From 4929ab4033894d0aaf1987ebc07d7ccbe23323e1 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 26 May 2016 11:54:28 +0200 Subject: [PATCH] repo: Add functions for verifying any data in repository This can be useful for validating the 3rd party data that is put in the extensions directory and is signed with the same keys as commits or the summary file. Closes: #310 Approved by: cgwalters --- apidoc/ostree-sections.txt | 1 + src/libostree/libostree.sym | 1 + src/libostree/ostree-repo.c | 43 +++++++++++++++++++++++++++++++++++++ src/libostree/ostree-repo.h | 10 +++++++++ 4 files changed, 55 insertions(+) diff --git a/apidoc/ostree-sections.txt b/apidoc/ostree-sections.txt index 9ce28ee5..3003da2b 100644 --- a/apidoc/ostree-sections.txt +++ b/apidoc/ostree-sections.txt @@ -347,6 +347,7 @@ ostree_repo_pull_default_console_progress_changed ostree_repo_sign_commit ostree_repo_append_gpg_signature ostree_repo_add_gpg_signature_summary +ostree_repo_gpg_verify_data ostree_repo_verify_commit ostree_repo_verify_commit_ext ostree_repo_verify_summary diff --git a/src/libostree/libostree.sym b/src/libostree/libostree.sym index 24f6723b..3e17828a 100644 --- a/src/libostree/libostree.sym +++ b/src/libostree/libostree.sym @@ -342,5 +342,6 @@ LIBOSTREE_2016.6 { global: ostree_gpg_verify_result_require_valid_signature; ostree_raw_file_to_archive_z2_stream; + ostree_repo_gpg_verify_data; ostree_repo_remote_fetch_summary_with_options; } LIBOSTREE_2016.5; diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c index 0f231c0c..f2538f51 100644 --- a/src/libostree/ostree-repo.c +++ b/src/libostree/ostree-repo.c @@ -4893,6 +4893,49 @@ ostree_repo_verify_commit_ext (OstreeRepo *self, error); } +/** + * ostree_repo_gpg_verify_data: + * @self: Repository + * @remote_name: (nullable): Name of remote + * @data: Data as a #GBytes + * @signatures: Signatures as a #GBytes + * @keyringdir: (nullable): Path to directory GPG keyrings; overrides built-in default if given + * @extra_keyring: (nullable): Path to additional keyring file (not a directory) + * @cancellable: Cancellable + * @error: Error + * + * Verify @signatures for @data using GPG keys in the keyring for + * @remote_name, and return an #OstreeGpgVerifyResult. + * + * The @remote_name parameter can be %NULL. In that case it will do + * the verifications using GPG keys in the keyrings of all remotes. + * + * Returns: (transfer full): an #OstreeGpgVerifyResult, or %NULL on error + */ +OstreeGpgVerifyResult * +ostree_repo_gpg_verify_data (OstreeRepo *self, + const gchar *remote_name, + GBytes *data, + GBytes *signatures, + GFile *keyringdir, + GFile *extra_keyring, + GCancellable *cancellable, + GError **error) +{ + g_return_val_if_fail (OSTREE_IS_REPO (self), NULL); + g_return_val_if_fail (data != NULL, NULL); + g_return_val_if_fail (signatures != NULL, NULL); + + return _ostree_repo_gpg_verify_data_internal (self, + (remote_name != NULL) ? remote_name : OSTREE_ALL_REMOTES, + data, + signatures, + keyringdir, + extra_keyring, + cancellable, + error); +} + /** * ostree_repo_verify_summary: * @self: Repo diff --git a/src/libostree/ostree-repo.h b/src/libostree/ostree-repo.h index f0fa53a3..b81ccc93 100644 --- a/src/libostree/ostree-repo.h +++ b/src/libostree/ostree-repo.h @@ -1030,6 +1030,16 @@ OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo *self, GCancellable *cancellable, GError **error); +_OSTREE_PUBLIC +OstreeGpgVerifyResult * ostree_repo_gpg_verify_data (OstreeRepo *self, + const gchar *remote_name, + GBytes *data, + GBytes *signatures, + GFile *keyringdir, + GFile *extra_keyring, + GCancellable *cancellable, + GError **error); + _OSTREE_PUBLIC OstreeGpgVerifyResult * ostree_repo_verify_summary (OstreeRepo *self, const char *remote_name,