* * override-remote-name (s): If local, add this remote to refspec
* * gpg-verify (b): GPG verify commits
* * gpg-verify-summary (b): GPG verify summary
+ * * disable-sign-verify (b): Disable signapi verification of commits
+ * * disable-sign-verify-summary (b): Disable signapi verification of the summary
* * depth (i): How far in the history to traverse; default is 0, -1 means infinite
* * disable-static-deltas (b): Do not use static deltas
* * require-static-deltas (b): Require static deltas
g_autoptr(GSource) update_timeout = NULL;
gboolean opt_gpg_verify_set = FALSE;
gboolean opt_gpg_verify_summary_set = FALSE;
- gboolean opt_sign_verify_set = FALSE;
- gboolean opt_sign_verify_summary_set = FALSE;
gboolean opt_collection_refs_set = FALSE;
gboolean opt_n_network_retries_set = FALSE;
gboolean opt_ref_keyring_map_set = FALSE;
+ gboolean disable_sign_verify = FALSE;
+ gboolean disable_sign_verify_summary = FALSE;
const char *main_collection_id = NULL;
const char *url_override = NULL;
gboolean inherit_transaction = FALSE;
g_variant_lookup (options, "gpg-verify", "b", &pull_data->gpg_verify);
opt_gpg_verify_summary_set =
g_variant_lookup (options, "gpg-verify-summary", "b", &pull_data->gpg_verify_summary);
- opt_sign_verify_set =
- g_variant_lookup (options, "sign-verify", "b", &pull_data->sign_verify);
- opt_sign_verify_summary_set =
- g_variant_lookup (options, "sign-verify-summary", "b", &pull_data->sign_verify_summary);
+ g_variant_lookup (options, "disable-sign-verify", "b", &disable_sign_verify);
+ g_variant_lookup (options, "disable-sign-verify-summary", "b", &disable_sign_verify_summary);
(void) g_variant_lookup (options, "depth", "i", &pull_data->maxdepth);
(void) g_variant_lookup (options, "disable-static-deltas", "b", &pull_data->disable_static_deltas);
(void) g_variant_lookup (options, "require-static-deltas", "b", &pull_data->require_static_deltas);
* pulls by default.
*/
if ((pull_data->gpg_verify ||
- pull_data->gpg_verify_summary ||
- pull_data->sign_verify
+ pull_data->gpg_verify_summary
) &&
pull_data->remote_name == NULL)
{
if (!ostree_repo_remote_get_gpg_verify_summary (self, pull_data->remote_name,
&pull_data->gpg_verify_summary, error))
goto out;
- /* Fetch verification settings from remote if it wasn't already
- * explicitly set in the options. */
- if (!opt_sign_verify_set)
- if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
- "sign-verify", FALSE,
- &pull_data->sign_verify, error))
- goto out;
- if (!opt_sign_verify_summary_set)
- if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
- "sign-verify-summary", FALSE,
- &pull_data->sign_verify_summary, error))
- goto out;
+ /* signapi differs from GPG in that it can only be explicitly *disabled*
+ * transiently during pulls, not enabled.
