[ostree] repo: Add ostree_repo_verify_commit_ext()
- From: Matthew Barnes <mbarnes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] repo: Add ostree_repo_verify_commit_ext()
- Date: Wed, 18 Mar 2015 15:55:59 +0000 (UTC)
commit 8d127b9dcb663365d9e6025034cf3e6d54a27f3b
Author: Matthew Barnes <mbarnes redhat com>
Date: Wed Mar 11 19:21:33 2015 -0400
repo: Add ostree_repo_verify_commit_ext()
Similar to ostree_repo_verify_commit(), but returns more verification
details by way of an OstreeGpgVerifyResult object instead of a boolean.
doc/ostree-sections.txt | 1 +
src/libostree/ostree-repo-private.h | 2 +-
src/libostree/ostree-repo.c | 75 ++++++++++++++++++++++++----------
src/libostree/ostree-repo.h | 8 ++++
4 files changed, 63 insertions(+), 23 deletions(-)
---
diff --git a/doc/ostree-sections.txt b/doc/ostree-sections.txt
index 41cc441..37888c2 100644
--- a/doc/ostree-sections.txt
+++ b/doc/ostree-sections.txt
@@ -299,6 +299,7 @@ ostree_repo_pull_default_console_progress_changed
ostree_repo_sign_commit
ostree_repo_append_gpg_signature
ostree_repo_verify_commit
+ostree_repo_verify_commit_ext
ostree_repo_regenerate_summary
<SUBSECTION Standard>
OSTREE_REPO
diff --git a/src/libostree/ostree-repo-private.h b/src/libostree/ostree-repo-private.h
index 9721490..6e299e2 100644
--- a/src/libostree/ostree-repo-private.h
+++ b/src/libostree/ostree-repo-private.h
@@ -185,7 +185,7 @@ _ostree_repo_get_remote_boolean_option (OstreeRepo *self,
gboolean *out_value,
GError **error);
-gboolean
+OstreeGpgVerifyResult *
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GBytes *signed_data,
GVariant *metadata,
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 03c3b4d..acda925 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -3187,7 +3187,7 @@ ostree_repo_sign_delta (OstreeRepo *self,
return ret;
}
-gboolean
+OstreeGpgVerifyResult *
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GBytes *signed_data,
GVariant *metadata,
@@ -3196,9 +3196,8 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GCancellable *cancellable,
GError **error)
{
- gboolean ret = FALSE;
+ OstreeGpgVerifyResult *result = NULL;
gs_unref_object OstreeGpgVerifier *verifier = NULL;
- gs_unref_object OstreeGpgVerifyResult *result = NULL;
gs_unref_variant GVariant *signaturedata = NULL;
GByteArray *buffer;
GVariantIter iter;
@@ -3255,19 +3254,9 @@ _ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
result = _ostree_gpg_verifier_check_signature (verifier,
signed_data, signatures,
cancellable, error);
- if (result == NULL)
- goto out;
-
- if (ostree_gpg_verify_result_count_valid (result) == 0)
- {
- g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "GPG signatures found, but none are in trusted keyring");
- goto out;
- }
- ret = TRUE;
out:
- return ret;
+ return result;
}
/**
@@ -3290,7 +3279,51 @@ ostree_repo_verify_commit (OstreeRepo *self,
GCancellable *cancellable,
GError **error)
{
+ gs_unref_object OstreeGpgVerifyResult *result = NULL;
gboolean ret = FALSE;
+
+ result = ostree_repo_verify_commit_ext (self, commit_checksum,
+ keyringdir, extra_keyring,
+ cancellable, error);
+ if (result == NULL)
+ goto out;
+
+ if (ostree_gpg_verify_result_count_valid (result) == 0)
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+ "GPG signatures found, but none are in trusted keyring");
+ goto out;
+ }
+
+ ret = TRUE;
+
+ out:
+ return ret;
+}
+
+/**
+ * ostree_repo_verify_commit_ext:
+ * @self: Repository
+ * @commit_checksum: ASCII SHA256 checksum
+ * @keyringdir: (allow-none): Path to directory GPG keyrings; overrides built-in default if given
+ * @extra_keyring: (allow-none): Path to additional keyring file (not a directory)
+ * @cancellable: Cancellable
+ * @error: Error
+ *
+ * Read GPG signature(s) on the commit named by the ASCII checksum
+ * @commit_checksum and return detailed results.
+ *
+ * Returns: (transfer full): an #OstreeGpgVerifyResult, or %NULL on error
+ */
+OstreeGpgVerifyResult *
+ostree_repo_verify_commit_ext (OstreeRepo *self,
+ const gchar *commit_checksum,
+ GFile *keyringdir,
+ GFile *extra_keyring,
+ GCancellable *cancellable,
+ GError **error)
+{
+ OstreeGpgVerifyResult *result = NULL;
gs_unref_variant GVariant *commit_variant = NULL;
gs_unref_object GFile *keyringdir_ref = NULL;
gs_unref_variant GVariant *metadata = NULL;
@@ -3319,15 +3352,13 @@ ostree_repo_verify_commit (OstreeRepo *self,
signed_data = g_variant_get_data_as_bytes (commit_variant);
- if (!_ostree_repo_gpg_verify_with_metadata (self,
- signed_data, metadata,
- keyringdir, extra_keyring,
- cancellable, error))
- goto out;
-
- ret = TRUE;
+ result = _ostree_repo_gpg_verify_with_metadata (self,
+ signed_data, metadata,
+ keyringdir, extra_keyring,
+ cancellable, error);
+
out:
- return ret;
+ return result;
}
/**
diff --git a/src/libostree/ostree-repo.h b/src/libostree/ostree-repo.h
index c59364a..96c3536 100644
--- a/src/libostree/ostree-repo.h
+++ b/src/libostree/ostree-repo.h
@@ -26,6 +26,7 @@
#include "ostree-types.h"
#include "ostree-async-progress.h"
#include "ostree-sepolicy.h"
+#include "ostree-gpg-verify-result.h"
G_BEGIN_DECLS
@@ -676,6 +677,13 @@ gboolean ostree_repo_verify_commit (OstreeRepo *self,
GCancellable *cancellable,
GError **error);
+OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo *self,
+ const gchar *commit_checksum,
+ GFile *keyringdir,
+ GFile *extra_keyring,
+ GCancellable *cancellable,
+ GError **error);
+
gboolean ostree_repo_regenerate_summary (OstreeRepo *self,
GVariant *additional_metadata,
GCancellable *cancellable,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
