diff options
| author | Karen Arutyunov <karen@codesynthesis.com> | 2016-04-14 17:59:24 +0300 |
|---|---|---|
| committer | Karen Arutyunov <karen@codesynthesis.com> | 2016-05-04 20:47:45 +0300 |
| commit | b13332c991ce2695626eaca367dd8208b174c9ca (patch) | |
| tree | 809dc321b47d5ef9c72935637f94bf5b84ed640d /bpkg/cfg-fetch.cxx | |
| parent | c9831f760a83e36a3a2ac84b1bd3f573e47ef195 (diff) | |
Add support for repository authentication
Diffstat (limited to 'bpkg/cfg-fetch.cxx')
| -rw-r--r-- | bpkg/cfg-fetch.cxx | 52 |
1 files changed, 39 insertions, 13 deletions
diff --git a/bpkg/cfg-fetch.cxx b/bpkg/cfg-fetch.cxx index d311a21..dfbcc98 100644 --- a/bpkg/cfg-fetch.cxx +++ b/bpkg/cfg-fetch.cxx @@ -8,6 +8,7 @@ #include <bpkg/manifest> +#include <bpkg/auth> #include <bpkg/fetch> #include <bpkg/package> #include <bpkg/package-odb> @@ -20,7 +21,7 @@ using namespace butl; namespace bpkg { static void - cfg_fetch (const common_options& co, + cfg_fetch (const configuration_options& co, transaction& t, const shared_ptr<repository>& r, const shared_ptr<repository>& root, @@ -55,25 +56,50 @@ namespace bpkg r->fetched = true; // Mark as being fetched. - // Load the 'packages' file. We do this first so that we can get and - // verify the checksum of the 'repositories' file which below. + // Load the 'repositories' file and use it to populate the prerequisite + // and complement repository sets. // - package_manifests pms (fetch_packages (co, rl, true)); + pair<repository_manifests, string/*checksum*/> rmc ( + fetch_repositories (co, rl, true)); - // Load the 'repositories' file and use it to populate the prerequisite and - // complement repository sets. - // - repository_manifests rms; + repository_manifests& rms (rmc.first); + + bool a (co.auth () != auth::none && + (co.auth () == auth::all || rl.remote ())); - try + shared_ptr<const certificate> cert; + + if (a) { - rms = fetch_repositories (co, rl, pms.sha256sum, true); + cert = authenticate_certificate ( + co, &co.directory (), rms.back ().certificate, rl); + + a = !cert->dummy (); } - catch (const checksum_mismatch&) - { - fail << "repository files checksum mismatch for " + + // Load the 'packages' file. + // + pair<package_manifests, string/*checksum*/> pmc ( + fetch_packages (co, rl, true)); + + package_manifests& pms (pmc.first); + + if (rmc.second != pms.sha256sum) + fail << "repositories manifest file checksum mismatch for " << rl.canonical_name () << info << "try again"; + + if (a) + { + signature_manifest sm (fetch_signature (co, rl, true)); + + if (sm.sha256sum != pmc.second) + fail << "packages manifest file checksum mismatch for " + << rl.canonical_name () << + info << "try again"; + + assert (cert != nullptr); + authenticate_repository (co, &co.directory (), nullopt, *cert, sm, rl); } for (repository_manifest& rm: rms) |