ostree/Makefile-libostree.am
Matthew Barnes 70cabcea0a gpg: Rewrite OstreeGpgVerifier to use GPGME
This sets the stage for more advanced signature management.

(Also, talking to GPG over pipes sucks.)

Previously we were spawning gpgv2 with a bunch of --keyring options
for /usr/share/ostree/trusted.gpg.d/ and whatever other keyring files
were explicitly added.  GPGME has no public API for multiple keyrings,
so we work around the issue by setting up a temp directory to serve as
a fake "home" directory for the crypto engine and then concatenate all
the keyring files into a single public keyring (pubring.gpg).

Unfortunately at present we do this on every signature verification.
There's a desire to cache this concatenation, but the problem is the
user may be unprivileged.  So it seems the cache would have to be per
user under $XDG_CACHE_HOME, which OSTree doesn't otherwise use.  I'm
open to suggestions.

We do at least clean up the temp directory when finished, and I have
further API changes planned to OstreeGpgVerifier to help mitigate the
performance impact.
2015-03-06 08:22:44 -05:00

171 lines
6.0 KiB
Plaintext

# Makefile for C source code
#
# Copyright (C) 2011,2014 Colin Walters <walters@verbum.org>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
include Makefile-libostree-defines.am
noinst_LTLIBRARIES += libostree-kernel-args.la libbupsplit.la
libostree_kernel_args_la_SOURCES = \
src/libostree/ostree-kernel-args.h \
src/libostree/ostree-kernel-args.c \
$(NULL)
libostree_kernel_args_la_CFLAGS = $(OT_INTERNAL_GIO_UNIX_CFLAGS)
libostree_kernel_args_la_LIBADD = $(OT_INTERNAL_GIO_UNIX_LIBS)
lib_LTLIBRARIES += libostree-1.la
libostreeincludedir = $(includedir)/ostree-1
libostreeinclude_HEADERS = $(libostree_public_headers)
libbupsplit_la_SOURCES = \
src/libostree/bupsplit.h \
src/libostree/bupsplit.c \
$(NULL)
libostree_1_la_SOURCES = \
src/libostree/ostree-async-progress.c \
src/libostree/ostree-cmdprivate.h \
src/libostree/ostree-cmdprivate.c \
src/libostree/ostree-core-private.h \
src/libostree/ostree-core.c \
src/libostree/ostree-checksum-input-stream.c \
src/libostree/ostree-checksum-input-stream.h \
src/libostree/ostree-chain-input-stream.c \
src/libostree/ostree-chain-input-stream.h \
src/libostree/ostree-lzma-common.c \
src/libostree/ostree-lzma-common.h \
src/libostree/ostree-lzma-compressor.c \
src/libostree/ostree-lzma-compressor.h \
src/libostree/ostree-lzma-decompressor.c \
src/libostree/ostree-lzma-decompressor.h \
src/libostree/ostree-rollsum.h \
src/libostree/ostree-rollsum.c \
src/libostree/ostree-varint.h \
src/libostree/ostree-varint.c \
src/libostree/ostree-linuxfsutil.h \
src/libostree/ostree-linuxfsutil.c \
src/libostree/ostree-diff.c \
src/libostree/ostree-mutable-tree.c \
src/libostree/ostree-repo.c \
src/libostree/ostree-repo-checkout.c \
src/libostree/ostree-repo-commit.c \
src/libostree/ostree-repo-libarchive.c \
src/libostree/ostree-repo-prune.c \
src/libostree/ostree-repo-refs.c \
src/libostree/ostree-repo-traverse.c \
src/libostree/ostree-repo-private.h \
src/libostree/ostree-repo-file.c \
src/libostree/ostree-repo-file-enumerator.c \
src/libostree/ostree-repo-file-enumerator.h \
src/libostree/ostree-sepolicy.c \
src/libostree/ostree-sysroot-private.h \
src/libostree/ostree-sysroot.c \
