diff --git a/Makefile-libostree.am b/Makefile-libostree.am
index 39106d77..f224d68a 100644
--- a/Makefile-libostree.am
+++ b/Makefile-libostree.am
@@ -96,6 +96,9 @@ libostree_1_la_SOURCES = \
src/libostree/ostree-repo-static-delta-private.h \
src/libostree/ostree-gpg-verifier.c \
src/libostree/ostree-gpg-verifier.h \
+ src/libostree/ostree-gpg-verify-result.c \
+ src/libostree/ostree-gpg-verify-result.h \
+ src/libostree/ostree-gpg-verify-result-private.h \
$(NULL)
if USE_LIBARCHIVE
libostree_1_la_SOURCES += src/libostree/ostree-libarchive-input-stream.h \
diff --git a/Makefile-tests.am b/Makefile-tests.am
index 82332501..675547d2 100644
--- a/Makefile-tests.am
+++ b/Makefile-tests.am
@@ -107,9 +107,13 @@ endif
noinst_PROGRAMS += tests/test-rollsum
TESTS = tests/test-varint tests/test-ot-unix-utils tests/test-bsdiff tests/test-mutable-tree \
- tests/test-keyfile-utils tests/test-ot-opt-utils tests/test-ot-tool-util
+ tests/test-keyfile-utils tests/test-ot-opt-utils tests/test-ot-tool-util \
+ tests/test-gpg-verify-result
check_PROGRAMS = $(TESTS)
+TESTS_ENVIRONMENT = \
+ G_TEST_SRCDIR=$(abs_srcdir)/tests \
+ G_TEST_BUILDDIR=$(abs_builddir)/tests
TESTS_CFLAGS = $(ostree_bin_shared_cflags) $(OT_INTERNAL_GIO_UNIX_CFLAGS)
TESTS_LDADD = $(ostree_bin_shared_ldadd) $(OT_INTERNAL_GIO_UNIX_LIBS)
@@ -138,3 +142,18 @@ tests_test_ot_opt_utils_LDADD = $(TESTS_LDADD)
tests_test_ot_tool_util_CFLAGS = $(TESTS_CFLAGS)
tests_test_ot_tool_util_LDADD = $(TESTS_LDADD)
+
+tests_test_gpg_verify_result_SOURCES = \
+ src/libostree/ostree-gpg-verify-result-private.h \
+ tests/test-gpg-verify-result.c
+tests_test_gpg_verify_result_CFLAGS = $(TESTS_CFLAGS)
+tests_test_gpg_verify_result_LDADD = $(TESTS_LDADD)
+
+EXTRA_DIST += \
+ tests/gpg-verify-data/README.md \
+ tests/gpg-verify-data/lgpl2 \
+ tests/gpg-verify-data/lgpl2.sig \
+ tests/gpg-verify-data/pubring.gpg \
+ tests/gpg-verify-data/secring.gpg \
+ tests/gpg-verify-data/trustdb.gpg \
+ tests/gpg-verify-data/gpg.conf
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 453551c6..9406f3ef 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -75,6 +75,7 @@ IGNORE_HFILES= \
ostree-core-private.h \
ostree-fetcher.h \
ostree-gpg-verifier.h \
+ ostree-gpg-verify-result-private.h \
ostree-kernel-args.h \
ostree-libarchive-input-stream.h \
ostree-lzma-compressor.h \
diff --git a/doc/ostree-docs.xml b/doc/ostree-docs.xml
index aba94727..d2e9f7b8 100644
--- a/doc/ostree-docs.xml
+++ b/doc/ostree-docs.xml
@@ -26,6 +26,7 @@
+
diff --git a/doc/ostree-sections.txt b/doc/ostree-sections.txt
index 61b3f01c..41cc4415 100644
--- a/doc/ostree-sections.txt
+++ b/doc/ostree-sections.txt
@@ -165,6 +165,22 @@ ostree_diff_print
ostree_diff_item_get_type
+
+libostree-gpg-verify-result
+OstreeGpgVerifyResult
+OstreeGpgSignatureAttr
+ostree_gpg_verify_result_count_all
+ostree_gpg_verify_result_count_valid
+ostree_gpg_verify_result_lookup
+ostree_gpg_verify_result_get
+ostree_gpg_verify_result_get_all
+
+OSTREE_GPG_VERIFY_RESULT
+OSTREE_IS_GPG_VERIFY_RESULT
+OSTREE_TYPE_GPG_VERIFY_RESULT
+ostree_gpg_verify_result_get_type
+
+
libostree-mutable-tree
OstreeMutableTree
diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c
index 5f4189fc..3c6c9152 100644
--- a/src/libostree/ostree-gpg-verifier.c
+++ b/src/libostree/ostree-gpg-verifier.c
@@ -24,6 +24,7 @@
#include "config.h"
#include "ostree-gpg-verifier.h"
+#include "ostree-gpg-verify-result-private.h"
#include "otutil.h"
#include
@@ -160,40 +161,6 @@ out:
return ret;
}
-static void
-gpg_error_to_gio_error (gpgme_error_t gpg_error,
- GError **error)
-{
- GIOErrorEnum errcode;
-
- /* XXX This list is incomplete. Add cases as needed. */
-
- switch (gpg_error)
- {
- /* special case - shouldn't be here */
- case GPG_ERR_NO_ERROR:
- g_return_if_reached ();
-
- /* special case - abort on out-of-memory */
- case GPG_ERR_ENOMEM:
- g_error ("%s: %s",
- gpgme_strsource (gpg_error),
- gpgme_strerror (gpg_error));
-
- case GPG_ERR_INV_VALUE:
- errcode = G_IO_ERROR_INVALID_ARGUMENT;
- break;
-
- default:
- errcode = G_IO_ERROR_FAILED;
- break;
- }
-
- g_set_error (error, G_IO_ERROR, errcode, "%s: %s",
- gpgme_strsource (gpg_error),
- gpgme_strerror (gpg_error));
-}
-
static gboolean
override_gpgme_home_dir (gpgme_ctx_t gpg_ctx,
const char *home_dir,
@@ -220,7 +187,7 @@ override_gpgme_home_dir (gpgme_ctx_t gpg_ctx,
home_dir);
if (gpg_error != GPG_ERR_NO_ERROR)
{
- gpg_error_to_gio_error (gpg_error, error);
+ _ostree_gpg_error_to_gio_error (gpg_error, error);
goto out;
}
@@ -241,11 +208,23 @@ out:
return ret;
}
-gboolean
+static void
+verify_result_finalized_cb (gpointer data,
+ GObject *finalized_verify_result)
+{
+ g_autofree gchar *temp_dir = data; /* assume ownership */
+
+ /* XXX OstreeGpgVerifyResult could do this cleanup in its own
+ * finalize() method, but I didn't want this keyring hack
+ * bleeding into multiple classes. */
+
+ (void) glnx_shutil_rm_rf_at (AT_FDCWD, temp_dir, NULL, NULL);
+}
+
+OstreeGpgVerifyResult *
_ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
GBytes *signed_data,
GBytes *signatures,
- gboolean *out_had_valid_sig,
GCancellable *cancellable,
GError **error)
{
@@ -253,13 +232,11 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
gpgme_error_t gpg_error = NULL;
gpgme_data_t data_buffer = NULL;
gpgme_data_t signature_buffer = NULL;
- gpgme_verify_result_t verify_result;
- gpgme_signature_t signature_iter;
gs_unref_object GFile *pubring_file = NULL;
gs_free char *pubring_path = NULL;
gs_free char *temp_dir = NULL;
- gboolean had_valid_sig = FALSE;
