lib: rename common sign/verification functions and variables

Some gpg-named functions/variables should be used for any signature
system, so remove "gpg_" prefix from them to avoid confusion.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Closes: #1889
Approved by: cgwalters
This commit is contained in:
Denis Pynkin 2019-07-18 19:08:21 +03:00 committed by Atomic Bot
parent 0108e9ea49
commit 56020b7160

View File

@ -114,7 +114,7 @@ typedef struct {
GVariant *summary; GVariant *summary;
GHashTable *summary_deltas_checksums; GHashTable *summary_deltas_checksums;
GHashTable *ref_original_commits; /* Maps checksum to commit, used by timestamp checks */ GHashTable *ref_original_commits; /* Maps checksum to commit, used by timestamp checks */
GHashTable *gpg_verified_commits; /* Set<checksum> of commits that have been verified */ GHashTable *verified_commits; /* Set<checksum> of commits that have been verified */
GHashTable *ref_keyring_map; /* Maps OstreeCollectionRef to keyring remote name */ GHashTable *ref_keyring_map; /* Maps OstreeCollectionRef to keyring remote name */
GPtrArray *static_delta_superblocks; GPtrArray *static_delta_superblocks;
GHashTable *expected_commit_sizes; /* Maps commit checksum to known size */ GHashTable *expected_commit_sizes; /* Maps commit checksum to known size */
@ -261,7 +261,7 @@ static gboolean scan_one_metadata_object (OtPullData *pull_data,
GError **error); GError **error);
static void scan_object_queue_data_free (ScanObjectQueueData *scan_data); static void scan_object_queue_data_free (ScanObjectQueueData *scan_data);
static gboolean static gboolean
gpg_verify_unwritten_commit (OtPullData *pull_data, ostree_verify_unwritten_commit (OtPullData *pull_data,
const char *checksum, const char *checksum,
GVariant *commit, GVariant *commit,
GVariant *detached_metadata, GVariant *detached_metadata,
@ -269,7 +269,6 @@ gpg_verify_unwritten_commit (OtPullData *pull_data,
GCancellable *cancellable, GCancellable *cancellable,
GError **error); GError **error);
static gboolean static gboolean
update_progress (gpointer user_data) update_progress (gpointer user_data)
{ {
@ -1300,15 +1299,15 @@ meta_fetch_on_complete (GObject *object,
*/ */
if (objtype == OSTREE_OBJECT_TYPE_COMMIT) if (objtype == OSTREE_OBJECT_TYPE_COMMIT)
{ {
/* Do GPG verification. `detached_data` may be NULL if no detached /* Do signature verification. `detached_data` may be NULL if no detached
* metadata was found during pull; that's handled by * metadata was found during pull; that's handled by
* gpg_verify_unwritten_commit(). If we ever change the pull code to * ostree_ostree_verify_unwritten_commit(). If we ever change the pull code to
* not always fetch detached metadata, this bit will have to learn how * not always fetch detached metadata, this bit will have to learn how
* to look up from the disk state as well, or insert the on-disk * to look up from the disk state as well, or insert the on-disk
* metadata into this hash. * metadata into this hash.
*/ */
GVariant *detached_data = g_hash_table_lookup (pull_data->fetched_detached_metadata, checksum); GVariant *detached_data = g_hash_table_lookup (pull_data->fetched_detached_metadata, checksum);
if (!gpg_verify_unwritten_commit (pull_data, checksum, metadata, detached_data, if (!ostree_verify_unwritten_commit (pull_data, checksum, metadata, detached_data,
fetch_data->requested_ref, pull_data->cancellable, error)) fetch_data->requested_ref, pull_data->cancellable, error))
goto out; goto out;
@ -1459,14 +1458,14 @@ process_verify_result (OtPullData *pull_data,
* the case of "written but not verified". But we also don't want to check * the case of "written but not verified". But we also don't want to check
* twice, as that'd result in duplicate signals. * twice, as that'd result in duplicate signals.
