Skip to content

Commit

Permalink
lib/sign: read ed25519 public keys from well known places
Browse files Browse the repository at this point in the history 
If not provided key of file name with keys for remote, then try to use
system defaults:
- /etc/ostree/trusted.ed25519
- /etc/ostree/trusted.ed25519.d/*
- /usr/share/ostree/trusted.ed25519
- /usr/share/ostree/trusted.ed25519.d/*

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
  • Loading branch information
@d4s
d4s committed Aug 28, 2019
1 parent d3cae6e commit a6bafa6
Showing 1 changed file with 77 additions and 24 deletions.
101 changes: 77 additions & 24 deletions src/libostree/ostree-sign-ed25519.c
View file
Expand Up @@ -479,39 +479,20 @@ _load_pk_from_stream (OstreeSign *self, GDataInputStream *key_data_in, GError **
return FALSE;
}

gboolean
ostree_sign_ed25519_load_pk (OstreeSign *self,
GVariant *options,
GError **error)
static gboolean
_load_pk_from_file (OstreeSign *self,
const gchar *filename,
GError **error)
{
g_debug ("%s enter", __FUNCTION__);

OstreeSignEd25519 *sign = ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));

g_autoptr (GFile) keyfile = NULL;
g_autoptr (GFileInputStream) key_stream_in = NULL;
g_autoptr (GDataInputStream) key_data_in = NULL;

const gchar *filename = NULL;

/* Clear already loaded keys */
if (sign->public_keys != NULL)
{
g_list_free_full (sign->public_keys, g_object_unref);
sign->public_keys = NULL;
}

/* Read filename or use will-known if not provided */
if (! g_variant_lookup (options, "filename", "&s", &filename))
{
/* TODO: define well-known places to read */
/* TODO: scan directories */
filename = "/etc/ostree/trusted.ed25519";
}

if (!g_file_test (filename, G_FILE_TEST_IS_REGULAR))
{
g_debug ("Can't open file '%s' with pulic keys", filename);
g_debug ("Can't open file '%s' with public keys", filename);
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"File object '%s' is not a regular file", filename);
goto err;
Expand All @@ -533,3 +514,75 @@ ostree_sign_ed25519_load_pk (OstreeSign *self,
return FALSE;
}

gboolean
ostree_sign_ed25519_load_pk (OstreeSign *self,
GVariant *options,
GError **error)
{
g_debug ("%s enter", __FUNCTION__);

gboolean ret = FALSE;

/* Default paths there to find files with public keys */
const gchar *default_dirs[] =
{
"/etc/ostree/trusted.ed25519.d",
DATADIR "/ostree/trusted.ed25519.d"
};
const gchar *default_files[] =
{
"/etc/ostree/trusted.ed25519",
DATADIR "/ostree/trusted.ed25519"
};

OstreeSignEd25519 *sign = ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));

const gchar *filename = NULL;

/* Clear already loaded keys */
if (sign->public_keys != NULL)
{
g_list_free_full (sign->public_keys, g_object_unref);
sign->public_keys = NULL;
}

/* Read only file provided */
if (g_variant_lookup (options, "filename", "&s", &filename))
return _load_pk_from_file (self, filename, error);

/* Scan all well-known files and directories */
for (gint i=0; i < G_N_ELEMENTS(default_files); i++)
if (!_load_pk_from_file (self, default_files[i], error))
{
g_debug ("Problem with loading ed25519 public keys from `%s`", default_files[i]);
g_clear_error(error);
}
else
ret = TRUE;

/* Scan all well-known files and directories */
for (gint i=0; i < G_N_ELEMENTS(default_dirs); i++)
{
g_autoptr (GDir) dir = g_dir_open (default_dirs[i], 0, error);
if (dir == NULL)
{
g_clear_error (error);
continue;
}
const gchar *entry = NULL;
while ((entry = g_dir_read_name (dir)) != NULL)
{
filename = g_build_filename (default_dirs[i], entry, NULL);
if (!_load_pk_from_file (self, filename, error))
{
g_debug ("Problem with loading ed25519 public keys from `%s`", filename);
g_clear_error(error);
}
else
ret = TRUE;
}
}

return ret;
}

0 comments on commit a6bafa6

Please sign in to comment.