lib: Provide internal summary signing with separate directory

Refactor the summary signing APIs to use internal versions where the directory fd containing the summary can be found. The existing signing APIs still uses the repo directory fd, but this will allow using a temporary directory for the summary and signature in the new metadata generating API.
2025-02-25 21:57:42 +03:00 · 2020-01-21 11:56:09 -07:00 · 2020-01-21 11:56:09 -07:00 · 6cc75a6c1e
commit 6cc75a6c1e
parent b889481801
4 changed files with 115 additions and 42 deletions
--- a/Makefile-libostree.am
+++ b/Makefile-libostree.am
@ -251,6 +251,7 @@ libostree_1_la_SOURCES += \
 	src/libostree/ostree-sign-dummy.h \
 	src/libostree/ostree-sign-ed25519.c \
 	src/libostree/ostree-sign-ed25519.h \
+	src/libostree/ostree-sign-private.h \
 	$(NULL)

 if USE_LIBSODIUM
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@ -5592,26 +5592,17 @@ ostree_repo_sign_delta (OstreeRepo     *self,
  return FALSE;
 }

-/**
- * ostree_repo_add_gpg_signature_summary:
- * @self: Self
- * @key_id: (array zero-terminated=1) (element-type utf8): NULL-terminated array of GPG keys.
- * @homedir: (allow-none): GPG home directory, or %NULL
- * @cancellable: A #GCancellable
- * @error: a #GError
- *
- * Add a GPG signature to a summary file.
- */
-gboolean
-ostree_repo_add_gpg_signature_summary (OstreeRepo     *self,
-                                       const gchar    **key_id,
-                                       const gchar    *homedir,
-                                       GCancellable   *cancellable,
-                                       GError        **error)
+static gboolean
+_ostree_repo_add_gpg_signature_summary_at (OstreeRepo    *self,
+                                           int            dir_fd,
+                                           const gchar  **key_id,
+                                           const gchar   *homedir,
+                                           GCancellable  *cancellable,
+                                           GError       **error)
 {
 #ifndef OSTREE_DISABLE_GPGME
  glnx_autofd int fd = -1;
-  if (!glnx_openat_rdonly (self->repo_dir_fd, "summary", TRUE, &fd, error))
+  if (!glnx_openat_rdonly (dir_fd, "summary", TRUE, &fd, error))
    return FALSE;
  g_autoptr(GBytes) summary_data = ot_fd_readall_or_mmap (fd, 0, error);
  if (!summary_data)
@ -5620,7 +5611,7 @@ ostree_repo_add_gpg_signature_summary (OstreeRepo     *self,
  glnx_close_fd (&fd);

  g_autoptr(GVariant) metadata = NULL;
-  if (!ot_openat_ignore_enoent (self->repo_dir_fd, "summary.sig", &fd, error))
+  if (!ot_openat_ignore_enoent (dir_fd, "summary.sig", &fd, error))
    return FALSE;
  if (fd >= 0)
    {
@ -5644,7 +5635,7 @@ ostree_repo_add_gpg_signature_summary (OstreeRepo     *self,
  g_autoptr(GVariant) normalized = g_variant_get_normal_form (metadata);

  if (!_ostree_repo_file_replace_contents (self,
-                                           self->repo_dir_fd,
+                                           dir_fd,
                                           "summary.sig",
                                           g_variant_get_data (normalized),
                                           g_variant_get_size (normalized),
@ -5652,6 +5643,35 @@ ostree_repo_add_gpg_signature_summary (OstreeRepo     *self,
    return FALSE;

