[ostree] OstreeGpgVerifier: Take the signed data as a GBytes
- From: Matthew Barnes <mbarnes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] OstreeGpgVerifier: Take the signed data as a GBytes
- Date: Mon, 16 Mar 2015 20:38:11 +0000 (UTC)
commit f47693440dd2c418464c9aff60300bcae4e407c0
Author: Matthew Barnes <mbarnes redhat com>
Date: Mon Mar 16 13:01:55 2015 -0400
OstreeGpgVerifier: Take the signed data as a GBytes
Similar to c2b01ad. For some reason I was thinking the commit data
still needed to be written to disk prior to verifying, but it's just
another artifact of spawning gpgv2 (predates using GPGME).
Makes for a nice cleanup in fetch_metadata_to_verify_delta_superblock()
as well.
src/libostree/ostree-gpg-verifier.c | 25 ++++++++++--------
src/libostree/ostree-gpg-verifier.h | 2 +-
src/libostree/ostree-repo-private.h | 14 +++++-----
src/libostree/ostree-repo-pull.c | 22 ++--------------
src/libostree/ostree-repo.c | 47 +++++++++++++++--------------------
5 files changed, 45 insertions(+), 65 deletions(-)
---
diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c
index c473892..5f4189f 100644
--- a/src/libostree/ostree-gpg-verifier.c
+++ b/src/libostree/ostree-gpg-verifier.c
@@ -243,7 +243,7 @@ out:
gboolean
_ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
- GFile *file,
+ GBytes *signed_data,
GBytes *signatures,
gboolean *out_had_valid_sig,
GCancellable *cancellable,
@@ -294,17 +294,20 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
if (!override_gpgme_home_dir (gpg_ctx, temp_dir, error))
goto out;
- {
- gs_free char *path = g_file_get_path (file);
- gpg_error = gpgme_data_new_from_file (&data_buffer, path, 1);
+ /* Both the signed data and signature GBytes instances will outlive the
+ * gpgme_data_t structs, so we can safely reuse the GBytes memory buffer
+ * directly and avoid a copy. */
- if (gpg_error != GPG_ERR_NO_ERROR)
- {
- gpg_error_to_gio_error (gpg_error, error);
- g_prefix_error (error, "Unable to read signed text: ");
- goto out;
- }
- }
+ gpg_error = gpgme_data_new_from_mem (&data_buffer,
+ g_bytes_get_data (signed_data, NULL),
+ g_bytes_get_size (signed_data),
+ 0 /* do not copy */);
+ if (gpg_error != GPG_ERR_NO_ERROR)
+ {
+ gpg_error_to_gio_error (gpg_error, error);
+ g_prefix_error (error, "Unable to read signed data: ");
+ goto out;
+ }
gpg_error = gpgme_data_new_from_mem (&signature_buffer,
g_bytes_get_data (signatures, NULL),
diff --git a/src/libostree/ostree-gpg-verifier.h b/src/libostree/ostree-gpg-verifier.h
index d3a9994..10b84ee 100644
--- a/src/libostree/ostree-gpg-verifier.h
+++ b/src/libostree/ostree-gpg-verifier.h
@@ -42,7 +42,7 @@ OstreeGpgVerifier *_ostree_gpg_verifier_new (GCancellable *cancellable,
GError **error);
gboolean _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
- GFile *file,
+ GBytes *signed_data,
GBytes *signatures,
gboolean *had_valid_signature,
GCancellable *cancellable,
diff --git a/src/libostree/ostree-repo-private.h b/src/libostree/ostree-repo-private.h
index 3bb4576..9721490 100644
--- a/src/libostree/ostree-repo-private.h
+++ b/src/libostree/ostree-repo-private.h
@@ -186,13 +186,13 @@ _ostree_repo_get_remote_boolean_option (OstreeRepo *self,
GError **error);
gboolean
-_ostree_repo_gpg_verify_file_with_metadata (OstreeRepo *self,
- GFile *path,
- GVariant *metadata,
- GFile *keyringdir,
- GFile *extra_keyring,
- GCancellable *cancellable,
- GError **error);
+_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
+ GBytes *signed_data,
+ GVariant *metadata,
+ GFile *keyringdir,
+ GFile *extra_keyring,
+ GCancellable *cancellable,
+ GError **error);
gboolean
_ostree_repo_commit_loose_final (OstreeRepo *self,
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index b1219da..6f7bcb5 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -1286,9 +1286,6 @@ fetch_metadata_to_verify_delta_superblock (OtPullData *pull_data,
