diff options
| author | rfairley <rfairley@redhat.com> | 2018-11-06 15:25:15 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-11-21 17:03:10 +0000 |
| commit | 05e8c7ef6a86e17a0ac421b9c80a2e57f56b4b3d (patch) | |
| tree | e6a2ba006e5a6ce1e76182ec4373ee6478a48f83 /src/libostree/ostree-gpg-verifier.c | |
| parent | 244d9a7ec1a08c0c7adf495a8b341798009556e1 (diff) | |
| download | ostree-05e8c7ef6a86e17a0ac421b9c80a2e57f56b4b3d.tar.gz | |
lib/repo: Search a list of paths in gpgkeypath for gpg keys
This allows specifying gpgpath as list of
paths that can point to a file or a directory. If a directory path
is given, paths to all regular files in the directory are added
to the remote as gpg ascii keys. If the path is not a directory,
the file is directly added (whether regular file, empty - errors
will be reported later when verifying gpg keys e.g. when pulling).
Adding the gpgkeypath property looks like:
ostree --repo=repo remote add --set=gpgpath="/path/key1.asc,/path/keys.d" R1 https://example.com/some/remote/ostree/repo
Closes #773
Closes: #1773
Approved by: cgwalters
Diffstat (limited to 'src/libostree/ostree-gpg-verifier.c')
| -rw-r--r-- | src/libostree/ostree-gpg-verifier.c | 73 |
1 files changed, 71 insertions, 2 deletions
diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c index 1b70f8aa..a279348e 100644 --- a/src/libostree/ostree-gpg-verifier.c +++ b/src/libostree/ostree-gpg-verifier.c @@ -305,11 +305,81 @@ _ostree_gpg_verifier_add_key_ascii_file (OstreeGpgVerifier *self, } gboolean +_ostree_gpg_verifier_add_keyfile_path (OstreeGpgVerifier *self, + const char *path, + GCancellable *cancellable, + GError **error) +{ + g_autoptr(GError) temp_error = NULL; + if (!_ostree_gpg_verifier_add_keyfile_dir_at (self, AT_FDCWD, path, + cancellable, &temp_error)) + { + g_assert (temp_error); + + /* If failed due to not being a directory, add the file as an ascii key. */ + if (g_error_matches (temp_error, G_IO_ERROR, G_IO_ERROR_NOT_DIRECTORY)) + { + g_clear_error (&temp_error); + + _ostree_gpg_verifier_add_key_ascii_file (self, path); + } + else + { + g_propagate_error (error, g_steal_pointer (&temp_error)); + + return FALSE; + } + } + return TRUE; +} + +/* Add files that exist one level below the directory at @path as ascii + * key files. If @path cannot be opened as a directory, + * an error is returned. + */ +gboolean +_ostree_gpg_verifier_add_keyfile_dir_at (OstreeGpgVerifier *self, + int dfd, + const char *path, + GCancellable *cancellable, + GError **error) +{ + g_auto(GLnxDirFdIterator) dfd_iter = { 0, }; + + if (!glnx_dirfd_iterator_init_at (dfd, path, FALSE, + &dfd_iter, error)) + return FALSE; + + g_debug ("Adding GPG keyfile dir %s to verifier", path); + + while (TRUE) + { + struct dirent *dent; + + if (!glnx_dirfd_iterator_next_dent_ensure_dtype (&dfd_iter, &dent, + cancellable, error)) + return FALSE; + if (dent == NULL) + break; + + if (dent->d_type != DT_REG) + continue; + + /* TODO: Potentially open the files here and have the GPG verifier iterate + over the fds. See https://github.com/ostreedev/ostree/pull/1773#discussion_r235421900. */ + g_autofree char *iter_path = g_build_filename (path, dent->d_name, NULL); + + _ostree_gpg_verifier_add_key_ascii_file (self, iter_path); + } + + return TRUE; +} + +gboolean _ostree_gpg_verifier_add_keyring_dir (OstreeGpgVerifier *self, GFile *path, GCancellable *cancellable, GError **error) - { return _ostree_gpg_verifier_add_keyring_dir_at (self, AT_FDCWD, gs_file_get_path_cached (path), @@ -322,7 +392,6 @@ _ostree_gpg_verifier_add_keyring_dir_at (OstreeGpgVerifier *self, const char *path, GCancellable *cancellable, GError **error) - { g_auto(GLnxDirFdIterator) dfd_iter = { 0, }; if (!glnx_dirfd_iterator_init_at (dfd, path, FALSE, |