[ostree] pull: Verify checksums from static deltas unless gpg signed summary
- From: Alexander Larsson <alexl src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] pull: Verify checksums from static deltas unless gpg signed summary
- Date: Tue, 10 Nov 2015 08:53:44 +0000 (UTC)
commit 598afd5030bbc0b1c4aa3d43d383d6fec58e3746
Author: Alexander Larsson <alexl redhat com>
Date: Mon Oct 19 09:23:52 2015 +0200
pull: Verify checksums from static deltas unless gpg signed summary
Otherwise untrusted repos can lie about the commit ids.
src/libostree/ostree-repo-pull.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index 9153857..4c3b14b 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -977,7 +977,8 @@ static_deltapart_fetch_on_complete (GObject *object,
_ostree_static_delta_part_execute_async (pull_data->repo,
fetch_data->objects,
delta_data,
- TRUE,
+ /* Trust checksums if summary was gpg signed */
+ pull_data->gpg_verify_summary && pull_data->summary_data_sig,
pull_data->cancellable,
on_static_delta_written,
fetch_data);
@@ -1629,7 +1630,8 @@ process_one_static_delta (OtPullData *pull_data,
_ostree_static_delta_part_execute_async (pull_data->repo,
fetch_data->objects,
delta_data,
- TRUE,
+ /* Trust checksums if summary was gpg signed */
+ pull_data->gpg_verify_summary &&
pull_data->summary_data_sig,
pull_data->cancellable,
on_static_delta_written,
fetch_data);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]