- gboolean ret = FALSE;
+ OstreeGpgVerifyResult *result = NULL;
+ gboolean success = FALSE;
/* GPGME has no API for using multiple keyrings (aka, gpg --keyring),
* so we concatenate all the keyring files into one pubring.gpg in a
@@ -283,15 +260,12 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
if (!concatenate_keyrings (self, pubring_file, cancellable, error))
goto out;
- gpg_error = gpgme_new (&gpg_ctx);
- if (gpg_error != GPG_ERR_NO_ERROR)
- {
- gpg_error_to_gio_error (gpg_error, error);
- g_prefix_error (error, "Unable to create context: ");
- goto out;
- }
+ result = g_initable_new (OSTREE_TYPE_GPG_VERIFY_RESULT,
+ cancellable, error, NULL);
+ if (result == NULL)
+ goto out;
- if (!override_gpgme_home_dir (gpg_ctx, temp_dir, error))
+ if (!override_gpgme_home_dir (result->context, temp_dir, error))
goto out;
/* Both the signed data and signature GBytes instances will outlive the
@@ -304,7 +278,7 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
0 /* do not copy */);
if (gpg_error != GPG_ERR_NO_ERROR)
{
- gpg_error_to_gio_error (gpg_error, error);
+ _ostree_gpg_error_to_gio_error (gpg_error, error);
g_prefix_error (error, "Unable to read signed data: ");
goto out;
}
@@ -315,60 +289,28 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
0 /* do not copy */);
if (gpg_error != GPG_ERR_NO_ERROR)
{
- gpg_error_to_gio_error (gpg_error, error);
+ _ostree_gpg_error_to_gio_error (gpg_error, error);
g_prefix_error (error, "Unable to read signature: ");
goto out;
}
- gpg_error = gpgme_op_verify (gpg_ctx, signature_buffer, data_buffer, NULL);
+ gpg_error = gpgme_op_verify (result->context, signature_buffer, data_buffer, NULL);
if (gpg_error != GPG_ERR_NO_ERROR)
{
- gpg_error_to_gio_error (gpg_error, error);
+ _ostree_gpg_error_to_gio_error (gpg_error, error);
g_prefix_error (error, "Unable to complete signature verification: ");
goto out;
}
/* Result data is owned by the context. */
- verify_result = gpgme_op_verify_result (gpg_ctx);
+ result->details = gpgme_op_verify_result (result->context);
- /* XXX Needs improvement. We're throwing away a bunch of result data
- * here that could be used for more advanced signature operations.
- * Don't want to expose GPGME types in libostree but maybe we can
- * wrapper it in GLib types. */
+ gpgme_result_ref (result->details);
- for (signature_iter = verify_result->signatures;
- signature_iter != NULL;
- signature_iter = signature_iter->next)
- {
- /* Mimic the way librepo tests for a valid signature, checking both
- * summary and status fields.
- *
- * - VALID summary flag means the signature is fully valid.
- * - GREEN summary flag means the signature is valid with caveats.
- * - No summary but also no error means the signature is valid but
- * the signing key is not certified with a trusted signature.
- */
- if ((signature_iter->summary & GPGME_SIGSUM_VALID) ||
- (signature_iter->summary & GPGME_SIGSUM_GREEN) ||
- (signature_iter->summary == 0 &&
- signature_iter->status == GPG_ERR_NO_ERROR))
- {
- had_valid_sig = TRUE;
- break;
- }
- }
-
- if (out_had_valid_sig != NULL)
- *out_had_valid_sig = had_valid_sig;
-
- ret = TRUE;
+ success = TRUE;
out:
- /* Try to clean up the temporary directory. */
- if (temp_dir != NULL)
- (void) glnx_shutil_rm_rf_at (-1, temp_dir, NULL, NULL);
-
if (gpg_ctx != NULL)
gpgme_release (gpg_ctx);
if (data_buffer != NULL)
@@ -376,9 +318,29 @@ out:
if (signature_buffer != NULL)
gpgme_data_release (signature_buffer);
+ if (success)
+ {
+ /* Keep the temporary directory around for the life of the result
+ * object so its GPGME context remains valid. It may yet have to
+ * extract user details from signing keys and will need to access
+ * the fabricated pubring.gpg keyring. */
+ g_object_weak_ref (G_OBJECT (result),
+ verify_result_finalized_cb,
+ g_strdup (temp_dir));
+ }
+ else
+ {
+ /* Destroy the result object on error. */
+ g_clear_object (&result);
+
+ /* Try to clean up the temporary directory. */
+ if (temp_dir != NULL)
+ (void) glnx_shutil_rm_rf_at (AT_FDCWD, temp_dir, NULL, NULL);
+ }
+
g_prefix_error (error, "GPG: ");
- return ret;
+ return result;
}
gboolean
diff --git a/src/libostree/ostree-gpg-verifier.h b/src/libostree/ostree-gpg-verifier.h
index 10b84eeb..b505d85a 100644
--- a/src/libostree/ostree-gpg-verifier.h
+++ b/src/libostree/ostree-gpg-verifier.h
@@ -23,8 +23,7 @@
//#pragma once
-#include
-#include
+#include "ostree-gpg-verify-result.h"
G_BEGIN_DECLS
@@ -41,12 +40,11 @@ GType _ostree_gpg_verifier_get_type (void);
OstreeGpgVerifier *_ostree_gpg_verifier_new (GCancellable *cancellable,
GError **error);
-gboolean _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
- GBytes *signed_data,
- GBytes *signatures,
- gboolean *had_valid_signature,
- GCancellable *cancellable,
- GError **error);
+OstreeGpgVerifyResult *_ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
+ GBytes *signed_data,
+ GBytes *signatures,
+ GCancellable *cancellable,
+ GError **error);
gboolean _ostree_gpg_verifier_add_keyring_dir (OstreeGpgVerifier *self,
GFile *path,
diff --git a/src/libostree/ostree-gpg-verify-result-private.h b/src/libostree/ostree-gpg-verify-result-private.h
new file mode 100644
index 00000000..a91bd534
--- /dev/null
+++ b/src/libostree/ostree-gpg-verify-result-private.h
@@ -0,0 +1,42 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
+ *
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#pragma once
+
+#include "ostree-gpg-verify-result.h"
+
+#include
+
+/**
+ * OstreeGpgVerifyResult:
+ *
+ * Private instance structure.
