[Libguestfs] [PATCH 09/10] builder: add Sigchecker.verify_and_remove_signature

Richard W.M. Jones rjones at redhat.com
Tue Jul 28 11:12:36 UTC 2015


On Tue, Jul 28, 2015 at 11:24:49AM +0200, Pino Toscano wrote:
> New helper to remove the signature from a file, returning a temporary
> file without the signature.
> ---
>  builder/sigchecker.ml  | 22 ++++++++++++++++++++--
>  builder/sigchecker.mli |  4 ++++
>  2 files changed, 24 insertions(+), 2 deletions(-)
> 
> diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
> index 86e60ac..42d55cd 100644
> --- a/builder/sigchecker.ml
> +++ b/builder/sigchecker.ml
> @@ -182,12 +182,30 @@ and verify_detached t filename sigfile =
>        do_verify t args
>    )
>  
> -and do_verify t args =
> +and verify_and_remove_signature t filename =
> +  if t.check_signature then (
> +    (* Copy the input file as temporary file with the .asc extension,
> +     * so gpg recognises that format. *)
> +    let asc_file = Filename.temp_file "vbfile" ".asc" in
> +    unlink_on_exit asc_file;
> +    let cmd = sprintf "cp %s %s" (quote filename) (quote asc_file) in
> +    if verbose () then printf "%s\n%!" cmd;
> +    if Sys.command cmd <> 0 then exit 1;
> +    let out_file = Filename.temp_file "vbfile" "" in
> +    unlink_on_exit out_file;
> +    let args = sprintf "--yes --output %s %s" (quote out_file) (quote filename) in
> +    do_verify ~verify_only:false t args;
> +    Some out_file
> +  ) else
> +    None
> +
> +and do_verify ?(verify_only = true) t args =
>    let status_file = Filename.temp_file "vbstat" ".txt" in
>    unlink_on_exit status_file;
>    let cmd =
> -    sprintf "%s --homedir %s --verify%s --status-file %s %s"
> +    sprintf "%s --homedir %s %s%s --status-file %s %s"
>          t.gpg t.gpghome
> +        (if verify_only then "--verify" else "")
>          (if verbose () then "" else " --batch -q --logger-file /dev/null")
>          (quote status_file) args in
>    if verbose () then printf "%s\n%!" cmd;
> diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli
> index f233514..ac57072 100644
> --- a/builder/sigchecker.mli
> +++ b/builder/sigchecker.mli
> @@ -30,3 +30,7 @@ val verify : t -> string -> unit
>  val verify_detached : t -> string -> string option -> unit
>  (** Verify the file is signed against the detached signature
>      (if check_signature is true). *)
> +
> +val verify_and_remove_signature : t -> string -> string option
> +(** If check_signature is true, verify the file is signed and extract
> +    the content of the file (i.e. without the signature). *)

Grubby, but hidden in a module so ACK.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW




More information about the Libguestfs mailing list