static GVariant *
rpmostreed_deployment_gpg_results (OstreeRepo *repo,
const gchar *origin_refspec,
const gchar *csum,
gboolean *out_enabled)
{
GError *error = NULL;
GVariant *ret = NULL;
g_autofree gchar *remote = NULL;
glnx_unref_object OstreeGpgVerifyResult *result = NULL;
guint n_sigs, i;
gboolean gpg_verify;
g_auto(GVariantBuilder) builder;
g_variant_builder_init (&builder, G_VARIANT_TYPE ("av"));
if (!ostree_parse_refspec (origin_refspec, &remote, NULL, &error))
goto out;
if (remote)
{
if (!ostree_repo_remote_get_gpg_verify (repo, remote, &gpg_verify, &error))
goto out;
}
else
{
gpg_verify = FALSE;
}
*out_enabled = gpg_verify;
if (!gpg_verify)
goto out;
#ifdef HAVE_OSTREE_REPO_VERIFY_COMMIT_FOR_REMOTE
result = ostree_repo_verify_commit_for_remote (repo, csum, remote, NULL, &error);
#else
result = ostree_repo_verify_commit_ext (repo, csum, NULL, NULL, NULL, &error);
#endif
if (!result)
goto out;
n_sigs = ostree_gpg_verify_result_count_all (result);
if (n_sigs < 1)
goto out;
for (i = 0; i < n_sigs; i++)
{
g_variant_builder_add (&builder, "v",
ostree_gpg_verify_result_get_all (result, i));
}
ret = g_variant_builder_end (&builder);
out:
/* NOT_FOUND just means the commit is not signed. */
if (error && !g_error_matches (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
g_warning ("error loading gpg verify result %s", error->message);
g_clear_error (&error);
return ret;
}
static gboolean
print_object (OstreeRepo *repo,
OstreeObjectType objtype,
const char *checksum,
GError **error)
{
OstreeDumpFlags flags = OSTREE_DUMP_NONE;
g_autoptr(GVariant) variant = NULL;
if (!ostree_repo_load_variant (repo, objtype, checksum,
&variant, error))
return FALSE;
if (opt_raw)
flags |= OSTREE_DUMP_RAW;
ot_dump_object (objtype, checksum, variant, flags);
if (objtype == OSTREE_OBJECT_TYPE_COMMIT)
{
g_autoptr(OstreeGpgVerifyResult) result = NULL;
g_autoptr(GError) local_error = NULL;
g_autoptr(GFile) gpg_homedir = opt_gpg_homedir ? g_file_new_for_path (opt_gpg_homedir) : NULL;
if (opt_gpg_verify_remote)
{
result = ostree_repo_verify_commit_for_remote (repo, checksum, opt_gpg_verify_remote,
NULL, &local_error);
}
else
{
result = ostree_repo_verify_commit_ext (repo, checksum,
gpg_homedir, NULL, NULL,
&local_error);
}
if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
{
/* Ignore */
}
else if (local_error != NULL)
{
g_propagate_error (error, g_steal_pointer (&local_error));
return FALSE;
}
else
{
guint n_sigs = ostree_gpg_verify_result_count_all (result);
g_print ("Found %u signature%s:\n", n_sigs, n_sigs == 1 ? "" : "s");
g_autoptr(GString) buffer = g_string_sized_new (256);
for (guint ii = 0; ii < n_sigs; ii++)
{
g_string_append_c (buffer, '\n');
ostree_gpg_verify_result_describe (result, ii, buffer, " ",
OSTREE_GPG_SIGNATURE_FORMAT_DEFAULT);
}
g_print ("%s", buffer->str);
}
}
return TRUE;
}