+ */
+struct OstreeGpgVerifyResult {
+ GObject parent;
+
+ gpgme_ctx_t context;
+ gpgme_verify_result_t details;
+};
+
+/* XXX Split these into a separate "GPGME utilities" file? */
+
+void _ostree_gpg_error_to_gio_error (gpgme_error_t gpg_error, GError **error);
+
diff --git a/src/libostree/ostree-gpg-verify-result.c b/src/libostree/ostree-gpg-verify-result.c
new file mode 100644
index 00000000..301ff912
--- /dev/null
+++ b/src/libostree/ostree-gpg-verify-result.c
@@ -0,0 +1,483 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
+ *
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "libgsystem.h"
+
+#include "ostree-gpg-verify-result-private.h"
+
+#include
+
+/**
+ * SECTION: libostree-gpg-verify-result
+ * @title: GPG signature verification results
+ * @short_description: Inspect detached GPG signatures
+ *
+ * #OstreeGpgVerifyResult contains verification details for GPG signatures
+ * read from a detached #OstreeRepo metadata object.
+ *
+ * Use ostree_gpg_verify_result_count_all() and
+ * ostree_gpg_verify_result_count_valid() to quickly check overall signature
+ * validity.
+ *
+ * Use ostree_gpg_verify_result_lookup() to find a signature by the key ID
+ * or fingerprint of the signing key.
+ *
+ * For more in-depth inspection, such as presenting signature details to the
+ * user, pass an array of attribute values to ostree_gpg_verify_result_get()
+ * or get all signature details with ostree_gpg_verify_result_get_all().
+ */
+
+typedef struct {
+ GObjectClass parent_class;
+} OstreeGpgVerifyResultClass;
+
+/* This must stay synchronized with the enum declaration. */
+static OstreeGpgSignatureAttr all_signature_attrs[] = {
+ OSTREE_GPG_SIGNATURE_ATTR_VALID,
+ OSTREE_GPG_SIGNATURE_ATTR_SIG_EXPIRED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_EXPIRED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_REVOKED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING,
+ OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT,
+ OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP,
+ OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP,
+ OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME,
+ OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME,
+ OSTREE_GPG_SIGNATURE_ATTR_USER_NAME,
+ OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL
+};
+
+static void ostree_gpg_verify_result_initable_iface_init (GInitableIface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (OstreeGpgVerifyResult,
+ ostree_gpg_verify_result,
+ G_TYPE_OBJECT,
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ ostree_gpg_verify_result_initable_iface_init))
+
+static gboolean
+signature_is_valid (gpgme_signature_t signature)
+{
+ /* Mimic the way librepo tests for a valid signature, checking both
+ * summary and status fields.
+ *
+ * - VALID summary flag means the signature is fully valid.
+ * - GREEN summary flag means the signature is valid with caveats.
+ * - No summary but also no error means the signature is valid but
+ * the signing key is not certified with a trusted signature.
+ */
+ return (signature->summary & GPGME_SIGSUM_VALID) ||
+ (signature->summary & GPGME_SIGSUM_GREEN) ||
+ (signature->summary == 0 && signature->status == GPG_ERR_NO_ERROR);
+}
+
+static gboolean
+signing_key_is_revoked (gpgme_signature_t signature)
+{
+ /* In my testing, GPGME does not set the GPGME_SIGSUM_KEY_REVOKED summary
+ * bit on a revoked signing key but rather GPGME_SIGSUM_SYS_ERROR and the
+ * status field shows GPG_ERR_CERT_REVOKED. Turns out GPGME is expecting
+ * GPG_ERR_CERT_REVOKED in the validity_reason field which would then set
+ * the summary bit. Unsure if this is a bug, but best check for both. */
+
+ return (signature->summary & GPGME_SIGSUM_KEY_REVOKED) ||
+ ((signature->summary & GPGME_SIGSUM_SYS_ERROR) &&
+ gpgme_err_code (signature->status) == GPG_ERR_CERT_REVOKED);
+}
+
+static void
+ostree_gpg_verify_result_finalize (GObject *object)
+{
+ OstreeGpgVerifyResult *result = OSTREE_GPG_VERIFY_RESULT (object);
+
+ if (result->context != NULL)
+ gpgme_release (result->context);
+
+ if (result->details != NULL)
+ gpgme_result_unref (result->details);
+
+ G_OBJECT_CLASS (ostree_gpg_verify_result_parent_class)->finalize (object);
+}
+
+static gboolean
+ostree_gpg_verify_result_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ OstreeGpgVerifyResult *result = OSTREE_GPG_VERIFY_RESULT (initable);
+ gpgme_error_t gpg_error;
+ gboolean ret = FALSE;
+
+ gpg_error = gpgme_new (&result->context);
+ if (gpg_error != GPG_ERR_NO_ERROR)
+ {
+ _ostree_gpg_error_to_gio_error (gpg_error, error);
+ g_prefix_error (error, "Unable to create context: ");
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
+static void
+ostree_gpg_verify_result_class_init (OstreeGpgVerifyResultClass *class)
+{
+ GObjectClass *object_class;
+
+ object_class = G_OBJECT_CLASS (class);
+ object_class->finalize = ostree_gpg_verify_result_finalize;
+}
+
+static void
+ostree_gpg_verify_result_init (OstreeGpgVerifyResult *result)
+{
+}
+
+static void
+ostree_gpg_verify_result_initable_iface_init (GInitableIface *iface)
+{
+ iface->init = ostree_gpg_verify_result_initable_init;
+}
+
+/**
+ * ostree_gpg_verify_result_count_all:
+ * @result: an #OstreeGpgVerifyResult
+ *
+ * Counts all the signatures in @result.
+ *
+ * Returns: signature count
+ */
+guint
+ostree_gpg_verify_result_count_all (OstreeGpgVerifyResult *result)
+{
+ gpgme_signature_t signature;
+ guint count = 0;
+
+ g_return_val_if_fail (OSTREE_IS_GPG_VERIFY_RESULT (result), 0);
+
+ for (signature = result->details->signatures;
+ signature != NULL;
+ signature = signature->next)
+ {
+ count++;
+ }
+
+ return count;
+}
+
+/**
+ * ostree_gpg_verify_result_count_valid:
+ * @result: an #OstreeGpgVerifyResult
+ *
+ * Counts only the valid signatures in @result.
