shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-01-06 17:18:25 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3131 from cgwalters/status-use-remote

Browse Source 
status: Pass correct remote name when verifying
This commit is contained in:
Eric Curtin 2024-01-05 14:28:47 +00:00 committed by GitHub
commit ac8638f3e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
src/ostree/ot-admin-builtin-status.c
View File

@ -29,39 +29,14 @@
#include <glib/gi18n.h> #include <glib/gi18n.h>
static gboolean opt_verify; static gboolean opt_verify;
static gboolean opt_skip_signatures;
static GOptionEntry options[] = { { "verify", 'V', 0, G_OPTION_ARG_NONE, &opt_verify, static GOptionEntry options[]
"Print the commit verification status", NULL }, = { { "verify", 'V', 0, G_OPTION_ARG_NONE, &opt_verify, "Print the commit verification status",
{ NULL } }; NULL },
{ "skip-signatures", 'S', 0, G_OPTION_ARG_NONE, &opt_skip_signatures,
#ifndef OSTREE_DISABLE_GPGME "Print the commit verification status", NULL },
static gboolean { NULL } };
deployment_get_gpg_verify (OstreeDeployment *deployment, OstreeRepo *repo)
{
/* XXX Something like this could be added to the OstreeDeployment
* API in libostree if the OstreeRepo parameter is acceptable. */
GKeyFile *origin = ostree_deployment_get_origin (deployment);
if (origin == NULL)
return FALSE;
g_autofree char *refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (refspec == NULL)
return FALSE;
g_autofree char *remote = NULL;
if (!ostree_parse_refspec (refspec, &remote, NULL, NULL))
return FALSE;
gboolean gpg_verify = FALSE;
if (remote)
(void)ostree_repo_remote_get_gpg_verify (repo, remote, &gpg_verify, NULL);
return gpg_verify;
}
#endif /* OSTREE_DISABLE_GPGME */
static gboolean static gboolean
deployment_print_status (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeployment *deployment, deployment_print_status (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeployment *deployment,
gboolean is_booted, gboolean is_pending, gboolean is_rollback, gboolean is_booted, gboolean is_pending, gboolean is_rollback,
@ -95,6 +70,8 @@ deployment_print_status (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploym
} }
GKeyFile *origin = ostree_deployment_get_origin (deployment); GKeyFile *origin = ostree_deployment_get_origin (deployment);
g_autofree char *origin_refspec
= origin ? g_key_file_get_string (origin, "origin", "refspec", NULL) : NULL;
const char *deployment_status = ""; const char *deployment_status = "";
if (ostree_deployment_is_finalization_locked (deployment)) if (ostree_deployment_is_finalization_locked (deployment))
@ -127,7 +104,6 @@ deployment_print_status (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploym
g_print (" origin: none\n"); g_print (" origin: none\n");
else else
{ {
g_autofree char *origin_refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (!origin_refspec) if (!origin_refspec)
g_print (" origin: <unknown origin type>\n"); g_print (" origin: <unknown origin type>\n");
else else
@ -137,15 +113,22 @@ deployment_print_status (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploym
} }
#ifndef OSTREE_DISABLE_GPGME #ifndef OSTREE_DISABLE_GPGME
if (!opt_verify && deployment_get_gpg_verify (deployment, repo)) g_autofree char *remote = NULL;
if (origin_refspec && !ostree_parse_refspec (origin_refspec, &remote, NULL, NULL))
return FALSE;
gboolean gpg_verify = FALSE;
if (remote)
(void)ostree_repo_remote_get_gpg_verify (repo, remote, &gpg_verify, NULL);
if (!opt_skip_signatures && !opt_verify && gpg_verify)
{ {
g_assert (remote);
g_autoptr (GString) output_buffer = g_string_sized_new (256); g_autoptr (GString) output_buffer = g_string_sized_new (256);
/* Print any digital signatures on this commit. */ /* Print any digital signatures on this commit. */
const char *osname = ostree_deployment_get_osname (deployment);
g_autoptr (GError) local_error = NULL; g_autoptr (GError) local_error = NULL;
g_autoptr (OstreeGpgVerifyResult) result g_autoptr (OstreeGpgVerifyResult) result
= ostree_repo_verify_commit_for_remote (repo, ref, osname, cancellable, &local_error); = ostree_repo_verify_commit_for_remote (repo, ref, remote, cancellable, &local_error);
/* G_IO_ERROR_NOT_FOUND just means the commit is not signed. */ /* G_IO_ERROR_NOT_FOUND just means the commit is not signed. */
if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND)) if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
@ -174,16 +157,8 @@ deployment_print_status (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploym
{ {
if (!commit) if (!commit)
return glnx_throw (error, "Cannot verify, failed to load commit"); return glnx_throw (error, "Cannot verify, failed to load commit");
if (origin_refspec == NULL)
if (origin == NULL)
return glnx_throw (error, "Cannot verify deployment with no origin");
g_autofree char *refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (refspec == NULL)
return glnx_throw (error, "No origin/refspec, cannot verify"); return glnx_throw (error, "No origin/refspec, cannot verify");
g_autofree char *remote = NULL;
if (!ostree_parse_refspec (refspec, &remote, NULL, NULL))
return FALSE;
if (remote == NULL) if (remote == NULL)
return glnx_throw (error, "Cannot verify deployment without remote"); return glnx_throw (error, "Cannot verify deployment without remote");