+ */
+ if (disable_sign_verify)
+ {
+ pull_data->sign_verify = FALSE;
+ }
+ else
+ {
+ if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
+ "sign-verify", FALSE,
+ &pull_data->sign_verify, error))
+ goto out;
+ }
+ if (disable_sign_verify_summary)
+ {
+ pull_data->sign_verify_summary = FALSE;
+ }
+ else
+ {
+ if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
+ "sign-verify-summary", FALSE,
+ &pull_data->sign_verify_summary, error))
+ goto out;
+ }
/* NOTE: If changing this, see the matching implementation in
* ostree-sysroot-upgrader.c
static gboolean opt_require_static_deltas;
static gboolean opt_gpg_verify;
static gboolean opt_gpg_verify_summary;
-static gboolean opt_sign_verify;
-static gboolean opt_sign_verify_summary;
static int opt_depth = 0;
/* ATTENTION:
{ "require-static-deltas", 0, 0, G_OPTION_ARG_NONE, &opt_require_static_deltas, "Require static deltas", NULL },
{ "gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify, "GPG verify commits (must specify --remote)", NULL },
{ "gpg-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify_summary, "GPG verify summary (must specify --remote)", NULL },
- { "sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_sign_verify, "Verify commits signature (must specify --remote)", NULL },
- { "sign-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_sign_verify, "Verify summary signature (must specify --remote)", NULL },
{ "depth", 0, 0, G_OPTION_ARG_INT, &opt_depth, "Traverse DEPTH parents (-1=infinite) (default: 0)", "DEPTH" },
{ NULL }
};
g_variant_new_variant (g_variant_new_boolean (TRUE)));
g_variant_builder_add (&builder, "{s@v}", "depth",
g_variant_new_variant (g_variant_new_int32 (opt_depth)));
-
- if (opt_sign_verify)
- g_variant_builder_add (&builder, "{s@v}", "sign-verify",
- g_variant_new_variant (g_variant_new_boolean (TRUE)));
- if (opt_sign_verify_summary)
- g_variant_builder_add (&builder, "{s@v}", "sign-verify-summary",
- g_variant_new_variant (g_variant_new_boolean (TRUE)));
+ /* local pulls always disable signapi verification. If you don't want this, use
+ * ostree remote add --sign-verify=<key> file://
+ */
+ g_variant_builder_add (&builder, "{s@v}", "disable-sign-verify",
+ g_variant_new_variant (g_variant_new_boolean (TRUE)));
+ g_variant_builder_add (&builder, "{s@v}", "disable-sign-verify-summary",
+ g_variant_new_variant (g_variant_new_boolean (TRUE)));
if (console.is_tty)
progress = ostree_async_progress_new_and_connect (ostree_repo_pull_default_console_progress_changed, &console);
skip_without_user_xattrs
-echo "1..11"
+echo "1..8"
setup_test_repository "archive"
echo "ok setup"
assert_files_hardlinked "$src_object" "$dst_object"
done
echo "ok pull-local z2 to z2 default hardlink"
-
-if has_sign_ed25519; then
- gen_ed25519_keys
-
- mkdir repo8
- ostree_repo_init repo8 --mode="archive"
- ${CMD_PREFIX} ostree --repo=repo8 remote add --set=verification-ed25519-key="${ED25519PUBLIC}" origin repo
- cat repo8/config
-
- if ${CMD_PREFIX} ostree --repo=repo8 pull-local --remote=origin --sign-verify repo test2 2>err.txt; then
- assert_not_reached "Ed25519 signature verification unexpectedly succeeded"
- fi
- assert_file_has_content err.txt 'ed25519: commit have no signatures of my type'
- echo "ok --sign-verify with no signature"
-
- ${OSTREE} sign test2 ${ED25519SECRET}
-
- mkdir repo9
- ostree_repo_init repo9 --mode="archive"
- ${CMD_PREFIX} ostree --repo=repo9 remote add --set=verification-ed25519-key="$(gen_ed25519_random_public)" origin repo
- if ${CMD_PREFIX} ostree --repo=repo9 pull-local --remote=origin --sign-verify repo test2 2>err.txt; then
- assert_not_reached "Ed25519 signature verification unexpectedly succeeded"
- fi
- assert_file_has_content err.txt 'no valid ed25519 signatures found'
- echo "ok --sign-verify with wrong signature"
-
- mkdir repo10
- ostree_repo_init repo10 --mode="archive"
- ${CMD_PREFIX} ostree --repo=repo10 remote add --set=verification-ed25519-key="${ED25519PUBLIC}" origin repo
- ${CMD_PREFIX} ostree --repo=repo10 pull-local --remote=origin --sign-verify repo test2
- echo "ok --sign-verify"
-else
- echo "ok --sign-verify with no signature | # SKIP due libsodium unavailability"
- echo "ok --sign-verify with wrong signature | # SKIP due libsodium unavailability"
- echo "ok --sign-verify | # SKIP libsodium unavailability"
-fi
projects / ostree.git / commitdiff