+ *
+ * Returns: valid signature count
+ */
+guint
+ostree_gpg_verify_result_count_valid (OstreeGpgVerifyResult *result)
+{
+ gpgme_signature_t signature;
+ guint count = 0;
+
+ g_return_val_if_fail (OSTREE_IS_GPG_VERIFY_RESULT (result), 0);
+
+ for (signature = result->details->signatures;
+ signature != NULL;
+ signature = signature->next)
+ {
+ if (signature_is_valid (signature))
+ count++;
+ }
+
+ return count;
+}
+
+/**
+ * ostree_gpg_verify_result_lookup:
+ * @result: an #OstreeGpgVerifyResult
+ * @key_id: a GPG key ID or fingerprint
+ * @out_signature_index: (out): return location for the index of the signature
+ * signed by @key_id, or %NULL
+ *
+ * Searches @result for a signature signed by @key_id. If a match is found,
+ * the function returns %TRUE and sets @out_signature_index so that further
+ * signature details can be obtained through ostree_gpg_verify_result_get().
+ * If no match is found, the function returns %FALSE and leaves
+ * @out_signature_index unchanged.
+ *
+ * Returns: %TRUE on success, %FALSE on failure
+ **/
+gboolean
+ostree_gpg_verify_result_lookup (OstreeGpgVerifyResult *result,
+ const gchar *key_id,
+ guint *out_signature_index)
+{
+ gs_free char *key_id_upper = NULL;
+ gpgme_signature_t signature;
+ guint signature_index;
+ gboolean ret = FALSE;
+
+ g_return_val_if_fail (OSTREE_IS_GPG_VERIFY_RESULT (result), NULL);
+ g_return_val_if_fail (key_id != NULL, NULL);
+
+ /* signature->fpr is always upper-case. */
+ key_id_upper = g_ascii_strup (key_id, -1);
+
+ for (signature = result->details->signatures, signature_index = 0;
+ signature != NULL;
+ signature = signature->next, signature_index++)
+ {
+ if (signature->fpr == NULL)
+ continue;
+
+ if (g_str_has_suffix (signature->fpr, key_id_upper))
+ {
+ if (out_signature_index != NULL)
+ *out_signature_index = signature_index;
+ ret = TRUE;
+ break;
+ }
+ }
+
+ return ret;
+}
+
+/**
+ * ostree_gpg_verify_result_get:
+ * @result: an #OstreeGpgVerifyResult
+ * @signature_index: which signature to get attributes from
+ * @attrs: (array length=n_attrs): Array of requested attributes
+ * @n_attrs: Length of the @attrs array
+ *
+ * Builds a #GVariant tuple of requested attributes for the GPG signature at
+ * @signature_index in @result. See the #OstreeGpgSignatureAttr description
+ * for the #GVariantType of each available attribute.
+ *
+ * It is a programmer error to request an invalid #OstreeGpgSignatureAttr or
+ * an invalid @signature_index. Use ostree_gpg_verify_result_count_all() to
+ * find the number of signatures in @result.
+ *
+ * Returns: a new, floating, #GVariant tuple
+ **/
+GVariant *
+ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
+ guint signature_index,
+ OstreeGpgSignatureAttr *attrs,
+ guint n_attrs)
+{
+ GVariantBuilder builder;
+ gpgme_key_t key = NULL;
+ gpgme_signature_t signature;
+ guint ii;
+
+ g_return_val_if_fail (OSTREE_IS_GPG_VERIFY_RESULT (result), NULL);
+ g_return_val_if_fail (attrs != NULL, NULL);
+ g_return_val_if_fail (n_attrs > 0, NULL);
+
+ signature = result->details->signatures;
+ while (signature != NULL && signature_index > 0)
+ {
+ signature = signature->next;
+ signature_index--;
+ }
+
+ g_return_val_if_fail (signature != NULL, NULL);
+
+ /* Lookup the signing key if we need it. Note, failure to find
+ * the key is not a fatal error. There's an attribute for that
+ * (OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING). */
+ for (ii = 0; ii < n_attrs; ii++)
+ {
+ if (attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_NAME ||
+ attrs[ii] == OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL)
+ {
+ (void) gpgme_get_key (result->context, signature->fpr, &key, 0);
+ break;
+ }
+ }
+
+ g_variant_builder_init (&builder, G_VARIANT_TYPE_TUPLE);
+
+ for (ii = 0; ii < n_attrs; ii++)
+ {
+ GVariant *child;
+ gboolean v_boolean;
+ const char *v_string = NULL;
+
+ switch (attrs[ii])
+ {
+ case OSTREE_GPG_SIGNATURE_ATTR_VALID:
+ v_boolean = signature_is_valid (signature);
+ child = g_variant_new_boolean (v_boolean);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_SIG_EXPIRED:
+ v_boolean = ((signature->summary & GPGME_SIGSUM_SIG_EXPIRED) != 0);
+ child = g_variant_new_boolean (v_boolean);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_KEY_EXPIRED:
+ v_boolean = ((signature->summary & GPGME_SIGSUM_KEY_EXPIRED) != 0);
+ child = g_variant_new_boolean (v_boolean);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_KEY_REVOKED:
+ v_boolean = signing_key_is_revoked (signature);
+ child = g_variant_new_boolean (v_boolean);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING:
+ v_boolean = ((signature->summary & GPGME_SIGSUM_KEY_MISSING) != 0);
+ child = g_variant_new_boolean (v_boolean);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT:
+ child = g_variant_new_string (signature->fpr);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP:
+ child = g_variant_new_int64 ((gint64) signature->timestamp);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP:
+ child = g_variant_new_int64 ((gint64) signature->exp_timestamp);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME:
+ v_string = gpgme_pubkey_algo_name (signature->pubkey_algo);
+ child = g_variant_new_string (v_string);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME:
+ v_string = gpgme_hash_algo_name (signature->hash_algo);
+ child = g_variant_new_string (v_string);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_USER_NAME:
+ if (key != NULL && key->uids != NULL)
+ v_string = key->uids->name;
+ if (v_string == NULL)
+ v_string = "[unknown name]";
+ child = g_variant_new_string (v_string);
+ break;
+
+ case OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL:
+ if (key != NULL && key->uids != NULL)
+ v_string = key->uids->email;
+ if (v_string == NULL)
+ v_string = "[unknown email]";
+ child = g_variant_new_string (v_string);
+ break;
+
+ default:
+ g_critical ("Invalid signature attribute (%d)", attrs[ii]);
+ g_variant_builder_clear (&builder);
+ return NULL;
+ }
+
+ g_variant_builder_add_value (&builder, child);
+ }
+
+ if (key != NULL)
+ gpgme_key_unref (key);
+
+ return g_variant_builder_end (&builder);
+}
+
+/**
+ * ostree_gpg_verify_result_get_all:
+ * @result: an #OstreeGpgVerifyResult
+ * @signature_index: which signature to get attributes from
+ *
+ * Builds a #GVariant tuple of all available attributes for the GPG signature
+ * at @signature_index in @result.
