repo: Factor out setting up a GPG verifier
Moved out setting up a GPG verifier to a separate function, as I would like to use it for the any data verification function in the following commit. Closes: #310 Approved by: cgwalters
This commit is contained in:
Krzesimir Nowak
Atomic Bot
parent
582169f83e
commit
27f0c6980a
|
|
@ -35,6 +35,11 @@ G_BEGIN_DECLS
|
||||||
|
|
||||||
typedef struct OstreeGpgVerifier OstreeGpgVerifier;
|
typedef struct OstreeGpgVerifier OstreeGpgVerifier;
|
||||||
|
|
||||||
|
/* If this type becomes public in future, move this autoptr cleanup
|
||||||
|
* definition to the ostree-autocleanups.h header file. Right now it
|
||||||
|
* relies on glnx's fallback definition of the macro. */
|
||||||
|
G_DEFINE_AUTOPTR_CLEANUP_FUNC (OstreeGpgVerifier, g_object_unref)
|
||||||
|
|
||||||
GType _ostree_gpg_verifier_get_type (void);
|
GType _ostree_gpg_verifier_get_type (void);
|
||||||
|
|
||||||
OstreeGpgVerifier *_ostree_gpg_verifier_new (void);
|
OstreeGpgVerifier *_ostree_gpg_verifier_new (void);
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,7 @@
|
||||||
#include <glib-unix.h>
|
#include <glib-unix.h>
|
||||||
#include <gio/gunixinputstream.h>
|
#include <gio/gunixinputstream.h>
|
||||||
#include <gio/gfiledescriptorbased.h>
|
#include <gio/gfiledescriptorbased.h>
|
||||||
|
#include "libglnx.h"
|
||||||
#include "otutil.h"
|
#include "otutil.h"
|
||||||
#include <glnx-console.h>
|
#include <glnx-console.h>
|
||||||
|
|
||||||
|
|
@ -36,6 +37,7 @@
|
||||||
#include "ostree-gpg-verifier.h"
|
#include "ostree-gpg-verifier.h"
|
||||||
#include "ostree-repo-static-delta-private.h"
|
#include "ostree-repo-static-delta-private.h"
|
||||||
#include "ot-fs-utils.h"
|
#include "ot-fs-utils.h"
|
||||||
|
#include "ostree-autocleanups.h"
|
||||||
|
|
||||||
#ifdef HAVE_LIBSOUP
|
#ifdef HAVE_LIBSOUP
|
||||||
#include "ostree-metalink.h"
|
#include "ostree-metalink.h"
|
||||||
|
|
@ -4647,23 +4649,17 @@ find_keyring (OstreeRepo *self,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
OstreeGpgVerifyResult *
|
static OstreeGpgVerifyResult *
|
||||||
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
_ostree_repo_gpg_verify_data_internal (OstreeRepo *self,
|
||||||
GBytes *signed_data,
|
const gchar *remote_name,
|
||||||
GVariant *metadata,
|
GBytes *data,
|
||||||
const char *remote_name,
|
GBytes *signatures,
|
||||||
GFile *keyringdir,
|
GFile *keyringdir,
|
||||||
GFile *extra_keyring,
|
GFile *extra_keyring,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
OstreeGpgVerifyResult *result = NULL;
|
|
||||||
glnx_unref_object OstreeGpgVerifier *verifier = NULL;
|
glnx_unref_object OstreeGpgVerifier *verifier = NULL;
|
||||||
g_autoptr(GVariant) signaturedata = NULL;
|
|
||||||
GByteArray *buffer;
|
|
||||||
GVariantIter iter;
|
|
||||||
GVariant *child;
|
|
||||||
g_autoptr (GBytes) signatures = NULL;
|
|
||||||
gboolean add_global_keyring_dir = TRUE;
|
gboolean add_global_keyring_dir = TRUE;
|
||||||
|
|
||||||
verifier = _ostree_gpg_verifier_new ();
|
verifier = _ostree_gpg_verifier_new ();
|
||||||
|
|
@ -4674,7 +4670,7 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||||
|
|
||||||
if (!_ostree_gpg_verifier_add_keyring_dir (verifier, self->repodir,
|
if (!_ostree_gpg_verifier_add_keyring_dir (verifier, self->repodir,
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
goto out;
|
return NULL;
|
||||||
}
|
}
|
||||||
else if (remote_name != NULL)
|
else if (remote_name != NULL)
|
||||||
{
|
{
|
||||||
|
|
@ -4685,7 +4681,7 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||||
|
|
||||||
remote = ost_repo_get_remote_inherited (self, remote_name, error);
