mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-03 05:18:24 +03:00
ostree: Add gpg-sign command
Signs a commit with one or more GPG keys.
This commit is contained in:
parent
152dcf89b5
commit
a5b002dae6
@ -29,6 +29,7 @@ ostree_SOURCES = src/ostree/main.c \
|
|||||||
src/ostree/ot-builtin-commit.c \
|
src/ostree/ot-builtin-commit.c \
|
||||||
src/ostree/ot-builtin-diff.c \
|
src/ostree/ot-builtin-diff.c \
|
||||||
src/ostree/ot-builtin-fsck.c \
|
src/ostree/ot-builtin-fsck.c \
|
||||||
|
src/ostree/ot-builtin-gpg-sign.c \
|
||||||
src/ostree/ot-builtin-init.c \
|
src/ostree/ot-builtin-init.c \
|
||||||
src/ostree/ot-builtin-pull-local.c \
|
src/ostree/ot-builtin-pull-local.c \
|
||||||
src/ostree/ot-builtin-log.c \
|
src/ostree/ot-builtin-log.c \
|
||||||
|
@ -125,7 +125,7 @@ version.xml:
|
|||||||
# This includes the standard gtk-doc make rules, copied by gtkdocize.
|
# This includes the standard gtk-doc make rules, copied by gtkdocize.
|
||||||
include $(top_srcdir)/gtk-doc.make
|
include $(top_srcdir)/gtk-doc.make
|
||||||
|
|
||||||
man1_MANS = ostree.1 ostree-admin-cleanup.1 ostree-admin-config-diff.1 ostree-admin-deploy.1 ostree-admin-init-fs.1 ostree-admin-instutil.1 ostree-admin-os-init.1 ostree-admin-status.1 ostree-admin-set-origin.1 ostree-admin-switch.1 ostree-admin-undeploy.1 ostree-admin-upgrade.1 ostree-admin.1 ostree-cat.1 ostree-checkout.1 ostree-checksum.1 ostree-commit.1 ostree-config.1 ostree-diff.1 ostree-fsck.1 ostree-init.1 ostree-log.1 ostree-ls.1 ostree-prune.1 ostree-pull-local.1 ostree-pull.1 ostree-refs.1 ostree-remote.1 ostree-reset.1 ostree-rev-parse.1 ostree-show.1 ostree-summary.1 ostree-static-delta.1 ostree-trivial-httpd.1
|
man1_MANS = ostree.1 ostree-admin-cleanup.1 ostree-admin-config-diff.1 ostree-admin-deploy.1 ostree-admin-init-fs.1 ostree-admin-instutil.1 ostree-admin-os-init.1 ostree-admin-status.1 ostree-admin-set-origin.1 ostree-admin-switch.1 ostree-admin-undeploy.1 ostree-admin-upgrade.1 ostree-admin.1 ostree-cat.1 ostree-checkout.1 ostree-checksum.1 ostree-commit.1 ostree-gpg-sign.1 ostree-config.1 ostree-diff.1 ostree-fsck.1 ostree-init.1 ostree-log.1 ostree-ls.1 ostree-prune.1 ostree-pull-local.1 ostree-pull.1 ostree-refs.1 ostree-remote.1 ostree-reset.1 ostree-rev-parse.1 ostree-show.1 ostree-summary.1 ostree-static-delta.1 ostree-trivial-httpd.1
|
||||||
|
|
||||||
man5_MANS = ostree.repo.5 ostree.repo-config.5
|
man5_MANS = ostree.repo.5 ostree.repo-config.5
|
||||||
|
|
||||||
|
80
doc/ostree-gpg-sign.xml
Normal file
80
doc/ostree-gpg-sign.xml
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
<?xml version='1.0'?> <!--*-nxml-*-->
|
||||||
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||||
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Copyright 2015 Matthew Barnes <mbarnes@redhat.com>
|
||||||
|
|
||||||
|
This library is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU Lesser General Public
|
||||||
|
License as published by the Free Software Foundation; either
|
||||||
|
version 2 of the License, or (at your option) any later version.
|
||||||
|
|
||||||
|
This library is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
Lesser General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Lesser General Public
|
||||||
|
License along with this library; if not, write to the
|
||||||
|
Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||||
|
Boston, MA 02111-1307, USA.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<refentry id="ostree">
|
||||||
|
|
||||||
|
<refentryinfo>
|
||||||
|
<title>ostree gpg-sign</title>
|
||||||
|
<productname>OSTree</productname>
|
||||||
|
|
||||||
|
<authorgroup>
|
||||||
|
<author>
|
||||||
|
<contrib>Developer</contrib>
|
||||||
|
<firstname>Colin</firstname>
|
||||||
|
<surname>Walters</surname>
|
||||||
|
<email>walters@verbum.org</email>
|
||||||
|
</author>
|
||||||
|
</authorgroup>
|
||||||
|
</refentryinfo>
|
||||||
|
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>ostree gpg-sign</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>ostree-gpg-sign</refname>
|
||||||
|
<refpurpose>Sign a commit</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsynopsisdiv>
|
||||||
|
<cmdsynopsis>
|
||||||
|
<command>ostree gpg-sign</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="req">COMMIT</arg> <arg choice="req" rep="repeat">KEY-ID</arg>
|
||||||
|
</cmdsynopsis>
|
||||||
|
</refsynopsisdiv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Add a new signature to a commit for each specified GPG key.