+ *
+ * The child values in the returned #GVariant tuple are ordered to match the
+ * #OstreeGpgSignatureAttr enumeration, which means the enum values can be
+ * used as index values in functions like g_variant_get_child(). See the
+ * #OstreeGpgSignatureAttr description for the #GVariantType of each
+ * available attribute.
+ *
+ *
+ *
+ * The #OstreeGpgSignatureAttr enumeration may be extended in the future
+ * with new attributes, which would affect the #GVariant tuple returned by
+ * this function. While the position and type of current child values in
+ * the #GVariant tuple will not change, to avoid backward-compatibility
+ * issues please do not depend on the tuple's overall size or
+ * type signature.
+ *
+ *
+ *
+ * It is a programmer error to request an invalid @signature_index. Use
+ * ostree_gpg_verify_result_count_all() to find the number of signatures in
+ * @result.
+ *
+ * Returns: a new, floating, #GVariant tuple
+ **/
+GVariant *
+ostree_gpg_verify_result_get_all (OstreeGpgVerifyResult *result,
+ guint signature_index)
+{
+ g_return_val_if_fail (OSTREE_IS_GPG_VERIFY_RESULT (result), NULL);
+
+ return ostree_gpg_verify_result_get (result, signature_index,
+ all_signature_attrs,
+ G_N_ELEMENTS (all_signature_attrs));
+}
+
+void
+_ostree_gpg_error_to_gio_error (gpgme_error_t gpg_error,
+ GError **error)
+{
+ GIOErrorEnum errcode;
+
+ /* XXX This list is incomplete. Add cases as needed. */
+
+ switch (gpg_error)
+ {
+ /* special case - shouldn't be here */
+ case GPG_ERR_NO_ERROR:
+ g_return_if_reached ();
+
+ /* special case - abort on out-of-memory */
+ case GPG_ERR_ENOMEM:
+ g_error ("%s: %s",
+ gpgme_strsource (gpg_error),
+ gpgme_strerror (gpg_error));
+
+ case GPG_ERR_INV_VALUE:
+ errcode = G_IO_ERROR_INVALID_ARGUMENT;
+ break;
+
+ default:
+ errcode = G_IO_ERROR_FAILED;
+ break;
+ }
+
+ g_set_error (error, G_IO_ERROR, errcode, "%s: %s",
+ gpgme_strsource (gpg_error),
+ gpgme_strerror (gpg_error));
+}
diff --git a/src/libostree/ostree-gpg-verify-result.h b/src/libostree/ostree-gpg-verify-result.h
new file mode 100644
index 00000000..eacd357e
--- /dev/null
+++ b/src/libostree/ostree-gpg-verify-result.h
@@ -0,0 +1,103 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
+ *
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#pragma once
+
+#include
+
+G_BEGIN_DECLS
+
+#define OSTREE_TYPE_GPG_VERIFY_RESULT \
+ (ostree_gpg_verify_result_get_type ())
+#define OSTREE_GPG_VERIFY_RESULT(obj) \
+ (G_TYPE_CHECK_INSTANCE_CAST ((obj), OSTREE_TYPE_GPG_VERIFY_RESULT, OstreeGpgVerifyResult))
+#define OSTREE_IS_GPG_VERIFY_RESULT(obj) \
+ (G_TYPE_CHECK_INSTANCE_TYPE ((obj), OSTREE_TYPE_GPG_VERIFY_RESULT))
+
+typedef struct OstreeGpgVerifyResult OstreeGpgVerifyResult;
+
+/**
+ * OstreeGpgSignatureAttr:
+ * @OSTREE_GPG_SIGNATURE_ATTR_VALID:
+ * [#G_VARIANT_TYPE_BOOLEAN] Is the signature valid?
+ * @OSTREE_GPG_SIGNATURE_ATTR_SIG_EXPIRED:
+ * [#G_VARIANT_TYPE_BOOLEAN] Has the signature expired?
+ * @OSTREE_GPG_SIGNATURE_ATTR_KEY_EXPIRED:
+ * [#G_VARIANT_TYPE_BOOLEAN] Has the signing key expired?
+ * @OSTREE_GPG_SIGNATURE_ATTR_KEY_REVOKED:
+ * [#G_VARIANT_TYPE_BOOLEAN] Has the signing key been revoked?
+ * @OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING:
+ * [#G_VARIANT_TYPE_BOOLEAN] Is the signing key missing?
+ * @OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT:
+ * [#G_VARIANT_TYPE_STRING] Fingerprint of the signing key
+ * @OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP:
+ * [#G_VARIANT_TYPE_INT64] Signature creation Unix timestamp
+ * @OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP:
+ * [#G_VARIANT_TYPE_INT64] Signature expiration Unix timestamp (0 if no
+ * expiration)
+ * @OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME:
+ * [#G_VARIANT_TYPE_STRING] Name of the public key algorithm used to create
+ * the signature
+ * @OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME:
+ * [#G_VARIANT_TYPE_STRING] Name of the hash algorithm used to create the
+ * signature
+ * @OSTREE_GPG_SIGNATURE_ATTR_USER_NAME:
+ * [#G_VARIANT_TYPE_STRING] The name of the signing key's primary user
+ * @OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL:
+ * [#G_VARIANT_TYPE_STRING] The email address of the signing key's primary
+ * user
+ *
+ * Signature attributes available from an #OstreeGpgVerifyResult.
+ * The attribute's #GVariantType is shown in brackets.
+ **/
+typedef enum {
+ OSTREE_GPG_SIGNATURE_ATTR_VALID,
+ OSTREE_GPG_SIGNATURE_ATTR_SIG_EXPIRED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_EXPIRED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_REVOKED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING,
+ OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT,
+ OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP,
+ OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP,
+ OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME,
+ OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME,
+ OSTREE_GPG_SIGNATURE_ATTR_USER_NAME,
+ OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL
+} OstreeGpgSignatureAttr;
+
+GType ostree_gpg_verify_result_get_type (void);
+
+guint ostree_gpg_verify_result_count_all (OstreeGpgVerifyResult *result);
+
+guint ostree_gpg_verify_result_count_valid (OstreeGpgVerifyResult *result);
+
+gboolean ostree_gpg_verify_result_lookup (OstreeGpgVerifyResult *result,
+ const gchar *key_id,
+ guint *out_signature_index);
+
+GVariant * ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
+ guint signature_index,
+ OstreeGpgSignatureAttr *attrs,
+ guint n_attrs);
+
+GVariant * ostree_gpg_verify_result_get_all (OstreeGpgVerifyResult *result,
+ guint signature_index);
+
+G_END_DECLS
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 8b0ef700..03c3b4d7 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -3198,12 +3198,12 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
{
gboolean ret = FALSE;
gs_unref_object OstreeGpgVerifier *verifier = NULL;
+ gs_unref_object OstreeGpgVerifyResult *result = NULL;
gs_unref_variant GVariant *signaturedata = NULL;
GByteArray *buffer;
GVariantIter iter;
GVariant *child;
g_autoptr (GBytes) signatures = NULL;
- gboolean had_valid_signature = FALSE;
verifier = _ostree_gpg_verifier_new (cancellable, error);
if (!verifier)
@@ -3252,14 +3252,13 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
}
signatures = g_byte_array_free_to_bytes (buffer);
- if (!_ostree_gpg_verifier_check_signature (verifier,
- signed_data,
- signatures,
- &had_valid_signature,
- cancellable, error))
+ result = _ostree_gpg_verifier_check_signature (verifier,
+ signed_data, signatures,
+ cancellable, error);
+ if (result == NULL)
goto out;
- if (!had_valid_signature)
+ if (ostree_gpg_verify_result_count_valid (result) == 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"GPG signatures found, but none are in trusted keyring");
diff --git a/tests/gpg-verify-data/README.md b/tests/gpg-verify-data/README.md
new file mode 100644
index 00000000..d96fbad5
--- /dev/null
+++ b/tests/gpg-verify-data/README.md
@@ -0,0 +1,5 @@
+This is a GPG config directory for use with the OstreeGpgVerifyResult
+test cases. The test data (`lgplv2`) is signed with a variety of valid
+and invalid GPG keys in a detached signature file (`lgplv2.sig`).
