sculpt: make download verification controllable

This patch adds the 'Verify' argument to all download-related interfaces
in order to control the checking of signatures for downloads. Note that
it does not change the sculpt_manager's existing built-in policy of
always checking signatures.

Issue #4804

repos/gems/src/app/sculpt_manager/main.cc

@@ -1106,10 +1106,10 @@ struct Sculpt::Main : Input_event_handler,
 		_deploy.update_managed_deploy_config();
 	}
 
-	Start_name new_construction(Component::Path const &pkg,
+	Start_name new_construction(Component::Path const &pkg, Verify verify,
 	                            Component::Info const &info) override
 	{
-		return _runtime_state.new_construction(pkg, info, _affinity_space);
+		return _runtime_state.new_construction(pkg, verify, info, _affinity_space);
 	}
 
 	void _apply_to_construction(Popup_dialog::Action::Apply_to &fn) override
@@ -1129,9 +1129,9 @@ struct Sculpt::Main : Input_event_handler,
 		_deploy.update_managed_deploy_config();
 	}
 
-	void trigger_download(Path const &path) override
+	void trigger_download(Path const &path, Verify verify) override
 	{
-		_download_queue.add(path);
+		_download_queue.add(path, verify);
 
 		/* incorporate new download-queue content into update */
 		_deploy.update_installation();

repos/gems/src/app/sculpt_manager/model/component.h

@@ -32,9 +32,11 @@ struct Sculpt::Component : Noncopyable
 	Allocator &_alloc;
 
 	/* defined at construction time */
-	Name const name;
+	Name   const name;
-	Path const path;
+	Path   const path;
-	Info const info;
+	Verify const verify;
+	Info   const info;
+
 
 	/* defined when blueprint arrives */
 	uint64_t ram  { };
@@ -98,7 +100,7 @@ struct Sculpt::Component : Noncopyable
 
 	struct Construction_action : Interface
 	{
-		virtual void new_construction(Path const &pkg, Info const &info) = 0;
+		virtual void new_construction(Path const &pkg, Verify, Info const &) = 0;
 
 		struct Apply_to : Interface { virtual void apply_to(Component &) = 0; };
 
@@ -122,9 +124,10 @@ struct Sculpt::Component : Noncopyable
 	};
 
 	Component(Allocator &alloc, Name const &name, Path const &path,
-	          Info const &info, Affinity::Space const space)
+	          Verify verify, Info const &info, Affinity::Space const space)
 	:
-		_alloc(alloc), name(name), path(path), info(info), affinity_space(space)
+		_alloc(alloc), name(name), path(path), verify(verify), info(info),
+		affinity_space(space)
 	{ }
 
 	~Component()

repos/gems/src/app/sculpt_manager/model/download_queue.h

@@ -26,30 +26,42 @@ struct Sculpt::Download_queue : Noncopyable
 	{
 		Path const path;
 
+		bool const verify;
+
 		enum class State { DOWNLOADING, FAILED, DONE } state;
 
 		unsigned percent = 0;
 
-		Download(Path const &path) : path(path), state(State::DOWNLOADING) { }
+		Download(Path const &path, Verify verify)
+		:
+			path(path), verify(verify.value), state(State::DOWNLOADING)
+		{ }
 
 		void gen_installation_entry(Xml_generator &xml) const
 		{
 			if (state != State::DOWNLOADING)
 				return;
 
-			auto gen_install_node = [&] (auto type, auto path) {
+			auto gen_verify_attr = [&] {
-				xml.node(type, [&] () { xml.attribute("path", path); }); };
+				if (!verify)
+					xml.attribute("verify", "no"); };
+
+			auto gen_install_node = [&] (auto type) {
+				xml.node(type, [&] () {
+					xml.attribute("path", path);
+					gen_verify_attr(); }); };
 
 			if (Depot::Archive::index(path))
-				gen_install_node("index", path);
+				gen_install_node("index");
 			else if (Depot::Archive::image_index(path))
-				gen_install_node("image_index", path);
+				gen_install_node("image_index");
 			else if (Depot::Archive::image(path))
-				gen_install_node("image", path);
+				gen_install_node("image");
 			else
 				xml.node("archive", [&] () {
 					xml.attribute("path", path);
-					xml.attribute("source", "no"); });
+					xml.attribute("source", "no");
+					gen_verify_attr(); });
 		}
 	};
 
