trust: always use have valid struct apk_trust *

Make sure we always have valid struct apk_trust * for code using it.

Load the signing keys directly when being specified to produce
sane error message if loading them fails.

src/adb.c

@@ -1103,8 +1103,6 @@ int adb_trust_write_signatures(struct apk_trust *trust, struct adb *db, struct a
 	size_t siglen;
 	int r;
 
-	if (IS_ERR(trust)) return PTR_ERR(trust);
-
 	if (!vfy) {
 		vfy = alloca(sizeof *vfy);
 		memset(vfy, 0, sizeof *vfy);

src/apk_context.h

@@ -66,7 +66,6 @@ struct apk_ctx {
 	const char *repositories_file;
 	const char *uvol;
 	struct apk_string_array *repository_list;
-	struct apk_string_array *private_keys;
 
 	struct apk_trust trust;
 	struct apk_id_cache id_cache;

src/apk_trust.h

@@ -24,11 +24,12 @@ struct apk_trust {
 	struct list_head trusted_key_list;
 	struct list_head private_key_list;
 	int allow_untrusted : 1;
-	int initialized : 1;
+	int keys_loaded : 1;
 };
 
-int apk_trust_init(struct apk_trust *trust, int keysfd, struct apk_string_array *);
+void apk_trust_init(struct apk_trust *trust);
 void apk_trust_free(struct apk_trust *trust);
+int apk_trust_load_keys(struct apk_trust *trust, int keysfd);
 struct apk_pkey *apk_trust_key_by_name(struct apk_trust *trust, const char *filename);
 
 #endif

src/context.c

@@ -16,7 +16,7 @@ void apk_ctx_init(struct apk_ctx *ac)
 {
 	memset(ac, 0, sizeof *ac);
 	apk_string_array_init(&ac->repository_list);
-	apk_string_array_init(&ac->private_keys);
+	apk_trust_init(&ac->trust);
 	apk_out_reset(&ac->out);
 	ac->out.out = stdout;
 	ac->out.err = stderr;
@@ -28,7 +28,6 @@ void apk_ctx_free(struct apk_ctx *ac)
 	apk_id_cache_free(&ac->id_cache);
 	apk_trust_free(&ac->trust);
 	apk_string_array_free(&ac->repository_list);
-	apk_string_array_free(&ac->private_keys);
 	if (ac->out.log) fclose(ac->out.log);
 }
 
@@ -75,12 +74,10 @@ int apk_ctx_prepare(struct apk_ctx *ac)
 
 struct apk_trust *apk_ctx_get_trust(struct apk_ctx *ac)
 {
-	if (!ac->trust.initialized) {
-		int r = apk_trust_init(&ac->trust,
-			openat(ac->root_fd, ac->keys_dir, O_RDONLY | O_CLOEXEC),
-			ac->private_keys);
-		if (r) return ERR_PTR(r);
-		ac->trust.allow_untrusted = !!(ac->flags & APK_ALLOW_UNTRUSTED);
+	if (!ac->trust.keys_loaded) {
+		int r = apk_trust_load_keys(&ac->trust,
+			openat(ac->root_fd, ac->keys_dir, O_RDONLY | O_CLOEXEC));
+		if (r != 0) apk_err(&ac->out, "Unable to load trust keys: %s", apk_error_str(r));
 	}
 	return &ac->trust;
 }

src/trust.c

@@ -32,21 +32,19 @@ static int __apk_trust_load_pubkey(void *pctx, int dirfd, const char *filename)
 	return 0;
 }
 
-int apk_trust_init(struct apk_trust *trust, int dirfd, struct apk_string_array *pkey_files)
+void apk_trust_init(struct apk_trust *trust)
 {
-	char **fn;
-
 	*trust = (struct apk_trust){};
 	apk_digest_ctx_init(&trust->dctx, APK_DIGEST_NONE);
 	list_init(&trust->trusted_key_list);
 	list_init(&trust->private_key_list);
-	trust->initialized = 1;
-	apk_dir_foreach_file(dirfd, __apk_trust_load_pubkey, trust);
+}
 
-	foreach_array_item(fn, pkey_files) {
-		struct apk_trust_key *key = apk_trust_load_key(AT_FDCWD, *fn);
-		if (IS_ERR(key)) return PTR_ERR(key);
-		list_add_tail(&key->key_node, &trust->private_key_list);
+int apk_trust_load_keys(struct apk_trust *trust, int dirfd)
+{
+	if (!trust->keys_loaded) {
+		trust->keys_loaded = 1;
+		apk_dir_foreach_file(dirfd, __apk_trust_load_pubkey, trust);
 	}
 
 	return 0;
@@ -66,8 +64,6 @@ static void __apk_trust_free_keys(struct list_head *h)
 
 void apk_trust_free(struct apk_trust *trust)
 {
-	if (!trust->initialized) return;
-	trust->initialized = 0;
 	__apk_trust_free_keys(&trust->trusted_key_list);
 	__apk_trust_free_keys(&trust->private_key_list);
 	apk_digest_ctx_free(&trust->dctx);
@@ -95,9 +91,19 @@ APK_OPT_GROUP(options_signing, "Signing", SIGNING_OPTIONS);
 
 static int option_parse_signing(void *ctx, struct apk_ctx *ac, int optch, const char *optarg)
 {
+	struct apk_trust *trust = &ac->trust;
+	struct apk_out *out = &ac->out;
+	struct apk_trust_key *key;
+
 	switch (optch) {
 	case OPT_SIGN_sign_key:
-		*apk_string_array_add(&ac->private_keys) = (char*) optarg;
+		key = apk_trust_load_key(AT_FDCWD, optarg);
+		if (IS_ERR(key)) {
+			apk_err(out, "Failed to load signing key: %s: %s",
+				optarg, apk_error_str(PTR_ERR(key)));
+			return PTR_ERR(key);
+		}
+		list_add_tail(&key->key_node, &trust->private_key_list);
 		break;
 	default:
 		return -ENOTSUP;