[Libguestfs] [PATCH 1/8] builder: allow "no key" as key in Sigchecker

[Pino Toscano]

Additional way to distinguish no actual key available for signature
checking; make sure to not allow signing in such situation.
---
 builder/sigchecker.ml  | 8 ++++++++
 builder/sigchecker.mli | 1 +
 2 files changed, 9 insertions(+)

diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
index 7459e4b..67d1600 100644
--- a/builder/sigchecker.ml
+++ b/builder/sigchecker.ml
@@ -97,6 +97,7 @@ ZvXkQ3FVJwZoLmHw47vvlVpLD/4gi1SuHWieRvZ+UdDq00E348pm
 "
 
 type gpgkey_type =
+  | No_Key
   | Fingerprint of string
   | KeyFile of string
 
@@ -127,6 +128,11 @@ let rec create ~debug ~gpg ~gpgkey ~check_signature =
   (* Create a temporary directory for gnupg. *)
   let tmpdir = Mkdtemp.mkdtemp (Filename.temp_dir_name // "vb.gpghome.XXXXXX") in
   rmdir_on_exit tmpdir;
+  (* Make sure we have no check_signature=true with no actual key. *)
+  let check_signature, gpgkey =
+    match check_signature, gpgkey with
+    | true, No_Key -> false, No_Key
+    | x, y -> x, y in
   let fingerprint =
     if check_signature then (
       (* Run gpg so it can setup its own home directory, failing if it
@@ -141,6 +147,8 @@ let rec create ~debug ~gpg ~gpgkey ~check_signature =
         exit 1
       );
       match gpgkey with
+      | No_Key ->
+        assert false
       | KeyFile kf ->
         let status_file = import_keyfile gpg tmpdir debug kf in
         let status = read_whole_file status_file in
diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli
index f4e817e..ab44a5c 100644
--- a/builder/sigchecker.mli
+++ b/builder/sigchecker.mli
@@ -21,6 +21,7 @@ val default_fingerprint : string
 type t
 
 type gpgkey_type =
+  | No_Key
   | Fingerprint of string
   | KeyFile of string
 
-- 
1.8.3.1