diff options
author | Alexander Larsson <alexl@redhat.com> | 2016-03-15 16:02:13 +0100 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2016-03-15 17:03:21 +0100 |
commit | 45a8b97542a9808ee5930eccf8db831df26487c6 (patch) | |
tree | 22ffbfc9e8306c70d003445587ae75cbc624920b /app | |
parent | f031650e2dd77102379403b6b0736b3f7ae0488e (diff) | |
download | xdg-app-45a8b97542a9808ee5930eccf8db831df26487c6.tar.gz |
Enabling gpg means require both signed commits and summaries
It makes no sense to not require this. We're not held back by
backwards compat issues, so lets be maximally secure.
Diffstat (limited to 'app')
-rw-r--r-- | app/xdg-app-builtins-add-remote.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/app/xdg-app-builtins-add-remote.c b/app/xdg-app-builtins-add-remote.c index eb78670..451efb7 100644 --- a/app/xdg-app-builtins-add-remote.c +++ b/app/xdg-app-builtins-add-remote.c @@ -179,9 +179,23 @@ xdg_app_builtin_add_remote (int argc, char **argv, optbuilder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}")); if (opt_no_gpg_verify) - g_variant_builder_add (optbuilder, "{s@v}", - "gpg-verify", - g_variant_new_variant (g_variant_new_boolean (FALSE))); + { + g_variant_builder_add (optbuilder, "{s@v}", + "gpg-verify", + g_variant_new_variant (g_variant_new_boolean (FALSE))); + g_variant_builder_add (optbuilder, "{s@v}", + "gpg-verify-summary", + g_variant_new_variant (g_variant_new_boolean (FALSE))); + } + else + { + g_variant_builder_add (optbuilder, "{s@v}", + "gpg-verify", + g_variant_new_variant (g_variant_new_boolean (TRUE))); + g_variant_builder_add (optbuilder, "{s@v}", + "gpg-verify-summary", + g_variant_new_variant (g_variant_new_boolean (TRUE))); + } if (opt_no_enumerate) g_variant_builder_add (optbuilder, "{s@v}", @@ -275,10 +289,16 @@ xdg_app_builtin_modify_remote (int argc, char **argv, GCancellable *cancellable, config = ostree_repo_copy_config (xdg_app_dir_get_repo (dir)); if (opt_no_gpg_verify) - g_key_file_set_boolean (config, group, "gpg-verify", FALSE); + { + g_key_file_set_boolean (config, group, "gpg-verify", FALSE); + g_key_file_set_boolean (config, group, "gpg-verify-summary", FALSE); + } if (opt_do_gpg_verify) - g_key_file_set_boolean (config, group, "gpg-verify", TRUE); + { + g_key_file_set_boolean (config, group, "gpg-verify", TRUE); + g_key_file_set_boolean (config, group, "gpg-verify-summary", TRUE); + } if (opt_url) g_key_file_set_string (config, group, "url", opt_url); |