diff options
author | Colin Walters <walters@verbum.org> | 2021-04-12 18:42:05 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2021-08-30 13:27:38 -0400 |
commit | 359435de843ce2a1e94941c24ec4ddd7d5a7bccb (patch) | |
tree | e1d745d1575c30526c7d5074a285703fe720bc45 /src/ostree | |
parent | 30909a28f2aff54b615837a184f53509cbccc381 (diff) | |
download | ostree-359435de843ce2a1e94941c24ec4ddd7d5a7bccb.tar.gz |
Add an API to verify a commit signature explicitly
We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi. Further, they
require the caller to check the signature status explicitly
which seems like a trap.
This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support. There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
Diffstat (limited to 'src/ostree')
-rw-r--r-- | src/ostree/ot-admin-builtin-status.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/src/ostree/ot-admin-builtin-status.c b/src/ostree/ot-admin-builtin-status.c index c6c52382..8b2325d5 100644 --- a/src/ostree/ot-admin-builtin-status.c +++ b/src/ostree/ot-admin-builtin-status.c @@ -31,7 +31,10 @@ #include <glib/gi18n.h> +static gboolean opt_verify; + static GOptionEntry options[] = { + { "verify", 'V', 0, G_OPTION_ARG_NONE, &opt_verify, "Print the commit verification status", NULL }, { NULL } }; @@ -86,6 +89,12 @@ deployment_print_status (OstreeSysroot *sysroot, g_autoptr(GVariant) commit_metadata = NULL; if (commit) commit_metadata = g_variant_get_child_value (commit, 0); + g_autoptr(GVariant) commit_detached_metadata = NULL; + if (commit) + { + if (!ostree_repo_read_commit_detached_metadata (repo, ref, &commit_detached_metadata, cancellable, error)) + return FALSE; + } const char *version = NULL; const char *source_title = NULL; @@ -139,7 +148,7 @@ deployment_print_status (OstreeSysroot *sysroot, } #ifndef OSTREE_DISABLE_GPGME - if (deployment_get_gpg_verify (deployment, repo)) + if (!opt_verify && deployment_get_gpg_verify (deployment, repo)) { g_autoptr(GString) output_buffer = g_string_sized_new (256); /* Print any digital signatures on this commit. */ @@ -172,6 +181,31 @@ deployment_print_status (OstreeSysroot *sysroot, g_print ("%s", output_buffer->str); } #endif /* OSTREE_DISABLE_GPGME */ + if (opt_verify) + { + if (!commit) + return glnx_throw (error, "Cannot verify, failed to load commit"); + + if (origin == NULL) + return glnx_throw (error, "Cannot verify deployment with no origin"); + + g_autofree char *refspec = g_key_file_get_string (origin, "origin", "refspec", NULL); + if (refspec == NULL) + return glnx_throw (error, "No origin/refspec, cannot verify"); + g_autofree char *remote = NULL; + if (!ostree_parse_refspec (refspec, &remote, NULL, NULL)) + return FALSE; + if (remote == NULL) + return glnx_throw (error, "Cannot verify deployment without remote"); + + g_autoptr(GBytes) commit_data = g_variant_get_data_as_bytes (commit); + g_autoptr(GBytes) commit_detached_metadata_bytes = + commit_detached_metadata ? g_variant_get_data_as_bytes (commit_detached_metadata) : NULL; + g_autofree char *verify_text = NULL; + if (!ostree_repo_signature_verify_commit_data (repo, remote, commit_data, commit_detached_metadata_bytes, 0, &verify_text, error)) + return FALSE; + g_print ("%s\n", verify_text); + } return TRUE; } |