From 8d127b9dcb663365d9e6025034cf3e6d54a27f3b Mon Sep 17 00:00:00 2001
From: Matthew Barnes <mbarnes@redhat.com>
Date: Wed, 11 Mar 2015 19:21:33 -0400
Subject: [PATCH] repo: Add ostree_repo_verify_commit_ext()

Similar to ostree_repo_verify_commit(), but returns more verification
details by way of an OstreeGpgVerifyResult object instead of a boolean.
---
 doc/ostree-sections.txt             |  1 +
 src/libostree/ostree-repo-private.h |  2 +-
 src/libostree/ostree-repo.c         | 75 ++++++++++++++++++++---------
 src/libostree/ostree-repo.h         |  8 +++
 4 files changed, 63 insertions(+), 23 deletions(-)

diff --git a/doc/ostree-sections.txt b/doc/ostree-sections.txt
index 41cc4415..37888c28 100644
--- a/doc/ostree-sections.txt
+++ b/doc/ostree-sections.txt
@@ -299,6 +299,7 @@ ostree_repo_pull_default_console_progress_changed
 ostree_repo_sign_commit
 ostree_repo_append_gpg_signature
 ostree_repo_verify_commit
+ostree_repo_verify_commit_ext
 ostree_repo_regenerate_summary
 <SUBSECTION Standard>
 OSTREE_REPO
diff --git a/src/libostree/ostree-repo-private.h b/src/libostree/ostree-repo-private.h
index 9721490e..6e299e24 100644
--- a/src/libostree/ostree-repo-private.h
+++ b/src/libostree/ostree-repo-private.h
@@ -185,7 +185,7 @@ _ostree_repo_get_remote_boolean_option (OstreeRepo  *self,
                                         gboolean    *out_value,
                                         GError     **error);
 
-gboolean
+OstreeGpgVerifyResult *
 _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
                                        GBytes              *signed_data,
                                        GVariant            *metadata,
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 03c3b4d7..acda925a 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -3187,7 +3187,7 @@ ostree_repo_sign_delta (OstreeRepo     *self,
   return ret;
 }
 
-gboolean
+OstreeGpgVerifyResult *
 _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
                                        GBytes              *signed_data,
                                        GVariant            *metadata,
@@ -3196,9 +3196,8 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
                                        GCancellable        *cancellable,
                                        GError             **error)
 {
-  gboolean ret = FALSE;
+  OstreeGpgVerifyResult *result = NULL;
   gs_unref_object OstreeGpgVerifier *verifier = NULL;
-  gs_unref_object OstreeGpgVerifyResult *result = NULL;
   gs_unref_variant GVariant *signaturedata = NULL;
   GByteArray *buffer;
   GVariantIter iter;
@@ -3255,19 +3254,9 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo          *self,
   result = _ostree_gpg_verifier_check_signature (verifier,
                                                  signed_data, signatures,
                                                  cancellable, error);
-  if (result == NULL)
-    goto out;
 
-  if (ostree_gpg_verify_result_count_valid (result) == 0)
-    {
-      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                   "GPG signatures found, but none are in trusted keyring");
-      goto out;
-    }
-
-  ret = TRUE;
  out:
-  return ret;
+  return result;
 }
 
 /**
@@ -3290,7 +3279,51 @@ ostree_repo_verify_commit (OstreeRepo   *self,
                            GCancellable *cancellable,
                            GError      **error)
 {
+  gs_unref_object OstreeGpgVerifyResult *result = NULL;
   gboolean ret = FALSE;
+
+  result = ostree_repo_verify_commit_ext (self, commit_checksum,
+                                          keyringdir, extra_keyring,
+                                          cancellable, error);
+  if (result == NULL)
+    goto out;
+
+  if (ostree_gpg_verify_result_count_valid (result) == 0)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "GPG signatures found, but none are in trusted keyring");
+      goto out;
+    }
+
+  ret = TRUE;
+
+ out:
+  return ret;
+}
+
+/**
+ * ostree_repo_verify_commit_ext:
+ * @self: Repository
+ * @commit_checksum: ASCII SHA256 checksum
+ * @keyringdir: (allow-none): Path to directory GPG keyrings; overrides built-in default if given
+ * @extra_keyring: (allow-none): Path to additional keyring file (not a directory)
+ * @cancellable: Cancellable
+ * @error: Error
+ *
+ * Read GPG signature(s) on the commit named by the ASCII checksum
+ * @commit_checksum and return detailed results.
+ *
+ * Returns: (transfer full): an #OstreeGpgVerifyResult, or %NULL on error
+ */
+OstreeGpgVerifyResult *
+ostree_repo_verify_commit_ext (OstreeRepo    *self,
+                               const gchar   *commit_checksum,
+                               GFile         *keyringdir,
+                               GFile         *extra_keyring,
+                               GCancellable  *cancellable,
+                               GError       **error)
+{
+  OstreeGpgVerifyResult *result = NULL;
   gs_unref_variant GVariant *commit_variant = NULL;
   gs_unref_object GFile *keyringdir_ref = NULL;
   gs_unref_variant GVariant *metadata = NULL;
@@ -3319,15 +3352,13 @@ ostree_repo_verify_commit (OstreeRepo   *self,
 
   signed_data = g_variant_get_data_as_bytes (commit_variant);
 
-  if (!_ostree_repo_gpg_verify_with_metadata (self,
-                                              signed_data, metadata,
-                                              keyringdir, extra_keyring,
-                                              cancellable, error))
-    goto out;
-  
-  ret = TRUE;
+  result = _ostree_repo_gpg_verify_with_metadata (self,
+                                                  signed_data, metadata,
+                                                  keyringdir, extra_keyring,
+                                                  cancellable, error);
+
 out:
-  return ret;
+  return result;
 }
 
 /**
diff --git a/src/libostree/ostree-repo.h b/src/libostree/ostree-repo.h
index c59364a7..96c3536e 100644
--- a/src/libostree/ostree-repo.h
+++ b/src/libostree/ostree-repo.h
@@ -26,6 +26,7 @@
 #include "ostree-types.h"
 #include "ostree-async-progress.h"
 #include "ostree-sepolicy.h"
+#include "ostree-gpg-verify-result.h"
 
 G_BEGIN_DECLS
 
@@ -676,6 +677,13 @@ gboolean ostree_repo_verify_commit (OstreeRepo   *self,
                                     GCancellable *cancellable,
                                     GError      **error);
 
+OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo    *self,
+                                                       const gchar   *commit_checksum,
+                                                       GFile         *keyringdir,
+                                                       GFile         *extra_keyring,
+                                                       GCancellable  *cancellable,
+                                                       GError       **error);
+
 gboolean ostree_repo_regenerate_summary (OstreeRepo     *self,
                                          GVariant       *additional_metadata,
                                          GCancellable   *cancellable,