*/ */
g_hash_table_add (pull_data->gpg_verified_commits, g_strdup (checksum)); g_hash_table_add (pull_data->verified_commits, g_strdup (checksum));
return TRUE; return TRUE;
} }
#endif /* OSTREE_DISABLE_GPGME */ #endif /* OSTREE_DISABLE_GPGME */
static gboolean static gboolean
gpg_verify_unwritten_commit (OtPullData *pull_data, ostree_verify_unwritten_commit (OtPullData *pull_data,
const char *checksum, const char *checksum,
GVariant *commit, GVariant *commit,
GVariant *detached_metadata, GVariant *detached_metadata,
@ -1480,7 +1479,7 @@ gpg_verify_unwritten_commit (OtPullData *pull_data,
const char *keyring_remote = NULL; const char *keyring_remote = NULL;
/* Shouldn't happen, but see comment in process_verify_result() */ /* Shouldn't happen, but see comment in process_verify_result() */
if (g_hash_table_contains (pull_data->gpg_verified_commits, checksum)) if (g_hash_table_contains (pull_data->verified_commits, checksum))
return TRUE; return TRUE;
if (ref != NULL) if (ref != NULL)
@ -1808,7 +1807,7 @@ scan_commit_object (OtPullData *pull_data,
* but also ensure we've done it here if not already. * but also ensure we've done it here if not already.
*/ */
if (pull_data->gpg_verify && if (pull_data->gpg_verify &&
!g_hash_table_contains (pull_data->gpg_verified_commits, checksum)) !g_hash_table_contains (pull_data->verified_commits, checksum))
{ {
g_autoptr(OstreeGpgVerifyResult) result = NULL; g_autoptr(OstreeGpgVerifyResult) result = NULL;
const char *keyring_remote = NULL; const char *keyring_remote = NULL;
@ -2414,7 +2413,7 @@ process_one_static_delta (OtPullData *pull_data,
g_autofree char *detached_path = _ostree_get_relative_static_delta_path (from_revision, to_revision, "commitmeta"); g_autofree char *detached_path = _ostree_get_relative_static_delta_path (from_revision, to_revision, "commitmeta");
g_autoptr(GVariant) detached_data = g_variant_lookup_value (metadata, detached_path, G_VARIANT_TYPE("a{sv}")); g_autoptr(GVariant) detached_data = g_variant_lookup_value (metadata, detached_path, G_VARIANT_TYPE("a{sv}"));
if (!gpg_verify_unwritten_commit (pull_data, to_revision, to_commit, detached_data, if (!ostree_verify_unwritten_commit (pull_data, to_revision, to_commit, detached_data,
ref, cancellable, error)) ref, cancellable, error))
return FALSE; return FALSE;
@ -3697,7 +3696,7 @@ ostree_repo_pull_with_options (OstreeRepo *self,
pull_data->ref_original_commits = g_hash_table_new_full (ostree_collection_ref_hash, ostree_collection_ref_equal, pull_data->ref_original_commits = g_hash_table_new_full (ostree_collection_ref_hash, ostree_collection_ref_equal,
(GDestroyNotify)NULL, (GDestroyNotify)NULL,
(GDestroyNotify)g_free); (GDestroyNotify)g_free);
pull_data->gpg_verified_commits = g_hash_table_new_full (g_str_hash, g_str_equal, pull_data->verified_commits = g_hash_table_new_full (g_str_hash, g_str_equal,
(GDestroyNotify)g_free, NULL); (GDestroyNotify)g_free, NULL);
pull_data->ref_keyring_map = g_hash_table_new_full (ostree_collection_ref_hash, ostree_collection_ref_equal, pull_data->ref_keyring_map = g_hash_table_new_full (ostree_collection_ref_hash, ostree_collection_ref_equal,
(GDestroyNotify)ostree_collection_ref_free, (GDestroyNotify)g_free); (GDestroyNotify)ostree_collection_ref_free, (GDestroyNotify)g_free);
