5 files changed, 133 insertions, 34 deletions

diff --git a/Makefile-libostree.am b/Makefile-libostree.am
index 4b8a46f5..c0dbdc40 100644
--- a/Makefile-libostree.am
+++ b/Makefile-libostree.am
@@ -173,9 +173,9 @@ endif # USE_GPGME
 symbol_files = $(top_srcdir)/src/libostree/libostree-released.sym
 
 # Uncomment this include when adding new development symbols.
-# if BUILDOPT_IS_DEVEL_BUILD
-# symbol_files += $(top_srcdir)/src/libostree/libostree-devel.sym
-# endif
+if BUILDOPT_IS_DEVEL_BUILD
+symbol_files += $(top_srcdir)/src/libostree/libostree-devel.sym
+endif
 
 # http://blog.jgc.org/2007/06/escaping-comma-and-space-in-gnu-make.html
 wl_versionscript_arg = -Wl,--version-script=
diff --git a/apidoc/ostree-sections.txt b/apidoc/ostree-sections.txt
index eb162dc4..a0db55c7 100644
--- a/apidoc/ostree-sections.txt
+++ b/apidoc/ostree-sections.txt
@@ -483,6 +483,7 @@ ostree_repo_verify_commit
 ostree_repo_verify_commit_ext
 ostree_repo_verify_commit_for_remote
 ostree_repo_verify_summary
+ostree_repo_regenerate_metadata
 ostree_repo_regenerate_summary
 <SUBSECTION Standard>
 OSTREE_REPO
diff --git a/src/libostree/libostree-devel.sym b/src/libostree/libostree-devel.sym
index 9168db73..c1a8f94e 100644
--- a/src/libostree/libostree-devel.sym
+++ b/src/libostree/libostree-devel.sym
@@ -20,6 +20,11 @@
    - uncomment the include in Makefile-libostree.am
 */
 
+LIBOSTREE_2023.1 {
+global:
+  ostree_repo_regenerate_metadata;
+} LIBOSTREE_2022.7;
+
 /* Stub section for the stable release *after* this development one; don't
  * edit this other than to update the year.  This is just a copy/paste
  * source.  Replace $LASTSTABLE with the last stable version, and $NEWVERSION
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 607ac864..b4e2be4f 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -6235,37 +6235,12 @@ summary_add_ref_entry (OstreeRepo       *self,
   return TRUE;
 }
 
-/**
- * ostree_repo_regenerate_summary:
- * @self: Repo
- * @additional_metadata: (allow-none): A GVariant of type a{sv}, or %NULL
- * @cancellable: Cancellable
- * @error: Error
- *
- * An OSTree repository can contain a high level "summary" file that
- * describes the available branches and other metadata.
- *
- * If the timetable for making commits and updating the summary file is fairly
- * regular, setting the `ostree.summary.expires` key in @additional_metadata
- * will aid clients in working out when to check for updates.
- *
- * It is regenerated automatically after any ref is
- * added, removed, or updated if `core/auto-update-summary` is set.
- *
- * If the `core/collection-id` key is set in the configuration, it will be
- * included as %OSTREE_SUMMARY_COLLECTION_ID in the summary file. Refs that
- * have associated collection IDs will be included in the generated summary
- * file, listed under the %OSTREE_SUMMARY_COLLECTION_MAP key. Collection IDs
- * and refs in %OSTREE_SUMMARY_COLLECTION_MAP are guaranteed to be in
- * lexicographic order.
- *
- * Locking: shared (Prior to 2021.7, this was exclusive)
- */
-gboolean
-ostree_repo_regenerate_summary (OstreeRepo     *self,
-                                GVariant       *additional_metadata,
-                                GCancellable   *cancellable,
-                                GError        **error)
+static gboolean
+regenerate_metadata (OstreeRepo    *self,
+                     GVariant      *additional_metadata,
+                     GVariant      *options,
+                     GCancellable  *cancellable,
+                     GError       **error)
 {
   g_autoptr(OstreeRepoAutoLock) lock = NULL;
   gboolean no_deltas_in_summary = FALSE;
@@ -6275,6 +6250,35 @@ ostree_repo_regenerate_summary (OstreeRepo     *self,
   if (!lock)
     return FALSE;
 
+  /* Parse options vardict. */
+  g_autofree char **gpg_key_ids = NULL;
+  const char *gpg_homedir = NULL;
+  g_autoptr(GVariant) sign_keys = NULL;
+  const char *sign_type = NULL;
+  g_autoptr(OstreeSign) sign = NULL;
+
+  if (options != NULL)
+    {
+      if (!g_variant_is_of_type (options, G_VARIANT_TYPE_VARDICT))
+        return glnx_throw (error, "Invalid options doesn't match variant type '%s'",
+                           (const char *) G_VARIANT_TYPE_VARDICT);
+
+      g_variant_lookup (options, "gpg-key-ids", "^a&s", &gpg_key_ids);
+      g_variant_lookup (options, "gpg-homedir", "&s", &gpg_homedir);
+      sign_keys = g_variant_lookup_value (options, "sign-keys", G_VARIANT_TYPE_ARRAY);
+      g_variant_lookup (options, "sign-type", "&s", &sign_type);
+
+      if (sign_keys != NULL)
+        {
+          if (sign_type == NULL)
+            sign_type = OSTREE_SIGN_NAME_ED25519;
+
+          sign = ostree_sign_get_by_name (sign_type, error);
+          if (sign == NULL)
+            return FALSE;
+        }
+    }
+
   g_auto(GVariantDict) additional_metadata_builder = OT_VARIANT_BUILDER_INITIALIZER;
   g_variant_dict_init (&additional_metadata_builder, additional_metadata);
   g_autoptr(GVariantBuilder) refs_builder = g_variant_builder_new (G_VARIANT_TYPE ("a(s(taya{sv}))"));
@@ -6472,9 +6476,91 @@ ostree_repo_regenerate_summary (OstreeRepo     *self,
   if (!ot_ensure_unlinked_at (self->repo_dir_fd, "summary.sig", error))
     return FALSE;
 
