diff options
| author | Michał Górny <mgorny@gentoo.org> | 2018-02-08 18:43:32 +0100 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2018-02-08 18:57:43 +0100 |
| commit | 8b6e5ea4e83991fc0958def2da396c1e337f87a1 (patch) | |
| tree | d719f9540f6add8e16925da91e0ff57048c19d39 | |
| parent | 8fcee1df524de44fd3e04bd0efadc41556df09c6 (diff) | |
| download | gemato-8b6e5ea4e83991fc0958def2da396c1e337f87a1.tar.gz | |
find_top_level: Support crossing filesystem boundaries
Default to allow crossing filesystem boundaries when looking for
top-level Manifest. There is no real reason to prevent that, and it
breaks the verification for overlayfs users.
| -rw-r--r-- | gemato/find_top_level.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/gemato/find_top_level.py b/gemato/find_top_level.py index 4cc4664..69ae2eb 100644 --- a/gemato/find_top_level.py +++ b/gemato/find_top_level.py @@ -1,6 +1,6 @@ # gemato: Top-level Manifest finding routine # vim:fileencoding=utf-8 -# (c) 2017 Michał Górny +# (c) 2017-2018 Michał Górny # Licensed under the terms of 2-clause BSD license import errno @@ -11,12 +11,17 @@ import gemato.compression import gemato.manifest -def find_top_level_manifest(path='.', allow_compressed=False): +def find_top_level_manifest(path='.', allow_xdev=True, allow_compressed=False): """ Find top-level Manifest file that covers @path (defaults to the current directory). Returns the path to the Manifest or None. + If @allow_xdev is true, the function passes filesystem boundaries. + If it is false, it stops upon crossing the boundary and does not + return a Manifest that is on a different filesystem than @path. + It defaults to true. + If @allow_compressed is true, the function allows the top-level Manifest to be compressed and opens all compressed files *without* verifying them first. It is false by default to prevent zip bombs @@ -41,7 +46,7 @@ def find_top_level_manifest(path='.', allow_compressed=False): # verify that we are not crossing device boundaries if original_dev is None: original_dev = st.st_dev - elif original_dev != st.st_dev: + elif original_dev != st.st_dev and not allow_xdev: break for m_name in manifest_filenames: @@ -53,7 +58,7 @@ def find_top_level_manifest(path='.', allow_compressed=False): .open_potentially_compressed_path(m_path, 'r', encoding='utf8')) as f: fst = os.fstat(f.fileno()) - if fst.st_dev != original_dev: + if fst.st_dev != original_dev and not allow_xdev: return last_found m.load(f, verify_openpgp=False) |