Skip to content

Commit

Permalink
lib/gpg: Port a few misc gpg functions to new style
Browse files Browse the repository at this point in the history 
I'd mostly been skipping the GPG functions due to lack of autoptr for a few
things, but I noticed these bits were straightforward.

Closes: #1136
Approved by: jlebon
  • Loading branch information
@cgwalters @rh-atomic-bot
cgwalters authored and rh-atomic-bot committed Sep 7, 2017
1 parent 6578c36 commit 3c5e373
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 42 deletions.
19 changes: 5 additions & 14 deletions src/libostree/ostree-gpg-verifier.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,31 +365,22 @@ _ostree_gpg_verifier_add_global_keyring_dir (OstreeGpgVerifier *self,
GCancellable *cancellable,
GError **error)
{
const char *global_keyring_path = g_getenv ("OSTREE_GPG_HOME");
g_autoptr(GFile) global_keyring_dir = NULL;
gboolean ret = FALSE;

g_return_val_if_fail (OSTREE_IS_GPG_VERIFIER (self), FALSE);

const char *global_keyring_path = g_getenv ("OSTREE_GPG_HOME");
if (global_keyring_path == NULL)
global_keyring_path = DATADIR "/ostree/trusted.gpg.d/";

if (g_file_test (global_keyring_path, G_FILE_TEST_IS_DIR))
{
global_keyring_dir = g_file_new_for_path (global_keyring_path);
g_autoptr(GFile) global_keyring_dir = g_file_new_for_path (global_keyring_path);
if (!_ostree_gpg_verifier_add_keyring_dir (self, global_keyring_dir,
cancellable, error))
{
g_prefix_error (error, "Reading keyring directory '%s'",
gs_file_get_path_cached (global_keyring_dir));
goto out;
}
return glnx_prefix_error (error, "Reading keyring directory '%s'",
gs_file_get_path_cached (global_keyring_dir));
}

ret = TRUE;

out:
return ret;
return TRUE;
}

OstreeGpgVerifier*
Expand Down
37 changes: 9 additions & 28 deletions src/libostree/ostree-repo.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4579,50 +4579,34 @@ _ostree_repo_verify_commit_internal (OstreeRepo *self,
GCancellable *cancellable,
GError **error)
{
OstreeGpgVerifyResult *result = NULL;
g_autoptr(GVariant) commit_variant = NULL;
g_autoptr(GVariant) metadata = NULL;
g_autoptr(GBytes) signed_data = NULL;

/* Load the commit */
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
commit_checksum, &commit_variant,
error))
{
g_prefix_error (error, "Failed to read commit: ");
goto out;
}
return glnx_prefix_error_null (error, "Failed to read commit");

/* Load the metadata */
g_autoptr(GVariant) metadata = NULL;
if (!ostree_repo_read_commit_detached_metadata (self,
commit_checksum,
&metadata,
cancellable,
error))
{
g_prefix_error (error, "Failed to read detached metadata: ");
goto out;
}
return glnx_prefix_error_null (error, "Failed to read detached metadata");

signed_data = g_variant_get_data_as_bytes (commit_variant);
g_autoptr(GBytes) signed_data = g_variant_get_data_as_bytes (commit_variant);

/* XXX This is a hackish way to indicate to use ALL remote-specific
* keyrings in the signature verification. We want this when
* verifying a signed commit that's already been pulled. */
if (remote_name == NULL)
remote_name = OSTREE_ALL_REMOTES;

result = _ostree_repo_gpg_verify_with_metadata (self,
signed_data,
metadata,
remote_name,
keyringdir,
extra_keyring,
cancellable,
error);

out:
return result;
return _ostree_repo_gpg_verify_with_metadata (self, signed_data,
metadata, remote_name,
keyringdir, extra_keyring,
cancellable, error);
}

/**
Expand Down Expand Up @@ -4654,10 +4638,7 @@ ostree_repo_verify_commit (OstreeRepo *self,
cancellable, error);

if (!ostree_gpg_verify_result_require_valid_signature (result, error))
{
g_prefix_error (error, "Commit %s: ", commit_checksum);
return FALSE;
}
return glnx_prefix_error (error, "Commit %s", commit_checksum);
return TRUE;
}

Expand Down

0 comments on commit 3c5e373

Please sign in to comment.