[ostree] ostree: Add gpg-sign command
- From: Matthew Barnes <mbarnes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] ostree: Add gpg-sign command
- Date: Thu, 26 Feb 2015 17:55:08 +0000 (UTC)
commit a5b002dae6aea50dc1cc2b50bdc3516c3066de40
Author: Matthew Barnes <mbarnes redhat com>
Date: Wed Feb 25 13:55:14 2015 -0500
ostree: Add gpg-sign command
Signs a commit with one or more GPG keys.
Makefile-ostree.am | 1 +
doc/Makefile.am | 2 +-
doc/ostree-gpg-sign.xml | 80 ++++++++++++++++++++++++++++++++
src/ostree/main.c | 3 +
src/ostree/ot-builtin-gpg-sign.c | 94 ++++++++++++++++++++++++++++++++++++++
src/ostree/ot-builtins.h | 1 +
tests/test-gpg-signed-commit.sh | 8 +++
7 files changed, 188 insertions(+), 1 deletions(-)
---
diff --git a/Makefile-ostree.am b/Makefile-ostree.am
index 95cf677..1bdc5f3 100644
--- a/Makefile-ostree.am
+++ b/Makefile-ostree.am
@@ -29,6 +29,7 @@ ostree_SOURCES = src/ostree/main.c \
src/ostree/ot-builtin-commit.c \
src/ostree/ot-builtin-diff.c \
src/ostree/ot-builtin-fsck.c \
+ src/ostree/ot-builtin-gpg-sign.c \
src/ostree/ot-builtin-init.c \
src/ostree/ot-builtin-pull-local.c \
src/ostree/ot-builtin-log.c \
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 5e5e386..453551c 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -125,7 +125,7 @@ version.xml:
# This includes the standard gtk-doc make rules, copied by gtkdocize.
include $(top_srcdir)/gtk-doc.make
-man1_MANS = ostree.1 ostree-admin-cleanup.1 ostree-admin-config-diff.1 ostree-admin-deploy.1
ostree-admin-init-fs.1 ostree-admin-instutil.1 ostree-admin-os-init.1 ostree-admin-status.1
ostree-admin-set-origin.1 ostree-admin-switch.1 ostree-admin-undeploy.1 ostree-admin-upgrade.1 ostree-admin.1
ostree-cat.1 ostree-checkout.1 ostree-checksum.1 ostree-commit.1 ostree-config.1 ostree-diff.1 ostree-fsck.1
ostree-init.1 ostree-log.1 ostree-ls.1 ostree-prune.1 ostree-pull-local.1 ostree-pull.1 ostree-refs.1
ostree-remote.1 ostree-reset.1 ostree-rev-parse.1 ostree-show.1 ostree-summary.1 ostree-static-delta.1
ostree-trivial-httpd.1
+man1_MANS = ostree.1 ostree-admin-cleanup.1 ostree-admin-config-diff.1 ostree-admin-deploy.1
ostree-admin-init-fs.1 ostree-admin-instutil.1 ostree-admin-os-init.1 ostree-admin-status.1
ostree-admin-set-origin.1 ostree-admin-switch.1 ostree-admin-undeploy.1 ostree-admin-upgrade.1 ostree-admin.1
ostree-cat.1 ostree-checkout.1 ostree-checksum.1 ostree-commit.1 ostree-gpg-sign.1 ostree-config.1
ostree-diff.1 ostree-fsck.1 ostree-init.1 ostree-log.1 ostree-ls.1 ostree-prune.1 ostree-pull-local.1
ostree-pull.1 ostree-refs.1 ostree-remote.1 ostree-reset.1 ostree-rev-parse.1 ostree-show.1 ostree-summary.1
ostree-static-delta.1 ostree-trivial-httpd.1
man5_MANS = ostree.repo.5 ostree.repo-config.5
diff --git a/doc/ostree-gpg-sign.xml b/doc/ostree-gpg-sign.xml
new file mode 100644
index 0000000..0c7ab7d
--- /dev/null
+++ b/doc/ostree-gpg-sign.xml
@@ -0,0 +1,80 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd";>
+
+<!--
+Copyright 2015 Matthew Barnes <mbarnes redhat com>
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the
+Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+Boston, MA 02111-1307, USA.
+-->
+
+<refentry id="ostree">
+
+ <refentryinfo>
+ <title>ostree gpg-sign</title>
+ <productname>OSTree</productname>
+
+ <authorgroup>
+ <author>
+ <contrib>Developer</contrib>
+ <firstname>Colin</firstname>
+ <surname>Walters</surname>
+ <email>walters verbum org</email>
+ </author>
+ </authorgroup>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>ostree gpg-sign</refentrytitle>
+ <manvolnum>1</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>ostree-gpg-sign</refname>
+ <refpurpose>Sign a commit</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>ostree gpg-sign</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg
choice="req">COMMIT</arg> <arg choice="req" rep="repeat">KEY-ID</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para>
+ Add a new signature to a commit for each specified GPG key.
