lib/pull: Don’t cache summary file until its signature is verified

This makes no difference to the validity of the code, since any summary
file loaded from the cache will be verified before being read anyway;
but it will make some upcoming changes a little simpler.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #961
Approved by: cgwalters

diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index acc5098a7c62bdef491516f1e52ec61a2170ff2e..cc8a51eb6a3927282726606f428a17d7b6ed657b 100644 (file)
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -3339,6 +3339,24 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
         goto out;
       }
 
+    if (pull_data->gpg_verify_summary && bytes_summary && bytes_sig)
+      {
+        g_autoptr(GVariant) sig_variant = NULL;
+        glnx_unref_object OstreeGpgVerifyResult *result = NULL;
+
+        sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT, bytes_sig, FALSE);
+        result = _ostree_repo_gpg_verify_with_metadata (self,
+                                                        bytes_summary,
+                                                        sig_variant,
+                                                        pull_data->remote_name,
+                                                        NULL,
+                                                        NULL,
+                                                        cancellable,
+                                                        error);
+        if (!ostree_gpg_verify_result_require_valid_signature (result, error))
+          goto out;
+      }
+
     if (bytes_summary)
       {
         pull_data->summary_data = g_bytes_ref (bytes_summary);
@@ -3348,7 +3366,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
           pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
       }
 
-
     if (!summary_from_cache && bytes_summary && bytes_sig)
       {
         if (!pull_data->remote_repo_local &&
@@ -3361,24 +3378,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
           goto out;
       }
 
-    if (pull_data->gpg_verify_summary && bytes_summary && bytes_sig)
-      {
-        g_autoptr(GVariant) sig_variant = NULL;
-        glnx_unref_object OstreeGpgVerifyResult *result = NULL;
-
-        sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT, bytes_sig, FALSE);
-        result = _ostree_repo_gpg_verify_with_metadata (self,
-                                                        bytes_summary,
-                                                        sig_variant,
-                                                        pull_data->remote_name,
-                                                        NULL,
-                                                        NULL,
-                                                        cancellable,
-                                                        error);
-        if (!ostree_gpg_verify_result_require_valid_signature (result, error))
-          goto out;
-      }
-
     if (pull_data->summary)
       {
         additional_metadata = g_variant_get_child_value (pull_data->summary, 1);