mode == OSTREE_REPO_MODE_BARE_USER_ONLY;
}
+#ifndef OSTREE_DISABLE_GPGME
GVariant *
_ostree_detached_metadata_append_gpg_sig (GVariant *existing_metadata,
GBytes *signature_bytes);
+#endif
GFile *
_ostree_get_default_sysroot_path (void);
}
+#ifndef OSTREE_DISABLE_GPGME
GVariant *
_ostree_detached_metadata_append_gpg_sig (GVariant *existing_metadata,
GBytes *signature_bytes)
return g_variant_dict_end (&metadata_dict);
}
+#endif /* OSTREE_DISABLE_GPGME */
/**
* _ostree_get_default_sysroot_path:
gboolean
_ostree_repo_remote_name_is_file (const char *remote_name);
+#ifndef OSTREE_DISABLE_GPGME
OstreeGpgVerifyResult *
_ostree_repo_gpg_verify_with_metadata (OstreeRepo *self,
GBytes *signed_data,
GFile *extra_keyring,
GCancellable *cancellable,
GError **error);
+#endif /* OSTREE_DISABLE_GPGME */
typedef enum {
_OSTREE_REPO_IMPORT_FLAGS_NONE,
gint n_scanned_metadata;
gboolean gpg_verify;
+ gboolean gpg_verify_summary;
gboolean require_static_deltas;
gboolean disable_static_deltas;
- gboolean gpg_verify_summary;
gboolean has_tombstone_commits;
GBytes *summary_data;
if (!_ostree_verify_metadata_object (objtype, checksum, metadata, error))
goto out;
- /* For commit objects, check the GPG signature before writing to the repo,
+ /* For commit objects, check the signature before writing to the repo,
* and also write the .commitpartial to say that we're still processing
* this commit.
*/
g_clear_pointer (&fetch_data, fetch_static_delta_data_free);
}
+#ifndef OSTREE_DISABLE_GPGME
static gboolean
process_verify_result (OtPullData *pull_data,
const char *checksum,
return TRUE;
}
+#endif /* OSTREE_DISABLE_GPGME */
static gboolean
gpg_verify_unwritten_commit (OtPullData *pull_data,
GCancellable *cancellable,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
if (pull_data->gpg_verify)
{
const char *keyring_remote = NULL;
if (!process_verify_result (pull_data, checksum, result, error))
return FALSE;
}
+#endif /* OSTREE_DISABLE_GPGME */
return TRUE;
}
GCancellable *cancellable,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
gsize i;
g_auto(GStrv) remotes = NULL;
g_autoptr(OstreeRemote) keyring_remote = NULL;
collection_id);
return NULL;
}
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return NULL;
+#endif /* OSTREE_DISABLE_GPGME */
}
#ifdef HAVE_LIBCURL_OR_LIBSOUP
GINT_TO_POINTER (depth));
}
+#ifndef OSTREE_DISABLE_GPGME
/* See comment in process_verify_result() - we now gpg check before writing,
* but also ensure we've done it here if not already.
*/
if (!process_verify_result (pull_data, checksum, result, error))
return FALSE;
}
+#endif /* OSTREE_DISABLE_GPGME */
/* If we found a legacy transaction flag, assume we have to scan.
* We always do a scan of dirtree objects; see
ot_checksum_update_bytes (&hasher, delta_superblock_data);
ot_checksum_get_digest (&hasher, actual_summary_digest, sizeof (actual_summary_digest));
+#ifndef OSTREE_DISABLE_GPGME
/* At this point we've GPG verified the data, so in theory
* could trust that they provided the right data, but let's
* make this a hard error.
"GPG verification enabled, but no summary signatures found (use gpg-verify-summary=false in remote config to disable)");
goto out;
}
+#endif /* OSTREE_DISABLE_GPGME */
if (expected_summary_digest && memcmp (expected_summary_digest, actual_summary_digest, sizeof (actual_summary_digest)))
{
pull_data->remote_name = g_strdup (pull_data->remote_refspec_name);
}
+#ifdef OSTREE_DISABLE_GPGME
+ /* Explicitly fail here if gpg verification is requested and we have no GPG support */
+ if (opt_gpg_verify_set || opt_gpg_verify_summary_set)
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ goto out;
+ }
+#endif
+
g_return_val_if_fail (OSTREE_IS_REPO (self), FALSE);
g_return_val_if_fail (pull_data->maxdepth >= -1, FALSE);
g_return_val_if_fail (!pull_data->timestamp_check || pull_data->maxdepth == 0, FALSE);
g_free (pull_data->remote_name);
pull_data->remote_name = g_strdup (remote_name_or_baseurl);
+#ifndef OSTREE_DISABLE_GPGME
/* Fetch GPG verification settings from remote if it wasn't already
* explicitly set in the options. */
if (!opt_gpg_verify_set)
if (!ostree_repo_remote_get_gpg_verify_summary (self, pull_data->remote_name,
&pull_data->gpg_verify_summary, error))
goto out;
+#endif /* OSTREE_DISABLE_GPGME */
/* NOTE: If changing this, see the matching implementation in
* ostree-sysroot-upgrader.c
goto out;
}
+#ifndef OSTREE_DISABLE_GPGME
if (!bytes_summary && pull_data->gpg_verify_summary)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
"GPG verification enabled, but no summary found (use gpg-verify-summary=false in remote config to disable)");
goto out;
}
+#endif /* OSTREE_DISABLE_GPGME */
if (!bytes_summary && pull_data->require_static_deltas)
{
goto out;
}
+#ifndef OSTREE_DISABLE_GPGME
if (!bytes_sig && pull_data->gpg_verify_summary)
{
g_set_error (error, OSTREE_GPG_ERROR, OSTREE_GPG_ERROR_NO_SIGNATURE,
}
}
}
+#endif /* OSTREE_DISABLE_GPGME */
if (bytes_summary)
{
pull_data->remote_name, g_hash_table_size (requested_refs_to_fetch));
const char *gpg_verify_state;
+#ifndef OSTREE_DISABLE_GPGME
if (pull_data->gpg_verify_summary)
{
if (pull_data->gpg_verify)
else
gpg_verify_state = (pull_data->gpg_verify ? "commit" : "disabled");
g_string_append_printf (msg, "\nsecurity: GPG: %s ", gpg_verify_state);
+#else
+ gpg_verify_state = "disabled";
+ g_string_append_printf (msg, "\nsecurity: %s ", gpg_verify_state);
+#endif /* OSTREE_DISABLE_GPGME */
+
OstreeFetcherURI *first_uri = pull_data->meta_mirrorlist->pdata[0];
g_autofree char *first_scheme = _ostree_fetcher_uri_get_scheme (first_uri);
if (g_str_has_prefix (first_scheme, "http"))
g_variant_dict_insert (&local_options_dict, "flags", "i", OSTREE_REPO_PULL_FLAGS_UNTRUSTED | flags);
g_variant_dict_insert_value (&local_options_dict, "collection-refs", g_variant_builder_end (&refs_to_pull_builder));
+#ifndef OSTREE_DISABLE_GPGME
g_variant_dict_insert (&local_options_dict, "gpg-verify", "b", TRUE);
+#else
+ g_variant_dict_insert (&local_options_dict, "gpg-verify", "b", FALSE);
+#endif /* OSTREE_DISABLE_GPGME */
g_variant_dict_insert (&local_options_dict, "gpg-verify-summary", "b", FALSE);
g_variant_dict_insert (&local_options_dict, "inherit-transaction", "b", TRUE);
if (result->remote->refspec_name != NULL)
g_autofree char *metalink_url_string = NULL;
g_autoptr(GBytes) summary = NULL;
g_autoptr(GBytes) signatures = NULL;
- gboolean ret = FALSE;
+#ifndef OSTREE_DISABLE_GPGME
gboolean gpg_verify_summary;
+#endif
+ gboolean ret = FALSE;
gboolean summary_is_from_cache;
g_return_val_if_fail (OSTREE_REPO (self), FALSE);
error))
