remote-add: Add --sign-verify=KEYTYPE=[inline|file]:PUBKEYREF

Per https://github.com/ostreedev/ostree/issues/2080#issuecomment-623614483 A huge benefit of ed25519 (and ECC in general) is that keys are very short - short enough that it's completely reasonable to inline them into a command line argument. And I think that's a good model; it makes the keys very visible. For example, someone could easily copy-paste a commandline argument from a webpage (secured via TLS) that says to run `ostree remote add --sign-verify=ed25519=inline:KEY`.
author: Colin Walters <walters@verbum.org> 2020-05-07 19:43:10 +0000
committer: Colin Walters <walters@verbum.org> 2020-05-09 20:07:44 +0000
commit: 588f42e8c64183dfa1fbaa08cc92c46b691b23c4 (patch)
tree: 170791de8174771b7a30d516486cb3cbd9858f3c /src/ostree/ot-remote-builtin-add.c
parent: 4c01c0385f323cf8dc6070829e825443864c8ad0 (diff)
download: ostree-588f42e8c64183dfa1fbaa08cc92c46b691b23c4.tar.gz
1 files changed, 55 insertions, 2 deletions
diff --git a/src/ostree/ot-remote-builtin-add.c b/src/ostree/ot-remote-builtin-add.c
index e4634710..a885336a 100644
--- a/src/ostree/ot-remote-builtin-add.c
+++ b/src/ostree/ot-remote-builtin-add.c
@@ -32,6 +32,7 @@ static gboolean opt_no_sign_verify;
 static gboolean opt_if_not_exists;
 static gboolean opt_force;
 static char *opt_gpg_import;
+static char **opt_sign_verify;
 static char *opt_contenturl;
 static char *opt_collection_id;
 static char *opt_sysroot;
@@ -46,6 +47,7 @@ static GOptionEntry option_entries[] = {
   { "set", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_set, "Set config option KEY=VALUE for remote", "KEY=VALUE" },
   { "no-gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_gpg_verify, "Disable GPG verification", NULL },
   { "no-sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_sign_verify, "Disable signature verification", NULL },
+  { "sign-verify", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_sign_verify, "Verify signatures using KEYTYPE=inline:PUBKEY or KEYTYPE=file:/path/to/key", "KEYTYPE=[inline|file]:PUBKEY" },
   { "if-not-exists", 0, 0, G_OPTION_ARG_NONE, &opt_if_not_exists, "Do nothing if the provided remote exists", NULL },
   { "force", 0, 0, G_OPTION_ARG_NONE, &opt_force, "Replace the provided remote if it exists", NULL },
   { "gpg-import", 0, 0, G_OPTION_ARG_FILENAME, &opt_gpg_import, "Import GPG key from FILE", "FILE" },
@@ -57,6 +59,42 @@ static GOptionEntry option_entries[] = {
   { NULL }
 };
 
+static gboolean
+add_verify_opt (GVariantBuilder *builder,
+                const char *keyspec,
+                GError **error)
+{
+  g_auto(GStrv) parts = g_strsplit (keyspec, "=", 2);
+  g_assert (parts && *parts);
+  const char *keytype = parts[0];
+  if (!parts[1])
+    return glnx_throw (error, "Failed to parse KEYTYPE=[inline|file]:DATA in %s", keyspec);
+
+  g_autoptr(OstreeSign) sign = ostree_sign_get_by_name (keytype, error);
+  if (!sign)
+    return FALSE;
+
+  const char *rest = parts[1];
+  g_assert (!parts[2]);
+  g_auto(GStrv) keyparts = g_strsplit (rest, ":", 2);
+  g_assert (keyparts && *keyparts);
+  const char *keyref = keyparts[0];
+  g_assert (keyref);
+  g_autofree char *optname = NULL;
+  if (g_str_equal (keyref, "inline"))
+    optname = g_strdup_printf ("verification-%s-key", keytype);
+  else if (g_str_equal (keyref, "file"))
+    optname = g_strdup_printf ("verification-%s-file", keytype);
+  else
+    return glnx_throw (error, "Invalid key reference %s, expected inline|file", keyref);
+
+  g_assert (keyparts[1] && !keyparts[2]);
+  g_variant_builder_add (builder, "{s@v}",
+                         optname,
+                         g_variant_new_variant (g_variant_new_string (keyparts[1])));
+  return TRUE;
+}
+
 gboolean
 ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
 {
@@ -144,9 +182,24 @@ ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocatio
 #endif /* OSTREE_DISABLE_GPGME */
 
   if (opt_no_sign_verify)
+    {
+      if (opt_sign_verify)
+        return glnx_throw (error, "Cannot specify both --sign-verify and --no-sign-verify");
+      g_variant_builder_add (optbuilder, "{s@v}",
+                            "sign-verify",
+                            g_variant_new_variant (g_variant_new_boolean (FALSE)));
+    }
+
+  for (char **iter = opt_sign_verify; iter && *iter; iter++)
+    {
+      const char *keyspec = *iter;
+      if (!add_verify_opt (optbuilder, keyspec, error))
+        return FALSE;
+    }
+  if (opt_sign_verify)
     g_variant_builder_add (optbuilder, "{s@v}",
-                           "sign-verify",
-                           g_variant_new_variant (g_variant_new_boolean (FALSE)));
+                          "sign-verify",
+                          g_variant_new_variant (g_variant_new_boolean (TRUE)));
 
   if (opt_collection_id != NULL)
     g_variant_builder_add (optbuilder, "{s@v}", "collection-id",
author	Colin Walters <walters@verbum.org>	2020-05-07 19:43:10 +0000
committer	Colin Walters <walters@verbum.org>	2020-05-09 20:07:44 +0000
commit	588f42e8c64183dfa1fbaa08cc92c46b691b23c4 (patch)
tree	170791de8174771b7a30d516486cb3cbd9858f3c /src/ostree/ot-remote-builtin-add.c
parent	4c01c0385f323cf8dc6070829e825443864c8ad0 (diff)
download	ostree-588f42e8c64183dfa1fbaa08cc92c46b691b23c4.tar.gz