shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-01-03 05:18:24 +03:00
Code Issues Projects Releases Wiki Activity

ostree: Add a "remote gpg-import" command

Browse Source 
Imports GPG keys into a remote-specific keyring.
This commit is contained in:
Matthew Barnes 2015-05-01 09:09:42 -04:00
parent a9b87ebc18
commit c287a7419c
5 changed files with 182 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile-ostree.am
View File

@ -77,6 +77,7 @@ ostree_SOURCES += \
src/ostree/ot-remote-builtins.h \ src/ostree/ot-remote-builtins.h \
src/ostree/ot-remote-builtin-add.c \ src/ostree/ot-remote-builtin-add.c \
src/ostree/ot-remote-builtin-delete.c \ src/ostree/ot-remote-builtin-delete.c \
src/ostree/ot-remote-builtin-gpg-import.c \
src/ostree/ot-remote-builtin-list.c \ src/ostree/ot-remote-builtin-list.c \
src/ostree/ot-remote-builtin-show-url.c \ src/ostree/ot-remote-builtin-show-url.c \
$(NULL) $(NULL)

37
doc/ostree-remote.xml
View File

@ -60,6 +60,9 @@ Boston, MA 02111-1307, USA.
<cmdsynopsis> <cmdsynopsis>
<command>ostree remote list</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="req">NAME</arg> <command>ostree remote list</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="req">NAME</arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>ostree remote gpg-import</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="req">NAME</arg> <arg choice="opt" rep="repeat">KEY-ID</arg>
</cmdsynopsis>
</refsynopsisdiv> </refsynopsisdiv>
<refsect1> <refsect1>
@ -68,6 +71,12 @@ Boston, MA 02111-1307, USA.
<para> <para>
Changes remote respository configurations. The NAME refers to the name of the remote. Changes remote respository configurations. The NAME refers to the name of the remote.
</para> </para>
<para>
The <command>gpg-import</command> subcommand can associate GPG keys to a specific remote respository for use when pulling signed commits from that repository (if GPG verification is enabled).
</para>
<para>
The GPG keys to import may be in binary OpenPGP format or ASCII armored. The optional <arg>KEY-ID</arg> list can restrict which keys are imported from a keyring file or input stream. All keys are imported if this list is omitted. If neither <option>--keyring</option> nor <option>--stdin</option> options are given, then keys are imported from the user's personal GPG keyring.
</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
@ -106,6 +115,34 @@ Boston, MA 02111-1307, USA.
</variablelist> </variablelist>
</refsect1> </refsect1>
<refsect1>
<title>'GPG-Import' Options</title>
<variablelist>
<varlistentry>
<term><option>-k, --keyring</option>=FILE</term>
<listitem><para>
Import one or more keys from a file.
</para><para>
This option may be repeated to import from multiple files,
but may not be used in combination with
<option>--stdin</option>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--stdin</option></term>
<listitem><para>
Import one or more keys from standard input.
</para><para>
This option may not be used in combination with
<option>--keyring</option>.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1> <refsect1>
<title>Example</title> <title>Example</title>
<para><command>$ ostree remote show-url local</command></para> <para><command>$ ostree remote show-url local</command></para>

1
src/ostree/ot-builtin-remote.c
View File

@ -36,6 +36,7 @@ static OstreeRemoteCommand remote_subcommands[] = {
{ "delete", ot_remote_builtin_delete }, { "delete", ot_remote_builtin_delete },
{ "show-url", ot_remote_builtin_show_url }, { "show-url", ot_remote_builtin_show_url },
{ "list", ot_remote_builtin_list }, { "list", ot_remote_builtin_list },
{ "gpg-import", ot_remote_builtin_gpg_import },
{ NULL, NULL } { NULL, NULL }
}; };

