aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2017-04-18 12:16:10 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2017-04-18 12:25:42 +0300
commitd81b21e46f325d0c12df3054fe08aa29bb1061f3 (patch)
treec1d6ac728d3575c840d24e204023e61bffb808fa
parent21036163f37ba0d60d47628b7139ed13f34ef458 (diff)
Add support for task manifest trust value
-rw-r--r--bbot/manifest31
-rw-r--r--bbot/manifest.cxx34
-rw-r--r--tests/manifest/task.test22
3 files changed, 75 insertions, 12 deletions
diff --git a/bbot/manifest b/bbot/manifest
index 4a5561a..7e14b7d 100644
--- a/bbot/manifest
+++ b/bbot/manifest
@@ -88,6 +88,11 @@ namespace bbot
std::string name;
bpkg::version version;
bpkg::repository_location repository; // Remote or absolute.
+
+ // The SHA256 repositories certificates fingerprints to trust. The special
+ // 'yes' value can be specified instead of fingerprint (in which case all
+ // repositories will be trusted without authentication).
+ //
strings trust;
// Build machine to use for building the package.
@@ -103,18 +108,20 @@ namespace bbot
//
variables config;
- task_manifest (std::string n,
- bpkg::version v,
- bpkg::repository_location r,
- std::string m,
- butl::optional<butl::target_triplet> t,
- variables c)
- : name (std::move (n)),
- version (std::move (v)),
- repository (std::move (r)),
- machine (std::move (m)),
- target (std::move (t)),
- config (std::move (c)) {}
+ task_manifest (std::string nm,
+ bpkg::version vr,
+ bpkg::repository_location rl,
+ strings tr,
+ std::string mn,
+ butl::optional<butl::target_triplet> tg,
+ variables cf)
+ : name (std::move (nm)),
+ version (std::move (vr)),
+ repository (std::move (rl)),
+ trust (tr),
+ machine (std::move (mn)),
+ target (std::move (tg)),
+ config (std::move (cf)) {}
public:
task_manifest () = default; // VC export.
diff --git a/bbot/manifest.cxx b/bbot/manifest.cxx
index b183596..9aedcea 100644
--- a/bbot/manifest.cxx
+++ b/bbot/manifest.cxx
@@ -6,6 +6,7 @@
#include <vector>
#include <string>
+#include <cctype> // isxdigit()
#include <cassert>
#include <sstream>
#include <cstddef> // size_t
@@ -78,6 +79,28 @@ namespace bbot
return true;
}
+ inline static bool
+ valid_fingerprint (const string& f) noexcept
+ {
+ size_t n (f.size ());
+ if (n != 32 * 3 - 1)
+ return false;
+
+ for (size_t i (0); i < n; ++i)
+ {
+ char c (f[i]);
+ if ((i + 1) % 3 == 0)
+ {
+ if (c != ':')
+ return false;
+ }
+ else if (!isxdigit (c))
+ return false;
+ }
+
+ return true;
+ }
+
// machine_header_manifest
//
machine_header_manifest::
@@ -366,6 +389,13 @@ namespace bbot
bad_value (string ("invalid task repository: ") + e.what ());
}
}
+ else if (n == "trust")
+ {
+ if (v != "yes" && !valid_fingerprint (v))
+ bad_value ("invalid repository certificate fingerprint");
+
+ trust.emplace_back (move (v));
+ }
else if (n == "machine")
{
if (!machine.empty ())
@@ -462,6 +492,10 @@ namespace bbot
s.next ("name", name);
s.next ("version", version.string ());
s.next ("repository", repository.string ());
+
+ for (const auto& v: trust)
+ s.next ("trust", v);
+
s.next ("machine", machine);
if (target)
diff --git a/tests/manifest/task.test b/tests/manifest/task.test
index 09777b1..cbb4598 100644
--- a/tests/manifest/task.test
+++ b/tests/manifest/task.test
@@ -16,6 +16,8 @@ test.options += -t
name: libfoo
version: 1.0
repository: http://pkg.example.org/1/math
+ trust: AB:0D:3F:C1:B0:13:E4:0E:AD:4A:08:06:AE:F3:85:DB:E2:27:5F:83:11:47:A2:7\
+ 8:64:3C:73:60:F8:66:3A:A4
machine: windows_10-msvc_14
target: x86_64-microsoft-win32-msvc14.0
config: config.cc.coptions=/Z7 config.cc.loptions=/DEBUG
@@ -68,6 +70,19 @@ test.options += -t
config: abc='a "b '"d\e x y="
EOF
}
+
+ : trust-yes
+ :
+ $* <<EOF >>EOF
+ : 1
+ name: libfoo
+ version: 1.0
+ repository: http://pkg.example.org/1/math
+ trust: yes
+ machine: windows_10-msvc_14
+ target: x86_64-microsoft-win32-msvc14.0
+ config: config.cc.coptions=/Z7 config.cc.loptions=/DEBUG
+ EOF
}
: redefinition
@@ -210,6 +225,13 @@ test.options += -t
EOI
}
}
+
+ : trust
+ :
+ $* <<EOI 2>'stdin:2:8: error: invalid repository certificate fingerprint' == 1
+ : 1
+ trust: abc
+ EOI
}
: unknown-name