From c8715c123e7979b078d45fd18e7cf5a276eda698 Mon Sep 17 00:00:00 2001 From: Dan Nicholson Date: Tue, 13 Aug 2019 10:36:11 -0600 Subject: [PATCH] lib/repo: Factor out GPG verifier preparation In order to use the GPG verifier, it needs to be seeded with GPG keys after instantation. Currently this is only used for verifying data, but it will also be used for getting a list of trusted GPG keys in a subsequent commit. --- src/libostree/ostree-repo.c | 61 +++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 19 deletions(-) diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c index b90e1c13..d7b38374 100644 --- a/src/libostree/ostree-repo.c +++ b/src/libostree/ostree-repo.c @@ -5338,28 +5338,25 @@ find_keyring (OstreeRepo *self, return TRUE; } -static OstreeGpgVerifyResult * -_ostree_repo_gpg_verify_data_internal (OstreeRepo *self, - const gchar *remote_name, - GBytes *data, - GBytes *signatures, - GFile *keyringdir, - GFile *extra_keyring, - GCancellable *cancellable, - GError **error) +static gboolean +_ostree_repo_gpg_prepare_verifier (OstreeRepo *self, + const gchar *remote_name, + GFile *keyringdir, + GFile *extra_keyring, + OstreeGpgVerifier **out_verifier, + GCancellable *cancellable, + GError **error) { - g_autoptr(OstreeGpgVerifier) verifier = NULL; + g_autoptr(OstreeGpgVerifier) verifier = _ostree_gpg_verifier_new (); gboolean add_global_keyring_dir = TRUE; - verifier = _ostree_gpg_verifier_new (); - if (remote_name == OSTREE_ALL_REMOTES) { /* Add all available remote keyring files. */ if (!_ostree_gpg_verifier_add_keyring_dir_at (verifier, self->repo_dir_fd, ".", cancellable, error)) - return NULL; + return FALSE; } else if (remote_name != NULL) { @@ -5369,11 +5366,11 @@ _ostree_repo_gpg_verify_data_internal (OstreeRepo *self, remote = _ostree_repo_get_remote_inherited (self, remote_name, error); if (remote == NULL) - return NULL; + return FALSE; g_autoptr(GBytes) keyring_data = NULL; if (!find_keyring (self, remote, &keyring_data, cancellable, error)) - return NULL; + return FALSE; if (keyring_data != NULL) { @@ -5389,14 +5386,14 @@ _ostree_repo_gpg_verify_data_internal (OstreeRepo *self, ";,", &gpgkeypath_list, error)) - return NULL; + return FALSE; if (gpgkeypath_list) { for (char **iter = gpgkeypath_list; *iter != NULL; ++iter) if (!_ostree_gpg_verifier_add_keyfile_path (verifier, *iter, cancellable, error)) - return NULL; + return FALSE; } } @@ -5404,20 +5401,46 @@ _ostree_repo_gpg_verify_data_internal (OstreeRepo *self, { /* Use the deprecated global keyring directory. */ if (!_ostree_gpg_verifier_add_global_keyring_dir (verifier, cancellable, error)) - return NULL; + return FALSE; } if (keyringdir) { if (!_ostree_gpg_verifier_add_keyring_dir (verifier, keyringdir, cancellable, error)) - return NULL; + return FALSE; } if (extra_keyring != NULL) { _ostree_gpg_verifier_add_keyring_file (verifier, extra_keyring); } + if (out_verifier != NULL) + *out_verifier = g_steal_pointer (&verifier); + + return TRUE; +} + +static OstreeGpgVerifyResult * +_ostree_repo_gpg_verify_data_internal (OstreeRepo *self, + const gchar *remote_name, + GBytes *data, + GBytes *signatures, + GFile *keyringdir, + GFile *extra_keyring, + GCancellable *cancellable, + GError **error) +{ + g_autoptr(OstreeGpgVerifier) verifier = NULL; + if (!_ostree_repo_gpg_prepare_verifier (self, + remote_name, + keyringdir, + extra_keyring, + &verifier, + cancellable, + error)) + return NULL; + return _ostree_gpg_verifier_check_signature (verifier, data, signatures,