packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

repo: Split generic GPG commit verification out into helper 

This will be used for a future commit which GPG verifies static
deltas.
This commit is contained in:
Colin Walters 2014-02-10 08:50:59 -05:00
parent 60c4d467aa
commit 3ffdef07a4
1 changed files with 78 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
src/libostree/ostree-repo.c
View File

@ -1697,43 +1697,22 @@ out:
#endif #endif
} }
/** static gboolean
* ostree_repo_verify_commit: _ostree_repo_gpg_verify_file_with_metadata (OstreeRepo *self,
* @self: Repository GFile *path,
* @commit_checksum: ASCII SHA256 checksum GVariant *metadata,
* @keyringdir: (allow-none): Path to directory GPG keyrings; overrides built-in default if given GFile *keyringdir,
* @extra_keyring: (allow-none): Path to additional keyring file (not a directory) GFile *extra_keyring,
* @cancellable: Cancellable GCancellable *cancellable,
* @error: Error GError **error)
*
* Check for a valid GPG signature on commit named by the ASCII
* checksum @commit_checksum.
*/
gboolean
ostree_repo_verify_commit (OstreeRepo *self,
const gchar *commit_checksum,
GFile *keyringdir,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error)
{ {
#ifdef HAVE_GPGME #ifdef HAVE_GPGME
gboolean ret = FALSE; gboolean ret = FALSE;
gs_unref_object OstreeGpgVerifier *verifier = NULL; gs_unref_object OstreeGpgVerifier *verifier = NULL;
gs_unref_variant GVariant *commit_variant = NULL;
gs_unref_object GFile *commit_tmp_path = NULL;
gs_unref_object GFile *keyringdir_ref = NULL;
gs_unref_variant GVariant *metadata = NULL;
gs_unref_variant GVariant *signaturedata = NULL; gs_unref_variant GVariant *signaturedata = NULL;
gs_free gchar *commit_filename = NULL;
gint i, n; gint i, n;
gboolean had_valid_signataure = FALSE; gboolean had_valid_signataure = FALSE;
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
commit_checksum, &commit_variant,
error))
goto out;
verifier = _ostree_gpg_verifier_new (cancellable, error); verifier = _ostree_gpg_verifier_new (cancellable, error);
if (!verifier) if (!verifier)
goto out; goto out;
@ -1751,16 +1730,6 @@ ostree_repo_verify_commit (OstreeRepo *self,
goto out; goto out;
} }
if (!ostree_repo_read_commit_detached_metadata (self,
commit_checksum,
&metadata,
cancellable,
error))
{
g_prefix_error (error, "Failed to read detached metadata: ");
goto out;
}
if (metadata) if (metadata)
signaturedata = g_variant_lookup_value (metadata, "ostree.gpgsigs", G_VARIANT_TYPE ("aay")); signaturedata = g_variant_lookup_value (metadata, "ostree.gpgsigs", G_VARIANT_TYPE ("aay"));
if (!signaturedata) if (!signaturedata)
@ -1770,18 +1739,6 @@ ostree_repo_verify_commit (OstreeRepo *self,
goto out; goto out;
} }
if (!gs_file_open_in_tmpdir (self->tmp_dir, 0644,
&commit_tmp_path, NULL,
cancellable, error))
goto out;
if (!g_file_replace_contents (commit_tmp_path,
(char*)g_variant_get_data (commit_variant),
g_variant_get_size (commit_variant),
NULL, FALSE, 0, NULL,
cancellable, error))
goto out;
n = g_variant_n_children (signaturedata); n = g_variant_n_children (signaturedata);
for (i = 0; i < n; i++) for (i = 0; i < n; i++)
{ {
@ -1801,7 +1758,7 @@ ostree_repo_verify_commit (OstreeRepo *self,
goto out; goto out;
if (!_ostree_gpg_verifier_check_signature (verifier, if (!_ostree_gpg_verifier_check_signature (verifier,
commit_tmp_path, path,
temp_sig_path, temp_sig_path,
&had_valid_signataure, &had_valid_signataure,
cancellable, error)) cancellable, error))
@ -1822,9 +1779,7 @@ ostree_repo_verify_commit (OstreeRepo *self,
} }
ret = TRUE; ret = TRUE;
out: out:
if (commit_tmp_path)
(void) gs_file_unlink (commit_tmp_path, NULL, NULL);
return ret; return ret;
#else #else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
@ -1832,3 +1787,70 @@ out:
return FALSE; return FALSE;
#endif #endif
} }
/**
* ostree_repo_verify_commit:
* @self: Repository
* @commit_checksum: ASCII SHA256 checksum
* @keyringdir: (allow-none): Path to directory GPG keyrings; overrides built-in default if given
* @extra_keyring: (allow-none): Path to additional keyring file (not a directory)
* @cancellable: Cancellable
* @error: Error
*
* Check for a valid GPG signature on commit named by the ASCII
* checksum @commit_checksum.
*/
gboolean
ostree_repo_verify_commit (OstreeRepo *self,
const gchar *commit_checksum,
GFile *keyringdir,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
gs_unref_variant GVariant *commit_variant = NULL;
gs_unref_object GFile *commit_tmp_path = NULL;
gs_unref_object GFile *keyringdir_ref = NULL;
gs_unref_variant GVariant *metadata = NULL;
gs_free gchar *commit_filename = NULL;
/* Create a temporary file for the commit */
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
commit_checksum, &commit_variant,
error))
goto out;
if (!gs_file_open_in_tmpdir (self->tmp_dir, 0644,
&commit_tmp_path, NULL,
cancellable, error))
goto out;
if (!g_file_replace_contents (commit_tmp_path,
(char*)g_variant_get_data (commit_variant),
g_variant_get_size (commit_variant),
NULL, FALSE, 0, NULL,
cancellable, error))
goto out;
/* Load the metadata */
if (!ostree_repo_read_commit_detached_metadata (self,
commit_checksum,
&metadata,
cancellable,
error))
{
g_prefix_error (error, "Failed to read detached metadata: ");
goto out;
}
if (!_ostree_repo_gpg_verify_file_with_metadata (self,
commit_tmp_path, metadata,
keyringdir, extra_keyring,
cancellable, error))
goto out;
ret = TRUE;
out:
if (commit_tmp_path)
(void) gs_file_unlink (commit_tmp_path, NULL, NULL);
return ret;
}