shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2024-10-27 10:25:07 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2095 from cgwalters/sign-get-all

Browse Source 
signing: Change API to create instances directly
This commit is contained in:
OpenShift Merge Robot 2020-05-11 18:41:35 +02:00 committed by GitHub
commit 4293c36188
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 34 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apidoc/ostree-sections.txt
View File

@ -709,7 +709,7 @@ ostree_kernel_args_to_string
<SECTION>
<FILE>ostree-sign</FILE>
OstreeSign
ostree_sign_list_names
ostree_sign_get_all
ostree_sign_commit
ostree_sign_commit_verify
ostree_sign_data

2
src/libostree/libostree-devel.sym
View File

@ -23,7 +23,7 @@ global:
ostree_repo_commit_modifier_set_sepolicy_from_commit;
someostree_symbol_deleteme;
ostree_sign_get_type;
ostree_sign_list_names;
ostree_sign_get_all;
ostree_sign_commit;
ostree_sign_commit_verify;
ostree_sign_data;

37
src/libostree/ostree-repo-pull-verify.c
View File

@ -142,6 +142,9 @@ _signapi_load_public_keys (OstreeSign *sign,
return TRUE;
}
/* Iterate over all known signing types, and check if the commit is signed
* by at least one.
*/
gboolean
_sign_verify_for_remote (OstreeRepo *repo,
const gchar *remote_name,
@ -149,32 +152,18 @@ _sign_verify_for_remote (OstreeRepo *repo,
GVariant *metadata,
GError **error)
{
/* list all signature types in detached metadata and check if signed by any? */
g_auto (GStrv) names = ostree_sign_list_names();
guint n_invalid_signatures = 0;
guint n_unknown_signatures = 0;
g_autoptr (GError) last_sig_error = NULL;
gboolean found_sig = FALSE;
for (char **iter=names; iter && *iter; iter++)
g_autoptr(GPtrArray) signers = ostree_sign_get_all ();
for (guint i = 0; i < signers->len; i++)
{
g_autoptr (OstreeSign) sign = NULL;
g_autoptr (GVariant) signatures = NULL;
const gchar *signature_key = NULL;
GVariantType *signature_format = NULL;
if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL)
{
n_unknown_signatures++;
continue;
}
signature_key = ostree_sign_metadata_key (sign);
signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
signatures = g_variant_lookup_value (metadata,
signature_key,
signature_format);
OstreeSign *sign = signers->pdata[i];
const gchar *signature_key = ostree_sign_metadata_key (sign);
GVariantType *signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
g_autoptr (GVariant) signatures =
g_variant_lookup_value (metadata, signature_key, signature_format);
/* If not found signatures for requested signature subsystem */
if (!signatures)
@ -201,11 +190,7 @@ _sign_verify_for_remote (OstreeRepo *repo,
}
if (!found_sig)
{
if (n_unknown_signatures > 0)
return glnx_throw (error, "No signatures found (%d unknown type)", n_unknown_signatures);
return glnx_throw (error, "No signatures found");
}
return glnx_throw (error, "No signatures found");
g_assert (last_sig_error);
g_propagate_error (error, g_steal_pointer (&last_sig_error));

11
src/libostree/ostree-repo-pull.c
View File

@ -1544,14 +1544,11 @@ scan_commit_object (OtPullData *pull_data,
gboolean found_any_signature = FALSE;
gboolean found_valid_signature = FALSE;
/* list all signature types in detached metadata and check if signed by any? */
g_auto (GStrv) names = ostree_sign_list_names();
for (char **iter=names; iter && *iter; iter++)
/* FIXME - dedup this with _sign_verify_for_remote() */
g_autoptr(GPtrArray) signers = ostree_sign_get_all ();
for (guint i = 0; i < signers->len; i++)
{
g_autoptr (OstreeSign) sign = NULL;
if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL)
continue;
OstreeSign *sign = signers->pdata[i];
/* Try to load public key(s) according remote's configuration */
if (!_signapi_load_public_keys (sign, pull_data->repo, pull_data->remote_name, error))

37
src/libostree/ostree-sign.c
View File

@ -436,8 +436,6 @@ ostree_sign_commit_verify (OstreeSign *self,
*
* Return the pointer to the name of currently used/selected signing engine.
*
* The list of available engines could be acquired with #ostree_sign_list_names.
*
* Returns: (transfer none): pointer to the name
* @NULL in case of error (unlikely).
*
@ -515,28 +513,27 @@ ostree_sign_commit (OstreeSign *self,
}
/**
* ostree_sign_list_names:
* ostree_sign_get_all:
*
* Return an array with all available sign engines names.
* Return an array with newly allocated instances of all available
* signing engines; they will not be initialized.
*
* Returns: (transfer full): an array of strings, free when you used it
* Returns: (transfer full) (element-type OstreeSign): an array of signing engines
*
* Since: 2020.2
*/
GStrv
ostree_sign_list_names(void)
GPtrArray *
ostree_sign_get_all (void)
{
g_autoptr(GPtrArray) engines = g_ptr_array_new_with_free_func (g_object_unref);
for (guint i = 0; i < G_N_ELEMENTS(sign_types); i++)
{
OstreeSign *engine = ostree_sign_get_by_name (sign_types[i].name, NULL);
g_assert (engine);
g_ptr_array_add (engines, engine);
}
GStrv names = g_new0 (char *, G_N_ELEMENTS(sign_types) + 1);
gint i = 0;
for (i=0; i < G_N_ELEMENTS(sign_types); i++)
{
names[i] = g_strdup(sign_types[i].name);
g_debug ("Found '%s' signing engine", names[i]);
}
return names;
return g_steal_pointer (&engines);
}
/**
@ -544,11 +541,9 @@ ostree_sign_list_names(void)
* @name: the name of desired signature engine
* @error: return location for a #GError
*
* Tries to find and return proper signing engine by it's name.
* Create a new instance of a signing engine.
*
* The list of available engines could be acquired with #ostree_sign_list_names.
*
* Returns: (transfer full): a constant, free when you used it
* Returns: (transfer full): New signing engine, or %NULL if the engine is not known
*
* Since: 2020.2
*/

2
src/libostree/ostree-sign.h
View File

@ -153,7 +153,7 @@ gboolean ostree_sign_load_pk (OstreeSign *self,
_OSTREE_PUBLIC
GStrv ostree_sign_list_names(void);
GPtrArray * ostree_sign_get_all(void);
_OSTREE_PUBLIC
OstreeSign * ostree_sign_get_by_name (const gchar *name, GError **error);