OSTree.Sign

g GObject.GInterface GObject.GInterface OSTree.Sign OSTree.Sign GObject.GInterface->OSTree.Sign

Implementations:

None

Methods

class

get_all ()

class

get_by_name (name)

add_pk (public_key)

clear_keys ()

commit (repo, commit_checksum, cancellable)

commit_verify (repo, commit_checksum, cancellable)

data (data, cancellable)

data_verify (data, signatures)

ed25519_add_pk (public_key)

ed25519_clear_keys ()

ed25519_data (data, signature, cancellable)

ed25519_data_verify (data, signatures, out_success_message)

ed25519_get_name ()

ed25519_load_pk (options)

ed25519_metadata_format ()

ed25519_metadata_key ()

ed25519_set_pk (public_key)

ed25519_set_sk (secret_key)

get_name ()

load_pk (options)

metadata_format ()

metadata_key ()

set_pk (public_key)

set_sk (secret_key)

summary (repo, keys, cancellable)

Virtual Methods

do_add_pk (public_key)

do_clear_keys ()

do_data (data, cancellable)

do_data_verify (data, signatures)

do_get_name ()

do_load_pk (options)

do_metadata_format ()

do_metadata_key ()

do_set_pk (public_key)

do_set_sk (secret_key)

Properties

None

Signals

None

Fields

None

Class Details

class OSTree.Sign
Bases:

GObject.GInterface

Structure:

OSTree.SignInterface

classmethod get_all()
Returns:

an array of signing engines

Return type:

[OSTree.Sign]

Return an array with newly allocated instances of all available signing engines; they will not be initialized.

New in version 2020.2.

classmethod get_by_name(name)
Parameters:

name (str) – the name of desired signature engine

Raises:

GLib.Error

Returns:

New signing engine, or None if the engine is not known

Return type:

OSTree.Sign

Create a new instance of a signing engine.

New in version 2020.2.

add_pk(public_key)
Parameters:

public_key (GLib.Variant) – single public key to be added

Raises:

GLib.Error

Returns:

True in case if the key could be added successfully, False in case of error (error will contain the reason).

Return type:

bool

Add the public key for verification. Could be called multiple times for adding all needed keys to be used for verification.

The public_key argument depends of the particular engine implementation.

New in version 2020.2.

clear_keys()
Raises:

GLib.Error

Returns:

True in case if no errors, False in case of error

Return type:

bool

Clear all previously preloaded secret and public keys.

New in version 2020.2.

commit(repo, commit_checksum, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if commit has been signed successfully, False in case of error (error will contain the reason).

Return type:

bool

Add a signature to a commit.

Depending of the signing engine used you will need to load the secret key with OSTree.Sign.set_sk.

New in version 2020.2.

commit_verify(repo, commit_checksum, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if commit has been verified successfully, False in case of error or no valid keys are available (error will contain the reason).

out_success_message:

success message returned by the signing engine

Return type:

(bool, out_success_message: str or None)

Verify if commit is signed with known key.

Depending of the signing engine used you will need to load the public key(s) for verification with OSTree.Sign.set_pk, OSTree.Sign.add_pk and/or OSTree.Sign.load_pk.

New in version 2020.2.

data(data, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if data has been signed successfully, False in case of error (error will contain the reason).

signature:

in case of success will contain signature

Return type:

(bool, signature: GLib.Bytes)

Sign the given data with pre-loaded secret key.

Depending of the signing engine used you will need to load the secret key with OSTree.Sign.set_sk.

New in version 2020.2.

data_verify(data, signatures)
Parameters:
Raises:

GLib.Error

Returns:

True if data has been signed at least with any single valid key, False in case of error or no valid keys are available (error will contain the reason).

out_success_message:

success message returned by the signing engine

Return type:

(bool, out_success_message: str or None)

Verify given data against signatures with pre-loaded public keys.

Depending of the signing engine used you will need to load the public key(s) with OSTree.Sign.set_pk, OSTree.Sign.add_pk or OSTree.Sign.load_pk.

New in version 2020.2.

ed25519_add_pk(public_key)
Parameters:

public_key (GLib.Variant) –

Raises:

GLib.Error

Return type:

bool

ed25519_clear_keys()
Raises:

GLib.Error

Return type:

bool

ed25519_data(data, signature, cancellable)
Parameters:
Raises:

GLib.Error

Return type:

bool

ed25519_data_verify(data, signatures, out_success_message)
Parameters:
Raises:

GLib.Error

Return type:

bool

ed25519_get_name()
Return type:

str

ed25519_load_pk(options)
Parameters:

options (GLib.Variant) –

Raises:

GLib.Error

Return type:

bool

ed25519_metadata_format()
Return type:

str

ed25519_metadata_key()
Return type:

str

ed25519_set_pk(public_key)
Parameters:

public_key (GLib.Variant) –

Raises:

GLib.Error

Return type:

bool

ed25519_set_sk(secret_key)
Parameters:

secret_key (GLib.Variant) –

Raises:

GLib.Error

Return type:

bool

get_name()
Returns:

pointer to the name None in case of error (unlikely).

Return type:

str

Return the pointer to the name of currently used/selected signing engine.

New in version 2020.2.

load_pk(options)
Parameters:

options (GLib.Variant) – any options

Raises:

GLib.Error

Returns:

True in case if at least one key could be load successfully, False in case of error (error will contain the reason).