src/libostree/ostree-sysroot-cleanup.c \
src/libostree/ostree-sysroot-deploy.c \
src/libostree/ostree-sysroot-upgrader.c \
src/libostree/ostree-bootconfig-parser.c \
src/libostree/ostree-deployment.c \
src/libostree/ostree-bootloader.h \
src/libostree/ostree-bootloader.c \
src/libostree/ostree-bootloader-grub2.h \
src/libostree/ostree-bootloader-grub2.c \
src/libostree/ostree-bootloader-syslinux.h \
src/libostree/ostree-bootloader-syslinux.c \
src/libostree/ostree-bootloader-uboot.h \
src/libostree/ostree-bootloader-uboot.c \
src/libostree/ostree-repo-static-delta-core.c \
src/libostree/ostree-repo-static-delta-processing.c \
src/libostree/ostree-repo-static-delta-compilation.c \
src/libostree/ostree-repo-static-delta-compilation-analysis.c \
src/libostree/ostree-repo-static-delta-private.h \
$(NULL)
if USE_LIBARCHIVE
libostree_1_la_SOURCES += src/libostree/ostree-libarchive-input-stream.h \
src/libostree/ostree-libarchive-input-stream.c \
$(NULL)
endif
if HAVE_LIBSOUP_CLIENT_CERTS
libostree_1_la_SOURCES += \
src/libostree/ostree-tls-cert-interaction.c \
src/libostree/ostree-tls-cert-interaction.h \
$(NULL)
endif
if USE_GPGME
libostree_1_la_SOURCES += \
src/libostree/ostree-gpg-verifier.c \
src/libostree/ostree-gpg-verifier.h \
$(NULL)
endif
libostree_1_la_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/bsdiff -I$(srcdir)/libglnx -I$(srcdir)/src/libotutil -I$(srcdir)/src/libostree \
$(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_DEP_LZMA_CFLAGS) $(OT_DEP_ZLIB_CFLAGS)
libostree_1_la_LDFLAGS = -version-number 1:0:0 -Bsymbolic-functions -export-symbols-regex '^ostree_'
libostree_1_la_LIBADD = libotutil.la libbupsplit.la libglnx.la libbsdiff.la libostree-kernel-args.la $(OT_INTERNAL_GIO_UNIX_LIBS) $(OT_DEP_LZMA_LIBS) $(OT_DEP_ZLIB_LIBS)
if USE_LIBARCHIVE
libostree_1_la_CFLAGS += $(OT_DEP_LIBARCHIVE_CFLAGS)
libostree_1_la_LIBADD += $(OT_DEP_LIBARCHIVE_LIBS)
endif
if USE_LIBSOUP
libostree_1_la_SOURCES += \
src/libostree/ostree-fetcher.h \
src/libostree/ostree-fetcher.c \
src/libostree/ostree-metalink.h \
src/libostree/ostree-metalink.c \
src/libostree/ostree-repo-pull.c \
$(NULL)
libostree_1_la_CFLAGS += $(OT_INTERNAL_SOUP_CFLAGS)
libostree_1_la_LIBADD += $(OT_INTERNAL_SOUP_LIBS)
endif
if USE_SELINUX
libostree_1_la_CFLAGS += $(OT_DEP_SELINUX_CFLAGS)
libostree_1_la_LIBADD += $(OT_DEP_SELINUX_LIBS)
endif
if BUILDOPT_INTROSPECTION
OSTree-1.0.gir: libostree-1.la Makefile
OSTree_1_0_gir_EXPORT_PACKAGES = ostree-1
OSTree_1_0_gir_INCLUDES = Gio-2.0
OSTree_1_0_gir_CFLAGS = $(libostree_1_la_CFLAGS)
OSTree_1_0_gir_LIBS = libostree-1.la
OSTree_1_0_gir_SCANNERFLAGS = --warn-all --identifier-prefix=Ostree --symbol-prefix=ostree
OSTree_1_0_gir_FILES = $(libostreeinclude_HEADERS) $(filter-out %-private.h,$(libostree_1_la_SOURCES))
INTROSPECTION_GIRS += OSTree-1.0.gir
gir_DATA += OSTree-1.0.gir
typelib_DATA += OSTree-1.0.typelib
CLEANFILES += $(gir_DATA) $(typelib_DATA)
endif
pkgconfig_DATA += src/libostree/ostree-1.pc
if USE_GPGME
libostree_1_la_LIBADD += $(GPGME_LIBS)
gpgreadme_DATA = src/libostree/README-gpg
gpgreadmedir = $(pkgdatadir)/trusted.gpg.d
EXTRA_DIST += src/libostree/README-gpg src/libostree/bupsplit.h
endif
install-mkdir-remotes-d-hook:
mkdir -p $(DESTDIR)$(sysconfdir)/ostree/remotes.d
INSTALL_DATA_HOOKS += install-mkdir-remotes-d-hook