mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-22 17:35:55 +03:00
repo: Add ostree_repo_verify_commit_ext()
Similar to ostree_repo_verify_commit(), but returns more verification details by way of an OstreeGpgVerifyResult object instead of a boolean.
This commit is contained in:
parent
4a2733f9e7
commit
8d127b9dcb
@ -299,6 +299,7 @@ ostree_repo_pull_default_console_progress_changed
|
||||
ostree_repo_sign_commit
|
||||
ostree_repo_append_gpg_signature
|
||||
ostree_repo_verify_commit
|
||||
ostree_repo_verify_commit_ext
|
||||
ostree_repo_regenerate_summary
|
||||
<SUBSECTION Standard>
|
||||
OSTREE_REPO
|
||||
|
@ -185,7 +185,7 @@ _ostree_repo_get_remote_boolean_option (OstreeRepo *self,
|
||||
gboolean *out_value,
|
||||
GError **error);
|
||||
|
||||
gboolean
|
||||
OstreeGpgVerifyResult *
|
||||
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||
GBytes *signed_data,
|
||||
GVariant *metadata,
|
||||
|
@ -3187,7 +3187,7 @@ ostree_repo_sign_delta (OstreeRepo *self,
|
||||
return ret;
|
||||
}
|
||||
|
||||
gboolean
|
||||
OstreeGpgVerifyResult *
|
||||
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||
GBytes *signed_data,
|
||||
GVariant *metadata,
|
||||
@ -3196,9 +3196,8 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
gboolean ret = FALSE;
|
||||
OstreeGpgVerifyResult *result = NULL;
|
||||
gs_unref_object OstreeGpgVerifier *verifier = NULL;
|
||||
gs_unref_object OstreeGpgVerifyResult *result = NULL;
|
||||
gs_unref_variant GVariant *signaturedata = NULL;
|
||||
GByteArray *buffer;
|
||||
GVariantIter iter;
|
||||
@ -3255,19 +3254,9 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||
result = _ostree_gpg_verifier_check_signature (verifier,
|
||||
signed_data, signatures,
|
||||
cancellable, error);
|
||||
if (result == NULL)
|
||||
goto out;
|
||||
|
||||
if (ostree_gpg_verify_result_count_valid (result) == 0)
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
|
||||
"GPG signatures found, but none are in trusted keyring");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = TRUE;
|
||||
out:
|
||||
return ret;
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -3290,7 +3279,51 @@ ostree_repo_verify_commit (OstreeRepo *self,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
gs_unref_object OstreeGpgVerifyResult *result = NULL;
|
||||
gboolean ret = FALSE;
|
||||
|
||||
result = ostree_repo_verify_commit_ext (self, commit_checksum,
|
||||
keyringdir, extra_keyring,
|
||||
cancellable, error);
|
||||
if (result == NULL)
|
||||
goto out;
|
||||
|
||||
if (ostree_gpg_verify_result_count_valid (result) == 0)
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
|
||||
"GPG signatures found, but none are in trusted keyring");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = TRUE;
|
||||
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* ostree_repo_verify_commit_ext:
|
||||
* @self: Repository
|
||||
* @commit_checksum: ASCII SHA256 checksum
|
||||
* @keyringdir: (allow-none): Path to directory GPG keyrings; overrides built-in default if given
|
||||
* @extra_keyring: (allow-none): Path to additional keyring file (not a directory)
|
||||
* @cancellable: Cancellable
|
||||
* @error: Error
|
||||
*
|
||||
* Read GPG signature(s) on the commit named by the ASCII checksum
|
||||
* @commit_checksum and return detailed results.
|
||||
*
|
||||
* Returns: (transfer full): an #OstreeGpgVerifyResult, or %NULL on error
|
||||
*/
|
||||
OstreeGpgVerifyResult *
|
||||
ostree_repo_verify_commit_ext (OstreeRepo *self,
|
||||
const gchar *commit_checksum,
|
||||
GFile *keyringdir,
|
||||
GFile *extra_keyring,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
OstreeGpgVerifyResult *result = NULL;
|
||||
gs_unref_variant GVariant *commit_variant = NULL;
|
||||
gs_unref_object GFile *keyringdir_ref = NULL;
|
||||
gs_unref_variant GVariant *metadata = NULL;
|
||||
@ -3319,15 +3352,13 @@ ostree_repo_verify_commit (OstreeRepo *self,
|
||||
|
||||
signed_data = g_variant_get_data_as_bytes (commit_variant);
|
||||
|
||||
if (!_ostree_repo_gpg_verify_with_metadata (self,
|
||||
signed_data, metadata,
|
||||
keyringdir, extra_keyring,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
|
||||
ret = TRUE;
|
||||
result = _ostree_repo_gpg_verify_with_metadata (self,
|
||||
signed_data, metadata,
|
||||
keyringdir, extra_keyring,
|
||||
cancellable, error);
|
||||
|
||||
out:
|
||||
return ret;
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -26,6 +26,7 @@
|
||||
#include "ostree-types.h"
|
||||
#include "ostree-async-progress.h"
|
||||
#include "ostree-sepolicy.h"
|
||||
#include "ostree-gpg-verify-result.h"
|
||||
|
||||
G_BEGIN_DECLS
|
||||
|
||||
@ -676,6 +677,13 @@ gboolean ostree_repo_verify_commit (OstreeRepo *self,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo *self,
|
||||
const gchar *commit_checksum,
|
||||
GFile *keyringdir,
|
||||
GFile *extra_keyring,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
gboolean ostree_repo_regenerate_summary (OstreeRepo *self,
|
||||
GVariant *additional_metadata,
|
||||
GCancellable *cancellable,
|
||||
|
Loading…
Reference in New Issue
Block a user