From eb4887d619002932b348496c5613424b0ee120e0 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Mon, 19 Jun 2017 15:26:50 +0100
Subject: [PATCH] =?utf8?q?lib/pull:=20Don=E2=80=99t=20cache=20summary=20fi?=
 =?utf8?q?le=20until=20its=20signature=20is=20verified?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

This makes no difference to the validity of the code, since any summary
file loaded from the cache will be verified before being read anyway;
but it will make some upcoming changes a little simpler.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #961
Approved by: cgwalters
---
 src/libostree/ostree-repo-pull.c | 37 ++++++++++++++++----------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index acc5098a..cc8a51eb 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -3339,6 +3339,24 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
         goto out;
       }
 
+    if (pull_data->gpg_verify_summary && bytes_summary && bytes_sig)
+      {
+        g_autoptr(GVariant) sig_variant = NULL;
+        glnx_unref_object OstreeGpgVerifyResult *result = NULL;
+
+        sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT, bytes_sig, FALSE);
+        result = _ostree_repo_gpg_verify_with_metadata (self,
+                                                        bytes_summary,
+                                                        sig_variant,
+                                                        pull_data->remote_name,
+                                                        NULL,
+                                                        NULL,
+                                                        cancellable,
+                                                        error);
+        if (!ostree_gpg_verify_result_require_valid_signature (result, error))
+          goto out;
+      }
+
     if (bytes_summary)
       {
         pull_data->summary_data = g_bytes_ref (bytes_summary);
@@ -3348,7 +3366,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
           pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
       }
 
-
     if (!summary_from_cache && bytes_summary && bytes_sig)
       {
         if (!pull_data->remote_repo_local &&
@@ -3361,24 +3378,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
           goto out;
       }
 
-    if (pull_data->gpg_verify_summary && bytes_summary && bytes_sig)
-      {
-        g_autoptr(GVariant) sig_variant = NULL;
-        glnx_unref_object OstreeGpgVerifyResult *result = NULL;
-
-        sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT, bytes_sig, FALSE);
-        result = _ostree_repo_gpg_verify_with_metadata (self,
-                                                        bytes_summary,
-                                                        sig_variant,
-                                                        pull_data->remote_name,
-                                                        NULL,
-                                                        NULL,
-                                                        cancellable,
-                                                        error);
-        if (!ostree_gpg_verify_result_require_valid_signature (result, error))
-          goto out;
-      }
-
     if (pull_data->summary)
       {
         additional_metadata = g_variant_get_child_value (pull_data->summary, 1);
-- 
2.30.2