Merge pull request #2101 from cgwalters/signapi-no-explicit-on

pull: Only have API to disable signapi for local pulls
2025-03-11 20:58:45 +03:00 · 2020-05-18 00:06:04 -07:00 · 2020-05-18 00:06:04 -07:00 · 0d7132ec79
commit 0d7132ec79
parent b5e51d8c08 5a47c926c1
3 changed files with 40 additions and 68 deletions
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@ -3277,6 +3277,8 @@ initiate_request (OtPullData                 *pull_data,
 *   * override-remote-name (s): If local, add this remote to refspec
 *   * gpg-verify (b): GPG verify commits
 *   * gpg-verify-summary (b): GPG verify summary
+ *   * disable-sign-verify (b): Disable signapi verification of commits
+ *   * disable-sign-verify-summary (b): Disable signapi verification of the summary
 *   * depth (i): How far in the history to traverse; default is 0, -1 means infinite
 *   * disable-static-deltas (b): Do not use static deltas
 *   * require-static-deltas (b): Require static deltas
@ -3334,11 +3336,11 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
  g_autoptr(GSource) update_timeout = NULL;
  gboolean opt_gpg_verify_set = FALSE;
  gboolean opt_gpg_verify_summary_set = FALSE;
-  gboolean opt_sign_verify_set = FALSE;
-  gboolean opt_sign_verify_summary_set = FALSE;
  gboolean opt_collection_refs_set = FALSE;
  gboolean opt_n_network_retries_set = FALSE;
  gboolean opt_ref_keyring_map_set = FALSE;
+  gboolean disable_sign_verify = FALSE;
+  gboolean disable_sign_verify_summary = FALSE;
  const char *main_collection_id = NULL;
  const char *url_override = NULL;
  gboolean inherit_transaction = FALSE;
@ -3370,10 +3372,8 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
        g_variant_lookup (options, "gpg-verify", "b", &pull_data->gpg_verify);
      opt_gpg_verify_summary_set =
        g_variant_lookup (options, "gpg-verify-summary", "b", &pull_data->gpg_verify_summary);
-      opt_sign_verify_set =
-        g_variant_lookup (options, "sign-verify", "b", &pull_data->sign_verify);
-      opt_sign_verify_summary_set =
-        g_variant_lookup (options, "sign-verify-summary", "b", &pull_data->sign_verify_summary);
+      g_variant_lookup (options, "disable-sign-verify", "b", &disable_sign_verify);
+      g_variant_lookup (options, "disable-sign-verify-summary", "b", &disable_sign_verify_summary);
      (void) g_variant_lookup (options, "depth", "i", &pull_data->maxdepth);
      (void) g_variant_lookup (options, "disable-static-deltas", "b", &pull_data->disable_static_deltas);
      (void) g_variant_lookup (options, "require-static-deltas", "b", &pull_data->require_static_deltas);
@ -3525,8 +3525,7 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
       * pulls by default.
       */
      if ((pull_data->gpg_verify ||
-           pull_data->gpg_verify_summary ||
-           pull_data->sign_verify
+           pull_data->gpg_verify_summary
          ) &&
          pull_data->remote_name == NULL)
        {
@ -3553,18 +3552,31 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
        if (!ostree_repo_remote_get_gpg_verify_summary (self, pull_data->remote_name,
                                                        &pull_data->gpg_verify_summary, error))
          goto out;
-      /* Fetch verification settings from remote if it wasn't already
-       * explicitly set in the options. */
-      if (!opt_sign_verify_set)
-        if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
-                                                    "sign-verify", FALSE,
-                                                    &pull_data->sign_verify, error))
-          goto out;
-      if (!opt_sign_verify_summary_set)
-        if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
-                                                    "sign-verify-summary", FALSE,
-                                                    &pull_data->sign_verify_summary, error))
-          goto out;
+      /* signapi differs from GPG in that it can only be explicitly *disabled*
+       * transiently during pulls, not enabled.
+       */
+      if (disable_sign_verify)
+        {
+          pull_data->sign_verify = FALSE;
+        }
+      else
+        {
+          if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
+                                                      "sign-verify", FALSE,
+                                                      &pull_data->sign_verify, error))
+            goto out;
+        }
+      if (disable_sign_verify_summary)
+        {
+          pull_data->sign_verify_summary = FALSE;
+        }
+      else
+        {
+          if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
+                                                      "sign-verify-summary", FALSE,
+                                                      &pull_data->sign_verify_summary, error))
+            goto out;
+        }

      /* NOTE: If changing this, see the matching implementation in
       * ostree-sysroot-upgrader.c
--- a/src/ostree/ot-builtin-pull-local.c
+++ b/src/ostree/ot-builtin-pull-local.c
@ -39,8 +39,6 @@ static gboolean opt_bareuseronly_files;
 static gboolean opt_require_static_deltas;
 static gboolean opt_gpg_verify;
 static gboolean opt_gpg_verify_summary;
-static gboolean opt_sign_verify;
-static gboolean opt_sign_verify_summary;
 static int opt_depth = 0;

