keywords: switch 'xattr' to base64

Rather than an arbitrary election of hashing the xattr value with SHA1
to avoid leaking the value. By going with base64 encoding it allows for
the possibility of restoring a directory with the values stored in the
manifest.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
Vincent Batts 2016-07-27 17:40:51 -04:00
parent 27459241ae
commit 7e2ed0b70b
2 changed files with 10 additions and 12 deletions

View file

@ -55,9 +55,9 @@ keyword and values are established in the `/set` command.
```mtree ```mtree
# . # .
/set type=file nlink=1 mode=0664 uid=1000 gid=1000 /set type=file nlink=1 mode=0664 uid=1000 gid=1000
. size=4096 type=dir mode=0775 nlink=6 time=1459370191.11179595 xattr.security.selinux=6b53fb56e2e61a6c6d672817791db03ebe693748 . size=4096 type=dir mode=0775 nlink=6 time=1459370191.11179595 xattr.security.selinux=dW5jb25maW5lZF91Om9iamVjdF9yOnVzZXJfaG9tZV90OnMwAA==
LICENSE size=1502 time=1458851690.583562292 xattr.security.selinux=6b53fb56e2e61a6c6d672817791db03ebe693748 LICENSE size=1502 time=1458851690.583562292 xattr.security.selinux=dW5jb25maW5lZF91Om9iamVjdF9yOnVzZXJfaG9tZV90OnMwAA==
README.md size=2366 mode=0644 time=1459369604.0 xattr.security.selinux=6b53fb56e2e61a6c6d672817791db03ebe693748 README.md size=2366 mode=0644 time=1459369604.0 xattr.security.selinux=dW5jb25maW5lZF91Om9iamVjdF9yOnVzZXJfaG9tZV90OnMwAA==
[...] [...]
``` ```
@ -69,11 +69,9 @@ attributes as well as FreeBSD extended attributes.
Since extended attributes are an unordered hashmap, this approach allows for Since extended attributes are an unordered hashmap, this approach allows for
checking each `<namespace>.<key>` individually. checking each `<namespace>.<key>` individually.
The value is the [SHA1 digest][sha1] of the value of the particular extended The value is the [base64 encoded][base64] of the value of the particular
attribute. Since the values themselves could be raw bytes, this approach both extended attribute. Since the values themselves could be raw bytes, this
avoids issues with encoding, as well as issues of information leaking. The approach avoids issues with encoding.
designation of SHA1 is arbitrary and seen as a general "good enough" assertion
of the value.
### Tar form ### Tar form
@ -195,5 +193,5 @@ go build .
[libarchive-formats(5)]: https://www.freebsd.org/cgi/man.cgi?query=libarchive-formats&sektion=5&n=1 [libarchive-formats(5)]: https://www.freebsd.org/cgi/man.cgi?query=libarchive-formats&sektion=5&n=1
[archiecobbs/mtree-port]: https://github.com/archiecobbs/mtree-port [archiecobbs/mtree-port]: https://github.com/archiecobbs/mtree-port
[godoc]: https://godoc.org/github.com/vbatts/go-mtree [godoc]: https://godoc.org/github.com/vbatts/go-mtree
[sha1]: https://tools.ietf.org/html/rfc3174
[tar]: http://man7.org/linux/man-pages/man1/tar.1.html [tar]: http://man7.org/linux/man-pages/man1/tar.1.html
[base64]: https://tools.ietf.org/html/rfc4648

View file

@ -2,7 +2,7 @@ package mtree
import ( import (
"archive/tar" "archive/tar"
"crypto/sha1" "encoding/base64"
"fmt" "fmt"
"io" "io"
"os" "os"
@ -55,7 +55,7 @@ var (
} }
klist := []string{} klist := []string{}
for k, v := range hdr.Xattrs { for k, v := range hdr.Xattrs {
klist = append(klist, fmt.Sprintf("xattr.%s=%x", k, sha1.Sum([]byte(v)))) klist = append(klist, fmt.Sprintf("xattr.%s=%s", k, base64.StdEncoding.EncodeToString([]byte(v))))
} }
return strings.Join(klist, " "), nil return strings.Join(klist, " "), nil
} }
@ -70,7 +70,7 @@ var (
if err != nil { if err != nil {
return "", err return "", err
} }
klist[i] = fmt.Sprintf("xattr.%s=%x", xlist[i], sha1.Sum(data)) klist[i] = fmt.Sprintf("xattr.%s=%s", xlist[i], base64.StdEncoding.EncodeToString(data))
} }
return strings.Join(klist, " "), nil return strings.Join(klist, " "), nil
} }