Enabling gpg means require both signed commits and summaries

It makes no sense to not require this. We're not held back by backwards compat issues, so lets be maximally secure.
author: Alexander Larsson <alexl@redhat.com> 2016-03-15 16:02:13 +0100
committer: Alexander Larsson <alexl@redhat.com> 2016-03-15 17:03:21 +0100
commit: 45a8b97542a9808ee5930eccf8db831df26487c6 (patch)
tree: 22ffbfc9e8306c70d003445587ae75cbc624920b /app
parent: f031650e2dd77102379403b6b0736b3f7ae0488e (diff)
download: xdg-app-45a8b97542a9808ee5930eccf8db831df26487c6.tar.gz
1 files changed, 25 insertions, 5 deletions
diff --git a/app/xdg-app-builtins-add-remote.c b/app/xdg-app-builtins-add-remote.c
index eb78670..451efb7 100644
--- a/app/xdg-app-builtins-add-remote.c
+++ b/app/xdg-app-builtins-add-remote.c
@@ -179,9 +179,23 @@ xdg_app_builtin_add_remote (int argc, char **argv,
   optbuilder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
 
   if (opt_no_gpg_verify)
-    g_variant_builder_add (optbuilder, "{s@v}",
-                           "gpg-verify",
-                           g_variant_new_variant (g_variant_new_boolean (FALSE)));
+    {
+      g_variant_builder_add (optbuilder, "{s@v}",
+                             "gpg-verify",
+                             g_variant_new_variant (g_variant_new_boolean (FALSE)));
+      g_variant_builder_add (optbuilder, "{s@v}",
+                             "gpg-verify-summary",
+                             g_variant_new_variant (g_variant_new_boolean (FALSE)));
+    }
+  else
+    {
+      g_variant_builder_add (optbuilder, "{s@v}",
+                             "gpg-verify",
+                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
+      g_variant_builder_add (optbuilder, "{s@v}",
+                             "gpg-verify-summary",
+                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
+    }
 
   if (opt_no_enumerate)
     g_variant_builder_add (optbuilder, "{s@v}",
@@ -275,10 +289,16 @@ xdg_app_builtin_modify_remote (int argc, char **argv, GCancellable *cancellable,
   config = ostree_repo_copy_config (xdg_app_dir_get_repo (dir));
 
   if (opt_no_gpg_verify)
-    g_key_file_set_boolean (config, group, "gpg-verify", FALSE);
+    {
+      g_key_file_set_boolean (config, group, "gpg-verify", FALSE);
+      g_key_file_set_boolean (config, group, "gpg-verify-summary", FALSE);
+    }
 
   if (opt_do_gpg_verify)
-    g_key_file_set_boolean (config, group, "gpg-verify", TRUE);
+    {
+      g_key_file_set_boolean (config, group, "gpg-verify", TRUE);
+      g_key_file_set_boolean (config, group, "gpg-verify-summary", TRUE);
+    }
 
   if (opt_url)
     g_key_file_set_string (config, group, "url", opt_url);
author	Alexander Larsson <alexl@redhat.com>	2016-03-15 16:02:13 +0100
committer	Alexander Larsson <alexl@redhat.com>	2016-03-15 17:03:21 +0100
commit	45a8b97542a9808ee5930eccf8db831df26487c6 (patch)
tree	22ffbfc9e8306c70d003445587ae75cbc624920b /app
parent	f031650e2dd77102379403b6b0736b3f7ae0488e (diff)
download	xdg-app-45a8b97542a9808ee5930eccf8db831df26487c6.tar.gz