aboutsummaryrefslogtreecommitdiff
path: root/bbot
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2017-04-18 12:16:10 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2017-04-18 12:25:42 +0300
commitd81b21e46f325d0c12df3054fe08aa29bb1061f3 (patch)
treec1d6ac728d3575c840d24e204023e61bffb808fa /bbot
parent21036163f37ba0d60d47628b7139ed13f34ef458 (diff)
Add support for task manifest trust value
Diffstat (limited to 'bbot')
-rw-r--r--bbot/manifest31
-rw-r--r--bbot/manifest.cxx34
2 files changed, 53 insertions, 12 deletions
diff --git a/bbot/manifest b/bbot/manifest
index 4a5561a..7e14b7d 100644
--- a/bbot/manifest
+++ b/bbot/manifest
@@ -88,6 +88,11 @@ namespace bbot
std::string name;
bpkg::version version;
bpkg::repository_location repository; // Remote or absolute.
+
+ // The SHA256 repositories certificates fingerprints to trust. The special
+ // 'yes' value can be specified instead of fingerprint (in which case all
+ // repositories will be trusted without authentication).
+ //
strings trust;
// Build machine to use for building the package.
@@ -103,18 +108,20 @@ namespace bbot
//
variables config;
- task_manifest (std::string n,
- bpkg::version v,
- bpkg::repository_location r,
- std::string m,
- butl::optional<butl::target_triplet> t,
- variables c)
- : name (std::move (n)),
- version (std::move (v)),
- repository (std::move (r)),
- machine (std::move (m)),
- target (std::move (t)),
- config (std::move (c)) {}
+ task_manifest (std::string nm,
+ bpkg::version vr,
+ bpkg::repository_location rl,
+ strings tr,
+ std::string mn,
+ butl::optional<butl::target_triplet> tg,
+ variables cf)
+ : name (std::move (nm)),
+ version (std::move (vr)),
+ repository (std::move (rl)),
+ trust (tr),
+ machine (std::move (mn)),
+ target (std::move (tg)),
+ config (std::move (cf)) {}
public:
task_manifest () = default; // VC export.
diff --git a/bbot/manifest.cxx b/bbot/manifest.cxx
index b183596..9aedcea 100644
--- a/bbot/manifest.cxx
+++ b/bbot/manifest.cxx
@@ -6,6 +6,7 @@
#include <vector>
#include <string>
+#include <cctype> // isxdigit()
#include <cassert>
#include <sstream>
#include <cstddef> // size_t
@@ -78,6 +79,28 @@ namespace bbot
return true;
}
+ inline static bool
+ valid_fingerprint (const string& f) noexcept
+ {
+ size_t n (f.size ());
+ if (n != 32 * 3 - 1)
+ return false;
+
+ for (size_t i (0); i < n; ++i)
+ {
+ char c (f[i]);
+ if ((i + 1) % 3 == 0)
+ {
+ if (c != ':')
+ return false;
+ }
+ else if (!isxdigit (c))
+ return false;
+ }
+
+ return true;
+ }
+
// machine_header_manifest
//
machine_header_manifest::
@@ -366,6 +389,13 @@ namespace bbot
bad_value (string ("invalid task repository: ") + e.what ());
}
}
+ else if (n == "trust")
+ {
+ if (v != "yes" && !valid_fingerprint (v))
+ bad_value ("invalid repository certificate fingerprint");
+
+ trust.emplace_back (move (v));
+ }
else if (n == "machine")
{
if (!machine.empty ())
@@ -462,6 +492,10 @@ namespace bbot
s.next ("name", name);
s.next ("version", version.string ());
s.next ("repository", repository.string ());
+
+ for (const auto& v: trust)
+ s.next ("trust", v);
+
s.next ("machine", machine);
if (target)