+  if (gpg_key_ids != NULL &&
+      !ostree_repo_add_gpg_signature_summary (self, (const char **) gpg_key_ids, gpg_homedir,
+                                              cancellable, error))
+    return FALSE;
+
+  if (sign_keys != NULL &&
+      !ostree_sign_summary (sign, self, sign_keys, cancellable, error))
+    return FALSE;
+
   return TRUE;
 }
 
+/**
+ * ostree_repo_regenerate_summary:
+ * @self: Repo
+ * @additional_metadata: (allow-none): A GVariant of type a{sv}, or %NULL
+ * @cancellable: Cancellable
+ * @error: Error
+ *
+ * An OSTree repository can contain a high level "summary" file that
+ * describes the available branches and other metadata.
+ *
+ * If the timetable for making commits and updating the summary file is fairly
+ * regular, setting the `ostree.summary.expires` key in @additional_metadata
+ * will aid clients in working out when to check for updates.
+ *
+ * It is regenerated automatically after any ref is
+ * added, removed, or updated if `core/auto-update-summary` is set.
+ *
+ * If the `core/collection-id` key is set in the configuration, it will be
+ * included as %OSTREE_SUMMARY_COLLECTION_ID in the summary file. Refs that
+ * have associated collection IDs will be included in the generated summary
+ * file, listed under the %OSTREE_SUMMARY_COLLECTION_MAP key. Collection IDs
+ * and refs in %OSTREE_SUMMARY_COLLECTION_MAP are guaranteed to be in
+ * lexicographic order.
+ *
+ * Locking: shared (Prior to 2021.7, this was exclusive)
+ */
+gboolean
+ostree_repo_regenerate_summary (OstreeRepo     *self,
+                                GVariant       *additional_metadata,
+                                GCancellable   *cancellable,
+                                GError        **error)
+{
+  return regenerate_metadata (self, additional_metadata, NULL, cancellable, error);
+}
+
+/**
+ * ostree_repo_regenerate_metadata:
+ * @self: Repo
+ * @additional_metadata: (nullable): A GVariant `a{sv}`, or %NULL
+ * @options: (nullable): A GVariant `a{sv}` with an extensible set of flags
+ * @cancellable: Cancellable
+ * @error: Error
+ *
+ * Regenerate the OSTree repository metadata used by clients to describe
+ * available branches and other metadata.
+ *
+ * The repository metadata currently consists of the `summary` file. See
+ * ostree_repo_regenerate_summary() and %OSTREE_SUMMARY_GVARIANT_FORMAT for
+ * additional details on its contents.
+ *
+ * The following @options are currently defined:
+ *
+ *   * `gpg-key-ids` (`as`): Array of GPG key IDs to sign the metadata with.
+ *   * `gpg-homedir` (`s`): GPG home directory.
+ *   * `sign-keys` (`av`): Array of keys to sign the metadata with. The key
+ *   type is specific to the sign engine used.
+ *   * `sign-type` (`s`): Sign engine type to use. If not specified,
+ *   %OSTREE_SIGN_NAME_ED25519 is used.
+ *
+ * Locking: shared
+ *
+ * Since: 2023.1
+ */
+gboolean
+ostree_repo_regenerate_metadata (OstreeRepo    *self,
+                                 GVariant      *additional_metadata,
+                                 GVariant      *options,
+                                 GCancellable  *cancellable,
+                                 GError       **error)
+{
+  return regenerate_metadata (self, additional_metadata, options, cancellable, error);
+}
+
 /* Regenerate the summary if `core/auto-update-summary` is set. We default to FALSE for
  * this setting because OSTree supports multiple processes committing to the same repo (but
  * different refs) concurrently, and in fact gnome-continuous actually does this.  In that
diff --git a/src/libostree/ostree-repo.h b/src/libostree/ostree-repo.h
index 57b40a6b..a85db11a 100644
--- a/src/libostree/ostree-repo.h
+++ b/src/libostree/ostree-repo.h
@@ -1585,6 +1585,13 @@ gboolean ostree_repo_regenerate_summary (OstreeRepo     *self,
                                          GCancellable   *cancellable,
                                          GError        **error);
 
+_OSTREE_PUBLIC
+gboolean ostree_repo_regenerate_metadata (OstreeRepo    *self,
+                                          GVariant      *additional_metadata,
+                                          GVariant      *options,
+                                          GCancellable  *cancellable,
+                                          GError       **error);
+
 
 /**
  * OstreeRepoLockType: