Add xdg-app build-sign to sign a single commit

2016-04-13 10:08:59 +02:00 · 2016-04-13 10:08:59 +02:00 · eb3a0df75c
parent 51781b50d2
commit eb3a0df75c
8 changed files with 283 additions and 0 deletions
--- a/app/Makefile.am.inc
+++ b/app/Makefile.am.inc
@ -23,6 +23,7 @@ xdg_app_SOURCES = \
 	app/xdg-app-builtins-build-finish.c \
 	app/xdg-app-builtins-build-export.c \
 	app/xdg-app-builtins-build-bundle.c \
+	app/xdg-app-builtins-build-sign.c \
 	app/xdg-app-builtins-repo-update.c \
 	app/xdg-app-builtins-document.c \
 	$(xdp_dbus_built_sources)	\
--- a/app/xdg-app-builtins-build-sign.c
+++ b/app/xdg-app-builtins-build-sign.c
@ -0,0 +1,117 @@
+/*
+ * Copyright © 2014 Red Hat, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Authors:
+ *       Alexander Larsson <alexl@redhat.com>
+ */
+
+#include "config.h"
+
+#include <locale.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+#include "libgsystem.h"
+#include "libglnx/libglnx.h"
+
+#include "xdg-app-builtins.h"
+#include "xdg-app-utils.h"
+
+static char *opt_arch;
+static gboolean opt_runtime;
+static char **opt_gpg_key_ids;
+static char *opt_gpg_homedir;
+
+static GOptionEntry options[] = {
+  { "arch", 0, 0, G_OPTION_ARG_STRING, &opt_arch, "Arch to install for", "ARCH" },
+  { "runtime", 0, 0, G_OPTION_ARG_NONE, &opt_runtime, "Look for runtime with the specified name", },
+  { "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_gpg_key_ids, "GPG Key ID to sign the commit with", "KEY-ID"},
+  { "gpg-homedir", 0, 0, G_OPTION_ARG_STRING, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "HOMEDIR"},
+  { NULL }
+};
+
+
+gboolean
+xdg_app_builtin_build_sign (int argc, char **argv, GCancellable *cancellable, GError **error)
+{
+  g_autoptr(GOptionContext) context = NULL;
+  g_autoptr(GFile) repofile = NULL;
+  g_autoptr(OstreeRepo) repo = NULL;
+  const char *location;
+  const char *branch;
+  const char *id;
+  g_autofree char *commit_checksum = NULL;
+  g_autofree char *ref = NULL;
+  char **iter;
+
+  context = g_option_context_new ("LOCATION ID [BRANCH] - Create a repository from a build directory");
+
+  if (!xdg_app_option_context_parse (context, options, &argc, &argv, XDG_APP_BUILTIN_FLAG_NO_DIR, NULL, cancellable, error))
+    return FALSE;
+
+  if (argc < 3)
+    {
+      usage_error (context, "LOCATION and DIRECTORY must be specified", error);
+      return FALSE;
+    }
+
+  location = argv[1];
+  id = argv[2];
+
+  if (argc >= 4)
+    branch = argv[3];
+  else
+    branch = "master";
+
+  if (!xdg_app_is_valid_name (id))
+    return xdg_app_fail (error, "'%s' is not a valid name", id);
+
+  if (!xdg_app_is_valid_branch (branch))
+    return xdg_app_fail (error, "'%s' is not a valid branch name", branch);
+
+  if (opt_gpg_key_ids == NULL)
+    return xdg_app_fail (error, "No gpg key ids specified");
+
+  if (opt_runtime)
+    ref = xdg_app_build_runtime_ref (id, branch, opt_arch);
+  else
+    ref = xdg_app_build_app_ref (id, branch, opt_arch);
+
+  repofile = g_file_new_for_commandline_arg (location);
+  repo = ostree_repo_new (repofile);
+
+  if (!ostree_repo_open (repo, cancellable, error))
+    return FALSE;
+
+  if (!ostree_repo_resolve_rev (repo, ref, TRUE, &commit_checksum, error))
+    return FALSE;
+
+  for (iter = opt_gpg_key_ids; iter && *iter; iter++)
+    {
+      const char *keyid = *iter;
+
+      if (!ostree_repo_sign_commit (repo,
+                                    commit_checksum,
+                                    keyid,
+                                    opt_gpg_homedir,
+                                    cancellable,
+                                    error))
+        return FALSE;
+    }
+
+  return TRUE;
+}
--- a/app/xdg-app-builtins.h
+++ b/app/xdg-app-builtins.h
@ -65,6 +65,7 @@ BUILTINPROTO(enter);
 BUILTINPROTO(build_init);
 BUILTINPROTO(build);
 BUILTINPROTO(build_finish);
+BUILTINPROTO(build_sign);
 BUILTINPROTO(build_export);
 BUILTINPROTO(build_bundle);
 BUILTINPROTO(build_update_repo);
--- a/app/xdg-app-main.c
+++ b/app/xdg-app-main.c
@ -70,6 +70,7 @@ static XdgAppCommand commands[] = {
  { "build-finish", xdg_app_builtin_build_finish, "Finish a build dir for export" },
  { "build-export", xdg_app_builtin_build_export, "Export a build dir to a repository" },
  { "build-bundle", xdg_app_builtin_build_bundle, "Create a bundle file from a build directory" },
+  { "build-sign", xdg_app_builtin_build_sign, "Sign an application or runtime" },
  { "build-update-repo", xdg_app_builtin_build_update_repo, "Update the summary file in a repository" },

