diff options
| author | Matthew Barnes <mbarnes@redhat.com> | 2015-03-02 11:16:16 -0500 |
|---|---|---|
| committer | Matthew Barnes <mbarnes@redhat.com> | 2015-03-06 08:22:44 -0500 |
| commit | 70cabcea0a120715a07664b7376d9190f6404fa6 (patch) | |
| tree | 0be4565142a988cb5ff55af6d1bab85f7c07a392 /Makefile-libostree.am | |
| parent | d414ee5852791a3cf4f1c3faac2c605edc3dd5f9 (diff) | |
| download | ostree-70cabcea0a120715a07664b7376d9190f6404fa6.tar.gz | |
gpg: Rewrite OstreeGpgVerifier to use GPGME
This sets the stage for more advanced signature management.
(Also, talking to GPG over pipes sucks.)
Previously we were spawning gpgv2 with a bunch of --keyring options
for /usr/share/ostree/trusted.gpg.d/ and whatever other keyring files
were explicitly added. GPGME has no public API for multiple keyrings,
so we work around the issue by setting up a temp directory to serve as
a fake "home" directory for the crypto engine and then concatenate all
the keyring files into a single public keyring (pubring.gpg).
Unfortunately at present we do this on every signature verification.
There's a desire to cache this concatenation, but the problem is the
user may be unprivileged. So it seems the cache would have to be per
user under $XDG_CACHE_HOME, which OSTree doesn't otherwise use. I'm
open to suggestions.
We do at least clean up the temp directory when finished, and I have
further API changes planned to OstreeGpgVerifier to help mitigate the
performance impact.
Diffstat (limited to 'Makefile-libostree.am')
| -rw-r--r-- | Makefile-libostree.am | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/Makefile-libostree.am b/Makefile-libostree.am index 7a1b64e1..ecab57b9 100644 --- a/Makefile-libostree.am +++ b/Makefile-libostree.am @@ -89,8 +89,6 @@ libostree_1_la_SOURCES = \ src/libostree/ostree-bootloader-syslinux.c \ src/libostree/ostree-bootloader-uboot.h \ src/libostree/ostree-bootloader-uboot.c \ - src/libostree/ostree-gpg-verifier.c \ - src/libostree/ostree-gpg-verifier.h \ src/libostree/ostree-repo-static-delta-core.c \ src/libostree/ostree-repo-static-delta-processing.c \ src/libostree/ostree-repo-static-delta-compilation.c \ @@ -108,6 +106,12 @@ libostree_1_la_SOURCES += \ src/libostree/ostree-tls-cert-interaction.h \ $(NULL) endif +if USE_GPGME +libostree_1_la_SOURCES += \ + src/libostree/ostree-gpg-verifier.c \ + src/libostree/ostree-gpg-verifier.h \ + $(NULL) +endif libostree_1_la_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/bsdiff -I$(srcdir)/libglnx -I$(srcdir)/src/libotutil -I$(srcdir)/src/libostree \ $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_DEP_LZMA_CFLAGS) $(OT_DEP_ZLIB_CFLAGS) |