|
||||||
|
|
||||||
|
Note that currently, this will append a new signature even if
|
||||||
|
the commit is already signed with a given key.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--gpg-homedir</option>="HOMEDIR"</term>
|
||||||
|
|
||||||
|
<listitem><para>
|
||||||
|
GPG Homedir to use when looking for keyrings.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
</refentry>
|
@ -41,6 +41,9 @@ static OstreeCommand commands[] = {
|
|||||||
{ "config", ostree_builtin_config },
|
{ "config", ostree_builtin_config },
|
||||||
{ "diff", ostree_builtin_diff },
|
{ "diff", ostree_builtin_diff },
|
||||||
{ "fsck", ostree_builtin_fsck },
|
{ "fsck", ostree_builtin_fsck },
|
||||||
|
#ifdef HAVE_GPGME
|
||||||
|
{ "gpg-sign", ostree_builtin_gpg_sign },
|
||||||
|
#endif
|
||||||
{ "init", ostree_builtin_init },
|
{ "init", ostree_builtin_init },
|
||||||
{ "log", ostree_builtin_log },
|
{ "log", ostree_builtin_log },
|
||||||
{ "ls", ostree_builtin_ls },
|
{ "ls", ostree_builtin_ls },
|
||||||
|
94
src/ostree/ot-builtin-gpg-sign.c
Normal file
94
src/ostree/ot-builtin-gpg-sign.c
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
||||||
|
*
|
||||||
|
* Copyright (C) 2015 Colin Walters <walters@verbum.org>
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the
|
||||||
|
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||||
|
* Boston, MA 02111-1307, USA.
|
||||||
|
*
|
||||||
|
* Author: Colin Walters <walters@verbum.org>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#include "ot-main.h"
|
||||||
|
#include "ot-builtins.h"
|
||||||
|
#include "ostree.h"
|
||||||
|
#include "otutil.h"
|
||||||
|
|
||||||
|
static char *opt_gpg_homedir;
|
||||||
|
|
||||||
|
static GOptionEntry options[] = {
|
||||||
|
{ "gpg-homedir", 0, 0, G_OPTION_ARG_STRING, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "HOMEDIR"},
|
||||||
|
};
|
||||||
|
|
||||||
|
static void
|
||||||
|
usage_error (GOptionContext *context, const char *message, GError **error)
|
||||||
|
{
|
||||||
|
gs_free char *help = g_option_context_get_help (context, TRUE, NULL);
|
||||||
|
g_printerr ("%s", help);
|
||||||
|
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, message);
|
||||||
|
}
|
||||||
|
|
||||||
|
gboolean
|
||||||
|
ostree_builtin_gpg_sign (int argc, char **argv, GCancellable *cancellable, GError **error)
|
||||||
|
{
|
||||||
|
GOptionContext *context;
|
||||||
|
gs_unref_object OstreeRepo *repo = NULL;
|
||||||
|
gs_free char *resolved_commit = NULL;
|
||||||
|
const char *commit;
|
||||||
|
char **key_ids;
|
||||||
|
int n_key_ids, ii;
|
||||||
|
gboolean ret = FALSE;
|
||||||
|
|
||||||
|
context = g_option_context_new ("COMMIT KEY-ID... - Sign a commit");
|
||||||
|
|
||||||
|
if (!ostree_option_context_parse (context, options, &argc, &argv, OSTREE_BUILTIN_FLAG_NONE, &repo, cancellable, error))
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
if (argc < 2)
|
||||||
|
{
|
||||||
|
usage_error (context, "Need a COMMIT to sign", error);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (argc < 3)
|
||||||
|
{
|
||||||
|
usage_error (context, "Need at least one GPG KEY-ID to sign with", error);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
commit = argv[1];
|
||||||
|
key_ids = argv + 2;
|
||||||
|
n_key_ids = argc - 2;
|
||||||
|
|
||||||
|
if (!ostree_repo_resolve_rev (repo, commit, FALSE, &resolved_commit, error))
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
for (ii = 0; ii < n_key_ids; ii++)
|
||||||
|
{
|
||||||
|
if (!ostree_repo_sign_commit (repo, resolved_commit, key_ids[ii],
|
||||||
|
opt_gpg_homedir, cancellable, error))
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = TRUE;
|
||||||
|
|
||||||
|
out:
|
||||||
|
if (context)
|
||||||
|
g_option_context_free (context);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
@ -35,6 +35,7 @@ BUILTINPROTO(checkout);
|
|||||||
BUILTINPROTO(checksum);
|
BUILTINPROTO(checksum);
|
||||||
BUILTINPROTO(commit);
|
BUILTINPROTO(commit);
|
||||||
BUILTINPROTO(diff);
|
BUILTINPROTO(diff);
|
||||||
|
BUILTINPROTO(gpg_sign);
|
||||||
BUILTINPROTO(init);
|
BUILTINPROTO(init);
|
||||||
BUILTINPROTO(log);
|
BUILTINPROTO(log);
|
||||||
BUILTINPROTO(pull);
|
BUILTINPROTO(pull);
|
||||||
|
@ -39,3 +39,11 @@ cd ${test_tmpdir}
|
|||||||
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
|
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
|
||||||
$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
|
$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
|
||||||
assert_file_has_content test2-gpgsigs 'byte '
|
assert_file_has_content test2-gpgsigs 'byte '
|
||||||
|
|
||||||
|
# Commit and sign separately
|
||||||
|
cd ${test_tmpdir}
|
||||||
|
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --tree=dir=files
|
||||||
|
$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 2> /dev/null && (echo 1>&2 "unsigned commit unexpectedly had detached metadata"; exit 1)
|
||||||
|
$OSTREE gpg-sign test2 ${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME}
|
||||||
|
$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
|
||||||
|
assert_file_has_content test2-gpgsigs 'byte '
|
||||||
|
Loading…
Reference in New Issue
Block a user