diff --git a/apidoc/ostree-sections.txt b/apidoc/ostree-sections.txt index 5586262a..979c8e93 100644 --- a/apidoc/ostree-sections.txt +++ b/apidoc/ostree-sections.txt @@ -709,7 +709,7 @@ ostree_kernel_args_to_string
ostree-sign OstreeSign -ostree_sign_list_names +ostree_sign_get_all ostree_sign_commit ostree_sign_commit_verify ostree_sign_data diff --git a/src/libostree/libostree-devel.sym b/src/libostree/libostree-devel.sym index 9c6157a8..fd0ffd57 100644 --- a/src/libostree/libostree-devel.sym +++ b/src/libostree/libostree-devel.sym @@ -23,7 +23,7 @@ global: ostree_repo_commit_modifier_set_sepolicy_from_commit; someostree_symbol_deleteme; ostree_sign_get_type; - ostree_sign_list_names; + ostree_sign_get_all; ostree_sign_commit; ostree_sign_commit_verify; ostree_sign_data; diff --git a/src/libostree/ostree-repo-pull-verify.c b/src/libostree/ostree-repo-pull-verify.c index c1eab6c3..84f7623b 100644 --- a/src/libostree/ostree-repo-pull-verify.c +++ b/src/libostree/ostree-repo-pull-verify.c @@ -142,6 +142,9 @@ _signapi_load_public_keys (OstreeSign *sign, return TRUE; } +/* Iterate over all known signing types, and check if the commit is signed + * by at least one. + */ gboolean _sign_verify_for_remote (OstreeRepo *repo, const gchar *remote_name, @@ -149,32 +152,18 @@ _sign_verify_for_remote (OstreeRepo *repo, GVariant *metadata, GError **error) { - /* list all signature types in detached metadata and check if signed by any? */ - g_auto (GStrv) names = ostree_sign_list_names(); guint n_invalid_signatures = 0; - guint n_unknown_signatures = 0; g_autoptr (GError) last_sig_error = NULL; gboolean found_sig = FALSE; - for (char **iter=names; iter && *iter; iter++) + g_autoptr(GPtrArray) signers = ostree_sign_get_all (); + for (guint i = 0; i < signers->len; i++) { - g_autoptr (OstreeSign) sign = NULL; - g_autoptr (GVariant) signatures = NULL; - const gchar *signature_key = NULL; - GVariantType *signature_format = NULL; - - if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL) - { - n_unknown_signatures++; - continue; - } - - signature_key = ostree_sign_metadata_key (sign); - signature_format = (GVariantType *) ostree_sign_metadata_format (sign); - - signatures = g_variant_lookup_value (metadata, - signature_key, - signature_format); + OstreeSign *sign = signers->pdata[i]; + const gchar *signature_key = ostree_sign_metadata_key (sign); + GVariantType *signature_format = (GVariantType *) ostree_sign_metadata_format (sign); + g_autoptr (GVariant) signatures = + g_variant_lookup_value (metadata, signature_key, signature_format); /* If not found signatures for requested signature subsystem */ if (!signatures) @@ -201,11 +190,7 @@ _sign_verify_for_remote (OstreeRepo *repo, } if (!found_sig) - { - if (n_unknown_signatures > 0) - return glnx_throw (error, "No signatures found (%d unknown type)", n_unknown_signatures); - return glnx_throw (error, "No signatures found"); - } + return glnx_throw (error, "No signatures found"); g_assert (last_sig_error); g_propagate_error (error, g_steal_pointer (&last_sig_error)); diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c index 817307e9..4d617c96 100644 --- a/src/libostree/ostree-repo-pull.c +++ b/src/libostree/ostree-repo-pull.c @@ -1544,14 +1544,11 @@ scan_commit_object (OtPullData *pull_data, gboolean found_any_signature = FALSE; gboolean found_valid_signature = FALSE; - /* list all signature types in detached metadata and check if signed by any? */ - g_auto (GStrv) names = ostree_sign_list_names(); - for (char **iter=names; iter && *iter; iter++) + /* FIXME - dedup this with _sign_verify_for_remote() */ + g_autoptr(GPtrArray) signers = ostree_sign_get_all (); + for (guint i = 0; i < signers->len; i++) { - g_autoptr (OstreeSign) sign = NULL; - - if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL) - continue; + OstreeSign *sign = signers->pdata[i]; /* Try to load public key(s) according remote's configuration */ if (!_signapi_load_public_keys (sign, pull_data->repo, pull_data->remote_name, error)) diff --git a/src/libostree/ostree-sign.c b/src/libostree/ostree-sign.c index 68447da6..f3992480 100644 --- a/src/libostree/ostree-sign.c +++ b/src/libostree/ostree-sign.c @@ -436,8 +436,6 @@ ostree_sign_commit_verify (OstreeSign *self, * * Return the pointer to the name of currently used/selected signing engine. * - * The list of available engines could be acquired with #ostree_sign_list_names. - * * Returns: (transfer none): pointer to the name * @NULL in case of error (unlikely). * @@ -515,28 +513,27 @@ ostree_sign_commit (OstreeSign *self, } /** - * ostree_sign_list_names: + * ostree_sign_get_all: * - * Return an array with all available sign engines names. + * Return an array with newly allocated instances of all available + * signing engines; they will not be initialized. * - * Returns: (transfer full): an array of strings, free when you used it + * Returns: (transfer full) (element-type OstreeSign): an array of signing engines * * Since: 2020.2 */ -GStrv -ostree_sign_list_names(void) +GPtrArray * +ostree_sign_get_all (void) { + g_autoptr(GPtrArray) engines = g_ptr_array_new_with_free_func (g_object_unref); + for (guint i = 0; i < G_N_ELEMENTS(sign_types); i++) + { + OstreeSign *engine = ostree_sign_get_by_name (sign_types[i].name, NULL); + g_assert (engine); + g_ptr_array_add (engines, engine); + } - GStrv names = g_new0 (char *, G_N_ELEMENTS(sign_types) + 1); - gint i = 0; - - for (i=0; i < G_N_ELEMENTS(sign_types); i++) - { - names[i] = g_strdup(sign_types[i].name); - g_debug ("Found '%s' signing engine", names[i]); - } - - return names; + return g_steal_pointer (&engines); } /** @@ -544,11 +541,9 @@ ostree_sign_list_names(void) * @name: the name of desired signature engine * @error: return location for a #GError * - * Tries to find and return proper signing engine by it's name. + * Create a new instance of a signing engine. * - * The list of available engines could be acquired with #ostree_sign_list_names. - * - * Returns: (transfer full): a constant, free when you used it + * Returns: (transfer full): New signing engine, or %NULL if the engine is not known * * Since: 2020.2 */ diff --git a/src/libostree/ostree-sign.h b/src/libostree/ostree-sign.h index da10469b..588ace53 100644 --- a/src/libostree/ostree-sign.h +++ b/src/libostree/ostree-sign.h @@ -153,7 +153,7 @@ gboolean ostree_sign_load_pk (OstreeSign *self, _OSTREE_PUBLIC -GStrv ostree_sign_list_names(void); +GPtrArray * ostree_sign_get_all(void); _OSTREE_PUBLIC OstreeSign * ostree_sign_get_by_name (const gchar *name, GError **error);