mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-22 17:35:55 +03:00
repo: Factor out the check of gpg result to a separate function
I plan to add a function for verifying any data which may return the error about lack of trusted signatures, so let's avoid the redundancy and put the check in the separate function. Closes: #310 Approved by: cgwalters
This commit is contained in:
parent
569e43c280
commit
89bfb1d503
@ -185,6 +185,7 @@ ostree_gpg_verify_result_get_all
|
||||
OstreeGpgSignatureFormatFlags
|
||||
ostree_gpg_verify_result_describe
|
||||
ostree_gpg_verify_result_describe_variant
|
||||
ostree_gpg_verify_result_require_valid_signature
|
||||
<SUBSECTION Standard>
|
||||
OSTREE_GPG_VERIFY_RESULT
|
||||
OSTREE_IS_GPG_VERIFY_RESULT
|
||||
|
@ -340,6 +340,7 @@ global:
|
||||
|
||||
LIBOSTREE_2016.6 {
|
||||
global:
|
||||
ostree_repo_remote_fetch_summary_with_options;
|
||||
ostree_gpg_verify_result_require_valid_signature;
|
||||
ostree_raw_file_to_archive_z2_stream;
|
||||
ostree_repo_remote_fetch_summary_with_options;
|
||||
} LIBOSTREE_2016.5;
|
||||
|
@ -622,3 +622,33 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* ostree_gpg_verify_result_require_valid_signature:
|
||||
* @result: (nullable): an #OstreeGpgVerifyResult
|
||||
* @error: A #GError
|
||||
*
|
||||
* Checks if the result contains at least one signature from the
|
||||
* trusted keyring. You can call this function immediately after
|
||||
* ostree_repo_verify_summary() or ostree_repo_verify_commit_ext() -
|
||||
* it will handle the %NULL @result and filled @error too.
|
||||
*
|
||||
* Returns: %TRUE if @result was not %NULL and had at least one
|
||||
* signature from trusted keyring, otherwise %FALSE
|
||||
*/
|
||||
gboolean
|
||||
ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
|
||||
GError **error)
|
||||
{
|
||||
if (result == NULL)
|
||||
return FALSE;
|
||||
|
||||
if (ostree_gpg_verify_result_count_valid (result) == 0)
|
||||
{
|
||||
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
|
||||
"GPG signatures found, but none are in trusted keyring");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
@ -133,4 +133,8 @@ void ostree_gpg_verify_result_describe_variant (GVariant *variant,
|
||||
const gchar *line_prefix,
|
||||
OstreeGpgSignatureFormatFlags flags);
|
||||
|
||||
_OSTREE_PUBLIC
|
||||
gboolean ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
|
||||
GError **error);
|
||||
|
||||
G_END_DECLS
|
||||
|
@ -2116,15 +2116,8 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo *self,
|
||||
signatures,
|
||||
cancellable,
|
||||
error);
|
||||
if (result == NULL)
|
||||
if (!ostree_gpg_verify_result_require_valid_signature (result, error))
|
||||
goto out;
|
||||
|
||||
if (ostree_gpg_verify_result_count_valid (result) == 0)
|
||||
{
|
||||
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
|
||||
"GPG signatures found, but none are in trusted keyring");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
if (out_summary != NULL)
|
||||
@ -4838,25 +4831,12 @@ ostree_repo_verify_commit (OstreeRepo *self,
|
||||
GError **error)
|
||||
{
|
||||
glnx_unref_object OstreeGpgVerifyResult *result = NULL;
|
||||
gboolean ret = FALSE;
|
||||
|
||||
result = ostree_repo_verify_commit_ext (self, commit_checksum,
|
||||
keyringdir, extra_keyring,
|
||||
cancellable, error);
|
||||
if (result == NULL)
|
||||
goto out;
|
||||
|
||||
if (ostree_gpg_verify_result_count_valid (result) == 0)
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
|
||||
"GPG signatures found, but none are in trusted keyring");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = TRUE;
|
||||
|
||||
out:
|
||||
return ret;
|
||||
return ostree_gpg_verify_result_require_valid_signature (result, error);
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user