search for: check_signature

...loader.create ~curl:cmdline.curl ~cache ~tmpdir in let repos = Sources.read_sources () in let sources = List.map ( fun (source, fingerprint) -> @@ -197,7 +204,8 @@ let main () = let sigchecker = Sigchecker.create ~gpg:cmdline.gpg ~check_signature:cmdline.check_signature - ~gpgkey:source.Sources.gpgkey in + ~gpgkey:source.Sources.gpgkey + ~tmpdir in match source.Sources.format with | Sources.FormatNative -> Index_parse...

...loader.create ~curl:cmdline.curl ~cache ~tmpdir in let repos = Sources.read_sources () in let sources = List.map ( fun (source, fingerprint) -> @@ -197,7 +204,8 @@ let main () = let sigchecker = Sigchecker.create ~gpg:cmdline.gpg ~check_signature:cmdline.check_signature - ~gpgkey:source.Sources.gpgkey in + ~gpgkey:source.Sources.gpgkey + ~tmpdir in match source.Sources.format with | Sources.FormatNative -> Index_parse...

Add a new optional parameter for the Curl ADT, so temporary files can be created in a specified directory (which is supposed to be temporary, and disposed only when the application quits). --- mllib/curl.ml | 10 ++++++---- mllib/curl.mli | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/mllib/curl.ml b/mllib/curl.ml index 376406e..baa75ec 100644 --- a/mllib/curl.ml +++

...insertions(+), 6 deletions(-) diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml index cb9144f..06c60ae 100644 --- a/builder/sigchecker.ml +++ b/builder/sigchecker.ml @@ -27,6 +27,7 @@ open Unix type t = { gpg : string; fingerprint : string; + subkeys_fingerprints : string list; check_signature : bool; gpghome : string; } @@ -63,7 +64,34 @@ let import_keyfile ~gpg ~gpghome ?(trust = true) keyfile = if r <> 0 then error (f_"GPG failure: could not trust the imported key\nUse the '-v' option and look for earlier error messages."); ); - !fingerprint...

Add a new optional parameter for the Curl ADT, so temporary files can be created in a specified directory (which is supposed to be temporary, and disposed only when the application quits). --- mllib/curl.ml | 16 +++++++++++----- mllib/curl.mli | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/mllib/curl.ml b/mllib/curl.ml index 376406e..7d07125 100644 --- a/mllib/curl.ml

...-) > > diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml > index c35d2da..08efa5d 100644 > --- a/builder/sigchecker.ml > +++ b/builder/sigchecker.ml > @@ -54,7 +54,7 @@ let import_keyfile ~gpg ~gpghome ~verbose keyfile = > > let rec create ~verbose ~gpg ~gpgkey ~check_signature = > (* Create a temporary directory for gnupg. *) > - let tmpdir = Mkdtemp.mkdtemp (Filename.temp_dir_name // "vb.gpghome.XXXXXX") in > + let tmpdir = Mkdtemp.temp_dir "vb.gpghome." "" in > rmdir_on_exit tmpdir; > (* Make sure we have no check...

...ram is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -77,11 +77,7 @@ let remove_duplicates index = let main () = (* Command line argument parsing - see cmdline.ml. *) - let mode, arg, - arch, attach, cache, check_signature, curl, - delete_on_failure, format, gpg, list_format, memsize, - network, ops, output, size, smp, sources, sync = - parse_cmdline () in + let cmdline = parse_cmdline () in (* If debugging, echo the command line arguments and the sources. *) if verbose () then ( @@ -91,29 +87,29 @@...

Add a simple function to ease the usage of Mkdtemp.mkdtemp. --- mllib/mkdtemp.ml | 5 +++++ mllib/mkdtemp.mli | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/mllib/mkdtemp.ml b/mllib/mkdtemp.ml index 2e64862..353b04b 100644 --- a/mllib/mkdtemp.ml +++ b/mllib/mkdtemp.ml @@ -16,4 +16,9 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *) +open Common_utils +

...er.ml b/builder/sigchecker.ml index 06c60ae..86e60ac 100644 --- a/builder/sigchecker.ml +++ b/builder/sigchecker.ml @@ -163,6 +163,9 @@ and getxdigit = function | 'A'..'F' as c -> Some (Char.code c - Char.code 'A') | _ -> None +let verifying_signatures t = + t.check_signature + let rec verify t filename = if t.check_signature then ( let args = quote filename in diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli index 47bf2a3..f233514 100644 --- a/builder/sigchecker.mli +++ b/builder/sigchecker.mli @@ -20,6 +20,10 @@ type t val create : gpg:string -...

...,18 +199,26 @@ let main () = let sources = List.append sources repos in let index : Index.index = List.concat ( - List.map ( + List.filter_map ( fun source -> - let sigchecker = - Sigchecker.create ~gpg:cmdline.gpg - ~check_signature:cmdline.check_signature - ~gpgkey:source.Sources.gpgkey - ~tmpdir in - match source.Sources.format with - | Sources.FormatNative -> - Index_parser.get_index ~downloader ~sigchecker source - | Sources....

...uilder/sigchecker.mli index 5b1885b..4eb7a88 100644 --- a/builder/sigchecker.mli +++ b/builder/sigchecker.mli @@ -18,12 +18,7 @@ type t -type gpgkey_type = - | No_Key - | Fingerprint of string - | KeyFile of string - -val create : verbose:bool -> gpg:string -> gpgkey:gpgkey_type -> check_signature:bool -> t +val create : verbose:bool -> gpg:string -> gpgkey:Utils.gpgkey_type -> check_signature:bool -> t val verify : t -> string -> unit (** Verify the file is signed (if check_signature is true). *) diff --git a/builder/utils.ml b/builder/utils.ml index f4f290d..896263...

Hi, this series adds a basic support for Simple Streams v1.0 metadata files. This makes it possible to create a repository .conf files with [cirros] uri=http://download.cirros-cloud.net format=simplestreams to read the latest version of each CirrOS image. TODO items: - a bit more testing: listing and creating images works, so the current metadata is correct - handle revisions, so newer

...der/sigchecker.ml b/builder/sigchecker.ml index 86e60ac..42d55cd 100644 --- a/builder/sigchecker.ml +++ b/builder/sigchecker.ml @@ -182,12 +182,30 @@ and verify_detached t filename sigfile = do_verify t args ) -and do_verify t args = +and verify_and_remove_signature t filename = + if t.check_signature then ( + (* Copy the input file as temporary file with the .asc extension, + * so gpg recognises that format. *) + let asc_file = Filename.temp_file "vbfile" ".asc" in + unlink_on_exit asc_file; + let cmd = sprintf "cp %s %s" (quote filename) (quote asc...

Much similar to unlink_on_exit, but recursively cleaning directories. --- mllib/common_utils.ml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/mllib/common_utils.ml b/mllib/common_utils.ml index 3943417..f49ede6 100644 --- a/mllib/common_utils.ml +++ b/mllib/common_utils.ml @@ -386,6 +386,35 @@ let unlink_on_exit = registered_handlers := true )

In case a repository of virt-builder references files (e.g. the index) that cannot be downloaded (network issues, 404, etc) then virt-builder errors out on this situation. This is not a nice situation, from an user POV. This series does some refactoring to allow to better handle downloading failures, and handle the failures gracefully in virt-builder. RFC because I'm not yet too convinced

.../sigchecker.ml > @@ -95,21 +95,38 @@ ZvXkQ3FVJwZoLmHw47vvlVpLD/4gi1SuHWieRvZ+UdDq00E348pm > =neBW > -----END PGP PUBLIC KEY BLOCK----- > " > -let key_imported = ref false > > type t = { > debug : bool; > gpg : string; > fingerprint : string; > check_signature : bool; > + gpghome : string; > + mutable key_imported : bool; > } > > let create ~debug ~gpg ~fingerprint ~check_signature = > + (* Create a temporary directory for gnupg. *) > + let tmpdir = Mkdtemp.mkdtemp (Filename.temp_dir_name // "vb.gpghome.XXXXXX") in...

Hi, attached there is a serie of patches that completes the work on making virt-builder use .conf files, shipped in XDG directories, to configure all the available sources of indexes used. This also removes the hardcoded default location, replaced now with a configuration file (which may be not used at all). Thanks, Pino Toscano (8): builder: allow "no key" as key in Sigchecker

...in + List.iter ( + fun line -> + let line = string_nsplit " " line in + match line with + | "[GNUPG:]" :: "IMPORT_OK" :: _ :: fp :: _ -> fingerprint := fp + | _ -> () + ) status; + !fingerprint let rec create ~verbose ~gpg ~gpgkey ~check_signature = (* Create a temporary directory for gnupg. *) @@ -69,18 +79,7 @@ let rec create ~verbose ~gpg ~gpgkey ~check_signature = | No_Key -> assert false | KeyFile kf -> - let status_file = import_keyfile gpg tmpdir verbose kf in - let status = read_whole_fil...

...ts = - match fingerprints with - | [fingerprint] -> - (* You're allowed to have multiple sources and one fingerprint: it - * means that the same fingerprint is used for all sources. - *) - repeat fingerprint nr_sources - | xs -> xs in + if check_signature then ( + match fingerprints with + | [fingerprint] -> + (* You're allowed to have multiple sources and one fingerprint: it + * means that the same fingerprint is used for all sources. + *) + repeat fingerprint nr_sources + | xs ->...

...selinux_relabel, size, smp, sources, sync, timezone, + scrub_logfile, selinux_relabel, size, smp, sources, indexarch, sync, timezone, update, upload, writes = parse_cmdline () in @@ -143,7 +143,8 @@ let main () = let sigchecker = Sigchecker.create ~debug ~gpg ~check_signature ~gpgkey:(Sigchecker.Fingerprint fingerprint) in - Index_parser.get_index ~prog ~debug ~downloader ~sigchecker source + Index_parser.get_index ~prog ~debug ~downloader ~sigchecker + ~arch:indexarch source ) sources ) in diff --git a/builder/c...