common: Prevent pulling ostree-metadata unless gpg-verify is true

Add a sanity check and error message which prevents pulling the ostree-metadata ref (the repository metadata) unless GPG verification is enabled, as it needs to be signed to be trusted. Signed-off-by: Philip Withnall <withnall@endlessm.com>
2026-01-29 10:01:18 -05:00 · 2017-08-11 12:30:37 +01:00
parent 0bbf8f3d21
commit dd63bdbd61
1 changed files with 9 additions and 0 deletions
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -8746,6 +8746,15 @@ flatpak_dir_fetch_remote_repo_metadata (FlatpakDir    *self,
 {
 #ifdef FLATPAK_ENABLE_P2P
  FlatpakPullFlags flatpak_flags;
+  gboolean gpg_verify;
+
+  /* We can only fetch metadata if we’re going to verify it with GPG. */
+  if (!ostree_repo_remote_get_gpg_verify (self->repo, remote_name,
+                                          &gpg_verify, error))
+    return FALSE;
+
+  if (!gpg_verify)
+    return flatpak_fail (error, "Can't pull from untrusted non-gpg verified remote");

  flatpak_flags = FLATPAK_PULL_FLAGS_DOWNLOAD_EXTRA_DATA;
  flatpak_flags |= FLATPAK_PULL_FLAGS_NO_STATIC_DELTAS;