 /* ATTENTION:
@ -57,8 +55,6 @@ static GOptionEntry options[] = {
  { "require-static-deltas", 0, 0, G_OPTION_ARG_NONE, &opt_require_static_deltas, "Require static deltas", NULL },
  { "gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify, "GPG verify commits (must specify --remote)", NULL },
  { "gpg-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify_summary, "GPG verify summary (must specify --remote)", NULL },
-  { "sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_sign_verify, "Verify commits signature (must specify --remote)", NULL },
-  { "sign-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_sign_verify, "Verify summary signature (must specify --remote)", NULL },
  { "depth", 0, 0, G_OPTION_ARG_INT, &opt_depth, "Traverse DEPTH parents (-1=infinite) (default: 0)", "DEPTH" },
  { NULL }
 };
@ -185,13 +181,13 @@ ostree_builtin_pull_local (int argc, char **argv, OstreeCommandInvocation *invoc
                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
    g_variant_builder_add (&builder, "{s@v}", "depth",
                           g_variant_new_variant (g_variant_new_int32 (opt_depth)));
-
-    if (opt_sign_verify)
-      g_variant_builder_add (&builder, "{s@v}", "sign-verify",
-                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
-    if (opt_sign_verify_summary)
-      g_variant_builder_add (&builder, "{s@v}", "sign-verify-summary",
-                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
+    /* local pulls always disable signapi verification.  If you don't want this, use
+     * ostree remote add --sign-verify=<key> file://
+     */
+    g_variant_builder_add (&builder, "{s@v}", "disable-sign-verify",
+                           g_variant_new_variant (g_variant_new_boolean (TRUE)));
+    g_variant_builder_add (&builder, "{s@v}", "disable-sign-verify-summary",
+                           g_variant_new_variant (g_variant_new_boolean (TRUE)));

    if (console.is_tty)
      progress = ostree_async_progress_new_and_connect (ostree_repo_pull_default_console_progress_changed, &console);
--- a/tests/test-local-pull.sh
+++ b/tests/test-local-pull.sh
@ -28,7 +28,7 @@ unset OSTREE_GPG_HOME

 skip_without_user_xattrs

-echo "1..11"
+echo "1..8"

 setup_test_repository "archive"
 echo "ok setup"
@ -115,39 +115,3 @@ for src_object in `find repo/objects -name '*.filez'`; do
    assert_files_hardlinked "$src_object" "$dst_object"
 done
 echo "ok pull-local z2 to z2 default hardlink"
-
-if has_sign_ed25519; then
-    gen_ed25519_keys
-
-    mkdir repo8
-    ostree_repo_init repo8 --mode="archive"
-    ${CMD_PREFIX} ostree --repo=repo8 remote add --set=verification-ed25519-key="${ED25519PUBLIC}" origin repo
-    cat repo8/config
-
-    if ${CMD_PREFIX} ostree --repo=repo8 pull-local --remote=origin --sign-verify repo test2 2>err.txt; then
-        assert_not_reached "Ed25519 signature verification unexpectedly succeeded"
-    fi
-    assert_file_has_content err.txt 'ed25519: commit have no signatures of my type'
-    echo "ok --sign-verify with no signature"
-
-    ${OSTREE} sign test2 ${ED25519SECRET}
-
-    mkdir repo9
-    ostree_repo_init repo9 --mode="archive"
-    ${CMD_PREFIX} ostree --repo=repo9 remote add --set=verification-ed25519-key="$(gen_ed25519_random_public)" origin repo
-    if ${CMD_PREFIX} ostree --repo=repo9 pull-local --remote=origin --sign-verify repo test2 2>err.txt; then
-        assert_not_reached "Ed25519 signature verification unexpectedly succeeded"
-    fi
-    assert_file_has_content err.txt 'no valid ed25519 signatures found'
-    echo "ok --sign-verify with wrong signature"
-
-    mkdir repo10
-    ostree_repo_init repo10 --mode="archive"
-    ${CMD_PREFIX} ostree --repo=repo10 remote add --set=verification-ed25519-key="${ED25519PUBLIC}" origin repo
-    ${CMD_PREFIX} ostree --repo=repo10 pull-local --remote=origin --sign-verify repo test2
-    echo "ok --sign-verify"
-else
-    echo "ok --sign-verify with no signature | # SKIP due libsodium unavailability"
-    echo "ok --sign-verify with wrong signature | # SKIP due libsodium unavailability"
-    echo "ok --sign-verify | # SKIP libsodium unavailability"
-fi