Return type:

bool

Load public keys for verification from anywhere. It is expected that all keys would be added to already pre-loaded keys.

The options argument depends of the particular engine implementation.

For example, ed25515 engine could use following string-formatted options:

  • filename – single file to use to load keys from

  • basedir – directory containing subdirectories ‘trusted.ed25519.d’ and ‘revoked.ed25519.d’ with appropriate public keys. Used for testing and re-definition of system-wide directories if defaults are not suitable for any reason.

New in version 2020.2.

metadata_format()
Returns:

pointer to the metadata format, None in case of error (unlikely).

Return type:

str

Return the pointer to the string with format used in (detached) metadata for current signing engine.

New in version 2020.2.

metadata_key()
Returns:

pointer to the metadata key name, None in case of error (unlikely).

Return type:

str

Return the pointer to the name of the key used in (detached) metadata for current signing engine.

New in version 2020.2.

set_pk(public_key)
Parameters:

public_key (GLib.Variant) – single public key to be added

Raises:

GLib.Error

Returns:

True in case if the key could be set successfully, False in case of error (error will contain the reason).

Return type:

bool

Set the public key for verification. It is expected what all previously pre-loaded public keys will be dropped.

The public_key argument depends of the particular engine implementation.

New in version 2020.2.

set_sk(secret_key)
Parameters:

secret_key (GLib.Variant) – secret key to be added

Raises:

GLib.Error

Returns:

True in case if the key could be set successfully, False in case of error (error will contain the reason).

Return type:

bool

Set the secret key to be used for signing data, commits and summary.

The secret_key argument depends of the particular engine implementation.

New in version 2020.2.

summary(repo, keys, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if summary file has been signed with all provided keys

Return type:

bool

Add a signature to a summary file. Based on OSTree.Repo.add_gpg_signature_summary implementation.

New in version 2020.2.

do_add_pk(public_key) virtual
Parameters:

public_key (GLib.Variant) – single public key to be added

Returns:

True in case if the key could be added successfully, False in case of error (error will contain the reason).

Return type:

bool

Add the public key for verification. Could be called multiple times for adding all needed keys to be used for verification.

The public_key argument depends of the particular engine implementation.

New in version 2020.2.

do_clear_keys() virtual
Returns:

True in case if no errors, False in case of error

Return type:

bool

Clear all previously preloaded secret and public keys.

New in version 2020.2.

do_data(data, cancellable) virtual
Parameters:
Returns:

True if data has been signed successfully, False in case of error (error will contain the reason).

signature:

in case of success will contain signature

Return type:

(bool, signature: GLib.Bytes)

Sign the given data with pre-loaded secret key.

Depending of the signing engine used you will need to load the secret key with OSTree.Sign.set_sk.

New in version 2020.2.

do_data_verify(data, signatures) virtual
Parameters:
Returns:

True if data has been signed at least with any single valid key, False in case of error or no valid keys are available (error will contain the reason).

out_success_message:

success message returned by the signing engine

Return type:

(bool, out_success_message: str or None)

Verify given data against signatures with pre-loaded public keys.

Depending of the signing engine used you will need to load the public key(s) with OSTree.Sign.set_pk, OSTree.Sign.add_pk or OSTree.Sign.load_pk.

New in version 2020.2.

do_get_name() virtual
Returns:

pointer to the name None in case of error (unlikely).

Return type:

str

Return the pointer to the name of currently used/selected signing engine.

New in version 2020.2.

do_load_pk(options) virtual
Parameters:

options (GLib.Variant) – any options

Returns:

True in case if at least one key could be load successfully, False in case of error (error will contain the reason).

Return type:

bool

Load public keys for verification from anywhere. It is expected that all keys would be added to already pre-loaded keys.

The options argument depends of the particular engine implementation.

For example, ed25515 engine could use following string-formatted options:

  • filename – single file to use to load keys from

  • basedir – directory containing subdirectories ‘trusted.ed25519.d’ and ‘revoked.ed25519.d’ with appropriate public keys. Used for testing and re-definition of system-wide directories if defaults are not suitable for any reason.

New in version 2020.2.

do_metadata_format() virtual
Returns:

pointer to the metadata format, None in case of error (unlikely).

Return type:

str

Return the pointer to the string with format used in (detached) metadata for current signing engine.

New in version 2020.2.

do_metadata_key() virtual
Returns:

pointer to the metadata key name, None in case of error (unlikely).

Return type:

str

Return the pointer to the name of the key used in (detached) metadata for current signing engine.

New in version 2020.2.

do_set_pk(public_key) virtual
Parameters:

public_key (GLib.Variant) – single public key to be added

Returns:

True in case if the key could be set successfully, False in case of error (error will contain the reason).

Return type:

bool

Set the public key for verification. It is expected what all previously pre-loaded public keys will be dropped.

The public_key argument depends of the particular engine implementation.

New in version 2020.2.

do_set_sk(secret_key) virtual
Parameters:

secret_key (GLib.Variant) – secret key to be added

Returns:

True in case if the key could be set successfully, False in case of error (error will contain the reason).

Return type:

bool

Set the secret key to be used for signing data, commits and summary.

The secret_key argument depends of the particular engine implementation.

New in version 2020.2.