repo: Factor out the check of gpg result to a separate function

I plan to add a function for verifying any data which may return the
error about lack of trusted signatures, so let's avoid the redundancy
and put the check in the separate function.

Closes: #310
Approved by: cgwalters
This commit is contained in:
Krzesimir Nowak 2016-05-26 11:48:21 +02:00 committed by Atomic Bot
parent 569e43c280
commit 89bfb1d503
5 changed files with 39 additions and 23 deletions

View File

@ -185,6 +185,7 @@ ostree_gpg_verify_result_get_all
OstreeGpgSignatureFormatFlags
ostree_gpg_verify_result_describe
ostree_gpg_verify_result_describe_variant
ostree_gpg_verify_result_require_valid_signature
<SUBSECTION Standard>
OSTREE_GPG_VERIFY_RESULT
OSTREE_IS_GPG_VERIFY_RESULT

View File

@ -340,6 +340,7 @@ global:
LIBOSTREE_2016.6 {
global:
ostree_repo_remote_fetch_summary_with_options;
ostree_gpg_verify_result_require_valid_signature;
ostree_raw_file_to_archive_z2_stream;
ostree_repo_remote_fetch_summary_with_options;
} LIBOSTREE_2016.5;

View File

@ -622,3 +622,33 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant,
}
}
}
/**
* ostree_gpg_verify_result_require_valid_signature:
* @result: (nullable): an #OstreeGpgVerifyResult
* @error: A #GError
*
* Checks if the result contains at least one signature from the
* trusted keyring. You can call this function immediately after
* ostree_repo_verify_summary() or ostree_repo_verify_commit_ext() -
* it will handle the %NULL @result and filled @error too.
*
* Returns: %TRUE if @result was not %NULL and had at least one
* signature from trusted keyring, otherwise %FALSE
*/
gboolean
ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
GError **error)
{
if (result == NULL)
return FALSE;
if (ostree_gpg_verify_result_count_valid (result) == 0)
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"GPG signatures found, but none are in trusted keyring");
return FALSE;
}
return TRUE;
}

View File

@ -133,4 +133,8 @@ void ostree_gpg_verify_result_describe_variant (GVariant *variant,
const gchar *line_prefix,
OstreeGpgSignatureFormatFlags flags);
_OSTREE_PUBLIC
gboolean ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
GError **error);
G_END_DECLS

View File

@ -2116,15 +2116,8 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo *self,
signatures,
cancellable,
error);
if (result == NULL)
if (!ostree_gpg_verify_result_require_valid_signature (result, error))
goto out;
if (ostree_gpg_verify_result_count_valid (result) == 0)
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"GPG signatures found, but none are in trusted keyring");
goto out;
}
}
if (out_summary != NULL)
@ -4838,25 +4831,12 @@ ostree_repo_verify_commit (OstreeRepo *self,
GError **error)
{
glnx_unref_object OstreeGpgVerifyResult *result = NULL;
gboolean ret = FALSE;
result = ostree_repo_verify_commit_ext (self, commit_checksum,
keyringdir, extra_keyring,
cancellable, error);
if (result == NULL)
goto out;
if (ostree_gpg_verify_result_count_valid (result) == 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"GPG signatures found, but none are in trusted keyring");
goto out;
}
ret = TRUE;
out:
return ret;
return ostree_gpg_verify_result_require_valid_signature (result, error);
}
/**