}
static PyObject* Pakfire_repo_compose(PakfireObject* self, PyObject* args, PyObject* kwargs) {
- char* kwlist[] = { "path", "files", NULL };
+ char* kwlist[] = { "path", "files", "key", NULL };
const char* path = NULL;
PyObject* list = NULL;
+ KeyObject* key = NULL;
PyObject* ret = NULL;
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO", kwlist, &path, &list))
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO|O!", kwlist, &path, &list, &KeyType, &key))
return NULL;
// List must be a sequence
Py_BEGIN_ALLOW_THREADS
- int r = pakfire_repo_compose(self->pakfire, path, files);
+ int r = pakfire_repo_compose(self->pakfire, path, (key) ? key->key : NULL, files);
if (r) {
Py_BLOCK_THREADS
PyErr_SetFromErrno(PyExc_OSError);
int pakfire_key_sign(struct pakfire_key* key,
FILE* f, const void* data, const size_t length, const char* comment);
+int pakfire_key_signf(struct pakfire_key* key, FILE* s, FILE* f, const char* comment);
int pakfire_key_verify(struct pakfire_key* key,
FILE* f, const void* data, const size_t length);
// Compose
int pakfire_repo_compose(struct pakfire* pakfire, const char* path,
- const char** files);
+ struct pakfire_key* key, const char** files);
#ifdef PAKFIRE_PRIVATE
return r;
}
+int pakfire_key_signf(struct pakfire_key* key, FILE* s, FILE* f, const char* comment) {
+ char* buffer = NULL;
+ size_t length = 0;
+ int r;
+
+ // Load the entire content into memory
+ r = pakfire_read_file_into_buffer(f, &buffer, &length);
+ if (r)
+ goto ERROR;
+
+ // Sign!
+ r = pakfire_key_sign(key, s, buffer, length, comment);
+
+ERROR:
+ if (buffer)
+ free(buffer);
+
+ return r;
+}
+
static int pakfire_key_read_signature(struct pakfire_key* key,
struct pakfire_key_signature* signature, FILE* f) {
void* buffer = NULL;
return r;
}
-static int pakfire_repo_write_metadata(struct pakfire_repo* repo) {
+static int pakfire_repo_sign_database(struct pakfire_repo* repo, struct pakfire_key* key,
+ const char* database_path) {
+ char signature_path[PATH_MAX];
+ FILE* f = NULL;
+ FILE* s = NULL;
+ int r;
+
+ // Compose the signature path
+ r = pakfire_string_format(signature_path, "%s.sig", database_path);
+ if (r)
+ return r;
+
+ // Open the signature file for writing
+ s = fopen(signature_path, "w");
+ if (!s) {
+ ERROR(repo->pakfire, "Could not open %s for writing: %m\n", signature_path);
+ r = 1;
+ goto ERROR;
+ }
+
+ // Open the database for reading
+ f = fopen(database_path, "r");
+ if (!f) {
+ ERROR(repo->pakfire, "Could not open %s for reading: %m\n", database_path);
+ r = 1;
+ goto ERROR;
+ }
+
+ // Create the signature
+ r = pakfire_key_signf(key, s, f, "Database Signature");
+ if (r) {
+ ERROR(repo->pakfire, "Could not sign the database: %m\n");
+ goto ERROR;
+ }
+
+ERROR:
+ if (f)
+ fclose(f);
+ if (s)
+ fclose(s);
+
+ return r;
+}
+
+static int pakfire_repo_write_metadata(struct pakfire_repo* repo, struct pakfire_key* key) {
struct json_object* repomd = NULL;
FILE* f = NULL;
int r = 1;
if (r)
return r;
+ // Sign the database
+ if (key) {
+ r = pakfire_repo_sign_database(repo, key, database);
+ if (r) {
+ ERROR(repo->pakfire, "Could not sign the database: %m\n");
+ goto ERROR;
+ }
+ }
+
// Compose JSON object
repomd = json_object_new_object();
if (!repomd) {
}
PAKFIRE_EXPORT int pakfire_repo_compose(struct pakfire* pakfire, const char* path,
- const char** files) {
+ struct pakfire_key* key, const char** files) {
struct pakfire_repo* repo = NULL;
char realpath[PATH_MAX];
char baseurl[PATH_MAX];
return 1;
}
+ // XXX Check if the key is a secret key
+
size_t num_files = 0;
// Count files
}
// Write metadata to disk
- r = pakfire_repo_write_metadata(repo);
+ r = pakfire_repo_write_metadata(repo, key);
if (r)
goto ERROR;
// Compose the repository
ASSERT_SUCCESS(
- pakfire_repo_compose(t->pakfire, path, files)
+ pakfire_repo_compose(t->pakfire, path, NULL, files)
);
// Everything passed
projects / pakfire.git / commitdiff
