mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-23 02:05:01 +03:00
OstreeGpgVerifier: Take the signed data as a GBytes
Similar to c2b01ad. For some reason I was thinking the commit data still needed to be written to disk prior to verifying, but it's just another artifact of spawning gpgv2 (predates using GPGME). Makes for a nice cleanup in fetch_metadata_to_verify_delta_superblock() as well.
This commit is contained in:
parent
c4998ab33f
commit
f47693440d
@ -243,7 +243,7 @@ out:
|
|||||||
|
|
||||||
gboolean
|
gboolean
|
||||||
_ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
|
_ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
|
||||||
GFile *file,
|
GBytes *signed_data,
|
||||||
GBytes *signatures,
|
GBytes *signatures,
|
||||||
gboolean *out_had_valid_sig,
|
gboolean *out_had_valid_sig,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
@ -294,17 +294,20 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
|
|||||||
if (!override_gpgme_home_dir (gpg_ctx, temp_dir, error))
|
if (!override_gpgme_home_dir (gpg_ctx, temp_dir, error))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
{
|
/* Both the signed data and signature GBytes instances will outlive the
|
||||||
gs_free char *path = g_file_get_path (file);
|
* gpgme_data_t structs, so we can safely reuse the GBytes memory buffer
|
||||||
gpg_error = gpgme_data_new_from_file (&data_buffer, path, 1);
|
* directly and avoid a copy. */
|
||||||
|
|
||||||
if (gpg_error != GPG_ERR_NO_ERROR)
|
gpg_error = gpgme_data_new_from_mem (&data_buffer,
|
||||||
{
|
g_bytes_get_data (signed_data, NULL),
|
||||||
gpg_error_to_gio_error (gpg_error, error);
|
g_bytes_get_size (signed_data),
|
||||||
g_prefix_error (error, "Unable to read signed text: ");
|
0 /* do not copy */);
|
||||||
goto out;
|
if (gpg_error != GPG_ERR_NO_ERROR)
|
||||||
}
|
{
|
||||||
}
|
gpg_error_to_gio_error (gpg_error, error);
|
||||||
|
g_prefix_error (error, "Unable to read signed data: ");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
gpg_error = gpgme_data_new_from_mem (&signature_buffer,
|
gpg_error = gpgme_data_new_from_mem (&signature_buffer,
|
||||||
g_bytes_get_data (signatures, NULL),
|
g_bytes_get_data (signatures, NULL),
|
||||||
|
@ -42,7 +42,7 @@ OstreeGpgVerifier *_ostree_gpg_verifier_new (GCancellable *cancellable,
|
|||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
gboolean _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
|
gboolean _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
|
||||||
GFile *file,
|
GBytes *signed_data,
|
||||||
GBytes *signatures,
|
GBytes *signatures,
|
||||||
gboolean *had_valid_signature,
|
gboolean *had_valid_signature,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
|
@ -186,13 +186,13 @@ _ostree_repo_get_remote_boolean_option (OstreeRepo *self,
|
|||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
gboolean
|
gboolean
|
||||||
_ostree_repo_gpg_verify_file_with_metadata (OstreeRepo *self,
|
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||||
GFile *path,
|
GBytes *signed_data,
|
||||||
GVariant *metadata,
|
GVariant *metadata,
|
||||||
GFile *keyringdir,
|
GFile *keyringdir,
|
||||||
GFile *extra_keyring,
|
GFile *extra_keyring,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
gboolean
|
gboolean
|
||||||
_ostree_repo_commit_loose_final (OstreeRepo *self,
|
_ostree_repo_commit_loose_final (OstreeRepo *self,
|
||||||
|
@ -1286,9 +1286,6 @@ fetch_metadata_to_verify_delta_superblock (OtPullData *pull_data,
|
|||||||
gs_free char *meta_path = _ostree_get_relative_static_delta_detachedmeta_path (from_revision, checksum);
|
gs_free char *meta_path = _ostree_get_relative_static_delta_detachedmeta_path (from_revision, checksum);
|
||||||
gs_unref_bytes GBytes *detached_meta_data = NULL;
|
gs_unref_bytes GBytes *detached_meta_data = NULL;
|
||||||
SoupURI *target_uri = NULL;
|
SoupURI *target_uri = NULL;
|
||||||
gs_unref_object GFile *temp_input_path = NULL;
|
|
||||||
gs_unref_object GOutputStream *temp_input_stream = NULL;
|
|
||||||
gs_unref_object GInputStream *superblock_in = NULL;
|
|
||||||
gs_unref_variant GVariant *metadata = NULL;
|
gs_unref_variant GVariant *metadata = NULL;
|
||||||
|
|
||||||
target_uri = suburi_new (pull_data->base_uri, meta_path, NULL);
|
target_uri = suburi_new (pull_data->base_uri, meta_path, NULL);
|
||||||
@ -1301,26 +1298,13 @@ fetch_metadata_to_verify_delta_superblock (OtPullData *pull_data,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
superblock_in = g_memory_input_stream_new_from_bytes (superblock_data);
|
|
||||||
|
|
||||||
if (!gs_file_open_in_tmpdir (pull_data->repo->tmp_dir, 0644,