+
+The passphrase for all the keys is `redhat`.
diff --git a/tests/gpg-verify-data/gpg.conf b/tests/gpg-verify-data/gpg.conf
new file mode 100644
index 00000000..55cd4bb2
--- /dev/null
+++ b/tests/gpg-verify-data/gpg.conf
@@ -0,0 +1,4 @@
+# This prevents GPG from attempting to create lock files when accessing
+# the keyrings and trust database. Necessary for "distcheck", since the
+# GPG homedir will be read-only.
+lock-never
diff --git a/tests/gpg-verify-data/lgpl2 b/tests/gpg-verify-data/lgpl2
new file mode 100644
index 00000000..5bc8fb2c
--- /dev/null
+++ b/tests/gpg-verify-data/lgpl2
@@ -0,0 +1,481 @@
+ GNU LIBRARY GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the library GPL. It is
+ numbered 2 because it goes with version 2 of the ordinary GPL.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Library General Public License, applies to some
+specially designated Free Software Foundation software, and to any
+other libraries whose authors decide to use it. You can use it for
+your libraries, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if
+you distribute copies of the library, or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link a program with the library, you must provide
+complete object files to the recipients so that they can relink them
+with the library, after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ Our method of protecting your rights has two steps: (1) copyright
+the library, and (2) offer you this license which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ Also, for each distributor's protection, we want to make certain
+that everyone understands that there is no warranty for this free
+library. If the library is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original
+version, so that any problems introduced by others will not reflect on
+the original authors' reputations.
+�
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that companies distributing free
+software will individually obtain patent licenses, thus in effect
+transforming the program into proprietary software. To prevent this,
+we have made it clear that any patent must be licensed for everyone's
+free use or not licensed at all.
+
+ Most GNU software, including some libraries, is covered by the ordinary
+GNU General Public License, which was designed for utility programs. This
+license, the GNU Library General Public License, applies to certain
+designated libraries. This license is quite different from the ordinary
+one; be sure to read it in full, and don't assume that anything in it is
+the same as in the ordinary license.
+
+ The reason we have a separate public license for some libraries is that
+they blur the distinction we usually make between modifying or adding to a
+program and simply using it. Linking a program with a library, without
+changing the library, is in some sense simply using the library, and is
+analogous to running a utility program or application program. However, in
+a textual and legal sense, the linked executable is a combined work, a
+derivative of the original library, and the ordinary General Public License
+treats it as such.
+
+ Because of this blurred distinction, using the ordinary General
+Public License for libraries did not effectively promote software
+sharing, because most developers did not use the libraries. We
+concluded that weaker conditions might promote sharing better.
+
+ However, unrestricted linking of non-free programs would deprive the
+users of those programs of all benefit from the free status of the
+libraries themselves. This Library General Public License is intended to
+permit developers of non-free programs to use free libraries, while
+preserving your freedom as a user of such programs to change the free
+libraries that are incorporated in them. (We have not seen how to achieve
+this as regards changes in header files, but we have achieved it as regards
+changes in the actual functions of the Library.) The hope is that this
+will lead to faster development of free libraries.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, while the latter only
+works together with the library.
+
+ Note that it is possible for a library to be covered by the ordinary
+General Public License rather than by this special one.
+�
+ GNU LIBRARY GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library which
+contains a notice placed by the copyright holder or other authorized
+party saying it may be distributed under the terms of this Library
+General Public License (also called "this License"). Each licensee is
+addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+�
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+�
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+�
+ 6. As an exception to the Sections above, you may also compile or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ c) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ d) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the source code distributed need not include anything that is normally
+distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+�
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+�
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Library General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+�
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+�
+ How to Apply These Terms to Your New Libraries
+
+ If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change. You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+ To apply these terms, attach the following notices to the library. It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+ , 1 April 1990
+ Ty Coon, President of Vice
+
+That's all there is to it!
diff --git a/tests/gpg-verify-data/lgpl2.sig b/tests/gpg-verify-data/lgpl2.sig
new file mode 100644
index 00000000..a9eafbf7
Binary files /dev/null and b/tests/gpg-verify-data/lgpl2.sig differ
diff --git a/tests/gpg-verify-data/pubring.gpg b/tests/gpg-verify-data/pubring.gpg
new file mode 100644
index 00000000..187538f3
Binary files /dev/null and b/tests/gpg-verify-data/pubring.gpg differ
diff --git a/tests/gpg-verify-data/secring.gpg b/tests/gpg-verify-data/secring.gpg
new file mode 100644
index 00000000..219df344
Binary files /dev/null and b/tests/gpg-verify-data/secring.gpg differ
diff --git a/tests/gpg-verify-data/trustdb.gpg b/tests/gpg-verify-data/trustdb.gpg
new file mode 100644
index 00000000..b7426c71
Binary files /dev/null and b/tests/gpg-verify-data/trustdb.gpg differ
diff --git a/tests/test-gpg-verify-result.c b/tests/test-gpg-verify-result.c
new file mode 100644
index 00000000..2bc23841
--- /dev/null
+++ b/tests/test-gpg-verify-result.c
@@ -0,0 +1,457 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
+ *
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include
+#include
+
+#include "ostree-gpg-verify-result-private.h"
+
+#define assert_no_gpg_error(err, filename) \
+ G_STMT_START { \
+ if (err != GPG_ERR_NO_ERROR) { \
+ GString *string = g_string_new ("assertion failed "); \
+ g_string_append_printf (string, "%s: %s ", gpgme_strsource (err), gpgme_strerror (err)); \
+ g_string_append (string, filename ? filename : ""); \
+ g_assertion_message (G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, string->str); \
+ g_string_free (string, TRUE); \
+ } \
+ } G_STMT_END
+
+typedef struct {
+ OstreeGpgVerifyResult *result;
+} TestFixture;
+
+static OstreeGpgSignatureAttr some_attributes[] = {
+ OSTREE_GPG_SIGNATURE_ATTR_VALID,
+ OSTREE_GPG_SIGNATURE_ATTR_SIG_EXPIRED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_EXPIRED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_REVOKED,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING
+};
+
+static void
+test_fixture_setup (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ gpgme_error_t gpg_error;
+ gpgme_data_t data_buffer;
+ gpgme_data_t signature_buffer;
+ OstreeGpgVerifyResult *result;
+ gs_free char *homedir = NULL;
+ gs_free char *filename = NULL;
+ GError *local_error = NULL;
+
+ /* Mimic what OstreeGpgVerifier does to create OstreeGpgVerifyResult.
