if (pull_data->gpg_verify)
{
- if (!ostree_repo_verify_commit (pull_data->repo,
- checksum,
- NULL,
- NULL,
- cancellable,
- error))
+ gs_unref_object OstreeGpgVerifyResult *result = NULL;
+
+ result = ostree_repo_verify_commit_ext (pull_data->repo,
+ checksum,
+ NULL,
+ NULL,
+ cancellable,
+ error);
+
+ if (result == NULL)
goto out;
+
+ /* Allow callers to output the results immediately. */
+ g_signal_emit_by_name (pull_data->repo,
+ "gpg-verify-result",
+ checksum, result);
+
+ if (ostree_gpg_verify_result_count_valid (result) == 0)
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+ "GPG signatures found, but none are in trusted keyring");
+ goto out;
+ }
}
if (!ostree_repo_load_variant (pull_data->repo, OSTREE_OBJECT_TYPE_COMMIT, checksum,
*/
typedef struct {
GObjectClass parent_class;
+
+ void (*gpg_verify_result) (OstreeRepo *self,
+ const char *checksum,
+ OstreeGpgVerifyResult *result);
} OstreeRepoClass;
enum {
PROP_PATH
};
+enum {
+ GPG_VERIFY_RESULT,
+ LAST_SIGNAL
+};
+
+static guint signals[LAST_SIGNAL] = { 0 };
+
G_DEFINE_TYPE (OstreeRepo, ostree_repo, G_TYPE_OBJECT)
GS_DEFINE_CLEANUP_FUNCTION0(GKeyFile*, local_keyfile_unref, g_key_file_unref)
"",
G_TYPE_FILE,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+
+ /**
+ * OstreeRepo::gpg-verify-result:
+ * @self: an #OstreeRepo
+ * @checksum: checksum of the signed object
+ * @result: an #OstreeGpgVerifyResult
+ *
+ * Emitted during a pull operation upon GPG verification (if enabled).
+ * Applications can connect to this signal to output the verification
+ * results if desired.
+ *
+ * The signal will be emitted from whichever #GMainContext is the
+ * thread-default at the point when ostree_repo_pull_with_options()
+ * is called.
+ */
+ signals[GPG_VERIFY_RESULT] = g_signal_new ("gpg-verify-result",
+ OSTREE_TYPE_REPO,
+ G_SIGNAL_RUN_LAST,
+ G_STRUCT_OFFSET (OstreeRepoClass, gpg_verify_result),
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 2,
+ G_TYPE_STRING,
+ OSTREE_TYPE_GPG_VERIFY_RESULT);
}
static void
projects / ostree.git / commitdiff