66425c3161
While reading a recent conversation about GPG checking at treecompose time, I had a sudden thought - were we actually doing verification client side? Turned out, we aren't. That happens as part of `dnf_transaction_commit()` which we don't use. That function verifies every package at one go, but for us I think it's better to do it before "importing". We shouldn't have untrusted bits that we've unpacked (they might have suid binaries, for one thing). This is an embarassing problem, but it's worth emphasizing that everyone should be retrieving repodata at a minimum over TLS, which sets a baseline. On RHEL, we already do pinned TLS, and there are discussions about extending that elsewhere. See: https://bugzilla.redhat.com/show_bug.cgi?id=1422157 Closes: #656 Approved by: jlebon |
||
|---|---|---|
| .. | ||
| overlay.sh | ||
| sync.sh | ||
| test-initramfs.sh | ||
| test-layering-basic.sh | ||
| test-layering-gpg.sh | ||
| test-layering-non-root-caps.sh | ||
| test-layering-relayer.sh | ||
| test-layering-rpmdb.sh | ||
| test-layering-scripts.sh | ||
| test.sh | ||