diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c index 0346a3df..8affec53 100644 --- a/src/libostree/ostree-repo.c +++ b/src/libostree/ostree-repo.c @@ -3324,11 +3324,6 @@ out: * @self: Self * @from_commit: SHA256 of starting commit to sign, or %NULL * @to_commit: SHA256 of target commit to sign - * @key_id: Use this GPG key id - * @homedir: (allow-none): GPG home directory, or %NULL - * @cancellable: A #GCancellable - * @error: a #GError - * * This function is deprecated, sign the summary file instead. * Add a GPG signature to a static delta. */ @@ -3345,7 +3340,80 @@ ostree_repo_sign_delta (OstreeRepo *self, return FALSE; } - OstreeGpgVerifyResult * +/** + * ostree_repo_add_gpg_signature_summary: + * @self: Self + * @key_id: NULL-terminated array of GPG keys. + * @homedir: (allow-none): GPG home directory, or %NULL + * @cancellable: A #GCancellable + * @error: a #GError + * + * Add a GPG signature to a static delta. + */ +gboolean +ostree_repo_add_gpg_signature_summary (OstreeRepo *self, + const gchar **key_id, + const gchar *homedir, + GCancellable *cancellable, + GError **error) +{ + gboolean ret = FALSE; + g_autoptr(GBytes) summary_data = NULL; + g_autoptr(GFile) summary_file = NULL; + g_autoptr(GFile) signature_path = NULL; + GError *temp_error = NULL; + g_autoptr(GVariant) existing_signatures = NULL; + g_autoptr(GVariant) new_metadata = NULL; + g_autoptr(GVariant) normalized = NULL; + guint i; + signature_path = g_file_resolve_relative_path (self->repodir, "summary.sig"); + + summary_file = g_file_resolve_relative_path (self->repodir, "summary"); + summary_data = gs_file_map_readonly (summary_file, cancellable, error); + if (!summary_data) + goto out; + + if (!ot_util_variant_map (signature_path, G_VARIANT_TYPE ("a{sv}"), + TRUE, &existing_signatures, &temp_error)) + { + if (g_error_matches (temp_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND)) + { + g_clear_error (&temp_error); + } + else + { + g_propagate_error (error, temp_error); + goto out; + } + } + + for (i = 0; key_id[i]; i++) + { + g_autoptr(GBytes) signature_data = NULL; + if (!sign_data (self, summary_data, key_id[i], homedir, + &signature_data, + cancellable, error)) + goto out; + + new_metadata = _ostree_detached_metadata_append_gpg_sig (existing_signatures, signature_data); + } + + normalized = g_variant_get_normal_form (new_metadata); + + if (!_ostree_repo_file_replace_contents (self, + self->repo_dir_fd, + "summary.sig", + g_variant_get_data (normalized), + g_variant_get_size (normalized), + cancellable, error)) + goto out; + + ret = TRUE; + out: + return ret; +} + +OstreeGpgVerifyResult * _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self, GBytes *signed_data, GVariant *metadata, diff --git a/src/libostree/ostree-repo.h b/src/libostree/ostree-repo.h index c882356a..92bddd48 100644 --- a/src/libostree/ostree-repo.h +++ b/src/libostree/ostree-repo.h @@ -712,6 +712,13 @@ gboolean ostree_repo_sign_delta (OstreeRepo *self, GCancellable *cancellable, GError **error); +gboolean +ostree_repo_add_gpg_signature_summary (OstreeRepo *self, + const gchar **key_id, + const gchar *homedir, + GCancellable *cancellable, + GError **error); + gboolean ostree_repo_append_gpg_signature (OstreeRepo *self, const gchar *commit_checksum, GBytes *signature_bytes,