diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c index cb6d8f50..eda69dc1 100644 --- a/src/libostree/ostree-gpg-verifier.c +++ b/src/libostree/ostree-gpg-verifier.c @@ -40,10 +40,7 @@ struct OstreeGpgVerifier { GList *keyrings; }; -static void _ostree_gpg_verifier_initable_iface_init (GInitableIface *iface); - -G_DEFINE_TYPE_WITH_CODE (OstreeGpgVerifier, _ostree_gpg_verifier, G_TYPE_OBJECT, - G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, _ostree_gpg_verifier_initable_iface_init)) +G_DEFINE_TYPE (OstreeGpgVerifier, _ostree_gpg_verifier, G_TYPE_OBJECT) static void ostree_gpg_verifier_finalize (GObject *object) @@ -71,42 +68,6 @@ _ostree_gpg_verifier_init (OstreeGpgVerifier *self) { } -static gboolean -ostree_gpg_verifier_initable_init (GInitable *initable, - GCancellable *cancellable, - GError **error) -{ - gboolean ret = FALSE; - OstreeGpgVerifier *self = (OstreeGpgVerifier*)initable; - const char *default_keyring_path = g_getenv ("OSTREE_GPG_HOME"); - g_autoptr(GFile) default_keyring_dir = NULL; - - if (!default_keyring_path) - default_keyring_path = DATADIR "/ostree/trusted.gpg.d/"; - - if (g_file_test (default_keyring_path, G_FILE_TEST_IS_DIR)) - { - default_keyring_dir = g_file_new_for_path (default_keyring_path); - if (!_ostree_gpg_verifier_add_keyring_dir (self, default_keyring_dir, - cancellable, error)) - { - g_prefix_error (error, "Reading keyring directory '%s'", - gs_file_get_path_cached (default_keyring_dir)); - goto out; - } - } - - ret = TRUE; - out: - return ret; -} - -static void -_ostree_gpg_verifier_initable_iface_init (GInitableIface *iface) -{ - iface->init = ostree_gpg_verifier_initable_init; -} - static void verify_result_finalized_cb (gpointer data, GObject *finalized_verify_result) @@ -323,9 +284,40 @@ _ostree_gpg_verifier_add_keyring_dir (OstreeGpgVerifier *self, return ret; } -OstreeGpgVerifier* -_ostree_gpg_verifier_new (GCancellable *cancellable, - GError **error) +gboolean +_ostree_gpg_verifier_add_global_keyring_dir (OstreeGpgVerifier *self, + GCancellable *cancellable, + GError **error) { - return g_initable_new (OSTREE_TYPE_GPG_VERIFIER, cancellable, error, NULL); + const char *global_keyring_path = g_getenv ("OSTREE_GPG_HOME"); + g_autoptr(GFile) global_keyring_dir = NULL; + gboolean ret = FALSE; + + g_return_val_if_fail (OSTREE_IS_GPG_VERIFIER (self), FALSE); + + if (global_keyring_path == NULL) + global_keyring_path = DATADIR "/ostree/trusted.gpg.d/"; + + if (g_file_test (global_keyring_path, G_FILE_TEST_IS_DIR)) + { + global_keyring_dir = g_file_new_for_path (global_keyring_path); + if (!_ostree_gpg_verifier_add_keyring_dir (self, global_keyring_dir, + cancellable, error)) + { + g_prefix_error (error, "Reading keyring directory '%s'", + gs_file_get_path_cached (global_keyring_dir)); + goto out; + } + } + + ret = TRUE; + +out: + return ret; +} + +OstreeGpgVerifier* +_ostree_gpg_verifier_new (void) +{ + return g_object_new (OSTREE_TYPE_GPG_VERIFIER, NULL); } diff --git a/src/libostree/ostree-gpg-verifier.h b/src/libostree/ostree-gpg-verifier.h index 54be424f..209f7342 100644 --- a/src/libostree/ostree-gpg-verifier.h +++ b/src/libostree/ostree-gpg-verifier.h @@ -37,8 +37,7 @@ typedef struct OstreeGpgVerifier OstreeGpgVerifier; GType _ostree_gpg_verifier_get_type (void); -OstreeGpgVerifier *_ostree_gpg_verifier_new (GCancellable *cancellable, - GError **error); +OstreeGpgVerifier *_ostree_gpg_verifier_new (void); OstreeGpgVerifyResult *_ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self, GBytes *signed_data, @@ -51,6 +50,10 @@ gboolean _ostree_gpg_verifier_add_keyring_dir (OstreeGpgVerifier *self, GCancellable *cancellable, GError **error); +gboolean _ostree_gpg_verifier_add_global_keyring_dir (OstreeGpgVerifier *self, + GCancellable *cancellable, + GError **error); + void _ostree_gpg_verifier_add_keyring (OstreeGpgVerifier *self, GFile *path); diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c index 762d426e..734f392f 100644 --- a/src/libostree/ostree-repo.c +++ b/src/libostree/ostree-repo.c @@ -3745,10 +3745,9 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self, GVariantIter iter; GVariant *child; g_autoptr (GBytes) signatures = NULL; + gboolean add_global_keyring_dir = TRUE; - verifier = _ostree_gpg_verifier_new (cancellable, error); - if (!verifier) - goto out; + verifier = _ostree_gpg_verifier_new (); if (remote_name == OSTREE_ALL_REMOTES) { @@ -3760,8 +3759,7 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self, } else if (remote_name != NULL) { - /* Add the remote's keyring file. OstreeGpgVerifier - * will ignore it if the keyring file does not exist. */ + /* Add the remote's keyring file if it exists. */ OstreeRemote *remote; g_autoptr(GFile) file = NULL; @@ -3772,11 +3770,22 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self, file = g_file_get_child (self->repodir, remote->keyring); - _ostree_gpg_verifier_add_keyring (verifier, file); + if (g_file_query_exists (file, cancellable)) + { + _ostree_gpg_verifier_add_keyring (verifier, file); + add_global_keyring_dir = FALSE; + } ost_remote_unref (remote); } + if (add_global_keyring_dir) + { + /* Use the deprecated global keyring directory. */ + if (!_ostree_gpg_verifier_add_global_keyring_dir (verifier, cancellable, error)) + goto out; + } + if (keyringdir) { if (!_ostree_gpg_verifier_add_keyring_dir (verifier, keyringdir,