static GVariant * rpmostreed_deployment_gpg_results (OstreeRepo *repo, const gchar *origin_refspec, const gchar *csum, gboolean *out_enabled) { GError *error = NULL; GVariant *ret = NULL; g_autofree gchar *remote = NULL; glnx_unref_object OstreeGpgVerifyResult *result = NULL; guint n_sigs, i; gboolean gpg_verify; g_auto(GVariantBuilder) builder; g_variant_builder_init (&builder, G_VARIANT_TYPE ("av")); if (!ostree_parse_refspec (origin_refspec, &remote, NULL, &error)) goto out; if (remote) { if (!ostree_repo_remote_get_gpg_verify (repo, remote, &gpg_verify, &error)) goto out; } else { gpg_verify = FALSE; } *out_enabled = gpg_verify; if (!gpg_verify) goto out; #ifdef HAVE_OSTREE_REPO_VERIFY_COMMIT_FOR_REMOTE result = ostree_repo_verify_commit_for_remote (repo, csum, remote, NULL, &error); #else result = ostree_repo_verify_commit_ext (repo, csum, NULL, NULL, NULL, &error); #endif if (!result) goto out; n_sigs = ostree_gpg_verify_result_count_all (result); if (n_sigs < 1) goto out; for (i = 0; i < n_sigs; i++) { g_variant_builder_add (&builder, "v", ostree_gpg_verify_result_get_all (result, i)); } ret = g_variant_builder_end (&builder); out: /* NOT_FOUND just means the commit is not signed. */ if (error && !g_error_matches (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND)) g_warning ("error loading gpg verify result %s", error->message); g_clear_error (&error); return ret; }
static gboolean print_object (OstreeRepo *repo, OstreeObjectType objtype, const char *checksum, GError **error) { OstreeDumpFlags flags = OSTREE_DUMP_NONE; g_autoptr(GVariant) variant = NULL; if (!ostree_repo_load_variant (repo, objtype, checksum, &variant, error)) return FALSE; if (opt_raw) flags |= OSTREE_DUMP_RAW; ot_dump_object (objtype, checksum, variant, flags); if (objtype == OSTREE_OBJECT_TYPE_COMMIT) { g_autoptr(OstreeGpgVerifyResult) result = NULL; g_autoptr(GError) local_error = NULL; g_autoptr(GFile) gpg_homedir = opt_gpg_homedir ? g_file_new_for_path (opt_gpg_homedir) : NULL; if (opt_gpg_verify_remote) { result = ostree_repo_verify_commit_for_remote (repo, checksum, opt_gpg_verify_remote, NULL, &local_error); } else { result = ostree_repo_verify_commit_ext (repo, checksum, gpg_homedir, NULL, NULL, &local_error); } if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND)) { /* Ignore */ } else if (local_error != NULL) { g_propagate_error (error, g_steal_pointer (&local_error)); return FALSE; } else { guint n_sigs = ostree_gpg_verify_result_count_all (result); g_print ("Found %u signature%s:\n", n_sigs, n_sigs == 1 ? "" : "s"); g_autoptr(GString) buffer = g_string_sized_new (256); for (guint ii = 0; ii < n_sigs; ii++) { g_string_append_c (buffer, '\n'); ostree_gpg_verify_result_describe (result, ii, buffer, " ", OSTREE_GPG_SIGNATURE_FORMAT_DEFAULT); } g_print ("%s", buffer->str); } } return TRUE; }