repo: Add functions for verifying any data in repository

This can be useful for validating the 3rd party data that is put in
the extensions directory and is signed with the same keys as commits
or the summary file.

Closes: #310
Approved by: cgwalters
This commit is contained in:
Krzesimir Nowak 2016-05-26 11:54:28 +02:00 committed by Atomic Bot
parent 27f0c6980a
commit 4929ab4033
4 changed files with 55 additions and 0 deletions

View File

@ -347,6 +347,7 @@ ostree_repo_pull_default_console_progress_changed
ostree_repo_sign_commit
ostree_repo_append_gpg_signature
ostree_repo_add_gpg_signature_summary
ostree_repo_gpg_verify_data
ostree_repo_verify_commit
ostree_repo_verify_commit_ext
ostree_repo_verify_summary

View File

@ -342,5 +342,6 @@ LIBOSTREE_2016.6 {
global:
ostree_gpg_verify_result_require_valid_signature;
ostree_raw_file_to_archive_z2_stream;
ostree_repo_gpg_verify_data;
ostree_repo_remote_fetch_summary_with_options;
} LIBOSTREE_2016.5;

View File

@ -4893,6 +4893,49 @@ ostree_repo_verify_commit_ext (OstreeRepo *self,
error);
}
/**
* ostree_repo_gpg_verify_data:
* @self: Repository
* @remote_name: (nullable): Name of remote
* @data: Data as a #GBytes
* @signatures: Signatures as a #GBytes
* @keyringdir: (nullable): Path to directory GPG keyrings; overrides built-in default if given
* @extra_keyring: (nullable): Path to additional keyring file (not a directory)
* @cancellable: Cancellable
* @error: Error
*
* Verify @signatures for @data using GPG keys in the keyring for
* @remote_name, and return an #OstreeGpgVerifyResult.
*
* The @remote_name parameter can be %NULL. In that case it will do
* the verifications using GPG keys in the keyrings of all remotes.
*
* Returns: (transfer full): an #OstreeGpgVerifyResult, or %NULL on error
*/
OstreeGpgVerifyResult *
ostree_repo_gpg_verify_data (OstreeRepo *self,
const gchar *remote_name,
GBytes *data,
GBytes *signatures,
GFile *keyringdir,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_REPO (self), NULL);
g_return_val_if_fail (data != NULL, NULL);
g_return_val_if_fail (signatures != NULL, NULL);
return _ostree_repo_gpg_verify_data_internal (self,
(remote_name != NULL) ? remote_name : OSTREE_ALL_REMOTES,
data,
signatures,
keyringdir,
extra_keyring,
cancellable,
error);
}
/**
* ostree_repo_verify_summary:
* @self: Repo

View File

@ -1030,6 +1030,16 @@ OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo *self,
GCancellable *cancellable,
GError **error);
_OSTREE_PUBLIC
OstreeGpgVerifyResult * ostree_repo_gpg_verify_data (OstreeRepo *self,
const gchar *remote_name,
GBytes *data,
GBytes *signatures,
GFile *keyringdir,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error);
_OSTREE_PUBLIC
OstreeGpgVerifyResult * ostree_repo_verify_summary (OstreeRepo *self,
const char *remote_name,