+ * We don't use OstreeGpgVerifier directly because we don't need the
+ * multiple-keyring workaround and because we want the trust database
+ * taken into account, which contains additional data like revocation
+ * certificates for certain test cases. */
+
+ homedir = g_test_build_filename (G_TEST_DIST, "gpg-verify-data", NULL);
+ g_setenv ("GNUPGHOME", homedir, TRUE);
+
+ result = g_initable_new (OSTREE_TYPE_GPG_VERIFY_RESULT,
+ NULL, &local_error, NULL);
+ g_assert_no_error (local_error);
+
+ filename = g_build_filename (homedir, "lgpl2", NULL);
+ gpg_error = gpgme_data_new_from_file (&data_buffer, filename, 1);
+ assert_no_gpg_error (gpg_error, filename);
+
+ g_clear_pointer (&filename, g_free);
+
+ filename = g_build_filename (homedir, "lgpl2.sig", NULL);
+ gpg_error = gpgme_data_new_from_file (&signature_buffer, filename, 1);
+ assert_no_gpg_error (gpg_error, filename);
+
+ gpg_error = gpgme_op_verify (result->context,
+ signature_buffer, data_buffer, NULL);
+ assert_no_gpg_error (gpg_error, NULL);
+
+ result->details = gpgme_op_verify_result (result->context);
+ gpgme_result_ref (result->details);
+
+ gpgme_data_release (data_buffer);
+ gpgme_data_release (signature_buffer);
+
+ fixture->result = result;
+}
+
+static void
+test_fixture_teardown (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ g_clear_object (&fixture->result);
+}
+
+static void
+test_check_counts (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ guint count_all;
+ guint count_valid;
+
+ count_all = ostree_gpg_verify_result_count_all (fixture->result);
+ count_valid = ostree_gpg_verify_result_count_valid (fixture->result);
+
+ g_assert_cmpint (count_all, ==, 5);
+ g_assert_cmpint (count_valid, ==, 1);
+}
+
+static void
+test_signature_lookup (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ /* Checking the signature with the revoked key for this case. */
+ guint expected_signature_index = GPOINTER_TO_UINT (user_data);
+
+ /* Lowercase letters to ensure OstreeGpgVerifyResult handles it. */
+ const char *fingerprint = "20e10cfa61ca9cbedbfb03ad115fd072c8c56093";
+
+ guint signature_index;
+ gboolean signature_found;
+
+ /* Lookup full fingerprint. */
+ signature_index = 999999;
+ signature_found = ostree_gpg_verify_result_lookup (fixture->result,
+ fingerprint,
+ &signature_index);
+ g_assert_true (signature_found);
+ g_assert_cmpint (signature_index, ==, expected_signature_index);
+
+ /* Lookup abbreviated key ID. */
+ signature_index = 999999;
+ signature_found = ostree_gpg_verify_result_lookup (fixture->result,
+ fingerprint + 32,
+ &signature_index);
+ g_assert_true (signature_found);
+ g_assert_cmpint (signature_index, ==, expected_signature_index);
+
+ /* Bogus fingerprint, index should remain unchanged. */
+ signature_index = expected_signature_index = 999999;
+ fingerprint = "CAFEBABECAFEBABECAFEBABECAFEBABECAFEBABE";
+ signature_found = ostree_gpg_verify_result_lookup (fixture->result,
+ fingerprint,
+ &signature_index);
+ g_assert_false (signature_found);
+ g_assert_cmpint (signature_index, ==, expected_signature_index);
+}
+
+static void
+test_attribute_basics (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ guint n_signatures, ii;
+
+ n_signatures = ostree_gpg_verify_result_count_valid (fixture->result);
+
+ for (ii = 0; ii < n_signatures; ii++)
+ {
+ gs_unref_variant GVariant *tuple = NULL;
+ const char *attr_string;
+ const char *type_string;
+ gboolean key_missing;
+
+ tuple = ostree_gpg_verify_result_get_all (fixture->result, ii);
+
+ type_string = g_variant_get_type_string (tuple);
+ g_assert_cmpstr (type_string, ==, "(bbbbbsxxssss)");
+
+ /* Check attributes which should be common to all signatures. */
+
+ g_variant_get_child (tuple,
+ OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME,
+ "&s", &attr_string);
+ g_assert_cmpstr (attr_string, ==, "RSA");
+
+ g_variant_get_child (tuple,
+ OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME,
+ "&s", &attr_string);
+ g_assert_cmpstr (attr_string, ==, "SHA1");
+
+ g_variant_get_child (tuple,
+ OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING,
+ "b", &key_missing);
+
+ g_variant_get_child (tuple,
+ OSTREE_GPG_SIGNATURE_ATTR_USER_NAME,
+ "&s", &attr_string);
+ if (key_missing)
+ g_assert_cmpstr (attr_string, ==, "[unknown name]");
+ else
+ g_assert_cmpstr (attr_string, ==, "J. Random User");
+
+ g_variant_get_child (tuple,
+ OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL,
+ "&s", &attr_string);
+ if (key_missing)
+ g_assert_cmpstr (attr_string, ==, "[unknown email]");
+ else
+ g_assert_cmpstr (attr_string, ==, "testcase@redhat.com");
+ }
+}
+
+static void
+test_valid_signature (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ guint signature_index = GPOINTER_TO_UINT (user_data);
+ gs_unref_variant GVariant *tuple = NULL;
+ gboolean valid;
+ gboolean sig_expired;
+ gboolean key_expired;
+ gboolean key_revoked;
+ gboolean key_missing;
+
+ tuple = ostree_gpg_verify_result_get (fixture->result,
+ signature_index,
+ some_attributes,
+ G_N_ELEMENTS (some_attributes));
+
+ g_variant_get (tuple, "(bbbbb)",
+ &valid,
+ &sig_expired,
+ &key_expired,
+ &key_revoked,
+ &key_missing);
+
+ g_assert_true (valid);
+ g_assert_false (sig_expired);
