[ostree] pull: honor gpg-verify-summary=false when a summary signature is present

[Colin Walters <walters src gnome org>]

commit bddb25f79e1a95d154b219905988d6f11303f411
Author: Giuseppe Scrivano <gscrivan redhat com>
Date:   Thu Sep 10 10:16:47 2015 +0200

    pull: honor gpg-verify-summary=false when a summary signature is present
    
    Signed-off-by: Giuseppe Scrivano <gscrivan redhat com>

 src/libostree/ostree-repo-pull.c  |    7 ++++---
 tests/test-pull-mirror-summary.sh |   14 ++++++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)
---
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index 28198a4..27a20b3 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -1893,15 +1893,16 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
       {
         pull_data->summary_data = g_bytes_ref (bytes_summary);
         pull_data->summary = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT, bytes_summary, FALSE);
+
+        if (bytes_sig)
+          pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
       }
 
-    if (bytes_summary && bytes_sig)
+    if (pull_data->gpg_verify_summary && bytes_summary && bytes_sig)
       {
         g_autoptr(GVariant) sig_variant = NULL;
         glnx_unref_object OstreeGpgVerifyResult *result = NULL;
 
-        pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
-
         sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT, bytes_sig, FALSE);
         result = _ostree_repo_gpg_verify_with_metadata (self,
                                                         bytes_summary,
diff --git a/tests/test-pull-mirror-summary.sh b/tests/test-pull-mirror-summary.sh
index 7ff51fd..ff65d4d 100755
--- a/tests/test-pull-mirror-summary.sh
+++ b/tests/test-pull-mirror-summary.sh
@@ -94,6 +94,20 @@ assert_has_file repo/summary
 assert_has_file repo/summary.sig
 echo "ok pull mirror with signed summary"
 
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.good}
+truncate --size=1 ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig
+
+cd ${test_tmpdir}
+rm -rf repo
+mkdir repo
+${OSTREE} --repo=repo init --mode=archive-z2
+${OSTREE} --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
+${OSTREE} --repo=repo pull --mirror origin
+assert_has_file repo/summary
+assert_has_file repo/summary.sig
+mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.good,}
+echo "ok pull mirror with invalid summary sig and no verification"
+
 # Uncomment when we support mirroring deltas
 #
 # ${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo static-delta generate main