goto out;
+#ifndef OSTREE_DISABLE_GPGME
if (!ostree_repo_remote_get_gpg_verify_summary (self, name, &gpg_verify_summary, error))
goto out;
}
}
+#else
+ g_message ("%s: GPG feature is disabled in a build time", __FUNCTION__);
+#endif /* OSTREE_DISABLE_GPGME */
+
if (out_summary != NULL)
*out_summary = g_steal_pointer (&summary);
typedef struct {
GObjectClass parent_class;
+#ifndef OSTREE_DISABLE_GPGME
void (*gpg_verify_result) (OstreeRepo *self,
const char *checksum,
OstreeGpgVerifyResult *result);
+#endif
} OstreeRepoClass;
enum {
LAST_SIGNAL
};
+#ifndef OSTREE_DISABLE_GPGME
static guint signals[LAST_SIGNAL] = { 0 };
+#endif
G_DEFINE_TYPE (OstreeRepo, ostree_repo, G_TYPE_OBJECT)
NULL,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+#ifndef OSTREE_DISABLE_GPGME
/**
* OstreeRepo::gpg-verify-result:
* @self: an #OstreeRepo
G_TYPE_NONE, 2,
G_TYPE_STRING,
OSTREE_TYPE_GPG_VERIFY_RESULT);
+#endif /* OSTREE_DISABLE_GPGME */
}
static void
ostree_repo_init (OstreeRepo *self)
{
- static gsize gpgme_initialized;
const GDebugKey test_error_keys[] = {
{ "pre-commit", OSTREE_REPO_TEST_ERROR_PRE_COMMIT },
{ "invalid-cache", OSTREE_REPO_TEST_ERROR_INVALID_CACHE },
};
+#ifndef OSTREE_DISABLE_GPGME
+ static gsize gpgme_initialized;
+
if (g_once_init_enter (&gpgme_initialized))
{
gpgme_check_version (NULL);
gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
g_once_init_leave (&gpgme_initialized, 1);
}
+#endif
self->test_error_flags = g_parse_debug_string (g_getenv ("OSTREE_REPO_TEST_ERROR"),
test_error_keys, G_N_ELEMENTS (test_error_keys));
return TRUE;
}
- return ostree_repo_get_remote_boolean_option (self, name, "gpg-verify",
+#ifndef OSTREE_DISABLE_GPGME
+ return ostree_repo_get_remote_boolean_option (self, name, "gpg-verify",
TRUE, out_gpg_verify, error);
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ if (out_gpg_verify != NULL)
+ *out_gpg_verify = FALSE;
+ return FALSE;
+#endif /* OSTREE_DISABLE_GPGME */
}
/**
gboolean *out_gpg_verify_summary,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
return ostree_repo_get_remote_boolean_option (self, name, "gpg-verify-summary",
FALSE, out_gpg_verify_summary, error);
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ if (out_gpg_verify_summary != NULL)
+ *out_gpg_verify_summary = FALSE;
+ return FALSE;
+#endif /* OSTREE_DISABLE_GPGME */
}
/**
GCancellable *cancellable,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
OstreeRemote *remote;
g_auto(gpgme_ctx_t) source_context = NULL;
g_auto(gpgme_ctx_t) target_context = NULL;
g_prefix_error (error, "GPG: ");
return ret;
+#else /* OSTREE_DISABLE_GPGME */
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return FALSE;
+#endif /* OSTREE_DISABLE_GPGME */
}
/**
error))
return FALSE;
+#ifndef OSTREE_DISABLE_GPGME
g_autoptr(GVariant) new_metadata =
_ostree_detached_metadata_append_gpg_sig (metadata, signature_bytes);
return FALSE;
return TRUE;
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return FALSE;
+#endif /* OSTREE_DISABLE_GPGME */
}
+#ifndef OSTREE_DISABLE_GPGME
static gboolean
sign_data (OstreeRepo *self,
GBytes *input_data,
*out_signature = g_mapped_file_get_bytes (signature_file);
return TRUE;
}
+#endif /* OSTREE_DISABLE_GPGME */
/**
* ostree_repo_sign_commit:
GCancellable *cancellable,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
g_autoptr(GBytes) commit_data = NULL;
g_autoptr(GBytes) signature = NULL;
return FALSE;
return TRUE;
+#else
+ /* FIXME: Return false until refactoring */
+ return FALSE;
+#endif /* OSTREE_DISABLE_GPGME */
}
/**
