mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-25 01:34:34 +03:00
lib/repo-finder: Emit gpg-verify-summary=false in dynamic remote config
When returning results from finding repos, set gpg-verify-summary=false in their configs, since any pulls from such remotes will necessarily involve collection IDs, and hence should be using the unsigned summary support. In the intended deployment mode for P2P transmission of OSTree refs, summaries *cannot* be signed, so setting gpg-verify-summary=true would cause all the pulls to fail. The unsigned summary support is the move of repository metadata from the summary file (not spliceable) to the well-known ostree-metadata ref (spliceable, as it can exist for multiple collection IDs in the same repository). Signed-off-by: Philip Withnall <withnall@endlessm.com> Closes: #1066 Approved by: cgwalters
This commit is contained in:
parent
8642ef5ab3
commit
8c148eb7e1
@ -824,9 +824,10 @@ ostree_avahi_service_build_repo_finder_result (OstreeAvahiService
|
|||||||
g_clear_pointer (&remote->keyring, g_free);
|
g_clear_pointer (&remote->keyring, g_free);
|
||||||
remote->keyring = g_strdup (repo->keyring);
|
remote->keyring = g_strdup (repo->keyring);
|
||||||
|
|
||||||
|
/* gpg-verify-summary is false since we use the unsigned summary file support. */
|
||||||
g_key_file_set_string (remote->options, remote->group, "url", repo->uri);
|
g_key_file_set_string (remote->options, remote->group, "url", repo->uri);
|
||||||
g_key_file_set_boolean (remote->options, remote->group, "gpg-verify", TRUE);
|
g_key_file_set_boolean (remote->options, remote->group, "gpg-verify", TRUE);
|
||||||
g_key_file_set_boolean (remote->options, remote->group, "gpg-verify-summary", TRUE);
|
g_key_file_set_boolean (remote->options, remote->group, "gpg-verify-summary", FALSE);
|
||||||
|
|
||||||
get_checksums (finder, parent_repo, remote, supported_ref_to_checksum, &error);
|
get_checksums (finder, parent_repo, remote, supported_ref_to_checksum, &error);
|
||||||
if (error != NULL)
|
if (error != NULL)
|
||||||
|
@ -392,9 +392,10 @@ ostree_repo_finder_mount_resolve_async (OstreeRepoFinder *finde
|
|||||||
g_clear_pointer (&remote->keyring, g_free);
|
g_clear_pointer (&remote->keyring, g_free);
|
||||||
remote->keyring = g_strdup (repo->keyring);
|
remote->keyring = g_strdup (repo->keyring);
|
||||||
|
|
||||||
|
/* gpg-verify-summary is false since we use the unsigned summary file support. */
|
||||||
g_key_file_set_string (remote->options, remote->group, "url", repo->uri);
|
g_key_file_set_string (remote->options, remote->group, "url", repo->uri);
|
||||||
g_key_file_set_boolean (remote->options, remote->group, "gpg-verify", TRUE);
|
g_key_file_set_boolean (remote->options, remote->group, "gpg-verify", TRUE);
|
||||||
g_key_file_set_boolean (remote->options, remote->group, "gpg-verify-summary", TRUE);
|
g_key_file_set_boolean (remote->options, remote->group, "gpg-verify-summary", FALSE);
|
||||||
|
|
||||||
/* Set the timestamp in the #OstreeRepoFinderResult to 0 because
|
/* Set the timestamp in the #OstreeRepoFinderResult to 0 because
|
||||||
* the code in ostree_repo_pull_from_remotes_async() will be able to
|
* the code in ostree_repo_pull_from_remotes_async() will be able to
|
||||||
|
@ -5344,7 +5344,7 @@ ostree_repo_pull_from_remotes_async (OstreeRepo *self,
|
|||||||
g_variant_dict_insert (&local_options_dict, "flags", "i", OSTREE_REPO_PULL_FLAGS_UNTRUSTED | flags);
|
g_variant_dict_insert (&local_options_dict, "flags", "i", OSTREE_REPO_PULL_FLAGS_UNTRUSTED | flags);
|
||||||
g_variant_dict_insert_value (&local_options_dict, "collection-refs", g_variant_builder_end (&refs_to_pull_builder));
|
g_variant_dict_insert_value (&local_options_dict, "collection-refs", g_variant_builder_end (&refs_to_pull_builder));
|
||||||
g_variant_dict_insert (&local_options_dict, "gpg-verify", "b", TRUE);
|
g_variant_dict_insert (&local_options_dict, "gpg-verify", "b", TRUE);
|
||||||
g_variant_dict_insert (&local_options_dict, "gpg-verify-summary", "b", TRUE);
|
g_variant_dict_insert (&local_options_dict, "gpg-verify-summary", "b", FALSE);
|
||||||
g_variant_dict_insert (&local_options_dict, "inherit-transaction", "b", TRUE);
|
g_variant_dict_insert (&local_options_dict, "inherit-transaction", "b", TRUE);
|
||||||
copy_option (&options_dict, &local_options_dict, "depth", G_VARIANT_TYPE ("i"));
|
copy_option (&options_dict, &local_options_dict, "depth", G_VARIANT_TYPE ("i"));
|
||||||
copy_option (&options_dict, &local_options_dict, "disable-static-deltas", G_VARIANT_TYPE ("b"));
|
copy_option (&options_dict, &local_options_dict, "disable-static-deltas", G_VARIANT_TYPE ("b"));
|
||||||
|
Loading…
Reference in New Issue
Block a user