+ g_assert_false (key_expired);
+ g_assert_false (key_revoked);
+ g_assert_false (key_missing);
+}
+
+static void
+test_expired_key (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ guint signature_index = GPOINTER_TO_UINT (user_data);
+ gs_unref_variant GVariant *tuple = NULL;
+ gboolean valid;
+ gboolean sig_expired;
+ gboolean key_expired;
+ gboolean key_revoked;
+ gboolean key_missing;
+
+ tuple = ostree_gpg_verify_result_get (fixture->result,
+ signature_index,
+ some_attributes,
+ G_N_ELEMENTS (some_attributes));
+
+ g_variant_get (tuple, "(bbbbb)",
+ &valid,
+ &sig_expired,
+ &key_expired,
+ &key_revoked,
+ &key_missing);
+
+ g_assert_false (valid);
+ g_assert_false (sig_expired);
+ g_assert_true (key_expired);
+ g_assert_false (key_revoked);
+ g_assert_false (key_missing);
+}
+
+static void
+test_revoked_key (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ guint signature_index = GPOINTER_TO_UINT (user_data);
+ gs_unref_variant GVariant *tuple = NULL;
+ gboolean valid;
+ gboolean sig_expired;
+ gboolean key_expired;
+ gboolean key_revoked;
+ gboolean key_missing;
+
+ tuple = ostree_gpg_verify_result_get (fixture->result,
+ signature_index,
+ some_attributes,
+ G_N_ELEMENTS (some_attributes));
+
+ g_variant_get (tuple, "(bbbbb)",
+ &valid,
+ &sig_expired,
+ &key_expired,
+ &key_revoked,
+ &key_missing);
+
+ g_assert_false (valid);
+ g_assert_false (sig_expired);
+ g_assert_false (key_expired);
+ g_assert_true (key_revoked);
+ g_assert_false (key_missing);
+}
+
+static void
+test_missing_key (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ guint signature_index = GPOINTER_TO_UINT (user_data);
+ gs_unref_variant GVariant *tuple = NULL;
+ gboolean valid;
+ gboolean sig_expired;
+ gboolean key_expired;
+ gboolean key_revoked;
+ gboolean key_missing;
+
+ tuple = ostree_gpg_verify_result_get (fixture->result,
+ signature_index,
+ some_attributes,
+ G_N_ELEMENTS (some_attributes));
+
+ g_variant_get (tuple, "(bbbbb)",
+ &valid,
+ &sig_expired,
+ &key_expired,
+ &key_revoked,
+ &key_missing);
+
+ g_assert_false (valid);
+ g_assert_false (sig_expired);
+ g_assert_false (key_expired);
+ g_assert_false (key_revoked);
+ g_assert_true (key_missing);
+}
+
+static void
+test_expired_signature (TestFixture *fixture,
+ gconstpointer user_data)
+{
+ guint signature_index = GPOINTER_TO_UINT (user_data);
+ gs_unref_variant GVariant *tuple = NULL;
+ gboolean valid;
+ gboolean sig_expired;
+ gboolean key_expired;
+ gboolean key_revoked;
+ gboolean key_missing;
+
+ tuple = ostree_gpg_verify_result_get (fixture->result,
+ signature_index,
+ some_attributes,
+ G_N_ELEMENTS (some_attributes));
+
+ g_variant_get (tuple, "(bbbbb)",
+ &valid,
+ &sig_expired,
+ &key_expired,
+ &key_revoked,
+ &key_missing);
+
+ /* XXX GPGME seems to be mishandling this case entirely.
+ *
+ * GPG itself recognizes the last signature as expired:
+ *
+ * gpg: Signature made Tue 10 Mar 2015 06:29:07 PM EDT using
+ * RSA key ID 9A51B00B
+ * gpg: BAD signature from "J. Random User (valid signing key)
+ * "
+ * gpg: Signature expired Wed 11 Mar 2015 06:29:07 PM EDT
+ *
+ * But the gpgme_signature_t record comes back with:
+ *
+ * summary = GPGME_SIGSUM_RED (expected GPGME_SIGSUM_SIG_EXPIRED)
+ * status = GPG_ERR_BAD_SIGNATURE (expected GPG_ERR_SIG_EXPIRED)
+ * timestamp = 0 }
+ * exp_timestamp = 0 } all wrong values!
+ * pubkey_algo = 0 }
+ * hash_algo = GPGME_MD_NONE }
+ *
+ * Possibly a parsing error in GPGME? It acts like it sees the BAD
+ * token and just gives up on the rest. Worth investigating further?
+ */
+
+ g_assert_false (valid);
+#if 0
+ g_assert_true (sig_expired);
+#endif
+ g_assert_false (key_expired);
+ g_assert_false (key_revoked);
+ g_assert_false (key_missing);
+}
+
+int
+main (int argc, char **argv)
+{
+ g_test_init (&argc, &argv, NULL);
+
+ (void) gpgme_check_version (NULL);
+
+ g_test_add ("/gpg-verify-result/check-counts",
+ TestFixture,
+ NULL,
+ test_fixture_setup,
+ test_check_counts,
+ test_fixture_teardown);
+
+ g_test_add ("/gpg-verify-result/signature-lookup",
+ TestFixture,
+ GINT_TO_POINTER (2),
+ test_fixture_setup,
+ test_signature_lookup,
+ test_fixture_teardown);
+
+ g_test_add ("/gpg-verify-result/attribute-basics",
+ TestFixture,
+ NULL,
+ test_fixture_setup,
+ test_attribute_basics,
+ test_fixture_teardown);
+
+ g_test_add ("/gpg-verify-result/valid-signature",
+ TestFixture,
+ GINT_TO_POINTER (0), /* signature index */
+ test_fixture_setup,
+ test_valid_signature,
+ test_fixture_teardown);
+
+ g_test_add ("/gpg-verify-result/expired-key",
+ TestFixture,
+ GINT_TO_POINTER (1), /* signature index */
+ test_fixture_setup,
+ test_expired_key,
+ test_fixture_teardown);
+
+ g_test_add ("/gpg-verify-result/revoked-key",
+ TestFixture,
+ GINT_TO_POINTER (2), /* signature index */
+ test_fixture_setup,
+ test_revoked_key,
+ test_fixture_teardown);
+
+ g_test_add ("/gpg-verify-result/missing-key",
+ TestFixture,
+ GINT_TO_POINTER (3), /* signature index */
+ test_fixture_setup,
+ test_missing_key,
+ test_fixture_teardown);
+
+ g_test_add ("/gpg-verify-result/expired-signature",
+ TestFixture,
+ GINT_TO_POINTER (4), /* signature index */
+ test_fixture_setup,
+ test_expired_signature,
+ test_fixture_teardown);
+
+ return g_test_run ();
+}