ostree_repo_remote_fetch_summary: honor gpg-verify-summary

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index badc8ff9833226aa6bd5897d9cddf45014340223..2fe46634f13beb04a26957f5e1f1b5be8fe509b8 100644 (file)
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -1804,6 +1804,7 @@ ostree_repo_remote_fetch_summary (OstreeRepo    *self,
   g_autoptr(GBytes) summary = NULL;
   g_autoptr(GBytes) signatures = NULL;
   gboolean ret = FALSE;
+  gboolean gpg_verify_summary;
 
   g_return_val_if_fail (OSTREE_REPO (self), FALSE);
   g_return_val_if_fail (name != NULL, FALSE);
@@ -1832,8 +1833,18 @@ ostree_repo_remote_fetch_summary (OstreeRepo    *self,
         goto out;
     }
 
+  if (!ostree_repo_remote_get_gpg_verify_summary (self, name, &gpg_verify_summary, error))
+    goto out;
+
+  if (gpg_verify_summary && signatures == NULL)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "GPG verification enabled, but no summary signatures found (use gpg-verify-summary=false in remote config to disable)");
+      goto out;
+    }
+
   /* Verify any summary signatures. */
-  if (summary != NULL && signatures != NULL)
+  if (gpg_verify_summary && summary != NULL && signatures != NULL)
     {
       glnx_unref_object OstreeGpgVerifyResult *result = NULL;
       g_autoptr(GVariant) signatures_variant = NULL;