  return TRUE;
+#else
+  return glnx_throw (error, "GPG feature is disabled at build time");
+#endif /* OSTREE_DISABLE_GPGME */
+}
+
+/**
+ * ostree_repo_add_gpg_signature_summary:
+ * @self: Self
+ * @key_id: (array zero-terminated=1) (element-type utf8): NULL-terminated array of GPG keys.
+ * @homedir: (allow-none): GPG home directory, or %NULL
+ * @cancellable: A #GCancellable
+ * @error: a #GError
+ *
+ * Add a GPG signature to a summary file.
+ */
+gboolean
+ostree_repo_add_gpg_signature_summary (OstreeRepo     *self,
+                                       const gchar    **key_id,
+                                       const gchar    *homedir,
+                                       GCancellable   *cancellable,
+                                       GError        **error)
+{
+#ifndef OSTREE_DISABLE_GPGME
+  return _ostree_repo_add_gpg_signature_summary_at (self,
+                                                    self->repo_dir_fd,
+                                                    key_id,
+                                                    homedir,
+                                                    cancellable,
+                                                    error);
 #else
  return glnx_throw (error, "GPG feature is disabled in a build time");
 #endif /* OSTREE_DISABLE_GPGME */
--- a/src/libostree/ostree-sign-private.h
+++ b/src/libostree/ostree-sign-private.h
@ -0,0 +1,39 @@
+/*
+ * Copyright © 2023 Endless OS Foundation LLC
+ *
+ * SPDX-License-Identifier: LGPL-2.0+
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see <https://www.gnu.org/licenses/>.
+ *
+ * Authors:
+ *  - Dan Nicholson <dbn@endlessos.org>
+ */
+
+#pragma once
+
+#include <glib.h>
+
+#include "ostree-sign.h"
+#include "ostree-types.h"
+
+G_BEGIN_DECLS
+
+gboolean _ostree_sign_summary_at (OstreeSign    *self,
+                                  OstreeRepo    *repo,
+                                  int            dir_fd,
+                                  GVariant      *keys,
+                                  GCancellable  *cancellable,
+                                  GError       **error);
+
+G_END_DECLS
--- a/src/libostree/ostree-sign.c
+++ b/src/libostree/ostree-sign.c
@ -40,6 +40,7 @@
 #include "ostree-autocleanups.h"
 #include "ostree-core.h"
 #include "ostree-sign.h"
+#include "ostree-sign-private.h"
 #include "ostree-sign-dummy.h"
 #ifdef HAVE_LIBSODIUM
 #include "ostree-sign-ed25519.h"
@ -601,27 +602,13 @@ ostree_sign_get_by_name (const gchar *name, GError **error)
  return sign;
 }

-/**
- * ostree_sign_summary:
- * @self: Self
- * @repo: ostree repository
- * @keys: keys -- GVariant containing keys as GVarints specific to signature type.
- * @cancellable: A #GCancellable
- * @error: a #GError
- *
- * Add a signature to a summary file.
- * Based on ostree_repo_add_gpg_signature_summary implementation.
- *
- * Returns: @TRUE if summary file has been signed with all provided keys
- *
- * Since: 2020.2
- */
 gboolean
-ostree_sign_summary (OstreeSign    *self,
-                     OstreeRepo    *repo,
-                     GVariant      *keys,
-                     GCancellable  *cancellable,
-                     GError       **error)
+_ostree_sign_summary_at (OstreeSign    *self,
+                         OstreeRepo    *repo,
+                         int            dir_fd,
+                         GVariant      *keys,
+                         GCancellable  *cancellable,
+                         GError       **error)
 {
  g_assert (OSTREE_IS_SIGN (self));
  g_assert (OSTREE_IS_REPO (repo));
@ -631,7 +618,7 @@ ostree_sign_summary (OstreeSign    *self,
  g_autoptr(GVariant) metadata = NULL;

  glnx_autofd int fd = -1;
-  if (!glnx_openat_rdonly (repo->repo_dir_fd, "summary", TRUE, &fd, error))
+  if (!glnx_openat_rdonly (dir_fd, "summary", TRUE, &fd, error))
    return FALSE;
  summary_data = ot_fd_readall_or_mmap (fd, 0, error);
  if (!summary_data)
@ -640,7 +627,7 @@ ostree_sign_summary (OstreeSign    *self,
  /* Note that fd is reused below */
  glnx_close_fd (&fd);

-  if (!ot_openat_ignore_enoent (repo->repo_dir_fd, "summary.sig", &fd, error))
+  if (!ot_openat_ignore_enoent (dir_fd, "summary.sig", &fd, error))
    return FALSE;

  if (fd >= 0)
@ -681,7 +668,7 @@ ostree_sign_summary (OstreeSign    *self,

  normalized = g_variant_get_normal_form (metadata);
  if (!_ostree_repo_file_replace_contents (repo,
-                                           repo->repo_dir_fd,
+                                           dir_fd,
                                           "summary.sig",
                                           g_variant_get_data (normalized),
                                           g_variant_get_size (normalized),
@ -690,3 +677,29 @@ ostree_sign_summary (OstreeSign    *self,

  return TRUE;
 }
+
+/**
+ * ostree_sign_summary:
+ * @self: Self
+ * @repo: ostree repository
+ * @keys: keys -- GVariant containing keys as GVarints specific to signature type.
+ * @cancellable: A #GCancellable
+ * @error: a #GError
+ *
+ * Add a signature to a summary file.
+ * Based on ostree_repo_add_gpg_signature_summary implementation.
+ *
+ * Returns: @TRUE if summary file has been signed with all provided keys
+ *
+ * Since: 2020.2
+ */
+gboolean
+ostree_sign_summary (OstreeSign    *self,
+                     OstreeRepo    *repo,
+                     GVariant      *keys,
+                     GCancellable  *cancellable,
+                     GError       **error)
+{
+  return _ostree_sign_summary_at (self, repo, repo->repo_dir_fd, keys,
+                                  cancellable, error);
+}