+
+ Note that currently, this will append a new signature even if
+ the commit is already signed with a given key.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Options</title>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>--gpg-homedir</option>="HOMEDIR"</term>
+
+ <listitem><para>
+ GPG Homedir to use when looking for keyrings.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+</refentry>
diff --git a/src/ostree/main.c b/src/ostree/main.c
index b8dccd6..93656fd 100644
--- a/src/ostree/main.c
+++ b/src/ostree/main.c
@@ -41,6 +41,9 @@ static OstreeCommand commands[] = {
{ "config", ostree_builtin_config },
{ "diff", ostree_builtin_diff },
{ "fsck", ostree_builtin_fsck },
+#ifdef HAVE_GPGME
+ { "gpg-sign", ostree_builtin_gpg_sign },
+#endif
{ "init", ostree_builtin_init },
{ "log", ostree_builtin_log },
{ "ls", ostree_builtin_ls },
diff --git a/src/ostree/ot-builtin-gpg-sign.c b/src/ostree/ot-builtin-gpg-sign.c
new file mode 100644
index 0000000..74354d0
--- /dev/null
+++ b/src/ostree/ot-builtin-gpg-sign.c
@@ -0,0 +1,94 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
+ *
+ * Copyright (C) 2015 Colin Walters <walters verbum org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Colin Walters <walters verbum org>
+ */
+
+#include "config.h"
+
+#include "ot-main.h"
+#include "ot-builtins.h"
+#include "ostree.h"
+#include "otutil.h"
+
+static char *opt_gpg_homedir;
+
+static GOptionEntry options[] = {
+ { "gpg-homedir", 0, 0, G_OPTION_ARG_STRING, &opt_gpg_homedir, "GPG Homedir to use when looking for
keyrings", "HOMEDIR"},
+};
+
+static void
+usage_error (GOptionContext *context, const char *message, GError **error)
+{
+ gs_free char *help = g_option_context_get_help (context, TRUE, NULL);
+ g_printerr ("%s", help);
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, message);
+}
+
+gboolean
+ostree_builtin_gpg_sign (int argc, char **argv, GCancellable *cancellable, GError **error)
+{
+ GOptionContext *context;
+ gs_unref_object OstreeRepo *repo = NULL;
+ gs_free char *resolved_commit = NULL;
+ const char *commit;
+ char **key_ids;
+ int n_key_ids, ii;
+ gboolean ret = FALSE;
+
+ context = g_option_context_new ("COMMIT KEY-ID... - Sign a commit");
+
+ if (!ostree_option_context_parse (context, options, &argc, &argv, OSTREE_BUILTIN_FLAG_NONE, &repo,
cancellable, error))
+ goto out;
+
+ if (argc < 2)
+ {
+ usage_error (context, "Need a COMMIT to sign", error);
+ goto out;
+ }
+
+ if (argc < 3)
+ {
+ usage_error (context, "Need at least one GPG KEY-ID to sign with", error);
+ goto out;
+ }
+
+ commit = argv[1];
+ key_ids = argv + 2;
+ n_key_ids = argc - 2;
+
+ if (!ostree_repo_resolve_rev (repo, commit, FALSE, &resolved_commit, error))
+ goto out;
+
+ for (ii = 0; ii < n_key_ids; ii++)
+ {
+ if (!ostree_repo_sign_commit (repo, resolved_commit, key_ids[ii],
+ opt_gpg_homedir, cancellable, error))
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
+ if (context)
+ g_option_context_free (context);
+
+ return ret;
+}
+
diff --git a/src/ostree/ot-builtins.h b/src/ostree/ot-builtins.h
index 099b2bc..95262ec 100644
--- a/src/ostree/ot-builtins.h
+++ b/src/ostree/ot-builtins.h
@@ -35,6 +35,7 @@ BUILTINPROTO(checkout);
BUILTINPROTO(checksum);
BUILTINPROTO(commit);
BUILTINPROTO(diff);
+BUILTINPROTO(gpg_sign);
BUILTINPROTO(init);
BUILTINPROTO(log);
BUILTINPROTO(pull);
diff --git a/tests/test-gpg-signed-commit.sh b/tests/test-gpg-signed-commit.sh
index 8a75660..a3d1ad3 100644
--- a/tests/test-gpg-signed-commit.sh
+++ b/tests/test-gpg-signed-commit.sh
@@ -39,3 +39,11 @@ cd ${test_tmpdir}
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID}
--gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
assert_file_has_content test2-gpgsigs 'byte '
+
+# Commit and sign separately
+cd ${test_tmpdir}
+${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --tree=dir=files
+$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 2> /dev/null && (echo 1>&2 "unsigned commit
unexpectedly had detached metadata"; exit 1)
+$OSTREE gpg-sign test2 ${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME}
+$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
+assert_file_has_content test2-gpgsigs 'byte '
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
