repo: Factor out the check of gpg result to a separate function

I plan to add a function for verifying any data which may return the
error about lack of trusted signatures, so let's avoid the redundancy
and put the check in the separate function.

Closes: #310
Approved by: cgwalters

apidoc/ostree-sections.txt

@@ -185,6 +185,7 @@ ostree_gpg_verify_result_get_all
 OstreeGpgSignatureFormatFlags
 ostree_gpg_verify_result_describe
 ostree_gpg_verify_result_describe_variant
+ostree_gpg_verify_result_require_valid_signature
 <SUBSECTION Standard>
 OSTREE_GPG_VERIFY_RESULT
 OSTREE_IS_GPG_VERIFY_RESULT

src/libostree/libostree.sym

@@ -340,6 +340,7 @@ global:
 
 LIBOSTREE_2016.6 {
 global:
-        ostree_repo_remote_fetch_summary_with_options;
+        ostree_gpg_verify_result_require_valid_signature;
         ostree_raw_file_to_archive_z2_stream;
+        ostree_repo_remote_fetch_summary_with_options;
 } LIBOSTREE_2016.5;

src/libostree/ostree-gpg-verify-result.c

@@ -622,3 +622,33 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant,
         }
     }
 }
+
+/**
+ * ostree_gpg_verify_result_require_valid_signature:
+ * @result: (nullable): an #OstreeGpgVerifyResult
+ * @error: A #GError
+ *
+ * Checks if the result contains at least one signature from the
+ * trusted keyring.  You can call this function immediately after
+ * ostree_repo_verify_summary() or ostree_repo_verify_commit_ext() -
+ * it will handle the %NULL @result and filled @error too.
+ *
+ * Returns: %TRUE if @result was not %NULL and had at least one
+ * signature from trusted keyring, otherwise %FALSE
+ */
+gboolean
+ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
+                                                  GError **error)
+{
+  if (result == NULL)
+    return FALSE;
+
+  if (ostree_gpg_verify_result_count_valid (result) == 0)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                           "GPG signatures found, but none are in trusted keyring");
+      return FALSE;
+    }
+
+  return TRUE;
+}

src/libostree/ostree-gpg-verify-result.h

@@ -133,4 +133,8 @@ void ostree_gpg_verify_result_describe_variant (GVariant *variant,
                                                 const gchar *line_prefix,
                                                 OstreeGpgSignatureFormatFlags flags);
 
+_OSTREE_PUBLIC
+gboolean ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
+                                                           GError **error);
+
 G_END_DECLS

src/libostree/ostree-repo.c

@@ -2116,15 +2116,8 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo    *self,
                                            signatures,
                                            cancellable,
                                            error);
-      if (result == NULL)
+      if (!ostree_gpg_verify_result_require_valid_signature (result, error))
         goto out;
-
-      if (ostree_gpg_verify_result_count_valid (result) == 0)
-        {
-          g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                               "GPG signatures found, but none are in trusted keyring");
-          goto out;
-        }
     }
 
   if (out_summary != NULL)
@@ -4838,25 +4831,12 @@ ostree_repo_verify_commit (OstreeRepo   *self,
                            GError      **error)
 {
   glnx_unref_object OstreeGpgVerifyResult *result = NULL;
-  gboolean ret = FALSE;
 
   result = ostree_repo_verify_commit_ext (self, commit_checksum,
                                           keyringdir, extra_keyring,
                                           cancellable, error);
-  if (result == NULL)
-    goto out;
 
-  if (ostree_gpg_verify_result_count_valid (result) == 0)
+  return ostree_gpg_verify_result_require_valid_signature (result, error);
-    {
-      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                   "GPG signatures found, but none are in trusted keyring");
-      goto out;
-    }
-
-  ret = TRUE;
-
- out:
-  return ret;
 }
 
 /**