This file configuration goes into system-image and reads the json files to figure out the latest ubuntu tarball to get for the mako device and the ubuntu-touch/devel-proposed channel.
This is in the generate_file_remote_system_image method. One thing I noticed it doesn't do, comparing with what we discussed it should do, is verify the signatures. All it does is get the json files, starting with the index.json top-level one and working its way down from there.
The tarball will be stored in the pool and named using the checksum from the original file. So it blindly trusts that the checksum is correct (though I think it's only used for file naming, not for actual verification). This is nice because it guarantees that the tarball will be named exactly the same as it was in the upstream system-image.
So functionally this fits the requirement for this bug, but perhaps it's worth fleshing out this generator so it does validation of the chain of trust.
This file configuration goes into system-image and reads the json files to figure out the latest ubuntu tarball to get for the mako device and the ubuntu- touch/devel- proposed channel.
file_ubuntu = remote- system- image;http:// system- image.ubuntu. com;ubuntu- touch/devel- proposed; ubuntu; device= mako;name= ubuntu
This is in the generate_ file_remote_ system_ image method. One thing I noticed it doesn't do, comparing with what we discussed it should do, is verify the signatures. All it does is get the json files, starting with the index.json top-level one and working its way down from there.
The tarball will be stored in the pool and named using the checksum from the original file. So it blindly trusts that the checksum is correct (though I think it's only used for file naming, not for actual verification). This is nice because it guarantees that the tarball will be named exactly the same as it was in the upstream system-image.
So functionally this fits the requirement for this bug, but perhaps it's worth fleshing out this generator so it does validation of the chain of trust.