mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-11 09:18:20 +03:00
lib/gpg: Port a few misc gpg functions to new style
I'd mostly been skipping the GPG functions due to lack of autoptr for a few things, but I noticed these bits were straightforward. Closes: #1136 Approved by: jlebon
This commit is contained in:
Colin Walters
Atomic Bot
parent
6578c362fe
commit
3c5e373294
@ -365,31 +365,22 @@ _ostree_gpg_verifier_add_global_keyring_dir (OstreeGpgVerifier *self,
|
|||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
const char *global_keyring_path = g_getenv ("OSTREE_GPG_HOME");
|
|
||||||
g_autoptr(GFile) global_keyring_dir = NULL;
|
|
||||||
gboolean ret = FALSE;
|
|
||||||
|
|
||||||
g_return_val_if_fail (OSTREE_IS_GPG_VERIFIER (self), FALSE);
|
g_return_val_if_fail (OSTREE_IS_GPG_VERIFIER (self), FALSE);
|
||||||
|
|
||||||
|
const char *global_keyring_path = g_getenv ("OSTREE_GPG_HOME");
|
||||||
if (global_keyring_path == NULL)
|
if (global_keyring_path == NULL)
|
||||||
global_keyring_path = DATADIR "/ostree/trusted.gpg.d/";
|
global_keyring_path = DATADIR "/ostree/trusted.gpg.d/";
|
||||||
|
|
||||||
if (g_file_test (global_keyring_path, G_FILE_TEST_IS_DIR))
|
if (g_file_test (global_keyring_path, G_FILE_TEST_IS_DIR))
|
||||||
{
|
{
|
||||||
global_keyring_dir = g_file_new_for_path (global_keyring_path);
|
g_autoptr(GFile) global_keyring_dir = g_file_new_for_path (global_keyring_path);
|
||||||
if (!_ostree_gpg_verifier_add_keyring_dir (self, global_keyring_dir,
|
if (!_ostree_gpg_verifier_add_keyring_dir (self, global_keyring_dir,
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
{
|
return glnx_prefix_error (error, "Reading keyring directory '%s'",
|
||||||
g_prefix_error (error, "Reading keyring directory '%s'",
|
gs_file_get_path_cached (global_keyring_dir));
|
||||||
gs_file_get_path_cached (global_keyring_dir));
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = TRUE;
|
return TRUE;
|
||||||
|
|
||||||
out:
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
OstreeGpgVerifier*
|
OstreeGpgVerifier*
|
||||||
|
|||||||
@ -4579,32 +4579,23 @@ _ostree_repo_verify_commit_internal (OstreeRepo *self,
|
|||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
OstreeGpgVerifyResult *result = NULL;
|
|
||||||
g_autoptr(GVariant) commit_variant = NULL;
|
g_autoptr(GVariant) commit_variant = NULL;
|
||||||
g_autoptr(GVariant) metadata = NULL;
|
|
||||||
g_autoptr(GBytes) signed_data = NULL;
|
|
||||||
|
|
||||||
/* Load the commit */
|
/* Load the commit */
|
||||||
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
|
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
|
||||||
commit_checksum, &commit_variant,
|
commit_checksum, &commit_variant,
|
||||||
error))
|
error))
|
||||||
{
|
return glnx_prefix_error_null (error, "Failed to read commit");
|
||||||
g_prefix_error (error, "Failed to read commit: ");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Load the metadata */
|
/* Load the metadata */
|
||||||
|
g_autoptr(GVariant) metadata = NULL;
|
||||||
if (!ostree_repo_read_commit_detached_metadata (self,
|
if (!ostree_repo_read_commit_detached_metadata (self,
|
||||||
commit_checksum,
|
commit_checksum,
|
||||||
&metadata,
|
&metadata,
|
||||||
cancellable,
|
cancellable,
|
||||||
error))
|
error))
|
||||||
{
|
return glnx_prefix_error_null (error, "Failed to read detached metadata");
|
||||||
g_prefix_error (error, "Failed to read detached metadata: ");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
signed_data = g_variant_get_data_as_bytes (commit_variant);
|
g_autoptr(GBytes) signed_data = g_variant_get_data_as_bytes (commit_variant);
|
||||||
|
|
||||||
/* XXX This is a hackish way to indicate to use ALL remote-specific
|
/* XXX This is a hackish way to indicate to use ALL remote-specific
|
||||||
* keyrings in the signature verification. We want this when
|
* keyrings in the signature verification. We want this when
|
||||||
@ -4612,17 +4603,10 @@ _ostree_repo_verify_commit_internal (OstreeRepo *self,
|
|||||||
if (remote_name == NULL)
|
if (remote_name == NULL)
|
||||||
remote_name = OSTREE_ALL_REMOTES;
|
remote_name = OSTREE_ALL_REMOTES;
|
||||||
|
|
||||||
result = _ostree_repo_gpg_verify_with_metadata (self,
|
return _ostree_repo_gpg_verify_with_metadata (self, signed_data,
|
||||||
signed_data,
|
metadata, remote_name,
|
||||||
metadata,
|
keyringdir, extra_keyring,
|
||||||
remote_name,
|
cancellable, error);
|
||||||
keyringdir,
|
|
||||||
extra_keyring,
|
|
||||||
cancellable,
|
|
||||||
error);
|
|
||||||
|
|
||||||
out:
|
|
||||||
return result;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -4654,10 +4638,7 @@ ostree_repo_verify_commit (OstreeRepo *self,
|
|||||||
cancellable, error);
|
cancellable, error);
|
||||||
|
|
||||||
if (!ostree_gpg_verify_result_require_valid_signature (result, error))
|
if (!ostree_gpg_verify_result_require_valid_signature (result, error))
|
||||||
{
|
return glnx_prefix_error (error, "Commit %s", commit_checksum);
|
||||||
g_prefix_error (error, "Commit %s: ", commit_checksum);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user