($fuid) && system("chown $fuid $sigfile >/dev/null 2>&1")) {
print STDERR
"$pidimage: WARNING: could not chown $sigfile to $fuid\n";
}
return 0;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment