diff options
author | Matthew Barnes <mbarnes@redhat.com> | 2015-03-03 14:15:27 -0500 |
---|---|---|
committer | Matthew Barnes <mbarnes@redhat.com> | 2015-03-06 08:22:44 -0500 |
commit | c2b01adbf0335e9b13982ecfe1d0590d9e2855a9 (patch) | |
tree | fd1c253b006e8438b91afb5f8b43ff149f663e39 /src/libostree/ostree-gpg-verifier.c | |
parent | 70cabcea0a120715a07664b7376d9190f6404fa6 (diff) | |
download | ostree-c2b01adbf0335e9b13982ecfe1d0590d9e2855a9.tar.gz |
OstreeGpgVerifier: Take the signature as a GBytes
The signature data is in memory to begin with, so there's no need to
write it to disk only to immediately read it back.
Also, because the GPGME multi-keyring workaround is somewhat expensive
to setup and teardown, concatenate all signatures into a single GBytes
so _ostree_gpg_verifier_check_signature() is only called once. We're
currently only looking for one valid signature anyway.
Diffstat (limited to 'src/libostree/ostree-gpg-verifier.c')
-rw-r--r-- | src/libostree/ostree-gpg-verifier.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c index c5bd9112..da360117 100644 --- a/src/libostree/ostree-gpg-verifier.c +++ b/src/libostree/ostree-gpg-verifier.c @@ -244,7 +244,7 @@ out: gboolean _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self, GFile *file, - GFile *signature, + GBytes *signatures, gboolean *out_had_valid_sig, GCancellable *cancellable, GError **error) @@ -306,17 +306,16 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self, } } - { - gs_free char *path = g_file_get_path (signature); - gpg_error = gpgme_data_new_from_file (&signature_buffer, path, 1); - - if (gpg_error != GPG_ERR_NO_ERROR) - { - gpg_error_to_gio_error (gpg_error, error); - g_prefix_error (error, "Unable to read signature: "); - goto out; - } - } + gpg_error = gpgme_data_new_from_mem (&signature_buffer, + g_bytes_get_data (signatures, NULL), + g_bytes_get_size (signatures), + 0 /* do not copy */); + if (gpg_error != GPG_ERR_NO_ERROR) + { + gpg_error_to_gio_error (gpg_error, error); + g_prefix_error (error, "Unable to read signature: "); + goto out; + } gpg_error = gpgme_op_verify (gpg_ctx, signature_buffer, data_buffer, NULL); if (gpg_error != GPG_ERR_NO_ERROR) |