lib/repo: Factor out GPG verifier preparation
In order to use the GPG verifier, it needs to be seeded with GPG keys after instantation. Currently this is only used for verifying data, but it will also be used for getting a list of trusted GPG keys in a subsequent commit.
This commit is contained in:
Dan Nicholson
Dan Nicholson
parent
dba2cdcbac
commit
c8715c123e
|
|
@ -5338,28 +5338,25 @@ find_keyring (OstreeRepo *self,
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static OstreeGpgVerifyResult *
|
static gboolean
|
||||||
_ostree_repo_gpg_verify_data_internal (OstreeRepo *self,
|
_ostree_repo_gpg_prepare_verifier (OstreeRepo *self,
|
||||||
const gchar *remote_name,
|
const gchar *remote_name,
|
||||||
GBytes *data,
|
GFile *keyringdir,
|
||||||
GBytes *signatures,
|
GFile *extra_keyring,
|
||||||
GFile *keyringdir,
|
OstreeGpgVerifier **out_verifier,
|
||||||
GFile *extra_keyring,
|
GCancellable *cancellable,
|
||||||
GCancellable *cancellable,
|
GError **error)
|
||||||
GError **error)
|
|
||||||
{
|
{
|
||||||
g_autoptr(OstreeGpgVerifier) verifier = NULL;
|
g_autoptr(OstreeGpgVerifier) verifier = _ostree_gpg_verifier_new ();
|
||||||
gboolean add_global_keyring_dir = TRUE;
|
gboolean add_global_keyring_dir = TRUE;
|
||||||
|
|
||||||
verifier = _ostree_gpg_verifier_new ();
|
|
||||||
|
|
||||||
if (remote_name == OSTREE_ALL_REMOTES)
|
if (remote_name == OSTREE_ALL_REMOTES)
|
||||||
{
|
{
|
||||||
/* Add all available remote keyring files. */
|
/* Add all available remote keyring files. */
|
||||||
|
|
||||||
if (!_ostree_gpg_verifier_add_keyring_dir_at (verifier, self->repo_dir_fd, ".",
|
if (!_ostree_gpg_verifier_add_keyring_dir_at (verifier, self->repo_dir_fd, ".",
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
return NULL;
|
return FALSE;
|
||||||
}
|
}
|
||||||
else if (remote_name != NULL)
|
else if (remote_name != NULL)
|
||||||
{
|
{
|
||||||
|
|
@ -5369,11 +5366,11 @@ _ostree_repo_gpg_verify_data_internal (OstreeRepo *self,
|
||||||
|
|
||||||
remote = _ostree_repo_get_remote_inherited (self, remote_name, error);
|
remote = _ostree_repo_get_remote_inherited (self, remote_name, error);
|
||||||
if (remote == NULL)
|
if (remote == NULL)
|
||||||
return NULL;
|
return FALSE;
|
||||||
|
|
||||||
g_autoptr(GBytes) keyring_data = NULL;
|
g_autoptr(GBytes) keyring_data = NULL;
|
||||||
if (!find_keyring (self, remote, &keyring_data, cancellable, error))
|
if (!find_keyring (self, remote, &keyring_data, cancellable, error))
|
||||||
return NULL;
|
return FALSE;
|
||||||
|
|
||||||
if (keyring_data != NULL)
|
if (keyring_data != NULL)
|
||||||
{
|
{
|
||||||
|
|
@ -5389,14 +5386,14 @@ _ostree_repo_gpg_verify_data_internal (OstreeRepo *self,
|
||||||
";,",
|
";,",
|
||||||
&gpgkeypath_list,
|
&gpgkeypath_list,
|
||||||
error))
|
error))
|
||||||
return NULL;
|
return FALSE;
|
||||||
|
|
||||||
if (gpgkeypath_list)
|
if (gpgkeypath_list)
|
||||||
{
|
{
|
||||||
for (char **iter = gpgkeypath_list; *iter != NULL; ++iter)
|
for (char **iter = gpgkeypath_list; *iter != NULL; ++iter)
|
||||||
if (!_ostree_gpg_verifier_add_keyfile_path (verifier, *iter,
|
if (!_ostree_gpg_verifier_add_keyfile_path (verifier, *iter,
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
return NULL;
|
return FALSE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -5404,20 +5401,46 @@ _ostree_repo_gpg_verify_data_internal (OstreeRepo *self,
|
||||||
{
|
{
|
||||||
/* Use the deprecated global keyring directory. */
|
/* Use the deprecated global keyring directory. */
|
||||||
if (!_ostree_gpg_verifier_add_global_keyring_dir (verifier, cancellable, error))
|
if (!_ostree_gpg_verifier_add_global_keyring_dir (verifier, cancellable, error))
|
||||||
return NULL;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keyringdir)
|
if (keyringdir)
|
||||||
{
|
{
|
||||||
if (!_ostree_gpg_verifier_add_keyring_dir (verifier, keyringdir,
|
if (!_ostree_gpg_verifier_add_keyring_dir (verifier, keyringdir,
|
||||||
cancellable, error))
|
cancellable, error))
|
||||||
return NULL;
|
return FALSE;
|
||||||
}
|
}
|
||||||
if (extra_keyring != NULL)
|
if (extra_keyring != NULL)
|
||||||
{
|
{
|
||||||
_ostree_gpg_verifier_add_keyring_file (verifier, extra_keyring);
|
_ostree_gpg_verifier_add_keyring_file (verifier, extra_keyring);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (out_verifier != NULL)
|
||||||
|
*out_verifier = g_steal_pointer (&verifier);
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static OstreeGpgVerifyResult *
|
||||||
|
_ostree_repo_gpg_verify_data_internal (OstreeRepo *self,
|
||||||
|
const gchar *remote_name,
|
||||||
|
GBytes *data,
|
||||||
|
GBytes *signatures,
|
||||||
|
GFile *keyringdir,
|
||||||
|
GFile *extra_keyring,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
g_autoptr(OstreeGpgVerifier) verifier = NULL;
|
||||||
|
if (!_ostree_repo_gpg_prepare_verifier (self,
|
||||||
|
remote_name,
|
||||||
|
keyringdir,
|
||||||
|
extra_keyring,
|
||||||
|
&verifier,
|
||||||
|
cancellable,
|
||||||
|
error))
|
||||||
|
return NULL;
|
||||||
|
|
||||||
return _ostree_gpg_verifier_check_signature (verifier,
|
return _ostree_gpg_verifier_check_signature (verifier,
|
||||||
data,
|
data,
|
||||||
signatures,
|
signatures,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue