From eb3a0df75c869745232daee29e50f9bb0713a5ee Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 13 Apr 2016 10:08:59 +0200 Subject: [PATCH] Add xdg-app build-sign to sign a single commit --- app/Makefile.am.inc | 1 + app/xdg-app-builtins-build-sign.c | 117 +++++++++++++++++++++++ app/xdg-app-builtins.h | 1 + app/xdg-app-main.c | 1 + doc/Makefile.am | 1 + doc/xdg-app-build-export.xml | 1 + doc/xdg-app-build-sign.xml | 154 ++++++++++++++++++++++++++++++ doc/xdg-app.xml | 7 ++ 8 files changed, 283 insertions(+) create mode 100644 app/xdg-app-builtins-build-sign.c create mode 100644 doc/xdg-app-build-sign.xml diff --git a/app/Makefile.am.inc b/app/Makefile.am.inc index 00e9d5df..146ef18e 100644 --- a/app/Makefile.am.inc +++ b/app/Makefile.am.inc @@ -23,6 +23,7 @@ xdg_app_SOURCES = \ app/xdg-app-builtins-build-finish.c \ app/xdg-app-builtins-build-export.c \ app/xdg-app-builtins-build-bundle.c \ + app/xdg-app-builtins-build-sign.c \ app/xdg-app-builtins-repo-update.c \ app/xdg-app-builtins-document.c \ $(xdp_dbus_built_sources) \ diff --git a/app/xdg-app-builtins-build-sign.c b/app/xdg-app-builtins-build-sign.c new file mode 100644 index 00000000..e748e447 --- /dev/null +++ b/app/xdg-app-builtins-build-sign.c @@ -0,0 +1,117 @@ +/* + * Copyright © 2014 Red Hat, Inc + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see . + * + * Authors: + * Alexander Larsson + */ + +#include "config.h" + +#include +#include +#include +#include + +#include "libgsystem.h" +#include "libglnx/libglnx.h" + +#include "xdg-app-builtins.h" +#include "xdg-app-utils.h" + +static char *opt_arch; +static gboolean opt_runtime; +static char **opt_gpg_key_ids; +static char *opt_gpg_homedir; + +static GOptionEntry options[] = { + { "arch", 0, 0, G_OPTION_ARG_STRING, &opt_arch, "Arch to install for", "ARCH" }, + { "runtime", 0, 0, G_OPTION_ARG_NONE, &opt_runtime, "Look for runtime with the specified name", }, + { "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_gpg_key_ids, "GPG Key ID to sign the commit with", "KEY-ID"}, + { "gpg-homedir", 0, 0, G_OPTION_ARG_STRING, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "HOMEDIR"}, + { NULL } +}; + + +gboolean +xdg_app_builtin_build_sign (int argc, char **argv, GCancellable *cancellable, GError **error) +{ + g_autoptr(GOptionContext) context = NULL; + g_autoptr(GFile) repofile = NULL; + g_autoptr(OstreeRepo) repo = NULL; + const char *location; + const char *branch; + const char *id; + g_autofree char *commit_checksum = NULL; + g_autofree char *ref = NULL; + char **iter; + + context = g_option_context_new ("LOCATION ID [BRANCH] - Create a repository from a build directory"); + + if (!xdg_app_option_context_parse (context, options, &argc, &argv, XDG_APP_BUILTIN_FLAG_NO_DIR, NULL, cancellable, error)) + return FALSE; + + if (argc < 3) + { + usage_error (context, "LOCATION and DIRECTORY must be specified", error); + return FALSE; + } + + location = argv[1]; + id = argv[2]; + + if (argc >= 4) + branch = argv[3]; + else + branch = "master"; + + if (!xdg_app_is_valid_name (id)) + return xdg_app_fail (error, "'%s' is not a valid name", id); + + if (!xdg_app_is_valid_branch (branch)) + return xdg_app_fail (error, "'%s' is not a valid branch name", branch); + + if (opt_gpg_key_ids == NULL) + return xdg_app_fail (error, "No gpg key ids specified"); + + if (opt_runtime) + ref = xdg_app_build_runtime_ref (id, branch, opt_arch); + else + ref = xdg_app_build_app_ref (id, branch, opt_arch); + + repofile = g_file_new_for_commandline_arg (location); + repo = ostree_repo_new (repofile); + + if (!ostree_repo_open (repo, cancellable, error)) + return FALSE; + + if (!ostree_repo_resolve_rev (repo, ref, TRUE, &commit_checksum, error)) + return FALSE; + + for (iter = opt_gpg_key_ids; iter && *iter; iter++) + { + const char *keyid = *iter; + + if (!ostree_repo_sign_commit (repo, + commit_checksum, + keyid, + opt_gpg_homedir, + cancellable, + error)) + return FALSE; + } + + return TRUE; +} diff --git a/app/xdg-app-builtins.h b/app/xdg-app-builtins.h index 5e022aa7..c71253ee 100644 --- a/app/xdg-app-builtins.h +++ b/app/xdg-app-builtins.h @@ -65,6 +65,7 @@ BUILTINPROTO(enter); BUILTINPROTO(build_init); BUILTINPROTO(build); BUILTINPROTO(build_finish); +BUILTINPROTO(build_sign); BUILTINPROTO(build_export); BUILTINPROTO(build_bundle); BUILTINPROTO(build_update_repo); diff --git a/app/xdg-app-main.c b/app/xdg-app-main.c index 2c594065..87edbfb8 100644 --- a/app/xdg-app-main.c +++ b/app/xdg-app-main.c @@ -70,6 +70,7 @@ static XdgAppCommand commands[] = { { "build-finish", xdg_app_builtin_build_finish, "Finish a build dir for export" }, { "build-export", xdg_app_builtin_build_export, "Export a build dir to a repository" }, { "build-bundle", xdg_app_builtin_build_bundle, "Create a bundle file from a build directory" }, + { "build-sign", xdg_app_builtin_build_sign, "Sign an application or runtime" }, { "build-update-repo", xdg_app_builtin_build_update_repo, "Update the summary file in a repository" }, /* Deprecated old names */ diff --git a/doc/Makefile.am b/doc/Makefile.am index 01f84be4..fa641ea9 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -37,6 +37,7 @@ man_MANS = \ xdg-app-build-finish.1 \ xdg-app-build-export.1 \ xdg-app-build-update-repo.1 \ + xdg-app-build-sign.1 \ xdg-app-builder.1 \ $(NULL) diff --git a/doc/xdg-app-build-export.xml b/doc/xdg-app-build-export.xml index 02f0543c..155d0145 100644 --- a/doc/xdg-app-build-export.xml +++ b/doc/xdg-app-build-export.xml @@ -215,6 +215,7 @@ Content Bytes Written: 305 xdg-app-build-init1, xdg-app-build1, xdg-app-build-finish1 + xdg-app-build-sign1 xdg-app-repo-update1 diff --git a/doc/xdg-app-build-sign.xml b/doc/xdg-app-build-sign.xml new file mode 100644 index 00000000..4a6a5e39 --- /dev/null +++ b/doc/xdg-app-build-sign.xml @@ -0,0 +1,154 @@ + + + + + + + xdg-app build-sign + xdg-app + + + + Developer + Alexander + Larsson + alexl@redhat.com + + + + + + xdg-app build-sign + 1 + + + + xdg-app-build-sign + Sign an application or runtime + + + + + xdg-app build-sign + OPTION + LOCATION + ID + BRANCH + + + + + Description + + + Signs the commit for a speficied application or runtime in + a local repository. LOCATION is + the location of the repository. ID is the name of the application, or + runtime if --runtime is specified. If BRANCH is not specified, it is + assumed to be "master". + + + Applications can also be signed during build-export, but + it is sometimes useful to add additionaly signatures later. + + + + + Options + + The following options are understood: + + + + + + + + Show help options and exit. + + + + + + + + Sign the commit with this GPG key + + + + + + + + GPG Homedir to use when looking for keyrings + + + + + + + + Sign a runtime instead of an app. + + + + + + + + The architecture to use. + + + + + + + + + Print debug information during command processing. + + + + + + + + Print version information and exit. + + + + + + + Examples + + + $ xdg-app build-export ~/repos/gnome-calculator/ ~/build/gnome-calculator/ org.gnome.Calculator + + +Commit: 9d0044ea480297114d03aec85c3d7ae3779438f9d2cb69d717fb54237acacb8c +Metadata Total: 605 +Metadata Written: 5 +Content Total: 1174 +Content Written: 1 +Content Bytes Written: 305 + + + + + + See also + + + ostree1, + xdg-app1, + xdg-app-build-export1, + xdg-app-build1, + + + + + diff --git a/doc/xdg-app.xml b/doc/xdg-app.xml index 48df8949..d48613fc 100644 --- a/doc/xdg-app.xml +++ b/doc/xdg-app.xml @@ -262,6 +262,13 @@ Update the summary file in a repository. + + xdg-app-build-sign1 + + + Sign an application or runtime after its been exported. + +