Add ostree_repo_gpg_sign_data()

This is similar to ostree_sign_data() but for the old gpg code. Flatpak will need this to reproduce a signed summary.
author: Alexander Larsson <alexl@redhat.com> 2020-10-20 08:37:35 +0200
committer: Alexander Larsson <alexl@redhat.com> 2020-10-23 13:55:33 +0200
commit: 8cd796f3f1d0e82ea57b30229e692c31f9cb2e03 (patch)
tree: c16c9a00fb79a6d55a3d722185cc2b05635385fc
parent: bc924ff8709845ab1add41367d51a972d89a7488 (diff)
download: ostree-8cd796f3f1d0e82ea57b30229e692c31f9cb2e03.tar.gz
4 files changed, 73 insertions, 0 deletions
diff --git a/apidoc/ostree-sections.txt b/apidoc/ostree-sections.txt
index 81dc8890..64bc68d2 100644
--- a/apidoc/ostree-sections.txt
+++ b/apidoc/ostree-sections.txt
@@ -447,6 +447,7 @@ ostree_repo_pull_default_console_progress_changed
 ostree_repo_sign_commit
 ostree_repo_append_gpg_signature
 ostree_repo_add_gpg_signature_summary
+ostree_repo_gpg_sign_data
 ostree_repo_gpg_verify_data
 ostree_repo_verify_commit
 ostree_repo_verify_commit_ext
diff --git a/src/libostree/libostree-devel.sym b/src/libostree/libostree-devel.sym
index 82d6a9b6..435be190 100644
--- a/src/libostree/libostree-devel.sym
+++ b/src/libostree/libostree-devel.sym
@@ -21,6 +21,7 @@ LIBOSTREE_2020.8 {
 global:
   ostree_repo_list_static_delta_indexes;
   ostree_repo_static_delta_reindex;
+  ostree_repo_gpg_sign_data;
 } LIBOSTREE_2020.7;
 
 /* Stub section for the stable release *after* this development one; don't
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 82f8db44..3bbf5ea0 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -5222,6 +5222,67 @@ ostree_repo_add_gpg_signature_summary (OstreeRepo     *self,
 #endif /* OSTREE_DISABLE_GPGME */
 }
 
+
+/**
+ * ostree_repo_gpg_sign_data:
+ * @self: Self
+ * @data: Data as a #GBytes
+ * @old_signatures: Existing signatures to append to (or %NULL)
+ * @key_id: (array zero-terminated=1) (element-type utf8): NULL-terminated array of GPG keys.
+ * @homedir: (allow-none): GPG home directory, or %NULL
+ * @out_signature: (out): in case of success will contain signature
+ * @cancellable: A #GCancellable
+ * @error: a #GError
+ *
+ * Sign the given @data with the specified keys in @key_id. Similar to
+ * ostree_repo_add_gpg_signature_summary() but can be used on any
+ * data.
+ *
+ * You can use ostree_repo_gpg_verify_data() to verify the signatures.
+ *
+ * Returns: @TRUE if @data has been signed successfully,
+ * @FALSE in case of error (@error will contain the reason).
+ *
+ * Since: 2020.8
+ */
+gboolean
+ostree_repo_gpg_sign_data (OstreeRepo     *self,
+                           GBytes         *data,
+                           GBytes         *old_signatures,
+                           const gchar   **key_id,
+                           const gchar    *homedir,
+                           GBytes        **out_signatures,
+                           GCancellable   *cancellable,
+                           GError        **error)
+{
+#ifndef OSTREE_DISABLE_GPGME
+  g_autoptr(GVariant) metadata = NULL;
+  g_autoptr(GVariant) res = NULL;
+
+  if (old_signatures)
+    metadata = g_variant_ref_sink (g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_SUMMARY_SIG_GVARIANT_STRING), old_signatures, FALSE));
+
+  for (guint i = 0; key_id[i]; i++)
+    {
+      g_autoptr(GBytes) signature_data = NULL;
+      if (!sign_data (self, data, key_id[i], homedir,
+                      &signature_data,
+                      cancellable, error))
+        return FALSE;
+
+      g_autoptr(GVariant) old_metadata = g_steal_pointer (&metadata);
+      metadata = _ostree_detached_metadata_append_gpg_sig (old_metadata, signature_data);
+    }
+
+  res = g_variant_get_normal_form (metadata);
+  *out_signatures = g_variant_get_data_as_bytes (res);
+  return TRUE;
+#else
+  return glnx_throw (error, "GPG feature is disabled in a build time");
+#endif /* OSTREE_DISABLE_GPGME */
+}
+
+
 #ifndef OSTREE_DISABLE_GPGME
 /* Special remote for _ostree_repo_gpg_verify_with_metadata() */
 static const char *OSTREE_ALL_REMOTES = "__OSTREE_ALL_REMOTES__";
diff --git a/src/libostree/ostree-repo.h b/src/libostree/ostree-repo.h
index 6201e7b3..e64c3230 100644
--- a/src/libostree/ostree-repo.h
+++ b/src/libostree/ostree-repo.h
@@ -1417,6 +1417,16 @@ gboolean ostree_repo_append_gpg_signature (OstreeRepo     *self,
                                            GError        **error);
 
 _OSTREE_PUBLIC
+gboolean ostree_repo_gpg_sign_data (OstreeRepo     *self,
+                                    GBytes         *data,
+                                    GBytes         *old_signatures,
+                                    const gchar   **key_id,
+                                    const gchar    *homedir,
+                                    GBytes        **out_signatures,
+                                    GCancellable   *cancellable,
+                                    GError        **error);
+
+_OSTREE_PUBLIC
 OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo    *self,
                                                        const gchar   *commit_checksum,
                                                        GFile         *keyringdir,
author	Alexander Larsson <alexl@redhat.com>	2020-10-20 08:37:35 +0200
committer	Alexander Larsson <alexl@redhat.com>	2020-10-23 13:55:33 +0200
commit	8cd796f3f1d0e82ea57b30229e692c31f9cb2e03 (patch)
tree	c16c9a00fb79a6d55a3d722185cc2b05635385fc
parent	bc924ff8709845ab1add41367d51a972d89a7488 (diff)
download	ostree-8cd796f3f1d0e82ea57b30229e692c31f9cb2e03.tar.gz