|
remote = ost_repo_get_remote_inherited (self, remote_name, error);
|
||||||
if (remote == NULL)
|
if (remote == NULL)
|
||||||
goto out;
|
return NULL;
|
||||||
|
|
||||||
file = find_keyring (self, remote, cancellable);
|
file = find_keyring (self, remote, cancellable);
|
||||||
|
|
||||||
|
|
@ -4702,20 +4698,43 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||||
{
|
{
|
||||||
/* Use the deprecated global keyring directory. */
|
/* Use the deprecated global keyring directory. */
|
||||||
if (!_ostree_gpg_verifier_add_global_keyring_dir (verifier, cancellable, error))
|
if (!_ostree_gpg_verifier_add_global_keyring_dir (verifier, cancellable, error))
|
||||||
goto out;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keyringdir)
|
if (keyringdir)
|
||||||
{
|
{
|
||||||
if (!_ostree_gpg_verifier_add_keyring_dir (verifier, keyringdir,
|
if (!_ostree_gpg_verifier_add_keyring_dir (verifier, keyringdir,
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
goto out;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (extra_keyring != NULL)
|
if (extra_keyring != NULL)
|
||||||
{
|
{
|
||||||
_ostree_gpg_verifier_add_keyring (verifier, extra_keyring);
|
_ostree_gpg_verifier_add_keyring (verifier, extra_keyring);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return _ostree_gpg_verifier_check_signature (verifier,
|
||||||
|
data,
|
||||||
|
signatures,
|
||||||
|
cancellable,
|
||||||
|
error);
|
||||||
|
}
|
||||||
|
|
||||||
|
OstreeGpgVerifyResult *
|
||||||
|
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||||
|
GBytes *signed_data,
|
||||||
|
GVariant *metadata,
|
||||||
|
const char *remote_name,
|
||||||
|
GFile *keyringdir,
|
||||||
|
GFile *extra_keyring,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
g_autoptr(GVariant) signaturedata = NULL;
|
||||||
|
GByteArray *buffer;
|
||||||
|
GVariantIter iter;
|
||||||
|
GVariant *child;
|
||||||
|
g_autoptr (GBytes) signatures = NULL;
|
||||||
|
|
||||||
if (metadata)
|
if (metadata)
|
||||||
signaturedata = g_variant_lookup_value (metadata,
|
signaturedata = g_variant_lookup_value (metadata,
|
||||||
_OSTREE_METADATA_GPGSIGS_NAME,
|
_OSTREE_METADATA_GPGSIGS_NAME,
|
||||||
|
|
@ -4724,7 +4743,7 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||||
{
|
{
|
||||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
|
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
|
||||||
"GPG verification enabled, but no signatures found (use gpg-verify=false in remote config to disable)");
|
"GPG verification enabled, but no signatures found (use gpg-verify=false in remote config to disable)");
|
||||||
goto out;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* OpenPGP data is organized into binary records called packets. RFC 4880
|
/* OpenPGP data is organized into binary records called packets. RFC 4880
|
||||||
|
|
@ -4746,12 +4765,14 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
|
||||||
}
|
}
|
||||||
signatures = g_byte_array_free_to_bytes (buffer);
|
signatures = g_byte_array_free_to_bytes (buffer);
|
||||||
|
|
||||||
result = _ostree_gpg_verifier_check_signature (verifier,
|
return _ostree_repo_gpg_verify_data_internal (self,
|
||||||
signed_data, signatures,
|
remote_name,
|
||||||
cancellable, error);
|
signed_data,
|
||||||
|
signatures,
|
||||||
out:
|
keyringdir,
|
||||||
return result;
|
extra_keyring,
|
||||||
|
cancellable,
|
||||||
|
error);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Needed an internal version for the remote_name parameter. */
|
/* Needed an internal version for the remote_name parameter. */
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue