projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 30909a2) | patch
Add an API to verify a commit signature explicitly
authorColin Walters <walters@verbum.org>
Mon, 12 Apr 2021 22:42:05 +0000 (18:42 -0400)
committerColin Walters <walters@verbum.org>
Mon, 30 Aug 2021 17:27:38 +0000 (13:27 -0400)
commit359435de843ce2a1e94941c24ec4ddd7d5a7bccb
treee1d745d1575c30526c7d5074a285703fe720bc45tree | snapshot
parent30909a28f2aff54b615837a184f53509cbccc381commit | diff
Add an API to verify a commit signature explicitly

We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi.  Further, they
require the caller to check the signature status explicitly
which seems like a trap.

This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support.  There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
Makefile-tests.am diff | blob | history
apidoc/ostree-sections.txt diff | blob | history
src/libostree/libostree-devel.sym diff | blob | history
src/libostree/ostree-repo-pull-verify.c diff | blob | history
src/libostree/ostree-repo.h diff | blob | history
src/ostree/ot-admin-builtin-status.c diff | blob | history
tests/.gitignore diff | blob | history
tests/test-admin-gpg.sh diff | blob | history
tests/test-commit-sign-sh-ext.c [new file with mode: 0644] blob
tests/test-commit-sign.sh diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.