GHashTable *summary_deltas_checksums;
GHashTable *ref_original_commits; /* Maps checksum to commit, used by timestamp checks */
GHashTable *verified_commits; /* Set<checksum> of commits that have been verified */
+ GHashTable *signapi_verified_commits; /* Map<checksum,verification> of commits that have been signapi verified */
GHashTable *ref_keyring_map; /* Maps OstreeCollectionRef to keyring remote name */
GPtrArray *static_delta_superblocks;
GHashTable *expected_commit_sizes; /* Maps commit checksum to known size */
_sign_verify_for_remote (GPtrArray *signers,
GBytes *signed_data,
GVariant *metadata,
+ char **out_success_message,
GError **error);
gboolean
_sign_verify_for_remote (GPtrArray *verifiers,
GBytes *signed_data,
GVariant *metadata,
+ char **out_success_message,
GError **error)
{
guint n_invalid_signatures = 0;
g_autoptr (GError) last_sig_error = NULL;
gboolean found_sig = FALSE;
+ g_assert (out_success_message == NULL || *out_success_message == NULL);
+
g_assert_cmpuint (verifiers->len, >=, 1);
for (guint i = 0; i < verifiers->len; i++)
{
found_sig = TRUE;
+ g_autofree char *success_message = NULL;
/* Return true if any signature fit to pre-loaded public keys.
* If no keys configured -- then system configuration will be used */
if (!ostree_sign_data_verify (sign,
signed_data,
signatures,
+ &success_message,
last_sig_error ? NULL : &last_sig_error))
{
n_invalid_signatures++;
continue;
}
/* Accept the first valid signature */
+ if (out_success_message)
+ *out_success_message = g_steal_pointer (&success_message);
return TRUE;
}
GCancellable *cancellable,
GError **error)
{
-
- if (pull_data->gpg_verify || pull_data->signapi_commit_verifiers)
- /* Shouldn't happen, but see comment in process_gpg_verify_result() */
- if (g_hash_table_contains (pull_data->verified_commits, checksum))
- return TRUE;
+ /* Shouldn't happen, but see comment in process_gpg_verify_result() */
+ if ((!pull_data->gpg_verify || g_hash_table_contains (pull_data->verified_commits, checksum))
+ && (!pull_data->signapi_commit_verifiers || g_hash_table_contains (pull_data->signapi_verified_commits, checksum)))
+ return TRUE;
g_autoptr(GBytes) signed_data = g_variant_get_data_as_bytes (commit);
if (detached_metadata == NULL)
return glnx_throw (error, "Can't verify commit without detached metadata");
- if (!_sign_verify_for_remote (pull_data->signapi_commit_verifiers, signed_data, detached_metadata, error))
+ g_autofree char *success_message = NULL;
+ if (!_sign_verify_for_remote (pull_data->signapi_commit_verifiers, signed_data, detached_metadata, &success_message, error))
return glnx_prefix_error (error, "Can't verify commit");
/* Mark the commit as verified to avoid double verification
* see process_verify_result () for rationale */
- g_hash_table_add (pull_data->verified_commits, g_strdup (checksum));
+ g_hash_table_insert (pull_data->signapi_verified_commits, g_strdup (checksum), g_steal_pointer (&success_message));
}
return TRUE;
#endif /* OSTREE_DISABLE_GPGME */
if (pull_data->signapi_commit_verifiers &&
- !g_hash_table_contains (pull_data->verified_commits, checksum))
+ !g_hash_table_contains (pull_data->signapi_verified_commits, checksum))
{
g_autoptr(GError) last_verification_error = NULL;
gboolean found_any_signature = FALSE;
gboolean found_valid_signature = FALSE;
+ g_autofree char *success_message = NULL;
for (guint i = 0; i < pull_data->signapi_commit_verifiers->len; i++)
{
if (ostree_sign_commit_verify (sign,
pull_data->repo,
checksum,
+ &success_message,
cancellable,
last_verification_error ? NULL : &last_verification_error))
{
g_propagate_error (error, g_steal_pointer (&last_verification_error));
return glnx_prefix_error (error, "Can't verify commit %s", checksum);
}
+ g_assert (success_message);
+ g_hash_table_insert (pull_data->signapi_verified_commits, g_strdup (checksum), g_steal_pointer (&success_message));
}
/* If we found a legacy transaction flag, assume we have to scan.
