[Libguestfs] [PATCH 09/10] builder: add Sigchecker.verify_and_remove_signature
Richard W.M. Jones
rjones at redhat.com
Tue Jul 28 11:12:36 UTC 2015
On Tue, Jul 28, 2015 at 11:24:49AM +0200, Pino Toscano wrote:
> New helper to remove the signature from a file, returning a temporary
> file without the signature.
> ---
> builder/sigchecker.ml | 22 ++++++++++++++++++++--
> builder/sigchecker.mli | 4 ++++
> 2 files changed, 24 insertions(+), 2 deletions(-)
>
> diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
> index 86e60ac..42d55cd 100644
> --- a/builder/sigchecker.ml
> +++ b/builder/sigchecker.ml
> @@ -182,12 +182,30 @@ and verify_detached t filename sigfile =
> do_verify t args
> )
>
> -and do_verify t args =
> +and verify_and_remove_signature t filename =
> + if t.check_signature then (
> + (* Copy the input file as temporary file with the .asc extension,
> + * so gpg recognises that format. *)
> + let asc_file = Filename.temp_file "vbfile" ".asc" in
> + unlink_on_exit asc_file;
> + let cmd = sprintf "cp %s %s" (quote filename) (quote asc_file) in
> + if verbose () then printf "%s\n%!" cmd;
> + if Sys.command cmd <> 0 then exit 1;
> + let out_file = Filename.temp_file "vbfile" "" in
> + unlink_on_exit out_file;
> + let args = sprintf "--yes --output %s %s" (quote out_file) (quote filename) in
> + do_verify ~verify_only:false t args;
> + Some out_file
> + ) else
> + None
> +
> +and do_verify ?(verify_only = true) t args =
> let status_file = Filename.temp_file "vbstat" ".txt" in
> unlink_on_exit status_file;
> let cmd =
> - sprintf "%s --homedir %s --verify%s --status-file %s %s"
> + sprintf "%s --homedir %s %s%s --status-file %s %s"
> t.gpg t.gpghome
> + (if verify_only then "--verify" else "")
> (if verbose () then "" else " --batch -q --logger-file /dev/null")
> (quote status_file) args in
> if verbose () then printf "%s\n%!" cmd;
> diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli
> index f233514..ac57072 100644
> --- a/builder/sigchecker.mli
> +++ b/builder/sigchecker.mli
> @@ -30,3 +30,7 @@ val verify : t -> string -> unit
> val verify_detached : t -> string -> string option -> unit
> (** Verify the file is signed against the detached signature
> (if check_signature is true). *)
> +
> +val verify_and_remove_signature : t -> string -> string option
> +(** If check_signature is true, verify the file is signed and extract
> + the content of the file (i.e. without the signature). *)
Grubby, but hidden in a module so ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
More information about the Libguestfs
mailing list