mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-22 17:35:55 +03:00
signing: Change API to create instances directly
This cleans up the verification code; it was weird how we'd get the list of known names and then try to create an instance from it (and throw an error if that failed, which couldn't happen).
This commit is contained in:
parent
f572206f15
commit
a9a81f3a29
@ -709,7 +709,7 @@ ostree_kernel_args_to_string
|
||||
<SECTION>
|
||||
<FILE>ostree-sign</FILE>
|
||||
OstreeSign
|
||||
ostree_sign_list_names
|
||||
ostree_sign_get_all
|
||||
ostree_sign_commit
|
||||
ostree_sign_commit_verify
|
||||
ostree_sign_data
|
||||
|
@ -23,7 +23,7 @@ global:
|
||||
ostree_repo_commit_modifier_set_sepolicy_from_commit;
|
||||
someostree_symbol_deleteme;
|
||||
ostree_sign_get_type;
|
||||
ostree_sign_list_names;
|
||||
ostree_sign_get_all;
|
||||
ostree_sign_commit;
|
||||
ostree_sign_commit_verify;
|
||||
ostree_sign_data;
|
||||
|
@ -142,6 +142,9 @@ _signapi_load_public_keys (OstreeSign *sign,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/* Iterate over all known signing types, and check if the commit is signed
|
||||
* by at least one.
|
||||
*/
|
||||
gboolean
|
||||
_sign_verify_for_remote (OstreeRepo *repo,
|
||||
const gchar *remote_name,
|
||||
@ -149,32 +152,18 @@ _sign_verify_for_remote (OstreeRepo *repo,
|
||||
GVariant *metadata,
|
||||
GError **error)
|
||||
{
|
||||
/* list all signature types in detached metadata and check if signed by any? */
|
||||
g_auto (GStrv) names = ostree_sign_list_names();
|
||||
guint n_invalid_signatures = 0;
|
||||
guint n_unknown_signatures = 0;
|
||||
g_autoptr (GError) last_sig_error = NULL;
|
||||
gboolean found_sig = FALSE;
|
||||
|
||||
for (char **iter=names; iter && *iter; iter++)
|
||||
g_autoptr(GPtrArray) signers = ostree_sign_get_all ();
|
||||
for (guint i = 0; i < signers->len; i++)
|
||||
{
|
||||
g_autoptr (OstreeSign) sign = NULL;
|
||||
g_autoptr (GVariant) signatures = NULL;
|
||||
const gchar *signature_key = NULL;
|
||||
GVariantType *signature_format = NULL;
|
||||
|
||||
if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL)
|
||||
{
|
||||
n_unknown_signatures++;
|
||||
continue;
|
||||
}
|
||||
|
||||
signature_key = ostree_sign_metadata_key (sign);
|
||||
signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
|
||||
|
||||
signatures = g_variant_lookup_value (metadata,
|
||||
signature_key,
|
||||
signature_format);
|
||||
OstreeSign *sign = signers->pdata[i];
|
||||
const gchar *signature_key = ostree_sign_metadata_key (sign);
|
||||
GVariantType *signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
|
||||
g_autoptr (GVariant) signatures =
|
||||
g_variant_lookup_value (metadata, signature_key, signature_format);
|
||||
|
||||
/* If not found signatures for requested signature subsystem */
|
||||
if (!signatures)
|
||||
@ -201,11 +190,7 @@ _sign_verify_for_remote (OstreeRepo *repo,
|
||||
}
|
||||
|
||||
if (!found_sig)
|
||||
{
|
||||
if (n_unknown_signatures > 0)
|
||||
return glnx_throw (error, "No signatures found (%d unknown type)", n_unknown_signatures);
|
||||
return glnx_throw (error, "No signatures found");
|
||||
}
|
||||
return glnx_throw (error, "No signatures found");
|
||||
|
||||
g_assert (last_sig_error);
|
||||
g_propagate_error (error, g_steal_pointer (&last_sig_error));
|
||||
|
@ -1544,14 +1544,11 @@ scan_commit_object (OtPullData *pull_data,
|
||||
gboolean found_any_signature = FALSE;
|
||||
gboolean found_valid_signature = FALSE;
|
||||
|
||||
/* list all signature types in detached metadata and check if signed by any? */
|
||||
g_auto (GStrv) names = ostree_sign_list_names();
|
||||
for (char **iter=names; iter && *iter; iter++)
|
||||
/* FIXME - dedup this with _sign_verify_for_remote() */
|
||||
g_autoptr(GPtrArray) signers = ostree_sign_get_all ();
|
||||
for (guint i = 0; i < signers->len; i++)
|
||||
{
|
||||
g_autoptr (OstreeSign) sign = NULL;
|
||||
|
||||
if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL)
|
||||
continue;
|
||||
OstreeSign *sign = signers->pdata[i];
|
||||
|
||||
/* Try to load public key(s) according remote's configuration */
|
||||
if (!_signapi_load_public_keys (sign, pull_data->repo, pull_data->remote_name, error))
|
||||
|
@ -436,8 +436,6 @@ ostree_sign_commit_verify (OstreeSign *self,
|
||||
*
|
||||
* Return the pointer to the name of currently used/selected signing engine.