(GDestroyNotify)g_free);
pull_data->verified_commits = g_hash_table_new_full (g_str_hash, g_str_equal,
(GDestroyNotify)g_free, NULL);
+ pull_data->signapi_verified_commits = g_hash_table_new_full (g_str_hash, g_str_equal,
+ (GDestroyNotify)g_free, NULL);
pull_data->ref_keyring_map = g_hash_table_new_full (ostree_collection_ref_hash, ostree_collection_ref_equal,
(GDestroyNotify)ostree_collection_ref_free, (GDestroyNotify)g_free);
pull_data->scanned_metadata = g_hash_table_new_full (ostree_hash_object_name, g_variant_equal,
g_assert (pull_data->signapi_summary_verifiers);
- if (!_sign_verify_for_remote (pull_data->signapi_summary_verifiers, bytes_summary, signatures, &temp_error))
+ if (!_sign_verify_for_remote (pull_data->signapi_summary_verifiers, bytes_summary, signatures, NULL, &temp_error))
{
if (summary_from_cache)
{
cancellable, error))
goto out;
- if (!_sign_verify_for_remote (pull_data->signapi_summary_verifiers, bytes_summary, signatures, error))
+ if (!_sign_verify_for_remote (pull_data->signapi_summary_verifiers, bytes_summary, signatures, NULL, error))
goto out;
}
else
const guint n_seconds = (guint) ((end_time - pull_data->start_time) / G_USEC_PER_SEC);
g_autofree char *formatted_xferred = g_format_size (bytes_transferred);
g_string_append_printf (msg, "\ntransfer: secs: %u size: %s", n_seconds, formatted_xferred);
+ if (pull_data->signapi_commit_verifiers)
+ {
+ g_assert_cmpuint (g_hash_table_size (pull_data->signapi_verified_commits), >, 0);
+ }
ot_journal_send ("MESSAGE=%s", msg->str,
"MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(OSTREE_MESSAGE_FETCH_COMPLETE_ID),
g_clear_pointer (&pull_data->ref_original_commits, (GDestroyNotify) g_hash_table_unref);
g_free (pull_data->timestamp_check_from_rev);
g_clear_pointer (&pull_data->verified_commits, (GDestroyNotify) g_hash_table_unref);
+ g_clear_pointer (&pull_data->signapi_verified_commits, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->ref_keyring_map, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->requested_content, (GDestroyNotify) g_hash_table_unref);
g_clear_pointer (&pull_data->requested_fallback_content, (GDestroyNotify) g_hash_table_unref);
sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT,
signatures, FALSE);
- if (!_sign_verify_for_remote (signapi_summary_verifiers, summary, sig_variant, error))
+ if (!_sign_verify_for_remote (signapi_summary_verifiers, summary, sig_variant, NULL, error))
goto out;
}
}
gboolean ostree_sign_dummy_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
+ char **out_success_message,
GError **error)
{
if (!check_dummy_sign_enabled (error))
g_debug("Stored signature %d: %s", (gint)i, sign->pk_ascii);
if (!g_strcmp0(sign_ascii, sign->pk_ascii))
- return TRUE;
+ {
+ if (out_success_message)
+ *out_success_message = g_strdup ("dummy: Signature verified");
+ return TRUE;
+ }
else
return glnx_throw (error, "signature: dummy: incorrect signature %" G_GSIZE_FORMAT, i);
}
gboolean ostree_sign_dummy_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
+ char **success_message,
GError **error);
const gchar * ostree_sign_dummy_metadata_key (OstreeSign *self);
gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
+ char **out_success_message,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
}
else
{
- g_debug ("Signature verified successfully with key '%s'",
- sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
+ if (out_success_message)
+ {
+ *out_success_message =
+ g_strdup_printf ("ed25519: Signature verified successfully with key '%s'",
+ sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
+ }
return TRUE;
}
}
gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
+ char **out_success_message,
GError **error);
const gchar * ostree_sign_ed25519_get_name (OstreeSign *self);
ostree_sign_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
+ char **out_success_message,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (OSTREE_SIGN_GET_IFACE (self)->data_verify == NULL)
return glnx_throw (error, "not implemented");
- return OSTREE_SIGN_GET_IFACE (self)->data_verify(self, data, signatures, error);
+ return OSTREE_SIGN_GET_IFACE (self)->data_verify(self, data, signatures, out_success_message, error);
}
/*
ostree_sign_commit_verify (OstreeSign *self,
OstreeRepo *repo,
const gchar *commit_checksum,
+ char **out_success_message,
GCancellable *cancellable,
GError **error)
return ostree_sign_data_verify (self,
signed_data,
signatures,
+ out_success_message,
error);
}
gboolean (* data_verify) (OstreeSign *self,
GBytes *data,
GVariant *signatures,
+ char **out_success_message,
GError **error);
const gchar *(* metadata_key) (OstreeSign *self);
const gchar *(* metadata_format) (OstreeSign *self);
gboolean ostree_sign_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
+ char **out_success_message,
GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_commit_verify (OstreeSign *self,
OstreeRepo *repo,
const gchar *commit_checksum,
+ char **out_success_message,
GCancellable *cancellable,
GError **error);
g_autoptr (OstreeRepo) repo = NULL;
g_autoptr (OstreeSign) sign = NULL;
g_autofree char *resolved_commit = NULL;
+ g_autofree char *success_message = NULL;
const char *commit;
char **key_ids;
int n_key_ids, ii;
if (ostree_sign_commit_verify (sign,
repo,
resolved_commit,
+ &success_message,
cancellable,
&local_error))
{
+ g_assert (success_message);
+ g_print ("%s\n", success_message);
ret = TRUE;
goto out;
}
if (ostree_sign_commit_verify (sign,
repo,
resolved_commit,
+ &success_message,
cancellable,
error))
- ret = TRUE;
+ {
+ g_print ("%s\n", success_message);
+ ret = TRUE;
+ }
} /* Check via file */
}
else
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy ${COMMIT} ${DUMMYSIGN}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=ed25519 ${COMMIT} ${SECRET}
# and verify
-${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${PUBLIC}
-${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN}
+${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${PUBLIC} >out.txt
+assert_file_has_content out.txt "ed25519: Signature verified successfully with key"
+${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} >out.txt
+assert_file_has_content out.txt "dummy: Signature verified"
echo "ok multiple signing "
# Prepare files with public ed25519 signatures
# Test with single key in list
echo ${PUBLIC} > ${PUBKEYS}
-${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}
+${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} >out.txt
+assert_file_has_content out.txt 'ed25519: Signature verified successfully'
# Test the file with multiple keys without a valid public key
for((i=0;i<100;i++)); do
projects / ostree.git / commitdiff