@ -4645,21 +4644,21 @@ ostree_repo_pull_with_options (OstreeRepo *self,
g_string_append_printf (msg, "libostree pull from '%s' for %u refs complete", g_string_append_printf (msg, "libostree pull from '%s' for %u refs complete",
pull_data->remote_name, g_hash_table_size (requested_refs_to_fetch)); pull_data->remote_name, g_hash_table_size (requested_refs_to_fetch));
const char *gpg_verify_state; const char *verify_state;
#ifndef OSTREE_DISABLE_GPGME #ifndef OSTREE_DISABLE_GPGME
if (pull_data->gpg_verify_summary) if (pull_data->gpg_verify_summary)
{ {
if (pull_data->gpg_verify) if (pull_data->gpg_verify)
gpg_verify_state = "summary+commit"; verify_state = "summary+commit";
else else
gpg_verify_state = "summary-only"; verify_state = "summary-only";
} }
else else
gpg_verify_state = (pull_data->gpg_verify ? "commit" : "disabled"); verify_state = (pull_data->gpg_verify ? "commit" : "disabled");
g_string_append_printf (msg, "\nsecurity: GPG: %s ", gpg_verify_state); g_string_append_printf (msg, "\nsecurity: GPG: %s ", verify_state);
#else #else
gpg_verify_state = "disabled"; verify_state = "disabled";
g_string_append_printf (msg, "\nsecurity: %s ", gpg_verify_state); g_string_append_printf (msg, "\nsecurity: %s ", verify_state);
#endif /* OSTREE_DISABLE_GPGME */ #endif /* OSTREE_DISABLE_GPGME */
OstreeFetcherURI *first_uri = pull_data->meta_mirrorlist->pdata[0]; OstreeFetcherURI *first_uri = pull_data->meta_mirrorlist->pdata[0];
@ -4696,7 +4695,7 @@ ostree_repo_pull_with_options (OstreeRepo *self,
ot_journal_send ("MESSAGE=%s", msg->str, ot_journal_send ("MESSAGE=%s", msg->str,
"MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(OSTREE_MESSAGE_FETCH_COMPLETE_ID), "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(OSTREE_MESSAGE_FETCH_COMPLETE_ID),
"OSTREE_REMOTE=%s", pull_data->remote_name, "OSTREE_REMOTE=%s", pull_data->remote_name,
"OSTREE_GPG=%s", gpg_verify_state, "OSTREE_GPG=%s", verify_state,
"OSTREE_SECONDS=%u", n_seconds, "OSTREE_SECONDS=%u", n_seconds,
"OSTREE_XFER_SIZE=%s", formatted_xferred, "OSTREE_XFER_SIZE=%s", formatted_xferred,
NULL); NULL);
@ -4756,7 +4755,7 @@ ostree_repo_pull_with_options (OstreeRepo *self,
g_clear_pointer (&pull_data->fetched_detached_metadata, (GDestroyNotify) g_hash_table_unref); g_clear_pointer (&pull_data->fetched_detached_metadata, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->summary_deltas_checksums, (GDestroyNotify) g_hash_table_unref); g_clear_pointer (&pull_data->summary_deltas_checksums, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->ref_original_commits, (GDestroyNotify) g_hash_table_unref); g_clear_pointer (&pull_data->ref_original_commits, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->gpg_verified_commits, (GDestroyNotify) g_hash_table_unref); g_clear_pointer (&pull_data->verified_commits, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->ref_keyring_map, (GDestroyNotify) g_hash_table_unref); g_clear_pointer (&pull_data->ref_keyring_map, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->requested_content, (GDestroyNotify) g_hash_table_unref); g_clear_pointer (&pull_data->requested_content, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->requested_fallback_content, (GDestroyNotify) g_hash_table_unref); g_clear_pointer (&pull_data->requested_fallback_content, (GDestroyNotify) g_hash_table_unref);