repo: Factor out the check of gpg result to a separate function

I plan to add a function for verifying any data which may return the
error about lack of trusted signatures, so let's avoid the redundancy
and put the check in the separate function.

Closes: #310
Approved by: cgwalters

diff --git a/apidoc/ostree-sections.txt b/apidoc/ostree-sections.txt
index 105783f48caef0eff4063402cf5e3d5875095997..9ce28ee5f25708afa04680e12cdab28f384fbc87 100644 (file)
--- a/apidoc/ostree-sections.txt
+++ b/apidoc/ostree-sections.txt
@@ -185,6 +185,7 @@ ostree_gpg_verify_result_get_all
 OstreeGpgSignatureFormatFlags
 ostree_gpg_verify_result_describe
 ostree_gpg_verify_result_describe_variant
+ostree_gpg_verify_result_require_valid_signature
 <SUBSECTION Standard>
 OSTREE_GPG_VERIFY_RESULT
 OSTREE_IS_GPG_VERIFY_RESULT

diff --git a/src/libostree/libostree.sym b/src/libostree/libostree.sym
index 71f4bc9b9a095162c05d4fc1e45cce9b3bb27ad4..24f6723b34d8cdd5751a40a6c368a2b914d3d118 100644 (file)
--- a/src/libostree/libostree.sym
+++ b/src/libostree/libostree.sym
@@ -340,6 +340,7 @@ global:
 
 LIBOSTREE_2016.6 {
 global:
-        ostree_repo_remote_fetch_summary_with_options;
+        ostree_gpg_verify_result_require_valid_signature;
         ostree_raw_file_to_archive_z2_stream;
+        ostree_repo_remote_fetch_summary_with_options;
 } LIBOSTREE_2016.5;

diff --git a/src/libostree/ostree-gpg-verify-result.c b/src/libostree/ostree-gpg-verify-result.c
index 37fbfb5cd93aa0ec70aa623ea4817721f1f7d7dc..d72856c939d1b647f7d4bb9c5bdf3fafaf4f1f23 100644 (file)
--- a/src/libostree/ostree-gpg-verify-result.c
+++ b/src/libostree/ostree-gpg-verify-result.c
@@ -622,3 +622,33 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant,
         }
     }
 }
+
+/**
+ * ostree_gpg_verify_result_require_valid_signature:
+ * @result: (nullable): an #OstreeGpgVerifyResult
+ * @error: A #GError
+ *
+ * Checks if the result contains at least one signature from the
+ * trusted keyring.  You can call this function immediately after
+ * ostree_repo_verify_summary() or ostree_repo_verify_commit_ext() -
+ * it will handle the %NULL @result and filled @error too.
+ *
+ * Returns: %TRUE if @result was not %NULL and had at least one
+ * signature from trusted keyring, otherwise %FALSE
+ */
+gboolean
+ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
+                                                  GError **error)
+{
+  if (result == NULL)
+    return FALSE;
+
+  if (ostree_gpg_verify_result_count_valid (result) == 0)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                           "GPG signatures found, but none are in trusted keyring");
+      return FALSE;
+    }
+
+  return TRUE;
+}

diff --git a/src/libostree/ostree-gpg-verify-result.h b/src/libostree/ostree-gpg-verify-result.h
index 8894afdf1784ca46c47879817750dbbdec0f5b33..f95125384fb88e247a688a06775a7e82c01d2cc2 100644 (file)
--- a/src/libostree/ostree-gpg-verify-result.h
+++ b/src/libostree/ostree-gpg-verify-result.h
@@ -133,4 +133,8 @@ void ostree_gpg_verify_result_describe_variant (GVariant *variant,
                                                 const gchar *line_prefix,
                                                 OstreeGpgSignatureFormatFlags flags);
 
+_OSTREE_PUBLIC
+gboolean ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
+                                                           GError **error);
+
 G_END_DECLS

diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index 65b955ace4713dc7e5faca0012214ae7b5603020..1b08162d5eeca302a65153496359b4832b44c169 100644 (file)
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -2116,15 +2116,8 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo    *self,
                                            signatures,
                                            cancellable,
                                            error);
-      if (result == NULL)
+      if (!ostree_gpg_verify_result_require_valid_signature (result, error))
         goto out;
-
-      if (ostree_gpg_verify_result_count_valid (result) == 0)
-        {
-          g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                               "GPG signatures found, but none are in trusted keyring");
-          goto out;
-        }
     }
 
   if (out_summary != NULL)
@@ -4838,25 +4831,12 @@ ostree_repo_verify_commit (OstreeRepo   *self,
                            GError      **error)
 {
   glnx_unref_object OstreeGpgVerifyResult *result = NULL;
-  gboolean ret = FALSE;
 
   result = ostree_repo_verify_commit_ext (self, commit_checksum,
                                           keyringdir, extra_keyring,
                                           cancellable, error);
-  if (result == NULL)
-    goto out;
 
-  if (ostree_gpg_verify_result_count_valid (result) == 0)
-    {
-      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                   "GPG signatures found, but none are in trusted keyring");
-      goto out;
-    }
-
-  ret = TRUE;
-
- out:
-  return ret;
+  return ostree_gpg_verify_result_require_valid_signature (result, error);
 }
 
 /**