repo: Add ostree_repo_verify_commit_ext()

Similar to ostree_repo_verify_commit(), but returns more verification
details by way of an OstreeGpgVerifyResult object instead of a boolean.
This commit is contained in:
Matthew Barnes 2015-03-11 19:21:33 -04:00
parent 4a2733f9e7
commit 8d127b9dcb
4 changed files with 63 additions and 23 deletions

View File

@ -299,6 +299,7 @@ ostree_repo_pull_default_console_progress_changed
ostree_repo_sign_commit
ostree_repo_append_gpg_signature
ostree_repo_verify_commit
ostree_repo_verify_commit_ext
ostree_repo_regenerate_summary
<SUBSECTION Standard>
OSTREE_REPO

View File

@ -185,7 +185,7 @@ _ostree_repo_get_remote_boolean_option (OstreeRepo *self,
gboolean *out_value,
GError **error);
gboolean
OstreeGpgVerifyResult *
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GBytes *signed_data,
GVariant *metadata,

View File

@ -3187,7 +3187,7 @@ ostree_repo_sign_delta (OstreeRepo *self,
return ret;
}
gboolean
OstreeGpgVerifyResult *
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GBytes *signed_data,
GVariant *metadata,
@ -3196,9 +3196,8 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
OstreeGpgVerifyResult *result = NULL;
gs_unref_object OstreeGpgVerifier *verifier = NULL;
gs_unref_object OstreeGpgVerifyResult *result = NULL;
gs_unref_variant GVariant *signaturedata = NULL;
GByteArray *buffer;
GVariantIter iter;
@ -3255,19 +3254,9 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
result = _ostree_gpg_verifier_check_signature (verifier,
signed_data, signatures,
cancellable, error);
if (result == NULL)
goto out;
if (ostree_gpg_verify_result_count_valid (result) == 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"GPG signatures found, but none are in trusted keyring");
goto out;
}
ret = TRUE;
out:
return ret;
return result;
}
/**
@ -3290,7 +3279,51 @@ ostree_repo_verify_commit (OstreeRepo *self,
GCancellable *cancellable,
GError **error)
{
gs_unref_object OstreeGpgVerifyResult *result = NULL;
gboolean ret = FALSE;
result = ostree_repo_verify_commit_ext (self, commit_checksum,
keyringdir, extra_keyring,
cancellable, error);
if (result == NULL)
goto out;
if (ostree_gpg_verify_result_count_valid (result) == 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"GPG signatures found, but none are in trusted keyring");
goto out;
}
ret = TRUE;
out:
return ret;
}
/**
* ostree_repo_verify_commit_ext:
* @self: Repository
* @commit_checksum: ASCII SHA256 checksum
* @keyringdir: (allow-none): Path to directory GPG keyrings; overrides built-in default if given
* @extra_keyring: (allow-none): Path to additional keyring file (not a directory)
* @cancellable: Cancellable
* @error: Error
*
* Read GPG signature(s) on the commit named by the ASCII checksum
* @commit_checksum and return detailed results.
*
* Returns: (transfer full): an #OstreeGpgVerifyResult, or %NULL on error
*/
OstreeGpgVerifyResult *
ostree_repo_verify_commit_ext (OstreeRepo *self,
const gchar *commit_checksum,
GFile *keyringdir,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error)
{
OstreeGpgVerifyResult *result = NULL;
gs_unref_variant GVariant *commit_variant = NULL;
gs_unref_object GFile *keyringdir_ref = NULL;
gs_unref_variant GVariant *metadata = NULL;
@ -3319,15 +3352,13 @@ ostree_repo_verify_commit (OstreeRepo *self,
signed_data = g_variant_get_data_as_bytes (commit_variant);
if (!_ostree_repo_gpg_verify_with_metadata (self,
signed_data, metadata,
keyringdir, extra_keyring,
cancellable, error))
goto out;
ret = TRUE;
result = _ostree_repo_gpg_verify_with_metadata (self,
signed_data, metadata,
keyringdir, extra_keyring,
cancellable, error);
out:
return ret;
return result;
}
/**

View File

@ -26,6 +26,7 @@
#include "ostree-types.h"
#include "ostree-async-progress.h"
#include "ostree-sepolicy.h"
#include "ostree-gpg-verify-result.h"
G_BEGIN_DECLS
@ -676,6 +677,13 @@ gboolean ostree_repo_verify_commit (OstreeRepo *self,
GCancellable *cancellable,
GError **error);
OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo *self,
const gchar *commit_checksum,
GFile *keyringdir,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error);
gboolean ostree_repo_regenerate_summary (OstreeRepo *self,
GVariant *additional_metadata,
GCancellable *cancellable,