[ostree] repo: Add a "gpg-verify-result" signal
- From: Matthew Barnes <mbarnes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] repo: Add a "gpg-verify-result" signal
- Date: Thu, 16 Apr 2015 22:16:53 +0000 (UTC)
commit 20076ff201a899e0f2b7d06bc83a5812b7091660
Author: Matthew Barnes <mbarnes redhat com>
Date: Mon Apr 13 13:21:17 2015 -0400
repo: Add a "gpg-verify-result" signal
Emitted during a pull operation upon GPG verification (if enabled).
Applications can connect to this signal to output the verification
results if desired.
src/libostree/ostree-repo-pull.c | 28 ++++++++++++++++++++++------
src/libostree/ostree-repo.c | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 56 insertions(+), 6 deletions(-)
---
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index 6f7bcb5..a70fd65 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -962,13 +962,29 @@ scan_commit_object (OtPullData *pull_data,
if (pull_data->gpg_verify)
{
- if (!ostree_repo_verify_commit (pull_data->repo,
- checksum,
- NULL,
- NULL,
- cancellable,
- error))
+ gs_unref_object OstreeGpgVerifyResult *result = NULL;
+
+ result = ostree_repo_verify_commit_ext (pull_data->repo,
+ checksum,
+ NULL,
+ NULL,
+ cancellable,
+ error);
+
+ if (result == NULL)
goto out;
+
+ /* Allow callers to output the results immediately. */
+ g_signal_emit_by_name (pull_data->repo,
+ "gpg-verify-result",
+ checksum, result);
+
+ if (ostree_gpg_verify_result_count_valid (result) == 0)
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+ "GPG signatures found, but none are in trusted keyring");
+ goto out;
+ }
}
if (!ostree_repo_load_variant (pull_data->repo, OSTREE_OBJECT_TYPE_COMMIT, checksum,
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 6250051..2540046 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -77,6 +77,10 @@
*/
typedef struct {
GObjectClass parent_class;
+
+ void (*gpg_verify_result) (OstreeRepo *self,
+ const char *checksum,
+ OstreeGpgVerifyResult *result);
} OstreeRepoClass;
enum {
@@ -85,6 +89,13 @@ enum {
PROP_PATH
};
+enum {
+ GPG_VERIFY_RESULT,
+ LAST_SIGNAL
+};
+
+static guint signals[LAST_SIGNAL] = { 0 };
+
G_DEFINE_TYPE (OstreeRepo, ostree_repo, G_TYPE_OBJECT)
GS_DEFINE_CLEANUP_FUNCTION0(GKeyFile*, local_keyfile_unref, g_key_file_unref)
@@ -472,6 +483,29 @@ ostree_repo_class_init (OstreeRepoClass *klass)
"",
G_TYPE_FILE,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+
+ /**
+ * OstreeRepo::gpg-verify-result:
+ * @self: an #OstreeRepo
+ * @checksum: checksum of the signed object
+ * @result: an #OstreeGpgVerifyResult
+ *
+ * Emitted during a pull operation upon GPG verification (if enabled).
+ * Applications can connect to this signal to output the verification
+ * results if desired.
+ *
+ * The signal will be emitted from whichever #GMainContext is the
+ * thread-default at the point when ostree_repo_pull_with_options()
+ * is called.
+ */
+ signals[GPG_VERIFY_RESULT] = g_signal_new ("gpg-verify-result",
+ OSTREE_TYPE_REPO,
+ G_SIGNAL_RUN_LAST,
+ G_STRUCT_OFFSET (OstreeRepoClass, gpg_verify_result),
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 2,
+ G_TYPE_STRING,
+ OSTREE_TYPE_GPG_VERIFY_RESULT);
}
static void
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
