mirror of
https://github.com/ostreedev/ostree.git
synced 2024-10-27 10:25:07 +03:00
Merge pull request #2095 from cgwalters/sign-get-all
signing: Change API to create instances directly
This commit is contained in:
commit
4293c36188
@ -709,7 +709,7 @@ ostree_kernel_args_to_string
|
||||
<SECTION>
|
||||
<FILE>ostree-sign</FILE>
|
||||
OstreeSign
|
||||
ostree_sign_list_names
|
||||
ostree_sign_get_all
|
||||
ostree_sign_commit
|
||||
ostree_sign_commit_verify
|
||||
ostree_sign_data
|
||||
|
@ -23,7 +23,7 @@ global:
|
||||
ostree_repo_commit_modifier_set_sepolicy_from_commit;
|
||||
someostree_symbol_deleteme;
|
||||
ostree_sign_get_type;
|
||||
ostree_sign_list_names;
|
||||
ostree_sign_get_all;
|
||||
ostree_sign_commit;
|
||||
ostree_sign_commit_verify;
|
||||
ostree_sign_data;
|
||||
|
@ -142,6 +142,9 @@ _signapi_load_public_keys (OstreeSign *sign,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/* Iterate over all known signing types, and check if the commit is signed
|
||||
* by at least one.
|
||||
*/
|
||||
gboolean
|
||||
_sign_verify_for_remote (OstreeRepo *repo,
|
||||
const gchar *remote_name,
|
||||
@ -149,32 +152,18 @@ _sign_verify_for_remote (OstreeRepo *repo,
|
||||
GVariant *metadata,
|
||||
GError **error)
|
||||
{
|
||||
/* list all signature types in detached metadata and check if signed by any? */
|
||||
g_auto (GStrv) names = ostree_sign_list_names();
|
||||
guint n_invalid_signatures = 0;
|
||||
guint n_unknown_signatures = 0;
|
||||
g_autoptr (GError) last_sig_error = NULL;
|
||||
gboolean found_sig = FALSE;
|
||||
|
||||
for (char **iter=names; iter && *iter; iter++)
|
||||
g_autoptr(GPtrArray) signers = ostree_sign_get_all ();
|
||||
for (guint i = 0; i < signers->len; i++)
|
||||
{
|
||||
g_autoptr (OstreeSign) sign = NULL;
|
||||
g_autoptr (GVariant) signatures = NULL;
|
||||
const gchar *signature_key = NULL;
|
||||
GVariantType *signature_format = NULL;
|
||||
|
||||
if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL)
|
||||
{
|
||||
n_unknown_signatures++;
|
||||
continue;
|
||||
}
|
||||
|
||||
signature_key = ostree_sign_metadata_key (sign);
|
||||
signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
|
||||
|
||||
signatures = g_variant_lookup_value (metadata,
|
||||
signature_key,
|
||||
signature_format);
|
||||
OstreeSign *sign = signers->pdata[i];
|
||||
const gchar *signature_key = ostree_sign_metadata_key (sign);
|
||||
GVariantType *signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
|
||||
g_autoptr (GVariant) signatures =
|
||||
g_variant_lookup_value (metadata, signature_key, signature_format);
|
||||
|
||||
/* If not found signatures for requested signature subsystem */
|
||||
if (!signatures)
|
||||
@ -201,11 +190,7 @@ _sign_verify_for_remote (OstreeRepo *repo,
|
||||
}
|
||||
|
||||
if (!found_sig)
|
||||
{
|
||||
if (n_unknown_signatures > 0)
|
||||
return glnx_throw (error, "No signatures found (%d unknown type)", n_unknown_signatures);
|
||||
return glnx_throw (error, "No signatures found");
|
||||
}
|
||||
return glnx_throw (error, "No signatures found");
|
||||
|
||||
g_assert (last_sig_error);
|
||||
g_propagate_error (error, g_steal_pointer (&last_sig_error));
|
||||
|
@ -1544,14 +1544,11 @@ scan_commit_object (OtPullData *pull_data,
|
||||
gboolean found_any_signature = FALSE;
|
||||
gboolean found_valid_signature = FALSE;
|
||||
|
||||
/* list all signature types in detached metadata and check if signed by any? */
|
||||
g_auto (GStrv) names = ostree_sign_list_names();
|
||||
for (char **iter=names; iter && *iter; iter++)
|
||||
/* FIXME - dedup this with _sign_verify_for_remote() */
|
||||
g_autoptr(GPtrArray) signers = ostree_sign_get_all ();
|
||||
for (guint i = 0; i < signers->len; i++)
|
||||
{
|
||||
g_autoptr (OstreeSign) sign = NULL;
|
||||
|
||||
if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL)
|
||||
continue;
|
||||
OstreeSign *sign = signers->pdata[i];
|
||||
|
||||
/* Try to load public key(s) according remote's configuration */
|
||||
if (!_signapi_load_public_keys (sign, pull_data->repo, pull_data->remote_name, error))
|
||||
|
@ -436,8 +436,6 @@ ostree_sign_commit_verify (OstreeSign *self,
|
||||
*
|
||||
* Return the pointer to the name of currently used/selected signing engine.