GCancellable *cancellable,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
glnx_autofd int fd = -1;
if (!glnx_openat_rdonly (self->repo_dir_fd, "summary", TRUE, &fd, error))
return FALSE;
return FALSE;
return TRUE;
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return FALSE;
+#endif /* OSTREE_DISABLE_GPGME */
}
+#ifndef OSTREE_DISABLE_GPGME
/* Special remote for _ostree_repo_gpg_verify_with_metadata() */
static const char *OSTREE_ALL_REMOTES = "__OSTREE_ALL_REMOTES__";
keyringdir, extra_keyring,
cancellable, error);
}
+#endif /* OSTREE_DISABLE_GPGME */
/**
* ostree_repo_verify_commit:
GCancellable *cancellable,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
g_autoptr(OstreeGpgVerifyResult) result = NULL;
result = ostree_repo_verify_commit_ext (self, commit_checksum,
if (!ostree_gpg_verify_result_require_valid_signature (result, error))
return glnx_prefix_error (error, "Commit %s", commit_checksum);
return TRUE;
+#else
+ /* FIXME: Return false until refactoring */
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return FALSE;
+#endif /* OSTREE_DISABLE_GPGME */
}
/**
GCancellable *cancellable,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
return _ostree_repo_verify_commit_internal (self,
commit_checksum,
NULL,
extra_keyring,
cancellable,
error);
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return NULL;
+#endif /* OSTREE_DISABLE_GPGME */
}
/**
GCancellable *cancellable,
GError **error)
{
+#ifndef OSTREE_DISABLE_GPGME
return _ostree_repo_verify_commit_internal (self,
commit_checksum,
remote_name,
NULL,
cancellable,
error);
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return NULL;
+#endif /* OSTREE_DISABLE_GPGME */
}
/**
g_return_val_if_fail (data != NULL, NULL);
g_return_val_if_fail (signatures != NULL, NULL);
+#ifndef OSTREE_DISABLE_GPGME
return _ostree_repo_gpg_verify_data_internal (self,
(remote_name != NULL) ? remote_name : OSTREE_ALL_REMOTES,
data,
extra_keyring,
cancellable,
error);
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return NULL;
+#endif /* OSTREE_DISABLE_GPGME */
}
/**
signatures_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT,
signatures, FALSE);
+#ifndef OSTREE_DISABLE_GPGME
return _ostree_repo_gpg_verify_with_metadata (self,
summary,
signatures_variant,
NULL, NULL,
cancellable,
error);
+#else
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ "'%s': GPG feature is disabled in a build time",
+ __FUNCTION__);
+ return NULL;
+#endif /* OSTREE_DISABLE_GPGME */
}
/* Add an entry for a @ref ↦ @checksum mapping to an `a(s(t@ay@a{sv}))`
char **out_url,
GError **error);
-_OSTREE_PUBLIC
-gboolean ostree_repo_remote_get_gpg_verify (OstreeRepo *self,
- const char *name,
- gboolean *out_gpg_verify,
- GError **error);
-
-_OSTREE_PUBLIC
-gboolean ostree_repo_remote_get_gpg_verify_summary (OstreeRepo *self,
- const char *name,
- gboolean *out_gpg_verify_summary,
- GError **error);
-
_OSTREE_PUBLIC
gboolean ostree_repo_get_remote_option (OstreeRepo *self,
const char *remote_name,
gboolean *out_value,
GError **error);
-_OSTREE_PUBLIC
-gboolean ostree_repo_remote_gpg_import (OstreeRepo *self,
- const char *name,
- GInputStream *source_stream,
- const char * const *key_ids,
- guint *out_imported,
- GCancellable *cancellable,
- GError **error);
_OSTREE_PUBLIC
gboolean ostree_repo_remote_fetch_summary (OstreeRepo *self,
GCancellable *cancellable,
GError **error);
-_OSTREE_PUBLIC
-gboolean
-ostree_repo_add_gpg_signature_summary (OstreeRepo *self,
- const gchar **key_id,
- const gchar *homedir,
- GCancellable *cancellable,