142
src/ostree/ot-remote-builtin-gpg-import.c Normal file
View File

@ -0,0 +1,142 @@
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
*
* Copyright (C) 2015 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*/
#include "config.h"
#include <libglnx.h>
#include <gio/gunixinputstream.h>
#include "otutil.h"
#include "ot-main.h"
#include "ot-remote-builtins.h"
/* XXX This belongs in libotutil. */
#include "ostree-chain-input-stream.h"
static gboolean opt_stdin;
static char **opt_keyrings;
static GOptionEntry option_entries[] = {
{ "keyring", 'k', 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_keyrings, "Import keys from a keyring file (repeatable)", "FILE" },
{ "stdin", 0, 0, G_OPTION_ARG_NONE, &opt_stdin, "Import keys from standard input", NULL },
{ NULL }
};
static gboolean
open_source_stream (GInputStream **out_source_stream,
GCancellable *cancellable,
GError **error)
{
g_autoptr(GInputStream) source_stream = NULL;
guint n_keyrings = 0;
gboolean ret = FALSE;
if (opt_keyrings != NULL)
n_keyrings = g_strv_length (opt_keyrings);
if (opt_stdin)
{
source_stream = g_unix_input_stream_new (STDIN_FILENO, FALSE);
}
else
{
g_autoptr(GPtrArray) streams = NULL;
guint ii;
streams = g_ptr_array_new_with_free_func (g_object_unref);
for (ii = 0; ii < n_keyrings; ii++)
{
g_autoptr(GFile) file = NULL;
GFileInputStream *input_stream = NULL;
file = g_file_new_for_path (opt_keyrings[ii]);
input_stream = g_file_read (file, cancellable, error);
if (input_stream == NULL)
goto out;
/* Takes ownership. */
g_ptr_array_add (streams, input_stream);
}
/* Chain together all the --keyring options as one long stream. */
source_stream = (GInputStream *) ostree_chain_input_stream_new (streams);
}
*out_source_stream = g_steal_pointer (&source_stream);
ret = TRUE;
out:
return ret;
}
gboolean
ot_remote_builtin_gpg_import (int argc, char **argv, GCancellable *cancellable, GError **error)
{
GOptionContext *context;
glnx_unref_object OstreeRepo *repo = NULL;
g_autoptr(GInputStream) source_stream = NULL;
const char *remote_name;
const char * const *key_ids;
guint imported = 0;
gboolean ret = FALSE;
context = g_option_context_new ("NAME [KEY-ID...] - Import GPG keys");
if (!ostree_option_context_parse (context, option_entries, &argc, &argv,
OSTREE_BUILTIN_FLAG_NONE, &repo, cancellable, error))
goto out;
if (argc < 2)
{
ot_util_usage_error (context, "NAME must be specified", error);
goto out;
}
if (opt_stdin && opt_keyrings != NULL)
{
ot_util_usage_error (context, "--keyring and --stdin are mutually exclusive", error);
goto out;
}
remote_name = argv[1];
key_ids = (argc > 2) ? (const char * const *) argv + 2 : NULL;
if (!open_source_stream (&source_stream, cancellable, error))
goto out;
if (!ostree_repo_remote_gpg_import (repo, remote_name, source_stream,
key_ids, &imported, cancellable, error))
goto out;
/* XXX If we ever add internationalization, use ngettext() here. */
g_print ("Imported %u GPG key%s to remote \"%s\"\n",
imported, (imported == 1) ? "" : "s", remote_name);
ret = TRUE;
out:
g_option_context_free (context);
return ret;
}

1
src/ostree/ot-remote-builtins.h
View File

@ -26,6 +26,7 @@ G_BEGIN_DECLS
gboolean ot_remote_builtin_add (int argc, char **argv, GCancellable *cancellable, GError **error); gboolean ot_remote_builtin_add (int argc, char **argv, GCancellable *cancellable, GError **error);
gboolean ot_remote_builtin_delete (int argc, char **argv, GCancellable *cancellable, GError **error); gboolean ot_remote_builtin_delete (int argc, char **argv, GCancellable *cancellable, GError **error);
gboolean ot_remote_builtin_gpg_import (int argc, char **argv, GCancellable *cancellable, GError **error);
gboolean ot_remote_builtin_list (int argc, char **argv, GCancellable *cancellable, GError **error); gboolean ot_remote_builtin_list (int argc, char **argv, GCancellable *cancellable, GError **error);
gboolean ot_remote_builtin_show_url (int argc, char **argv, GCancellable *cancellable, GError **error); gboolean ot_remote_builtin_show_url (int argc, char **argv, GCancellable *cancellable, GError **error);