|
||||
*
|
||||
* The list of available engines could be acquired with #ostree_sign_list_names.
|
||||
*
|
||||
* Returns: (transfer none): pointer to the name
|
||||
* @NULL in case of error (unlikely).
|
||||
*
|
||||
@ -515,28 +513,27 @@ ostree_sign_commit (OstreeSign *self,
|
||||
}
|
||||
|
||||
/**
|
||||
* ostree_sign_list_names:
|
||||
* ostree_sign_get_all:
|
||||
*
|
||||
* Return an array with all available sign engines names.
|
||||
* Return an array with newly allocated instances of all available
|
||||
* signing engines; they will not be initialized.
|
||||
*
|
||||
* Returns: (transfer full): an array of strings, free when you used it
|
||||
* Returns: (transfer full) (element-type OstreeSign): an array of signing engines
|
||||
*
|
||||
* Since: 2020.2
|
||||
*/
|
||||
GStrv
|
||||
ostree_sign_list_names(void)
|
||||
GPtrArray *
|
||||
ostree_sign_get_all (void)
|
||||
{
|
||||
g_autoptr(GPtrArray) engines = g_ptr_array_new_with_free_func (g_object_unref);
|
||||
for (guint i = 0; i < G_N_ELEMENTS(sign_types); i++)
|
||||
{
|
||||
OstreeSign *engine = ostree_sign_get_by_name (sign_types[i].name, NULL);
|
||||
g_assert (engine);
|
||||
g_ptr_array_add (engines, engine);
|
||||
}
|
||||
|
||||
GStrv names = g_new0 (char *, G_N_ELEMENTS(sign_types) + 1);
|
||||
gint i = 0;
|
||||
|
||||
for (i=0; i < G_N_ELEMENTS(sign_types); i++)
|
||||
{
|
||||
names[i] = g_strdup(sign_types[i].name);
|
||||
g_debug ("Found '%s' signing engine", names[i]);
|
||||
}
|
||||
|
||||
return names;
|
||||
return g_steal_pointer (&engines);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -544,11 +541,9 @@ ostree_sign_list_names(void)
|
||||
* @name: the name of desired signature engine
|
||||
* @error: return location for a #GError
|
||||
*
|
||||
* Tries to find and return proper signing engine by it's name.
|
||||
* Create a new instance of a signing engine.
|
||||
*
|
||||
* The list of available engines could be acquired with #ostree_sign_list_names.
|
||||
*
|
||||
* Returns: (transfer full): a constant, free when you used it
|
||||
* Returns: (transfer full): New signing engine, or %NULL if the engine is not known
|
||||
*
|
||||
* Since: 2020.2
|
||||
*/
|
||||
|
@ -153,7 +153,7 @@ gboolean ostree_sign_load_pk (OstreeSign *self,
|
||||
|
||||
|
||||
_OSTREE_PUBLIC
|
||||
GStrv ostree_sign_list_names(void);
|
||||
GPtrArray * ostree_sign_get_all(void);
|
||||
|
||||
_OSTREE_PUBLIC
|
||||
OstreeSign * ostree_sign_get_by_name (const gchar *name, GError **error);
|
||||
|
Loading…
Reference in New Issue
Block a user