- GError **error);
-
-_OSTREE_PUBLIC
-gboolean ostree_repo_append_gpg_signature (OstreeRepo *self,
- const gchar *commit_checksum,
- GBytes *signature_bytes,
- GCancellable *cancellable,
- GError **error);
_OSTREE_PUBLIC
gboolean ostree_repo_verify_commit (OstreeRepo *self,
GCancellable *cancellable,
GError **error);
+_OSTREE_PUBLIC
+gboolean ostree_repo_remote_get_gpg_verify (OstreeRepo *self,
+ const char *name,
+ gboolean *out_gpg_verify,
+ GError **error);
+
+_OSTREE_PUBLIC
+gboolean ostree_repo_remote_get_gpg_verify_summary (OstreeRepo *self,
+ const char *name,
+ gboolean *out_gpg_verify_summary,
+ GError **error);
+_OSTREE_PUBLIC
+gboolean ostree_repo_remote_gpg_import (OstreeRepo *self,
+ const char *name,
+ GInputStream *source_stream,
+ const char * const *key_ids,
+ guint *out_imported,
+ GCancellable *cancellable,
+ GError **error);
+
+_OSTREE_PUBLIC
+gboolean ostree_repo_add_gpg_signature_summary (OstreeRepo *self,
+ const gchar **key_id,
+ const gchar *homedir,
+ GCancellable *cancellable,
+ GError **error);
+
+_OSTREE_PUBLIC
+gboolean ostree_repo_append_gpg_signature (OstreeRepo *self,
+ const gchar *commit_checksum,
+ GBytes *signature_bytes,
+ GCancellable *cancellable,
+ GError **error);
+
_OSTREE_PUBLIC
OstreeGpgVerifyResult * ostree_repo_verify_commit_ext (OstreeRepo *self,
const gchar *commit_checksum,
#include <ot-variant-utils.h>
#include <ot-variant-builder.h>
#include <ot-checksum-utils.h>
-#include <ot-gpg-utils.h>
#include <ot-checksum-instream.h>
#include <ot-tool-util.h>
+
+#ifndef OSTREE_DISABLE_GPGME
+#include <ot-gpg-utils.h>
+#endif
{ "fsck", OSTREE_BUILTIN_FLAG_NONE,
ostree_builtin_fsck,
"Check the repository for consistency" },
+#ifndef OSTREE_DISABLE_GPGME
{ "gpg-sign", OSTREE_BUILTIN_FLAG_NONE,
ostree_builtin_gpg_sign,
"Sign a commit" },
+#endif /* OSTREE_DISABLE_GPGME */
{ "init", OSTREE_BUILTIN_FLAG_NO_CHECK,
ostree_builtin_init,
"Initialize a new empty repository" },
{ NULL }
};
+#ifndef OSTREE_DISABLE_GPGME
static gboolean
deployment_get_gpg_verify (OstreeDeployment *deployment,
OstreeRepo *repo)
return gpg_verify;
}
+#endif /* OSTREE_DISABLE_GPGME */
static gboolean
g_print (" `- %s\n", source_title);
}
+#ifndef OSTREE_DISABLE_GPGME
if (deployment_get_gpg_verify (deployment, repo))
{
g_autoptr(GString) output_buffer = g_string_sized_new (256);
g_print ("%s", output_buffer->str);
}
+#endif /* OSTREE_DISABLE_GPGME */
return TRUE;
}
static gint opt_owner_uid = -1;
static gint opt_owner_gid = -1;
static gboolean opt_table_output;
+#ifndef OSTREE_DISABLE_GPGME
static char **opt_key_ids;
static char *opt_gpg_homedir;
+#endif
static gboolean opt_generate_sizes;
static gboolean opt_disable_fsync;
static char *opt_timestamp;
{ "skip-list", 0, 0, G_OPTION_ARG_FILENAME, &opt_skiplist_file, "File containing list of files to skip", "PATH" },
{ "consume", 0, 0, G_OPTION_ARG_NONE, &opt_consume, "Consume (delete) content after commit (for local directories)", NULL },
{ "table-output", 0, 0, G_OPTION_ARG_NONE, &opt_table_output, "Output more information in a KEY: VALUE format", NULL },
+#ifndef OSTREE_DISABLE_GPGME
{ "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_key_ids, "GPG Key ID to sign the commit with", "KEY-ID"},
{ "gpg-homedir", 0, 0, G_OPTION_ARG_FILENAME, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "HOMEDIR"},
+#endif
{ "generate-sizes", 0, 0, G_OPTION_ARG_NONE, &opt_generate_sizes, "Generate size information along with commit metadata", NULL },
{ "disable-fsync", 0, G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE, &opt_disable_fsync, "Do not invoke fsync()", NULL },
