diff options
| author | Colin Walters <walters@verbum.org> | 2020-05-15 20:43:23 +0000 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2020-05-22 19:10:32 +0000 |
| commit | 5cb9d0df38e7c24e9db999c2d4e6a76fbf758fa5 (patch) | |
| tree | 1b89d6c0905731229e3a2ae95ba72b22e250f4a8 /src/libostree/ostree-repo-pull-private.h | |
| parent | 8801e38bba46ed586a74b733ea2e49d06ff8afd7 (diff) | |
| download | ostree-5cb9d0df38e7c24e9db999c2d4e6a76fbf758fa5.tar.gz | |
pull: Add support for sign-verify=<list>
The goal here is to move the code towards a model
where the *client* can explicitly specify which signature types
are acceptable.
We retain support for `sign-verify=true` for backwards compatibility.
But in that configuration, a missing public key is just "no signatures found".
With `sign-verify=ed25519` and no key configured, we can
explicitly say `No keys found for required signapi type ed25519`
which is much, much clearer.
Implementation side, rather than maintaining `gboolean sign_verify` *and*
`GPtrArray sign_verifiers`, just have the array. If it's `NULL` that means
not to verify.
Note that currently, an explicit list is an OR of signatures, not AND.
In practice...I think most people are going to be using a single entry
anyways.
Diffstat (limited to 'src/libostree/ostree-repo-pull-private.h')
| -rw-r--r-- | src/libostree/ostree-repo-pull-private.h | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/libostree/ostree-repo-pull-private.h b/src/libostree/ostree-repo-pull-private.h index 86d1ffee..fd17baee 100644 --- a/src/libostree/ostree-repo-pull-private.h +++ b/src/libostree/ostree-repo-pull-private.h @@ -67,8 +67,6 @@ typedef struct { gboolean gpg_verify; gboolean gpg_verify_summary; - gboolean sign_verify; - gboolean sign_verify_summary; gboolean require_static_deltas; gboolean disable_static_deltas; gboolean has_tombstone_commits; @@ -124,7 +122,8 @@ typedef struct { gboolean is_commit_only; OstreeRepoImportFlags importflags; - GPtrArray *signapi_verifiers; + GPtrArray *signapi_commit_verifiers; + GPtrArray *signapi_summary_verifiers; GPtrArray *dirs; @@ -140,11 +139,12 @@ typedef struct { GSource *idle_src; } OtPullData; -GPtrArray * -_signapi_verifiers_for_remote (OstreeRepo *repo, - const char *remote_name, - GError **error); - +gboolean +_signapi_init_for_remote (OstreeRepo *repo, + const char *remote_name, + GPtrArray **out_commit_verifiers, + GPtrArray **out_summary_verifiers, + GError **error); gboolean _sign_verify_for_remote (GPtrArray *signers, GBytes *signed_data, |