packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libostree: Add API to append a GPG signature 

This will be used by rpm-ostree which needs to use an external program
to sign commits.
This commit is contained in:
Colin Walters 2014-03-14 21:57:47 -04:00
parent 4995352fe0
commit cbc11f42e5
2 changed files with 77 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
src/libostree/ostree-repo.c
View File

@ -1499,6 +1499,74 @@ ostree_repo_pull (OstreeRepo *self,
} }
#endif #endif
/**
* ostree_repo_append_gpg_signature:
* @self: Self
* @commit_checksum: SHA256 of given commit to sign
* @signature_bytes: Signature data
* @cancellable: A #GCancellable
* @error: a #GError
*
* Append a GPG signature to a commit.
*/
gboolean
ostree_repo_append_gpg_signature (OstreeRepo *self,
const gchar *commit_checksum,
GBytes *signature_bytes,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
gs_unref_variant GVariant *metadata = NULL;
gs_unref_variant_builder GVariantBuilder *builder = NULL;
gs_unref_variant_builder GVariantBuilder *signature_builder = NULL;
gs_unref_variant GVariant *signaturedata = NULL;
if (!ostree_repo_read_commit_detached_metadata (self,
commit_checksum,
&metadata,
cancellable,
error))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Unable to read existing detached metadata");
goto out;
}
if (metadata)
{
builder = ot_util_variant_builder_from_variant (metadata, G_VARIANT_TYPE ("a{sv}"));
signaturedata = g_variant_lookup_value (metadata, "ostree.gpgsigs", G_VARIANT_TYPE ("aay"));
if (signaturedata)
signature_builder = ot_util_variant_builder_from_variant (signaturedata, G_VARIANT_TYPE ("aay"));
}
if (!builder)
builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
if (!signature_builder)
signature_builder = g_variant_builder_new (G_VARIANT_TYPE ("aay"));
g_variant_builder_add (signature_builder, "@ay", ot_gvariant_new_ay_bytes (signature_bytes));
g_variant_builder_add (builder, "{sv}", "ostree.gpgsigs", g_variant_builder_end (signature_builder));
metadata = g_variant_builder_end (builder);
if (!ostree_repo_write_commit_detached_metadata (self,
commit_checksum,
metadata,
cancellable,
error))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Unable to read existing detached metadata");
goto out;
}
ret = TRUE;
out:
return ret;
}
/** /**
* ostree_repo_sign_commit: * ostree_repo_sign_commit:
* @self: Self * @self: Self
@ -1521,14 +1589,10 @@ ostree_repo_sign_commit (OstreeRepo *self,
#ifdef HAVE_GPGME #ifdef HAVE_GPGME
gboolean ret = FALSE; gboolean ret = FALSE;
gs_unref_object GFile *commit_path = NULL; gs_unref_object GFile *commit_path = NULL;
gs_unref_variant GVariant *metadata = NULL;
gs_free gchar *commit_filename = NULL; gs_free gchar *commit_filename = NULL;
gs_unref_object GFile *tmp_signature_file = NULL; gs_unref_object GFile *tmp_signature_file = NULL;
gs_unref_object GOutputStream *tmp_signature_output = NULL; gs_unref_object GOutputStream *tmp_signature_output = NULL;
gs_unref_variant_builder GVariantBuilder *builder = NULL;
gs_unref_variant_builder GVariantBuilder *signature_builder = NULL;
gs_unref_variant GVariant *commit_variant = NULL; gs_unref_variant GVariant *commit_variant = NULL;
gs_unref_variant GVariant *signaturedata = NULL;
gs_unref_bytes GBytes *signature_bytes = NULL; gs_unref_bytes GBytes *signature_bytes = NULL;
gpgme_ctx_t context; gpgme_ctx_t context;
gpgme_engine_info_t info; gpgme_engine_info_t info;
@ -1543,17 +1607,6 @@ ostree_repo_sign_commit (OstreeRepo *self,
commit_checksum, &commit_variant, error)) commit_checksum, &commit_variant, error))
goto out; goto out;
if (!ostree_repo_read_commit_detached_metadata (self,
commit_checksum,
&metadata,
cancellable,
error))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Unable to read existing detached metadata");
goto out;
}
if (!gs_file_open_in_tmpdir (self->tmp_dir, 0644, if (!gs_file_open_in_tmpdir (self->tmp_dir, 0644,
&tmp_signature_file, &tmp_signature_output, &tmp_signature_file, &tmp_signature_output,
cancellable, error)) cancellable, error))
@ -1647,35 +1700,9 @@ ostree_repo_sign_commit (OstreeRepo *self,
goto out; goto out;
signature_bytes = g_mapped_file_get_bytes (signature_file); signature_bytes = g_mapped_file_get_bytes (signature_file);
// Now read the file and put its contents into the result GVariant if (!ostree_repo_append_gpg_signature (self, commit_checksum, signature_bytes,
if (metadata) cancellable, error))
{ goto out;
builder = ot_util_variant_builder_from_variant (metadata, G_VARIANT_TYPE ("a{sv}"));
signaturedata = g_variant_lookup_value (metadata, "ostree.gpgsigs", G_VARIANT_TYPE ("aay"));
if (signaturedata)
signature_builder = ot_util_variant_builder_from_variant (signaturedata, G_VARIANT_TYPE ("aay"));
}
if (!builder)
builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
if (!signature_builder)
signature_builder = g_variant_builder_new (G_VARIANT_TYPE ("aay"));
g_variant_builder_add (signature_builder, "@ay", ot_gvariant_new_ay_bytes (signature_bytes));
g_variant_builder_add (builder, "{sv}", "ostree.gpgsigs", g_variant_builder_end (signature_builder));
metadata = g_variant_builder_end (builder);
if (!ostree_repo_write_commit_detached_metadata (self,
commit_checksum,
metadata,
cancellable,
error))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Unable to read existing detached metadata");
goto out;
}
ret = TRUE; ret = TRUE;
out: out:

6
src/libostree/ostree-repo.h
View File

@ -521,6 +521,12 @@ gboolean ostree_repo_sign_commit (OstreeRepo *self,
GCancellable *cancellable, GCancellable *cancellable,
GError **error); GError **error);
gboolean ostree_repo_append_gpg_signature (OstreeRepo *self,
const gchar *commit_checksum,
GBytes *signature_bytes,
GCancellable *cancellable,
GError **error);
gboolean ostree_repo_verify_commit (OstreeRepo *self, gboolean ostree_repo_verify_commit (OstreeRepo *self,
const gchar *commit_checksum, const gchar *commit_checksum,
GFile *keyringdir, GFile *keyringdir,