shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2024-12-22 17:35:55 +03:00
Code Issues Projects Releases Wiki Activity

repo: Add ostree_repo_verify_commit_ext()

Browse Source 
Similar to ostree_repo_verify_commit(), but returns more verification
details by way of an OstreeGpgVerifyResult object instead of a boolean.
This commit is contained in:
Matthew Barnes 2015-03-11 19:21:33 -04:00
parent 4a2733f9e7
commit 8d127b9dcb
4 changed files with 63 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/ostree-sections.txt
View File

@ -299,6 +299,7 @@ ostree_repo_pull_default_console_progress_changed
ostree_repo_sign_commit ostree_repo_sign_commit
ostree_repo_append_gpg_signature ostree_repo_append_gpg_signature
ostree_repo_verify_commit ostree_repo_verify_commit
ostree_repo_verify_commit_ext
ostree_repo_regenerate_summary ostree_repo_regenerate_summary
<SUBSECTION Standard> <SUBSECTION Standard>
OSTREE_REPO OSTREE_REPO

2
src/libostree/ostree-repo-private.h
View File

@ -185,7 +185,7 @@ _ostree_repo_get_remote_boolean_option (OstreeRepo *self,
gboolean *out_value, gboolean *out_value,
GError **error); GError **error);
gboolean OstreeGpgVerifyResult *
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self, _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GBytes *signed_data, GBytes *signed_data,
GVariant *metadata, GVariant *metadata,

75
src/libostree/ostree-repo.c
View File

@ -3187,7 +3187,7 @@ ostree_repo_sign_delta (OstreeRepo *self,
return ret; return ret;
} }
gboolean OstreeGpgVerifyResult *
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self, _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GBytes *signed_data, GBytes *signed_data,
GVariant *metadata, GVariant *metadata,
@ -3196,9 +3196,8 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GCancellable *cancellable, GCancellable *cancellable,
GError **error) GError **error)
{ {
gboolean ret = FALSE; OstreeGpgVerifyResult *result = NULL;
gs_unref_object OstreeGpgVerifier *verifier = NULL; gs_unref_object OstreeGpgVerifier *verifier = NULL;
gs_unref_object OstreeGpgVerifyResult *result = NULL;
gs_unref_variant GVariant *signaturedata = NULL; gs_unref_variant GVariant *signaturedata = NULL;
GByteArray *buffer; GByteArray *buffer;
GVariantIter iter; GVariantIter iter;
@ -3255,19 +3254,9 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
result = _ostree_gpg_verifier_check_signature (verifier, result = _ostree_gpg_verifier_check_signature (verifier,
signed_data, signatures, signed_data, signatures,
cancellable, error); cancellable, error);
if (result == NULL)
goto out;
if (ostree_gpg_verify_result_count_valid (result) == 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"GPG signatures found, but none are in trusted keyring");
goto out;
}
ret = TRUE;
out: out:
return ret; return result;
} }
/** /**
@ -3290,7 +3279,51 @@ ostree_repo_verify_commit (OstreeRepo *self,
GCancellable *cancellable, GCancellable *cancellable,
GError **error) GError **error)
{ {
gs_unref_object OstreeGpgVerifyResult *result = NULL;
gboolean ret = FALSE; gboolean ret = FALSE;
result = ostree_repo_verify_commit_ext (self, commit_checksum,
keyringdir, extra_keyring,
cancellable, error);
if (result == NULL)
goto out;
if (ostree_gpg_verify_result_count_valid (result) == 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"GPG signatures found, but none are in trusted keyring");
goto out;
}
ret = TRUE;
out:
return ret;
}
/**
* ostree_repo_verify_commit_ext:
* @self: Repository
* @commit_checksum: ASCII SHA256 checksum
* @keyringdir: (allow-none): Path to directory GPG keyrings; overrides built-in default if given
* @extra_keyring: (allow-none): Path to additional keyring file (not a directory)
* @cancellable: Cancellable
* @error: Error
*
* Read GPG signature(s) on the commit named by the ASCII checksum
* @commit_checksum and return detailed results.
*
* Returns: (transfer full): an #OstreeGpgVerifyResult, or %NULL on error
*/
OstreeGpgVerifyResult *
ostree_repo_verify_commit_ext (OstreeRepo *self,
const gchar *commit_checksum,
GFile *keyringdir,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error)
{
OstreeGpgVerifyResult *result = NULL;
gs_unref_variant GVariant *commit_variant = NULL; gs_unref_variant GVariant *commit_variant = NULL;
gs_unref_object GFile *keyringdir_ref = NULL; gs_unref_object GFile *keyringdir_ref = NULL;
gs_unref_variant GVariant *metadata = NULL; gs_unref_variant GVariant *metadata = NULL;
@ -3319,15 +3352,13 @@ ostree_repo_verify_commit (OstreeRepo *self,
signed_data = g_variant_get_data_as_bytes (commit_variant); signed_data = g_variant_get_data_as_bytes (commit_variant);
if (!_ostree_repo_gpg_verify_with_metadata (self, result = _ostree_repo_gpg_verify_with_metadata (self,
signed_data, metadata, signed_data, metadata,
keyringdir, extra_keyring, keyringdir, extra_keyring,
cancellable, error)) cancellable, error);
goto out;
ret = TRUE;
out: out:
return ret; return result;
} }
/** /**

8
src/libostree/ostree-repo.h
View File

@ -26,6 +26,7 @@
#include "ostree-types.h" #include "ostree-types.h"
#include "ostree-async-progress.h" #include "ostree-async-progress.h"
#include "ostree-sepolicy.h" #include "ostree-sepolicy.h"
#include "ostree-gpg-verify-result.h"
G_BEGIN_DECLS G_BEGIN_DECLS
@ -676,6 +677,13 @@ gboolean ostree_repo_verify_commit (OstreeRepo *self,
GCancellable *cancellable, GCancellable *cancellable,
GError **error); GError **error);
OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo *self,
const gchar *commit_checksum,
GFile *keyringdir,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error);
gboolean ostree_repo_regenerate_summary (OstreeRepo *self, gboolean ostree_repo_regenerate_summary (OstreeRepo *self,
GVariant *additional_metadata, GVariant *additional_metadata,
GCancellable *cancellable, GCancellable *cancellable,