|
|
||||||
&temp_input_path, &temp_input_stream,
|
|
||||||
cancellable, error))
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
if (0 > g_output_stream_splice (temp_input_stream, superblock_in,
|
|
||||||
G_OUTPUT_STREAM_SPLICE_CLOSE_SOURCE |
|
|
||||||
G_OUTPUT_STREAM_SPLICE_CLOSE_TARGET,
|
|
||||||
cancellable, error))
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
metadata = g_variant_new_from_bytes (G_VARIANT_TYPE ("a{sv}"),
|
metadata = g_variant_new_from_bytes (G_VARIANT_TYPE ("a{sv}"),
|
||||||
detached_meta_data,
|
detached_meta_data,
|
||||||
FALSE);
|
FALSE);
|
||||||
|
|
||||||
if (!_ostree_repo_gpg_verify_file_with_metadata (pull_data->repo, temp_input_path,
|
if (!_ostree_repo_gpg_verify_with_metadata (pull_data->repo, superblock_data,
|
||||||
metadata, NULL, NULL,
|
metadata, NULL, NULL,
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
ret = TRUE;
|
ret = TRUE;
|
||||||
|
@ -3188,13 +3188,13 @@ ostree_repo_sign_delta (OstreeRepo *self,
|
|||||||
}
|
}
|
||||||
|
|
||||||
gboolean
|
gboolean
|
||||||
_ostree_repo_gpg_verify_file_with_metadata (OstreeRepo *self,
|
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||||
GFile *path,
|
GBytes *signed_data,
|
||||||
GVariant *metadata,
|
GVariant *metadata,
|
||||||
GFile *keyringdir,
|
GFile *keyringdir,
|
||||||
GFile *extra_keyring,
|
GFile *extra_keyring,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
gboolean ret = FALSE;
|
gboolean ret = FALSE;
|
||||||
gs_unref_object OstreeGpgVerifier *verifier = NULL;
|
gs_unref_object OstreeGpgVerifier *verifier = NULL;
|
||||||
@ -3253,7 +3253,7 @@ _ostree_repo_gpg_verify_file_with_metadata (OstreeRepo *self,
|
|||||||
signatures = g_byte_array_free_to_bytes (buffer);
|
signatures = g_byte_array_free_to_bytes (buffer);
|
||||||
|
|
||||||
if (!_ostree_gpg_verifier_check_signature (verifier,
|
if (!_ostree_gpg_verifier_check_signature (verifier,
|
||||||
path,
|
signed_data,
|
||||||
signatures,
|
signatures,
|
||||||
&had_valid_signature,
|
&had_valid_signature,
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
@ -3293,26 +3293,19 @@ ostree_repo_verify_commit (OstreeRepo *self,
|
|||||||
{
|
{
|
||||||
gboolean ret = FALSE;
|
gboolean ret = FALSE;
|
||||||
gs_unref_variant GVariant *commit_variant = NULL;
|
gs_unref_variant GVariant *commit_variant = NULL;
|
||||||
gs_unref_object GFile *commit_tmp_path = NULL;
|
|
||||||
gs_unref_object GFile *keyringdir_ref = NULL;
|
gs_unref_object GFile *keyringdir_ref = NULL;
|
||||||
gs_unref_variant GVariant *metadata = NULL;
|
gs_unref_variant GVariant *metadata = NULL;
|
||||||
|
gs_unref_bytes GBytes *signed_data = NULL;
|
||||||
gs_free gchar *commit_filename = NULL;
|
gs_free gchar *commit_filename = NULL;
|
||||||
|
|
||||||
/* Create a temporary file for the commit */
|
/* Create a temporary file for the commit */
|
||||||
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
|
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
|
||||||
commit_checksum, &commit_variant,
|
commit_checksum, &commit_variant,
|
||||||
error))
|
error))
|
||||||
goto out;
|
{
|
||||||
if (!gs_file_open_in_tmpdir (self->tmp_dir, 0644,
|
g_prefix_error (error, "Failed to read commit: ");
|
||||||
&commit_tmp_path, NULL,
|
goto out;
|
||||||
cancellable, error))
|
}
|
||||||
goto out;
|
|
||||||
if (!g_file_replace_contents (commit_tmp_path,
|
|
||||||
(char*)g_variant_get_data (commit_variant),
|
|
||||||
g_variant_get_size (commit_variant),
|
|
||||||
NULL, FALSE, 0, NULL,
|
|
||||||
cancellable, error))
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
/* Load the metadata */
|
/* Load the metadata */
|
||||||
if (!ostree_repo_read_commit_detached_metadata (self,
|
if (!ostree_repo_read_commit_detached_metadata (self,
|
||||||
@ -3324,17 +3317,17 @@ ostree_repo_verify_commit (OstreeRepo *self,
|
|||||||
g_prefix_error (error, "Failed to read detached metadata: ");
|
g_prefix_error (error, "Failed to read detached metadata: ");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!_ostree_repo_gpg_verify_file_with_metadata (self,
|
signed_data = g_variant_get_data_as_bytes (commit_variant);
|
||||||
commit_tmp_path, metadata,
|
|
||||||
keyringdir, extra_keyring,
|
if (!_ostree_repo_gpg_verify_with_metadata (self,
|
||||||
cancellable, error))
|
signed_data, metadata,
|
||||||
|
keyringdir, extra_keyring,
|
||||||
|
cancellable, error))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
ret = TRUE;
|
ret = TRUE;
|
||||||
out:
|
out:
|
||||||
if (commit_tmp_path)
|
|
||||||
(void) gs_file_unlink (commit_tmp_path, NULL, NULL);
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user