  /* Deprecated old names */
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -37,6 +37,7 @@ man_MANS = \
 	xdg-app-build-finish.1		\
 	xdg-app-build-export.1		\
 	xdg-app-build-update-repo.1	\
+	xdg-app-build-sign.1		\
 	xdg-app-builder.1		\
 	$(NULL)

--- a/doc/xdg-app-build-export.xml
+++ b/doc/xdg-app-build-export.xml
@ -215,6 +215,7 @@ Content Bytes Written: 305
            <citerefentry><refentrytitle>xdg-app-build-init</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
            <citerefentry><refentrytitle>xdg-app-build</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
            <citerefentry><refentrytitle>xdg-app-build-finish</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+            <citerefentry><refentrytitle>xdg-app-build-sign</refentrytitle><manvolnum>1</manvolnum></citerefentry>
            <citerefentry><refentrytitle>xdg-app-repo-update</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        </para>

--- a/doc/xdg-app-build-sign.xml
+++ b/doc/xdg-app-build-sign.xml
@ -0,0 +1,154 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+    "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<refentry id="xdg-app-build-export">
+
+    <refentryinfo>
+        <title>xdg-app build-sign</title>
+        <productname>xdg-app</productname>
+
+        <authorgroup>
+            <author>
+                <contrib>Developer</contrib>
+                <firstname>Alexander</firstname>
+                <surname>Larsson</surname>
+                <email>alexl@redhat.com</email>
+            </author>
+        </authorgroup>
+    </refentryinfo>
+
+    <refmeta>
+        <refentrytitle>xdg-app build-sign</refentrytitle>
+        <manvolnum>1</manvolnum>
+    </refmeta>
+
+    <refnamediv>
+        <refname>xdg-app-build-sign</refname>
+        <refpurpose>Sign an application or runtime</refpurpose>
+    </refnamediv>
+
+    <refsynopsisdiv>
+            <cmdsynopsis>
+                <command>xdg-app build-sign</command>
+                <arg choice="opt" rep="repeat">OPTION</arg>
+                <arg choice="plain">LOCATION</arg>
+                <arg choice="plain">ID</arg>
+                <arg choice="opt">BRANCH</arg>
+            </cmdsynopsis>
+    </refsynopsisdiv>
+
+    <refsect1>
+        <title>Description</title>
+
+        <para>
+            Signs the commit for a speficied application or runtime in
+            a local repository.  <arg choice="plain">LOCATION</arg> is
+            the location of the repository. <arg
+            choice="plain">ID</arg> is the name of the application, or
+            runtime if --runtime is specified. If <arg
+            choice="plain">BRANCH</arg> is not specified, it is
+            assumed to be "master".
+        </para>
+        <para>
+            Applications can also be signed during build-export, but
+            it is sometimes useful to add additionaly signatures later.
+        </para>
+    </refsect1>
+
+    <refsect1>
+        <title>Options</title>
+
+        <para>The following options are understood:</para>
+
+        <variablelist>
+            <varlistentry>
+                <term><option>-h</option></term>
+                <term><option>--help</option></term>
+
+                <listitem><para>
+                    Show help options and exit.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--gpg-sign=KEYID</option></term>
+
+                <listitem><para>
+                    Sign the commit with this GPG key
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--gpg-homedir=PATH</option></term>
+
+                <listitem><para>
+                    GPG Homedir to use when looking for keyrings
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--runtime</option></term>
+
+                <listitem><para>
+                    Sign a runtime instead of an app.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--arch=ARCH</option></term>
+
+                <listitem><para>
+                    The architecture to use.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>-v</option></term>
+                <term><option>--verbose</option></term>
+
+                <listitem><para>
+                    Print debug information during command processing.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--version</option></term>
+
+                <listitem><para>
+                    Print version information and exit.
+                </para></listitem>
+            </varlistentry>
+        </variablelist>
+    </refsect1>
+
+    <refsect1>
+        <title>Examples</title>
+
+        <para>
+            <command>$ xdg-app build-export ~/repos/gnome-calculator/ ~/build/gnome-calculator/ org.gnome.Calculator</command>
+        </para>
+<programlisting>
+Commit: 9d0044ea480297114d03aec85c3d7ae3779438f9d2cb69d717fb54237acacb8c
+Metadata Total: 605
+Metadata Written: 5
+Content Total: 1174
+Content Written: 1
+Content Bytes Written: 305
+</programlisting>
+
+    </refsect1>
+
+    <refsect1>
+        <title>See also</title>
+
+        <para>
+            <citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>xdg-app</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>xdg-app-build-export</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>xdg-app-build</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        </para>
+
+    </refsect1>
+
+</refentry>
--- a/doc/xdg-app.xml
+++ b/doc/xdg-app.xml
@ -262,6 +262,13 @@
                    Update the summary file in a repository.
                </para></listitem>
            </varlistentry>
+            <varlistentry>
+                <term><citerefentry><refentrytitle>xdg-app-build-sign</refentrytitle><manvolnum>1</manvolnum></citerefentry></term>
+
+                <listitem><para>
+                    Sign an application or runtime after its been exported.
+                </para></listitem>
+            </varlistentry>
        </variablelist>
    </refsect1>