diff options
author | Colin Walters <walters@verbum.org> | 2020-05-28 00:41:34 +0000 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2020-05-28 00:41:34 +0000 |
commit | 68ebf743cd826586ceccb40d8d1bf7d4c35f3e5f (patch) | |
tree | 9c364187f7cc2863a540019c78c6402cc23c6523 /src/ostree | |
parent | 854099802f3367b6fa8b405fe50c5988813e8b4d (diff) | |
download | ostree-68ebf743cd826586ceccb40d8d1bf7d4c35f3e5f.tar.gz |
remote-add: Default to explicit sign-verify backends
In https://github.com/ostreedev/ostree/pull/2092/commits/588f42e8c64183dfa1fbaa08cc92c46b691b23c4
we added a way to add keys for sign types when doing
a `remote add`, and in https://github.com/ostreedev/ostree/pull/2105
we extended `sign-verify` to support *limiting* to an explicit
set.
This PR changes the *default* for `remote add` to combine
the two - when providing an explicit `--sign-verify=type`,
we now limit the accepted types to only those.
Diffstat (limited to 'src/ostree')
-rw-r--r-- | src/ostree/ot-remote-builtin-add.c | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/src/ostree/ot-remote-builtin-add.c b/src/ostree/ot-remote-builtin-add.c index a885336a..172625d2 100644 --- a/src/ostree/ot-remote-builtin-add.c +++ b/src/ostree/ot-remote-builtin-add.c @@ -59,7 +59,7 @@ static GOptionEntry option_entries[] = { { NULL } }; -static gboolean +static char * add_verify_opt (GVariantBuilder *builder, const char *keyspec, GError **error) @@ -68,11 +68,11 @@ add_verify_opt (GVariantBuilder *builder, g_assert (parts && *parts); const char *keytype = parts[0]; if (!parts[1]) - return glnx_throw (error, "Failed to parse KEYTYPE=[inline|file]:DATA in %s", keyspec); + return glnx_null_throw (error, "Failed to parse KEYTYPE=[inline|file]:DATA in %s", keyspec); g_autoptr(OstreeSign) sign = ostree_sign_get_by_name (keytype, error); if (!sign) - return FALSE; + return NULL; const char *rest = parts[1]; g_assert (!parts[2]); @@ -86,13 +86,13 @@ add_verify_opt (GVariantBuilder *builder, else if (g_str_equal (keyref, "file")) optname = g_strdup_printf ("verification-%s-file", keytype); else - return glnx_throw (error, "Invalid key reference %s, expected inline|file", keyref); + return glnx_null_throw (error, "Invalid key reference %s, expected inline|file", keyref); g_assert (keyparts[1] && !keyparts[2]); g_variant_builder_add (builder, "{s@v}", optname, g_variant_new_variant (g_variant_new_string (keyparts[1]))); - return TRUE; + return g_strdup (ostree_sign_get_name (sign)); } gboolean @@ -101,6 +101,7 @@ ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocatio g_autoptr(GOptionContext) context = NULL; g_autoptr(OstreeSysroot) sysroot = NULL; g_autoptr(OstreeRepo) repo = NULL; + g_autoptr(GString) sign_verify = NULL; const char *remote_name; const char *remote_url; char **iter; @@ -193,13 +194,23 @@ ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocatio for (char **iter = opt_sign_verify; iter && *iter; iter++) { const char *keyspec = *iter; - if (!add_verify_opt (optbuilder, keyspec, error)) + g_autofree char *signname = add_verify_opt (optbuilder, keyspec, error); + if (!signname) return FALSE; + if (!sign_verify) + { + sign_verify = g_string_new (signname); + } + else + { + g_string_append_c (sign_verify, ','); + g_string_append (sign_verify, signname); + } } - if (opt_sign_verify) + if (sign_verify != NULL) g_variant_builder_add (optbuilder, "{s@v}", "sign-verify", - g_variant_new_variant (g_variant_new_boolean (TRUE))); + g_variant_new_variant (g_variant_new_string (sign_verify->str))); if (opt_collection_id != NULL) g_variant_builder_add (optbuilder, "{s@v}", "collection-id", |