shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-03-19 22:50:35 +03:00
Code Issues Projects Releases Wiki Activity

pull: Verify checksums from static deltas unless gpg signed summary

Browse Source 
Otherwise untrusted repos can lie about the commit ids.
This commit is contained in:
Alexander Larsson 2015-10-19 09:23:52 +02:00
parent ec56fea821
commit 598afd5030
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libostree/ostree-repo-pull.c
View File

@ -977,7 +977,8 @@ static_deltapart_fetch_on_complete (GObject *object,
_ostree_static_delta_part_execute_async (pull_data->repo,
fetch_data->objects,
delta_data,
TRUE,
/* Trust checksums if summary was gpg signed */
pull_data->gpg_verify_summary && pull_data->summary_data_sig,
pull_data->cancellable,
on_static_delta_written,
fetch_data);
@ -1629,7 +1630,8 @@ process_one_static_delta (OtPullData *pull_data,
_ostree_static_delta_part_execute_async (pull_data->repo,
fetch_data->objects,
delta_data,
TRUE,
/* Trust checksums if summary was gpg signed */
pull_data->gpg_verify_summary && pull_data->summary_data_sig,
pull_data->cancellable,
on_static_delta_written,
fetch_data);