diff --git a/apidoc/ostree-sections.txt b/apidoc/ostree-sections.txt index 105783f4..9ce28ee5 100644 --- a/apidoc/ostree-sections.txt +++ b/apidoc/ostree-sections.txt @@ -185,6 +185,7 @@ ostree_gpg_verify_result_get_all OstreeGpgSignatureFormatFlags ostree_gpg_verify_result_describe ostree_gpg_verify_result_describe_variant +ostree_gpg_verify_result_require_valid_signature OSTREE_GPG_VERIFY_RESULT OSTREE_IS_GPG_VERIFY_RESULT diff --git a/src/libostree/libostree.sym b/src/libostree/libostree.sym index 71f4bc9b..24f6723b 100644 --- a/src/libostree/libostree.sym +++ b/src/libostree/libostree.sym @@ -340,6 +340,7 @@ global: LIBOSTREE_2016.6 { global: - ostree_repo_remote_fetch_summary_with_options; + ostree_gpg_verify_result_require_valid_signature; ostree_raw_file_to_archive_z2_stream; + ostree_repo_remote_fetch_summary_with_options; } LIBOSTREE_2016.5; diff --git a/src/libostree/ostree-gpg-verify-result.c b/src/libostree/ostree-gpg-verify-result.c index 37fbfb5c..d72856c9 100644 --- a/src/libostree/ostree-gpg-verify-result.c +++ b/src/libostree/ostree-gpg-verify-result.c @@ -622,3 +622,33 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant, } } } + +/** + * ostree_gpg_verify_result_require_valid_signature: + * @result: (nullable): an #OstreeGpgVerifyResult + * @error: A #GError + * + * Checks if the result contains at least one signature from the + * trusted keyring. You can call this function immediately after + * ostree_repo_verify_summary() or ostree_repo_verify_commit_ext() - + * it will handle the %NULL @result and filled @error too. + * + * Returns: %TRUE if @result was not %NULL and had at least one + * signature from trusted keyring, otherwise %FALSE + */ +gboolean +ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result, + GError **error) +{ + if (result == NULL) + return FALSE; + + if (ostree_gpg_verify_result_count_valid (result) == 0) + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "GPG signatures found, but none are in trusted keyring"); + return FALSE; + } + + return TRUE; +} diff --git a/src/libostree/ostree-gpg-verify-result.h b/src/libostree/ostree-gpg-verify-result.h index 8894afdf..f9512538 100644 --- a/src/libostree/ostree-gpg-verify-result.h +++ b/src/libostree/ostree-gpg-verify-result.h @@ -133,4 +133,8 @@ void ostree_gpg_verify_result_describe_variant (GVariant *variant, const gchar *line_prefix, OstreeGpgSignatureFormatFlags flags); +_OSTREE_PUBLIC +gboolean ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result, + GError **error); + G_END_DECLS diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c index 65b955ac..1b08162d 100644 --- a/src/libostree/ostree-repo.c +++ b/src/libostree/ostree-repo.c @@ -2116,15 +2116,8 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo *self, signatures, cancellable, error); - if (result == NULL) + if (!ostree_gpg_verify_result_require_valid_signature (result, error)) goto out; - - if (ostree_gpg_verify_result_count_valid (result) == 0) - { - g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "GPG signatures found, but none are in trusted keyring"); - goto out; - } } if (out_summary != NULL) @@ -4838,25 +4831,12 @@ ostree_repo_verify_commit (OstreeRepo *self, GError **error) { glnx_unref_object OstreeGpgVerifyResult *result = NULL; - gboolean ret = FALSE; result = ostree_repo_verify_commit_ext (self, commit_checksum, keyringdir, extra_keyring, cancellable, error); - if (result == NULL) - goto out; - if (ostree_gpg_verify_result_count_valid (result) == 0) - { - g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "GPG signatures found, but none are in trusted keyring"); - goto out; - } - - ret = TRUE; - - out: - return ret; + return ostree_gpg_verify_result_require_valid_signature (result, error); } /**