gs_free char *meta_path = _ostree_get_relative_static_delta_detachedmeta_path (from_revision, checksum);
gs_unref_bytes GBytes *detached_meta_data = NULL;
SoupURI *target_uri = NULL;
- gs_unref_object GFile *temp_input_path = NULL;
- gs_unref_object GOutputStream *temp_input_stream = NULL;
- gs_unref_object GInputStream *superblock_in = NULL;
gs_unref_variant GVariant *metadata = NULL;
target_uri = suburi_new (pull_data->base_uri, meta_path, NULL);
@@ -1301,26 +1298,13 @@ fetch_metadata_to_verify_delta_superblock (OtPullData *pull_data,
goto out;
}
- superblock_in = g_memory_input_stream_new_from_bytes (superblock_data);
-
- if (!gs_file_open_in_tmpdir (pull_data->repo->tmp_dir, 0644,
- &temp_input_path, &temp_input_stream,
- cancellable, error))
- goto out;
-
- if (0 > g_output_stream_splice (temp_input_stream, superblock_in,
- G_OUTPUT_STREAM_SPLICE_CLOSE_SOURCE |
- G_OUTPUT_STREAM_SPLICE_CLOSE_TARGET,
- cancellable, error))
- goto out;
-
metadata = g_variant_new_from_bytes (G_VARIANT_TYPE ("a{sv}"),
detached_meta_data,
FALSE);
- if (!_ostree_repo_gpg_verify_file_with_metadata (pull_data->repo, temp_input_path,
- metadata, NULL, NULL,
- cancellable, error))
+ if (!_ostree_repo_gpg_verify_with_metadata (pull_data->repo, superblock_data,
+ metadata, NULL, NULL,
+ cancellable, error))
goto out;
ret = TRUE;
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 35daa3e..8b0ef70 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -3188,13 +3188,13 @@ ostree_repo_sign_delta (OstreeRepo *self,
}
gboolean
-_ostree_repo_gpg_verify_file_with_metadata (OstreeRepo *self,
- GFile *path,
- GVariant *metadata,
- GFile *keyringdir,
- GFile *extra_keyring,
- GCancellable *cancellable,
- GError **error)
+_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
+ GBytes *signed_data,
+ GVariant *metadata,
+ GFile *keyringdir,
+ GFile *extra_keyring,
+ GCancellable *cancellable,
+ GError **error)
{
gboolean ret = FALSE;
gs_unref_object OstreeGpgVerifier *verifier = NULL;
@@ -3253,7 +3253,7 @@ _ostree_repo_gpg_verify_file_with_metadata (OstreeRepo *self,
signatures = g_byte_array_free_to_bytes (buffer);
if (!_ostree_gpg_verifier_check_signature (verifier,
- path,
+ signed_data,
signatures,
&had_valid_signature,
cancellable, error))
@@ -3293,26 +3293,19 @@ ostree_repo_verify_commit (OstreeRepo *self,
{
gboolean ret = FALSE;
gs_unref_variant GVariant *commit_variant = NULL;
- gs_unref_object GFile *commit_tmp_path = NULL;
gs_unref_object GFile *keyringdir_ref = NULL;
gs_unref_variant GVariant *metadata = NULL;
+ gs_unref_bytes GBytes *signed_data = NULL;
gs_free gchar *commit_filename = NULL;
/* Create a temporary file for the commit */
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
commit_checksum, &commit_variant,
error))
- goto out;
- if (!gs_file_open_in_tmpdir (self->tmp_dir, 0644,
- &commit_tmp_path, NULL,
- cancellable, error))
- goto out;
- if (!g_file_replace_contents (commit_tmp_path,
- (char*)g_variant_get_data (commit_variant),
- g_variant_get_size (commit_variant),
- NULL, FALSE, 0, NULL,
- cancellable, error))
- goto out;
+ {
+ g_prefix_error (error, "Failed to read commit: ");
+ goto out;
+ }
/* Load the metadata */
if (!ostree_repo_read_commit_detached_metadata (self,
@@ -3324,17 +3317,17 @@ ostree_repo_verify_commit (OstreeRepo *self,
g_prefix_error (error, "Failed to read detached metadata: ");
goto out;
}
-
- if (!_ostree_repo_gpg_verify_file_with_metadata (self,
- commit_tmp_path, metadata,
- keyringdir, extra_keyring,
- cancellable, error))
+
+ signed_data = g_variant_get_data_as_bytes (commit_variant);
+
+ if (!_ostree_repo_gpg_verify_with_metadata (self,
+ signed_data, metadata,
+ keyringdir, extra_keyring,
+ cancellable, error))
goto out;
ret = TRUE;
out:
- if (commit_tmp_path)
- (void) gs_file_unlink (commit_tmp_path, NULL, NULL);
return ret;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
