Load the signature to get the aliased CDN-safe version of the metadata

Switch to downloading the signature first, which we can then load to get the suffixed build-specific URL of the actual metadata file. You need to have libjcat 0.1.1 installed and fwupd built against the new version for this to work. Fixes #391
fwupd · Apr 3, 2020 · a1de206 · a1de206
1 parent 7a9bb7e
commit a1de206
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 12 deletions.
diff --git a/libfwupd/fwupd-remote.c b/libfwupd/fwupd-remote.c
@@ -7,6 +7,7 @@
 #include "config.h"
 
 #include <libsoup/soup.h>
+#include <jcat.h>
 
 #include "fwupd-deprecated.h"
 #include "fwupd-enums-private.h"
@@ -896,6 +897,72 @@ fwupd_remote_get_metadata_uri (FwupdRemote *self)
 	return priv->metadata_uri;
 }
 
+/**
+ * fwupd_remote_load_signature:
+ * @self: A #FwupdRemote
+ * @filename: A filename
+ * @error: the #GError, or %NULL
+ *
+ * Parses the signature, updating the metadata URI as appropriate.
+ *
+ * Returns: %TRUE for success
+ *
+ * Since: 1.4.0
+ **/
+gboolean
+fwupd_remote_load_signature (FwupdRemote *self, const gchar *filename, GError **error)
+{
+	FwupdRemotePrivate *priv = GET_PRIVATE (self);
+	const gchar *id;
+	g_autofree gchar *basename = NULL;
+	g_autofree gchar *baseuri = NULL;
+	g_autofree gchar *metadata_uri = NULL;
+	g_autoptr(GFile) gfile = NULL;
+	g_autoptr(JcatFile) jcat_file = jcat_file_new ();
+	g_autoptr(JcatItem) jcat_item = NULL;
+
+	g_return_val_if_fail (FWUPD_IS_REMOTE (self), FALSE);
+	g_return_val_if_fail (filename != NULL, FALSE);
+	g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
+
+	/* load JCat file */
+	gfile = g_file_new_for_path (filename);
+	if (!jcat_file_import_file (jcat_file, gfile, JCAT_IMPORT_FLAG_NONE, NULL, error))
+		return FALSE;
+
+	/* this seems pointless to get the item by ID then just read the ID,
+	 * but _get_item_by_id() uses the AliasIds as a fallback */
+	basename = g_path_get_basename (priv->metadata_uri);
+	jcat_item = jcat_file_get_item_by_id (jcat_file, basename, NULL);
+	if (jcat_item == NULL) {
+		/* if we're using libjcat 0.1.0 just get the default item */
+		jcat_item = jcat_file_get_item_default (jcat_file, error);
+		if (jcat_item == NULL)
+			return FALSE;
+	}
+	id = jcat_item_get_id (jcat_item);
+	if (id == NULL) {
+		g_set_error_literal (error,
+				     FWUPD_ERROR,
+				     FWUPD_ERROR_INVALID_FILE,
+				     "No ID for JCat item");
+		return FALSE;
+	}
+
+	/* replace the URI if required */
+	baseuri = g_path_get_dirname (priv->metadata_uri);
+	metadata_uri = g_build_filename (baseuri, id, NULL);
+	if (g_strcmp0 (metadata_uri, priv->metadata_uri) != 0) {
+		g_debug ("changing metadata URI from %s to %s",
+			 priv->metadata_uri, metadata_uri);
+		g_free (priv->metadata_uri);
+		priv->metadata_uri = g_steal_pointer (&metadata_uri);
+	}
+
+	/* success */
+	return TRUE;
+}
+
 /**
  * fwupd_remote_get_metadata_uri_sig:
  * @self: A #FwupdRemote

diff --git a/libfwupd/fwupd-remote.h b/libfwupd/fwupd-remote.h
@@ -72,6 +72,9 @@ FwupdKeyringKind fwupd_remote_get_keyring_kind		(FwupdRemote	*self);
 gchar		*fwupd_remote_build_firmware_uri	(FwupdRemote	*self,
 							 const gchar	*url,
 							 GError		**error);
+gboolean	 fwupd_remote_load_signature		(FwupdRemote	*self,
+							 const gchar	*filename,
+							 GError		**error);
 
 FwupdRemote	*fwupd_remote_from_variant		(GVariant	*value);
 GPtrArray	*fwupd_remote_array_from_variant	(GVariant	*value);

diff --git a/libfwupd/fwupd.map b/libfwupd/fwupd.map
@@ -434,5 +434,6 @@ LIBFWUPD_1.4.0 {
     fwupd_release_set_urgency;
     fwupd_release_urgency_from_string;
     fwupd_release_urgency_to_string;
+    fwupd_remote_load_signature;
   local: *;
 } LIBFWUPD_1.3.7;
diff --git a/libfwupd/meson.build b/libfwupd/meson.build
@@ -45,6 +45,7 @@ fwupd = shared_library(
   dependencies : [
     giounix,
     soup,
+    libjcat,
     libjsonglib,
   ],
   c_args : [

diff --git a/src/fu-util.c b/src/fu-util.c
@@ -1259,26 +1259,28 @@ fu_util_download_metadata_for_remote (FuUtilPrivate *priv,
 	g_autoptr(SoupURI) uri = NULL;
 	g_autoptr(SoupURI) uri_sig = NULL;
 
-	/* generate some plausible local filenames */
-	basename = g_path_get_basename (fwupd_remote_get_filename_cache (remote));
-	basename_id = g_strdup_printf ("%s-%s", fwupd_remote_get_id (remote), basename);
-
-	/* download the metadata */
-	filename = fu_util_get_user_cache_path (basename_id);
-	if (!fu_common_mkdir_parent (filename, error))
-		return FALSE;
-	uri = soup_uri_new (fwupd_remote_get_metadata_uri (remote));
-	if (!fu_util_download_file (priv, uri, filename, NULL, error))
-		return FALSE;
-
 	/* download the signature */
 	basename_asc = g_path_get_basename (fwupd_remote_get_filename_cache_sig (remote));
 	basename_id_asc = g_strdup_printf ("%s-%s", fwupd_remote_get_id (remote), basename_asc);
 	filename_asc = fu_util_get_user_cache_path (basename_id_asc);
+	if (!fu_common_mkdir_parent (filename_asc, error))
+		return FALSE;
 	uri_sig = soup_uri_new (fwupd_remote_get_metadata_uri_sig (remote));
 	if (!fu_util_download_file (priv, uri_sig, filename_asc, NULL, error))
 		return FALSE;
 
+	/* find the download URI of the metadata from the JCat file */
+	if (!fwupd_remote_load_signature (remote, filename_asc, error))
+		return FALSE;
+
+	/* download the metadata */
+	basename = g_path_get_basename (fwupd_remote_get_filename_cache (remote));
+	basename_id = g_strdup_printf ("%s-%s", fwupd_remote_get_id (remote), basename);
+	filename = fu_util_get_user_cache_path (basename_id);
+	uri = soup_uri_new (fwupd_remote_get_metadata_uri (remote));
+	if (!fu_util_download_file (priv, uri, filename, NULL, error))
+		return FALSE;
+
 	/* send all this to fwupd */
 	return fwupd_client_update_metadata (priv->client,
 					     fwupd_remote_get_id (remote),