diff options
author | Matthew Barnes <mbarnes@redhat.com> | 2015-03-16 13:01:55 -0400 |
---|---|---|
committer | Matthew Barnes <mbarnes@redhat.com> | 2015-03-16 16:37:11 -0400 |
commit | f47693440dd2c418464c9aff60300bcae4e407c0 (patch) | |
tree | 02eb79a78d4e380704185ed96dd70824ad729281 /src/libostree/ostree-gpg-verifier.c | |
parent | c4998ab33f7db752c176f6a0c6ead14f0bfffe9b (diff) | |
download | ostree-f47693440dd2c418464c9aff60300bcae4e407c0.tar.gz |
OstreeGpgVerifier: Take the signed data as a GBytes
Similar to c2b01ad. For some reason I was thinking the commit data
still needed to be written to disk prior to verifying, but it's just
another artifact of spawning gpgv2 (predates using GPGME).
Makes for a nice cleanup in fetch_metadata_to_verify_delta_superblock()
as well.
Diffstat (limited to 'src/libostree/ostree-gpg-verifier.c')
-rw-r--r-- | src/libostree/ostree-gpg-verifier.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/src/libostree/ostree-gpg-verifier.c b/src/libostree/ostree-gpg-verifier.c index c473892e..5f4189fc 100644 --- a/src/libostree/ostree-gpg-verifier.c +++ b/src/libostree/ostree-gpg-verifier.c @@ -243,7 +243,7 @@ out: gboolean _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self, - GFile *file, + GBytes *signed_data, GBytes *signatures, gboolean *out_had_valid_sig, GCancellable *cancellable, @@ -294,17 +294,20 @@ _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self, if (!override_gpgme_home_dir (gpg_ctx, temp_dir, error)) goto out; - { - gs_free char *path = g_file_get_path (file); - gpg_error = gpgme_data_new_from_file (&data_buffer, path, 1); + /* Both the signed data and signature GBytes instances will outlive the + * gpgme_data_t structs, so we can safely reuse the GBytes memory buffer + * directly and avoid a copy. */ - if (gpg_error != GPG_ERR_NO_ERROR) - { - gpg_error_to_gio_error (gpg_error, error); - g_prefix_error (error, "Unable to read signed text: "); - goto out; - } - } + gpg_error = gpgme_data_new_from_mem (&data_buffer, + g_bytes_get_data (signed_data, NULL), + g_bytes_get_size (signed_data), + 0 /* do not copy */); + if (gpg_error != GPG_ERR_NO_ERROR) + { + gpg_error_to_gio_error (gpg_error, error); + g_prefix_error (error, "Unable to read signed data: "); + goto out; + } gpg_error = gpgme_data_new_from_mem (&signature_buffer, g_bytes_get_data (signatures, NULL), |