diff options
author | Matthew Barnes <mbarnes@redhat.com> | 2015-06-05 12:45:41 -0400 |
---|---|---|
committer | Matthew Barnes <mbarnes@redhat.com> | 2015-06-10 12:28:57 -0400 |
commit | 9f1b50d41c2704653f78735bc678f80bbe192a63 (patch) | |
tree | 12a28f3630de867ebbfa0845261a1ca627201882 /src/libostree/ostree-gpg-verifier.c | |
parent | 4f6f97caf0efcded268d3f4ffa7774fe34ff203f (diff) | |
download | ostree-9f1b50d41c2704653f78735bc678f80bbe192a63.tar.gz |
repo: Change GPG verification policy
The global keyring directory (trusted.gpg.d) is deprecated. Only use it
when a specified remote does NOT have its own keyring, or when verifying
local repository objects.
Note, because mixing in the global keyring directory is now an explicit
choice, OstreeGpgVerifier no longer needs to implement GInitableIface.
Diffstat (limited to 'src/libostree/ostree-gpg-verifier.c')
-rw-r--r-- | src/libostree/ostree-gpg-verifier.c | 78 |
1 files changed, 35 insertions, 43 deletions
diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c index cb6d8f50..eda69dc1 100644 --- a/src/libostree/ostree-gpg-verifier.c +++ b/src/libostree/ostree-gpg-verifier.c @@ -40,10 +40,7 @@ struct OstreeGpgVerifier { GList *keyrings; }; -static void _ostree_gpg_verifier_initable_iface_init (GInitableIface *iface); - -G_DEFINE_TYPE_WITH_CODE (OstreeGpgVerifier, _ostree_gpg_verifier, G_TYPE_OBJECT, - G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, _ostree_gpg_verifier_initable_iface_init)) +G_DEFINE_TYPE (OstreeGpgVerifier, _ostree_gpg_verifier, G_TYPE_OBJECT) static void ostree_gpg_verifier_finalize (GObject *object) @@ -71,42 +68,6 @@ _ostree_gpg_verifier_init (OstreeGpgVerifier *self) { } -static gboolean -ostree_gpg_verifier_initable_init (GInitable *initable, - GCancellable *cancellable, - GError **error) -{ - gboolean ret = FALSE; - OstreeGpgVerifier *self = (OstreeGpgVerifier*)initable; - const char *default_keyring_path = g_getenv ("OSTREE_GPG_HOME"); - g_autoptr(GFile) default_keyring_dir = NULL; - - if (!default_keyring_path) - default_keyring_path = DATADIR "/ostree/trusted.gpg.d/"; - - if (g_file_test (default_keyring_path, G_FILE_TEST_IS_DIR)) - { - default_keyring_dir = g_file_new_for_path (default_keyring_path); - if (!_ostree_gpg_verifier_add_keyring_dir (self, default_keyring_dir, - cancellable, error)) - { - g_prefix_error (error, "Reading keyring directory '%s'", - gs_file_get_path_cached (default_keyring_dir)); - goto out; - } - } - - ret = TRUE; - out: - return ret; -} - -static void -_ostree_gpg_verifier_initable_iface_init (GInitableIface *iface) -{ - iface->init = ostree_gpg_verifier_initable_init; -} - static void verify_result_finalized_cb (gpointer data, GObject *finalized_verify_result) @@ -323,9 +284,40 @@ _ostree_gpg_verifier_add_keyring_dir (OstreeGpgVerifier *self, return ret; } +gboolean +_ostree_gpg_verifier_add_global_keyring_dir (OstreeGpgVerifier *self, + GCancellable *cancellable, + GError **error) +{ + const char *global_keyring_path = g_getenv ("OSTREE_GPG_HOME"); + g_autoptr(GFile) global_keyring_dir = NULL; + gboolean ret = FALSE; + + g_return_val_if_fail (OSTREE_IS_GPG_VERIFIER (self), FALSE); + + if (global_keyring_path == NULL) + global_keyring_path = DATADIR "/ostree/trusted.gpg.d/"; + + if (g_file_test (global_keyring_path, G_FILE_TEST_IS_DIR)) + { + global_keyring_dir = g_file_new_for_path (global_keyring_path); + if (!_ostree_gpg_verifier_add_keyring_dir (self, global_keyring_dir, + cancellable, error)) + { + g_prefix_error (error, "Reading keyring directory '%s'", + gs_file_get_path_cached (global_keyring_dir)); + goto out; + } + } + + ret = TRUE; + +out: + return ret; +} + OstreeGpgVerifier* -_ostree_gpg_verifier_new (GCancellable *cancellable, - GError **error) +_ostree_gpg_verifier_new (void) { - return g_initable_new (OSTREE_TYPE_GPG_VERIFIER, cancellable, error, NULL); + return g_object_new (OSTREE_TYPE_GPG_VERIFIER, NULL); } |