[Libguestfs] [PATCH 09/10] builder: add Sigchecker.verify_and_remove_signature

Pino Toscano ptoscano at redhat.com
Tue Jul 28 09:24:49 UTC 2015


New helper to remove the signature from a file, returning a temporary
file without the signature.
---
 builder/sigchecker.ml  | 22 ++++++++++++++++++++--
 builder/sigchecker.mli |  4 ++++
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
index 86e60ac..42d55cd 100644
--- a/builder/sigchecker.ml
+++ b/builder/sigchecker.ml
@@ -182,12 +182,30 @@ and verify_detached t filename sigfile =
       do_verify t args
   )
 
-and do_verify t args =
+and verify_and_remove_signature t filename =
+  if t.check_signature then (
+    (* Copy the input file as temporary file with the .asc extension,
+     * so gpg recognises that format. *)
+    let asc_file = Filename.temp_file "vbfile" ".asc" in
+    unlink_on_exit asc_file;
+    let cmd = sprintf "cp %s %s" (quote filename) (quote asc_file) in
+    if verbose () then printf "%s\n%!" cmd;
+    if Sys.command cmd <> 0 then exit 1;
+    let out_file = Filename.temp_file "vbfile" "" in
+    unlink_on_exit out_file;
+    let args = sprintf "--yes --output %s %s" (quote out_file) (quote filename) in
+    do_verify ~verify_only:false t args;
+    Some out_file
+  ) else
+    None
+
+and do_verify ?(verify_only = true) t args =
   let status_file = Filename.temp_file "vbstat" ".txt" in
   unlink_on_exit status_file;
   let cmd =
-    sprintf "%s --homedir %s --verify%s --status-file %s %s"
+    sprintf "%s --homedir %s %s%s --status-file %s %s"
         t.gpg t.gpghome
+        (if verify_only then "--verify" else "")
         (if verbose () then "" else " --batch -q --logger-file /dev/null")
         (quote status_file) args in
   if verbose () then printf "%s\n%!" cmd;
diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli
index f233514..ac57072 100644
--- a/builder/sigchecker.mli
+++ b/builder/sigchecker.mli
@@ -30,3 +30,7 @@ val verify : t -> string -> unit
 val verify_detached : t -> string -> string option -> unit
 (** Verify the file is signed against the detached signature
     (if check_signature is true). *)
+
+val verify_and_remove_signature : t -> string -> string option
+(** If check_signature is true, verify the file is signed and extract
+    the content of the file (i.e. without the signature). *)
-- 
2.1.0




More information about the Libguestfs mailing list