OstreeGpgVerifier: Take the signature as a GBytes

The signature data is in memory to begin with, so there's no need to write it to disk only to immediately read it back. Also, because the GPGME multi-keyring workaround is somewhat expensive to setup and teardown, concatenate all signatures into a single GBytes so _ostree_gpg_verifier_check_signature() is only called once. We're currently only looking for one valid signature anyway.
author: Matthew Barnes <mbarnes@redhat.com> 2015-03-03 14:15:27 -0500
committer: Matthew Barnes <mbarnes@redhat.com> 2015-03-06 08:22:44 -0500
commit: c2b01adbf0335e9b13982ecfe1d0590d9e2855a9 (patch)
tree: fd1c253b006e8438b91afb5f8b43ff149f663e39 /src/libostree/ostree-gpg-verifier.c
parent: 70cabcea0a120715a07664b7376d9190f6404fa6 (diff)
download: ostree-c2b01adbf0335e9b13982ecfe1d0590d9e2855a9.tar.gz
1 files changed, 11 insertions, 12 deletions
diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c
index c5bd9112..da360117 100644
--- a/src/libostree/ostree-gpg-verifier.c
+++ b/src/libostree/ostree-gpg-verifier.c
@@ -244,7 +244,7 @@ out:
 gboolean
 _ostree_gpg_verifier_check_signature (OstreeGpgVerifier  *self,
                                       GFile              *file,
-                                      GFile              *signature,
+                                      GBytes             *signatures,
                                       gboolean           *out_had_valid_sig,
                                       GCancellable       *cancellable,
                                       GError            **error)
@@ -306,17 +306,16 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier  *self,
       }
   }
 
-  {
-    gs_free char *path = g_file_get_path (signature);
-    gpg_error = gpgme_data_new_from_file (&signature_buffer, path, 1);
-
-    if (gpg_error != GPG_ERR_NO_ERROR)
-      {
-        gpg_error_to_gio_error (gpg_error, error);
-        g_prefix_error (error, "Unable to read signature: ");
-        goto out;
-      }
-  }
+  gpg_error = gpgme_data_new_from_mem (&signature_buffer,
+                                       g_bytes_get_data (signatures, NULL),
+                                       g_bytes_get_size (signatures),
+                                       0 /* do not copy */);
+  if (gpg_error != GPG_ERR_NO_ERROR)
+    {
+      gpg_error_to_gio_error (gpg_error, error);
+      g_prefix_error (error, "Unable to read signature: ");
+      goto out;
+    }
 
   gpg_error = gpgme_op_verify (gpg_ctx, signature_buffer, data_buffer, NULL);
   if (gpg_error != GPG_ERR_NO_ERROR)
author	Matthew Barnes <mbarnes@redhat.com>	2015-03-03 14:15:27 -0500
committer	Matthew Barnes <mbarnes@redhat.com>	2015-03-06 08:22:44 -0500
commit	c2b01adbf0335e9b13982ecfe1d0590d9e2855a9 (patch)
tree	fd1c253b006e8438b91afb5f8b43ff149f663e39 /src/libostree/ostree-gpg-verifier.c
parent	70cabcea0a120715a07664b7376d9190f6404fa6 (diff)
download	ostree-c2b01adbf0335e9b13982ecfe1d0590d9e2855a9.tar.gz