From 27f0c6980af23485ee007d1b5ae0ecac6d6736df Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <krzesimir@kinvolk.io>
Date: Thu, 26 May 2016 11:53:11 +0200
Subject: [PATCH] repo: Factor out setting up a GPG verifier

Moved out setting up a GPG verifier to a separate function, as I would
like to use it for the any data verification function in the following
commit.

Closes: #310
Approved by: cgwalters
---
 src/libostree/ostree-gpg-verifier.h |  5 ++
 src/libostree/ostree-repo.c         | 73 +++++++++++++++++++----------
 2 files changed, 52 insertions(+), 26 deletions(-)

diff --git a/src/libostree/ostree-gpg-verifier.h b/src/libostree/ostree-gpg-verifier.h
index 209f7342..2db39f3b 100644
--- a/src/libostree/ostree-gpg-verifier.h
+++ b/src/libostree/ostree-gpg-verifier.h
@@ -35,6 +35,11 @@ G_BEGIN_DECLS
 
 typedef struct OstreeGpgVerifier OstreeGpgVerifier;
 
+/* If this type becomes public in future, move this autoptr cleanup
+ * definition to the ostree-autocleanups.h header file. Right now it
+ * relies on glnx's fallback definition of the macro. */
+G_DEFINE_AUTOPTR_CLEANUP_FUNC (OstreeGpgVerifier, g_object_unref)
+
 GType _ostree_gpg_verifier_get_type (void);
 
 OstreeGpgVerifier *_ostree_gpg_verifier_new (void);
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 446d69a8..0f231c0c 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -26,6 +26,7 @@
 #include <glib-unix.h>
 #include <gio/gunixinputstream.h>
 #include <gio/gfiledescriptorbased.h>
+#include "libglnx.h"
 #include "otutil.h"
 #include <glnx-console.h>
 
@@ -36,6 +37,7 @@
 #include "ostree-gpg-verifier.h"
 #include "ostree-repo-static-delta-private.h"
 #include "ot-fs-utils.h"
+#include "ostree-autocleanups.h"
 
 #ifdef HAVE_LIBSOUP
 #include "ostree-metalink.h"
@@ -4647,23 +4649,17 @@ find_keyring (OstreeRepo          *self,
   return NULL;
 }
 
-OstreeGpgVerifyResult *
-_ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
-                                       GBytes              *signed_data,
-                                       GVariant            *metadata,
-                                       const char          *remote_name,
-                                       GFile               *keyringdir,
-                                       GFile               *extra_keyring,
-                                       GCancellable        *cancellable,
-                                       GError             **error)
+static OstreeGpgVerifyResult *
+_ostree_repo_gpg_verify_data_internal (OstreeRepo    *self,
+                                       const gchar   *remote_name,
+                                       GBytes        *data,
+                                       GBytes        *signatures,
+                                       GFile         *keyringdir,
+                                       GFile         *extra_keyring,
+                                       GCancellable  *cancellable,
+                                       GError       **error)
 {
-  OstreeGpgVerifyResult *result = NULL;
   glnx_unref_object OstreeGpgVerifier *verifier = NULL;
-  g_autoptr(GVariant) signaturedata = NULL;
-  GByteArray *buffer;
-  GVariantIter iter;
-  GVariant *child;
-  g_autoptr (GBytes) signatures = NULL;
   gboolean add_global_keyring_dir = TRUE;
 
   verifier = _ostree_gpg_verifier_new ();
@@ -4674,7 +4670,7 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
 
       if (!_ostree_gpg_verifier_add_keyring_dir (verifier, self->repodir,
                                                  cancellable, error))
-        goto out;
+        return NULL;
     }
   else if (remote_name != NULL)
     {
@@ -4685,7 +4681,7 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
 
       remote = ost_repo_get_remote_inherited (self, remote_name, error);
       if (remote == NULL)
-        goto out;
+        return NULL;
 
       file = find_keyring (self, remote, cancellable);
 
@@ -4702,20 +4698,43 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
     {
       /* Use the deprecated global keyring directory. */
       if (!_ostree_gpg_verifier_add_global_keyring_dir (verifier, cancellable, error))
-        goto out;
+        return NULL;
     }
 
   if (keyringdir)
     {
       if (!_ostree_gpg_verifier_add_keyring_dir (verifier, keyringdir,
                                                  cancellable, error))
-        goto out;
+        return NULL;
     }
   if (extra_keyring != NULL)
     {
       _ostree_gpg_verifier_add_keyring (verifier, extra_keyring);
     }
 
+  return _ostree_gpg_verifier_check_signature (verifier,
+                                               data,
+                                               signatures,
+                                               cancellable,
+                                               error);
+}
+
+OstreeGpgVerifyResult *
+_ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
+                                       GBytes              *signed_data,
+                                       GVariant            *metadata,
+                                       const char          *remote_name,
+                                       GFile               *keyringdir,
+                                       GFile               *extra_keyring,
+                                       GCancellable        *cancellable,
+                                       GError             **error)
+{
+  g_autoptr(GVariant) signaturedata = NULL;
+  GByteArray *buffer;
+  GVariantIter iter;
+  GVariant *child;
+  g_autoptr (GBytes) signatures = NULL;
+
   if (metadata)
     signaturedata = g_variant_lookup_value (metadata,
                                             _OSTREE_METADATA_GPGSIGS_NAME,
@@ -4724,7 +4743,7 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
     {
       g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
                    "GPG verification enabled, but no signatures found (use gpg-verify=false in remote config to disable)");
-      goto out;
+      return NULL;
     }
 
   /* OpenPGP data is organized into binary records called packets.  RFC 4880
@@ -4746,12 +4765,14 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
     }
   signatures = g_byte_array_free_to_bytes (buffer);
 
-  result = _ostree_gpg_verifier_check_signature (verifier,
-                                                 signed_data, signatures,
-                                                 cancellable, error);
-
- out:
-  return result;
+  return _ostree_repo_gpg_verify_data_internal (self,
+                                                remote_name,
+                                                signed_data,
+                                                signatures,
+                                                keyringdir,
+                                                extra_keyring,
+                                                cancellable,
+                                                error);
 }
 
 /* Needed an internal version for the remote_name parameter. */