[Libguestfs] [PATCH 09/10] builder: add Sigchecker.verify_and_remove_signature

New helper to remove the signature from a file, returning a temporary file without the signature. --- builder/sigchecker.ml | 22 ++++++++++++++++++++-- builder/sigchecker.mli | 4 ++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml index 86e60ac..42d55cd 100644 --- a/builder/sigchecker.ml +++ b/builder/sigchecker.ml @@ -182,12 +182,30 @@ and verify_detached t filename sigfile = do_verify t args ) -and do_verify t args = +and verify_and_remove_signature t filename = + if t.check_signature then ( + (* Copy the input file as temporary file with the .asc extension, + * so gpg recognises that format. *) + let asc_file = Filename.temp_file "vbfile" ".asc" in + unlink_on_exit asc_file; + let cmd = sprintf "cp %s %s" (quote filename) (quote asc_file) in + if verbose () then printf "%s\n%!" cmd; + if Sys.command cmd <> 0 then exit 1; + let out_file = Filename.temp_file "vbfile" "" in + unlink_on_exit out_file; + let args = sprintf "--yes --output %s %s" (quote out_file) (quote filename) in + do_verify ~verify_only:false t args; + Some out_file + ) else + None + +and do_verify ?(verify_only = true) t args = let status_file = Filename.temp_file "vbstat" ".txt" in unlink_on_exit status_file; let cmd = - sprintf "%s --homedir %s --verify%s --status-file %s %s" + sprintf "%s --homedir %s %s%s --status-file %s %s" t.gpg t.gpghome + (if verify_only then "--verify" else "") (if verbose () then "" else " --batch -q --logger-file /dev/null") (quote status_file) args in if verbose () then printf "%s\n%!" cmd; diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli index f233514..ac57072 100644 --- a/builder/sigchecker.mli +++ b/builder/sigchecker.mli @@ -30,3 +30,7 @@ val verify : t -> string -> unit val verify_detached : t -> string -> string option -> unit (** Verify the file is signed against the detached signature (if check_signature is true). *) + +val verify_and_remove_signature : t -> string -> string option +(** If check_signature is true, verify the file is signed and extract + the content of the file (i.e. without the signature). *) -- 2.1.0