These were previously private, but since we expect people to use them, let's add
`#define`s like we did for some of the other commit metadata.
Closes: #1028
Approved by: jlebon
* Since: 2017.7
*/
#define OSTREE_COMMIT_META_KEY_ENDOFLIFE "ostree.endoflife"
+/**
+ * OSTREE_COMMIT_META_KEY_REF_BINDING:
+ *
+ * GVariant type `as`; each element is a branch name. If this is added to a
+ * commit, `ostree_repo_pull()` will enforce that the commit was retrieved from
+ * one of the branch names in this array. This prevents "sidegrade" attacks.
+ * The rationale for having this support multiple branch names is that it helps
+ * support a "promotion" model of taking a commit and moving it between development
+ * and production branches.
+ *
+ * Since: 2017.9
+ */
+#define OSTREE_COMMIT_META_KEY_REF_BINDING "ostree.ref-binding"
+/**
+ * OSTREE_COMMIT_META_KEY_COLLECTION_BINDING:
+ *
+ * GVariant type `s`. If this is added to a commit, `ostree_repo_pull()`
+ * will enforce that the commit was retrieved from a repository which has
+ * the same collection ID. See `ostree_repo_set_collection_id()`.
+ * This is most useful in concert with `OSTREE_COMMIT_META_KEY_REF_BINDING`,
+ * as it more strongly binds the commit to the repository and branch.
+ *
+ * Since: 2017.9
+ */
+#ifdef OSTREE_ENABLE_EXPERIMENTAL_API
+#define OSTREE_COMMIT_META_KEY_COLLECTION_BINDING "ostree.collection-binding"
+#endif
_OSTREE_PUBLIC
const GVariantType *ostree_metadata_variant_type (OstreeObjectType objtype);
* in a summary file. */
#define OSTREE_COMMIT_TIMESTAMP "ostree.commit.timestamp"
-/* Well-known keys for the commit metadata */
-#define OSTREE_REF_BINDING "ostree.ref-binding"
-#define OSTREE_COLLECTION_BINDING "ostree.collection-binding"
-
typedef enum {
OSTREE_REPO_TEST_ERROR_PRE_COMMIT = (1 << 0)
} OstreeRepoTestErrorFlags;
g_autoptr(GVariant) metadata = g_variant_get_child_value (commit, 0);
g_autofree const char **refs = NULL;
if (!g_variant_lookup (metadata,
- OSTREE_REF_BINDING,
+ OSTREE_COMMIT_META_KEY_REF_BINDING,
"^a&s",
&refs))
{
if (remote_collection_id != NULL)
{
+#ifdef OSTREE_ENABLE_EXPERIMENTAL_API
const char *collection_id;
if (!g_variant_lookup (metadata,
- OSTREE_COLLECTION_BINDING,
+ OSTREE_COMMIT_META_KEY_COLLECTION_BINDING,
"&s",
&collection_id))
return glnx_throw (error,
"metadata, while the remote it came from has "
"collection ID ā%sā",
collection_id, remote_collection_id);
+#endif
}
return TRUE;
if (collection_id == NULL)
return;
- g_variant_builder_add (metadata_builder, "{s@v}", OSTREE_COLLECTION_BINDING,
+ g_variant_builder_add (metadata_builder, "{s@v}", OSTREE_COMMIT_META_KEY_COLLECTION_BINDING,
g_variant_new_variant (g_variant_new_string (collection_id)));
}
#endif /* OSTREE_ENABLE_EXPERIMENTAL_API */
g_ptr_array_sort (refs, compare_strings);
g_autoptr(GVariant) refs_v = g_variant_new_strv ((const char *const *)refs->pdata,
refs->len);
- g_variant_builder_add (metadata_builder, "{s@v}", OSTREE_REF_BINDING,
+ g_variant_builder_add (metadata_builder, "{s@v}", OSTREE_COMMIT_META_KEY_REF_BINDING,
g_variant_new_variant (g_steal_pointer (&refs_v)));
}
+/* Note if you're using the API, you currently need to do this yourself */
static void
fill_bindings (OstreeRepo *repo,
GVariant *metadata,
/* Allow the collection ID to be overridden using
* --add-metadata-string=ostree.collection-binding=blah */
if (metadata == NULL ||
- !g_variant_lookup (metadata, OSTREE_COLLECTION_BINDING, "*", NULL))
+ !g_variant_lookup (metadata, OSTREE_COMMIT_META_KEY_COLLECTION_BINDING, "*", NULL))
add_collection_binding (repo, metadata_builder);
#endif /* OSTREE_ENABLE_EXPERIMENTAL_API */
projects / ostree.git / commitdiff