@@ -59,7 +71,7 @@ struct Sculpt::Download_queue : Noncopyable
 
 	Download_queue(Allocator &alloc) : _alloc(alloc) { }
 
-	void add(Path const &path)
+	void add(Path const &path, Verify const verify)
 	{
 		log("add to download queue: ", path);
 		bool already_exists = false;
@@ -70,7 +82,7 @@ struct Sculpt::Download_queue : Noncopyable
 		if (already_exists)
 			return;
 
-		new (_alloc) Registered<Download>(_downloads, path);
+		new (_alloc) Registered<Download>(_downloads, path, verify);
 	}
 
 	template <typename FN>

repos/gems/src/app/sculpt_manager/model/runtime_state.h

@@ -157,12 +157,13 @@ class Sculpt::Runtime_state : public Runtime_info
 			 */
 			Launched_child(Allocator &alloc, Start_name const &name,
 			               Component::Path const &pkg_path,
+			               Verify          const  verify,
 			               Component::Info const &info,
 			               Affinity::Space const space)
 			:
 				name(name), launcher(), launched(false)
 			{
-				construction.construct(alloc, name, pkg_path, info, space);
+				construction.construct(alloc, name, pkg_path, verify, info, space);
 			}
 
 			void gen_deploy_start_node(Xml_generator &xml, Runtime_state const &state) const
@@ -436,9 +437,10 @@ class Sculpt::Runtime_state : public Runtime_info
 			new (_alloc) Registered<Launched_child>(_launched_children, name, launcher);
 		}
 
-		Start_name new_construction(Component::Path const pkg,
+		Start_name new_construction(Component::Path const  pkg,
+		                            Verify          const  verify,
 		                            Component::Info const &info,
-		                            Affinity::Space const space)
+		                            Affinity::Space const  space)
 		{
 			/* allow only one construction at a time */
 			discard_construction();
@@ -452,7 +454,7 @@ class Sculpt::Runtime_state : public Runtime_info
 
 			_currently_constructed = new (_alloc)
 				Registered<Launched_child>(_launched_children, _alloc,
-				                           unique_name, pkg, info, space);
+				                           unique_name, pkg, verify, info, space);
 			return unique_name;
 		}
 

repos/gems/src/app/sculpt_manager/types.h

@@ -60,6 +60,11 @@ namespace Sculpt {
 		DRIVER       = 0,
 		LEITZENTRALE = 0         /* only for latency-critical drivers */
 	};
+
+	/**
+	 * Argument type for controlling the verification of downloads
+	 */
+	struct Verify { bool value; };
 }
 
 #endif /* _TYPES_H_ */

repos/gems/src/app/sculpt_manager/view/popup_dialog.cc

@@ -353,7 +353,7 @@ void Popup_dialog::click(Action &action)
 		} else {
 
 			if (!_index_avail(clicked))
-				action.trigger_download(_index_path(clicked));
+				action.trigger_download(_index_path(clicked), Verify{true});
 			else
 				action.remove_index(clicked);
 		}
@@ -395,7 +395,8 @@ void Popup_dialog::click(Action &action)
 								auto path = item.attribute_value("path", Component::Path());
 								auto info = item.attribute_value("info", Component::Info());
 
-								_construction_name = action.new_construction(path, info);
+								_construction_name =
+									action.new_construction(path, Verify{true}, info);
 
 								_state = PKG_REQUESTED;
 								_depot_query.trigger_depot_query();

repos/gems/src/app/sculpt_manager/view/popup_dialog.h

@@ -88,7 +88,7 @@ struct Sculpt::Popup_dialog : Dialog
 	{
 		virtual void launch_global(Path const &launcher) = 0;
 
-		virtual Start_name new_construction(Component::Path const &pkg,
+		virtual Start_name new_construction(Component::Path const &pkg, Verify,
 		                                    Component::Info const &info) = 0;
 
 		struct Apply_to : Interface { virtual void apply_to(Component &) = 0; };
@@ -110,7 +110,7 @@ struct Sculpt::Popup_dialog : Dialog
 		virtual void discard_construction() = 0;
 		virtual void launch_construction() = 0;
 
-		virtual void trigger_download(Path const &) = 0;
+		virtual void trigger_download(Path const &, Verify) = 0;
 		virtual void remove_index(Depot::Archive::User const &) = 0;
 	};
 
@@ -340,7 +340,7 @@ struct Sculpt::Popup_dialog : Dialog
 
 		if (!_blueprint_info.pkg_avail && _install_item.activated("install")) {
 			_construction_info.with_construction([&] (Component const &component) {
-				action.trigger_download(component.path);
+				action.trigger_download(component.path, component.verify);
 				_install_item.reset();
 				_refresh.refresh_popup_dialog();
 			});