|
||||
*
|
||||
* The list of available engines could be acquired with #ostree_sign_list_names.
|
||||
*
|
||||
* Returns: (transfer none): pointer to the name
|
||||
* @NULL in case of error (unlikely).
|
||||
*
|
||||
@ -515,28 +513,27 @@ ostree_sign_commit (OstreeSign *self,
|
||||
}
|
||||
|
||||
/**
|
||||
* ostree_sign_list_names:
|
||||
* ostree_sign_get_all:
|
||||
*
|
||||
* Return an array with all available sign engines names.
|
||||
* Return an array with newly allocated instances of all available
|
||||
* signing engines; they will not be initialized.
|
||||
*
|
||||
* Returns: (transfer full): an array of strings, free when you used it
|
||||
* Returns: (transfer full) (element-type OstreeSign): an array of signing engines
|
||||
*
|
||||
* Since: 2020.2
|
||||
*/
|
||||
GStrv
|
||||
ostree_sign_list_names(void)
|
||||
GPtrArray *
|
||||
ostree_sign_get_all (void)
|
||||
{
|
||||
g_autoptr(GPtrArray) engines = g_ptr_array_new_with_free_func (g_object_unref);
|
||||
for (guint i = 0; i < G_N_ELEMENTS(sign_types); i++)
|
||||
{
|
||||
OstreeSign *engine = ostree_sign_get_by_name (sign_types[i].name, NULL);
|
||||
g_assert (engine);
|
||||
g_ptr_array_add (engines, engine);
|
||||
}
|
||||
|
||||
GStrv names = g_new0 (char *, G_N_ELEMENTS(sign_types) + 1);
|
||||
gint i = 0;
|
||||
|
||||
for (i=0; i < G_N_ELEMENTS(sign_types); i++)
|
||||
{
|
||||
names[i] = g_strdup(sign_types[i].name);
|
||||
g_debug ("Found '%s' signing engine", names[i]);
|
||||
}
|
||||
|
||||
return names;
|
||||
return g_steal_pointer (&engines);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -544,11 +541,9 @@ ostree_sign_list_names(void)
|
||||
* @name: the name of desired signature engine
|
||||
* @error: return location for a #GError
|
||||
*
|
||||
* Tries to find and return proper signing engine by it's name.
|
||||
* Create a new instance of a signing engine.
|
||||
*
|
||||
* The list of available engines could be acquired with #ostree_sign_list_names.
|
||||
*
|
||||
* Returns: (transfer full): a constant, free when you used it
|
||||
* Returns: (transfer full): New signing engine, or %NULL if the engine is not known
|
||||
*
|
||||
* Since: 2020.2
|
||||
*/
|
||||
|
@ -153,7 +153,7 @@ gboolean ostree_sign_load_pk (OstreeSign *self,
|
||||
|
||||
|
||||
_OSTREE_PUBLIC
|
||||
GStrv ostree_sign_list_names(void);
|
||||
GPtrArray * ostree_sign_get_all(void);
|
||||
|
||||
_OSTREE_PUBLIC
|
||||
OstreeSign * ostree_sign_get_by_name (const gchar *name, GError **error);
|
||||
|
Loading…
Reference in New Issue
Block a user