{ "fsync", 0, 0, G_OPTION_ARG_CALLBACK, parse_fsync_cb, "Specify how to invoke fsync()", "POLICY" },
goto out;
}
+#ifndef OSTREE_DISABLE_GPGME
if (opt_key_ids)
{
char **iter;
goto out;
}
}
+#endif
if (opt_branch)
ostree_repo_transaction_set_ref (repo, NULL, opt_branch, commit_checksum);
{ NULL }
};
+#ifndef OSTREE_DISABLE_GPGME
static void
gpg_verify_result_cb (OstreeRepo *repo,
const char *checksum,
glnx_console_lock (console);
}
+#endif /* OSTREE_DISABLE_GPGME */
static gboolean printed_console_progress;
if (console.is_tty)
{
+#ifndef OSTREE_DISABLE_GPGME
signal_handler_id = g_signal_connect (repo, "gpg-verify-result",
G_CALLBACK (gpg_verify_result_cb),
&console);
+#endif /* OSTREE_DISABLE_GPGME */
}
options = g_variant_ref_sink (g_variant_builder_end (&builder));
{ "list", OSTREE_BUILTIN_FLAG_NONE,
ot_remote_builtin_list,
"List remote repository names" },
+#ifndef OSTREE_DISABLE_GPGME
{ "gpg-import", OSTREE_BUILTIN_FLAG_NONE,
ot_remote_builtin_gpg_import,
"Import GPG keys" },
+#endif /* OSTREE_DISABLE_GPGME */
#ifdef HAVE_LIBCURL_OR_LIBSOUP
{ "add-cookie", OSTREE_BUILTIN_FLAG_NONE,
ot_remote_builtin_add_cookie,
flags |= OSTREE_DUMP_UNSWAPPED;
ot_dump_object (objtype, checksum, variant, flags);
+#ifndef OSTREE_DISABLE_GPGME
if (objtype == OSTREE_OBJECT_TYPE_COMMIT)
{
g_autoptr(OstreeGpgVerifyResult) result = NULL;
g_print ("%s", buffer->str);
}
}
+#endif /* OSTREE_DISABLE_GPGME */
return TRUE;
}
if (!ostree_repo_regenerate_summary (repo, additional_metadata, cancellable, error))
return FALSE;
+#ifndef OSTREE_DISABLE_GPGME
if (opt_key_ids)
{
if (!ostree_repo_add_gpg_signature_summary (repo,
error))
return FALSE;
}
+#endif
}
else if (opt_view || opt_raw)
{
BUILTINPROTO(export);
BUILTINPROTO(find_remotes);
BUILTINPROTO(create_usb);
+#ifndef OSTREE_DISABLE_GPGME
BUILTINPROTO(gpg_sign);
+#endif
BUILTINPROTO(init);
BUILTINPROTO(log);
BUILTINPROTO(pull);
return TRUE;
}
+#ifndef OSTREE_DISABLE_GPGME
void
ostree_print_gpg_verify_result (OstreeGpgVerifyResult *result)
{
g_print ("%s", buffer->str);
}
+#endif /* OSTREE_DISABLE_GPGME */
gboolean
ot_enable_tombstone_commits (OstreeRepo *repo, GError **error)
subkey, g_variant_new_variant (g_variant_new_string (subvalue)));
}
+#ifndef OSTREE_DISABLE_GPGME
if (opt_no_gpg_verify)
g_variant_builder_add (optbuilder, "{s@v}",
"gpg-verify",
g_variant_new_variant (g_variant_new_boolean (FALSE)));
+#endif /* OSTREE_DISABLE_GPGME */
if (opt_collection_id != NULL)
g_variant_builder_add (optbuilder, "{s@v}", "collection-id",
cancellable, error))
goto out;
+#ifndef OSTREE_DISABLE_GPGME
/* This is just a convenience option and is not as flexible as the full
* "ostree remote gpg-import" command. It imports all keys from a file,
* which is likely the most common case.
g_print ("Imported %u GPG key%s to remote \"%s\"\n",
imported, (imported == 1) ? "" : "s", remote_name);
}
+#endif /* OSTREE_DISABLE_GPGME */
ret = TRUE;
out:
g_autoptr(GBytes) summary_bytes = NULL;
g_autoptr(GBytes) signature_bytes = NULL;
OstreeDumpFlags flags = OSTREE_DUMP_NONE;
+#ifndef OSTREE_DISABLE_GPGME
gboolean gpg_verify_summary;
+#endif
gboolean ret = FALSE;
context = g_option_context_new ("NAME");
ot_dump_summary_bytes (summary_bytes, flags);
+#ifndef OSTREE_DISABLE_GPGME
if (!ostree_repo_remote_get_gpg_verify_summary (repo, remote_name,
&gpg_verify_summary,
error))
g_print ("\n");
ostree_print_gpg_verify_result (result);
}
+#endif /* OSTREE_DISABLE_GPGME */
ret = TRUE;
out:
projects / ostree.git / commitdiff