Add an API to verify a commit signature explicitly

We have a bunch of APIs to do GPG verification of a commit, but that doesn't generalize to signapi. Further, they require the caller to check the signature status explicitly which seems like a trap. This much higher level API works with both GPG and signapi. The intention is to use this in things that are doing "external pulls" like the ostree-ext tar import support. There we will get the commitmeta from the tarball and we want to verify it at the same time we import the commit.
author: Colin Walters <walters@verbum.org> 2021-04-12 18:42:05 -0400
committer: Colin Walters <walters@verbum.org> 2021-08-30 13:27:38 -0400
commit: 359435de843ce2a1e94941c24ec4ddd7d5a7bccb (patch)
tree: e1d745d1575c30526c7d5074a285703fe720bc45 /tests/test-admin-gpg.sh
parent: 30909a28f2aff54b615837a184f53509cbccc381 (diff)
download: ostree-359435de843ce2a1e94941c24ec4ddd7d5a7bccb.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/test-admin-gpg.sh b/tests/test-admin-gpg.sh
index 2167f673..bd34aae4 100755
--- a/tests/test-admin-gpg.sh
+++ b/tests/test-admin-gpg.sh
@@ -148,4 +148,9 @@ ${CMD_PREFIX} ostree admin status > status.txt
 test -f status.txt
 assert_file_has_content status.txt "GPG: Signature made"
 assert_not_file_has_content status.txt "GPG: Can't check signature: public key not found"
+rm -f status.txt
+
+${CMD_PREFIX} ostree admin status --verify > status.txt
+assert_file_has_content status.txt "GPG: Signature made"
+rm -f status.txt
 echo 'ok gpg signature'
author	Colin Walters <walters@verbum.org>	2021-04-12 18:42:05 -0400
committer	Colin Walters <walters@verbum.org>	2021-08-30 13:27:38 -0400
commit	359435de843ce2a1e94941c24ec4ddd7d5a7bccb (patch)
tree	e1d745d1575c30526c7d5074a285703fe720bc45 /tests/test-admin-gpg.sh
parent	30909a28f2aff54b615837a184f53509cbccc381 (diff)
download	ostree-359435de843ce2a1e94941c24ec4ddd7d5a7bccb.tar.gz