flatpak-remote: Enforce GPG verification when a collection ID is set

Currently the "test_remote()" test calls
flatpak_remote_set_gpg_verify (remote, FALSE) and disables GPG
verification on a remote while a collection ID is set on it, which
should not be possible. The remote-add command enforces that GPG
verification is used if a collection ID is set, but the library API does
not. This commit changes libflatpak to return an error when such an
invalidly configured remote is being committed to disk. Also, update the
unit test to check for the newly added error, and to unset the
collection ID before disabling GPG verification.

Later in the unit test, GPG verification is re-enabled on the remote,
but libflatpak erroneously sets gpg-verify-summary=true in addition to
gpg-verify=true (summary verification is supposed to be disabled when
collections are used, but the library doesn't notice the mistake since a
collection ID isn't set in the same transaction and was already set).

This fix addresses both issues.

Closes: #3095
Approved by: alexlarsson

2 files changed, 19 insertions, 3 deletions

diff --git a/common/flatpak-remote.c b/common/flatpak-remote.c
index 16e00eb2..eb9aa221 100644
--- a/common/flatpak-remote.c
+++ b/common/flatpak-remote.c
@@ -1298,6 +1298,11 @@ flatpak_remote_commit (FlatpakRemote *self,
 
   if (priv->local_gpg_verify_set)
     {
+      if (!priv->local_gpg_verify &&
+           priv->local_collection_id_set && priv->local_collection_id != NULL)
+        return flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA,
+                                   _("GPG verification must be enabled when a collection ID is set"));
+
       g_key_file_set_boolean (config, group, "gpg-verify", priv->local_gpg_verify);
 
       if (!priv->local_collection_id_set || priv->local_collection_id == NULL)
diff --git a/tests/testlibrary.c b/tests/testlibrary.c
index 49726192..aa28c4da 100644
--- a/tests/testlibrary.c
+++ b/tests/testlibrary.c
@@ -565,13 +565,23 @@ test_remote (void)
   flatpak_remote_set_disabled (remote, TRUE);
   g_assert_true (flatpak_remote_get_disabled (remote));
 
+  g_assert_null (flatpak_remote_get_default_branch (remote));
+  flatpak_remote_set_default_branch (remote, "master");
+  g_assert_cmpstr (flatpak_remote_get_default_branch (remote), ==, "master");
+
+  /* It should be an error to disable GPG while a collection ID is set. */
   g_assert_true (flatpak_remote_get_gpg_verify (remote));
   flatpak_remote_set_gpg_verify (remote, FALSE);
   g_assert_false (flatpak_remote_get_gpg_verify (remote));
+  res = flatpak_installation_modify_remote (inst, remote, NULL, &error);
+  g_assert_error (error, FLATPAK_ERROR, FLATPAK_ERROR_INVALID_DATA);
+  g_clear_error (&error);
+  g_assert_false (res);
 
-  g_assert_null (flatpak_remote_get_default_branch (remote));
-  flatpak_remote_set_default_branch (remote, "master");
-  g_assert_cmpstr (flatpak_remote_get_default_branch (remote), ==, "master");
+  /* Unset the collection ID and try again. */
+  flatpak_remote_set_collection_id (remote, NULL);
+  g_assert_cmpstr (flatpak_remote_get_collection_id (remote), ==, NULL);
+  g_assert_false (flatpak_remote_get_gpg_verify (remote));
 
   res = flatpak_installation_modify_remote (inst, remote, NULL, &error);
   g_assert_no_error (error);
@@ -594,6 +604,7 @@ test_remote (void)
   flatpak_remote_set_nodeps (remote, FALSE);
   flatpak_remote_set_disabled (remote, FALSE);
   flatpak_remote_set_gpg_verify (remote, TRUE);
+  flatpak_remote_set_collection_id (remote, repo_collection_id);
 
   res = flatpak_installation_modify_remote (inst, remote, NULL, &error);
   g_assert_no_error (error);