diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index 291f3fe6..7116c3dc 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -3277,6 +3277,8 @@ initiate_request (OtPullData                 *pull_data,
  *   * override-remote-name (s): If local, add this remote to refspec
  *   * gpg-verify (b): GPG verify commits
  *   * gpg-verify-summary (b): GPG verify summary
+ *   * disable-sign-verify (b): Disable signapi verification of commits
+ *   * disable-sign-verify-summary (b): Disable signapi verification of the summary
  *   * depth (i): How far in the history to traverse; default is 0, -1 means infinite
  *   * disable-static-deltas (b): Do not use static deltas
  *   * require-static-deltas (b): Require static deltas
@@ -3334,11 +3336,11 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
   g_autoptr(GSource) update_timeout = NULL;
   gboolean opt_gpg_verify_set = FALSE;
   gboolean opt_gpg_verify_summary_set = FALSE;
-  gboolean opt_sign_verify_set = FALSE;
-  gboolean opt_sign_verify_summary_set = FALSE;
   gboolean opt_collection_refs_set = FALSE;
   gboolean opt_n_network_retries_set = FALSE;
   gboolean opt_ref_keyring_map_set = FALSE;
+  gboolean disable_sign_verify = FALSE;
+  gboolean disable_sign_verify_summary = FALSE;
   const char *main_collection_id = NULL;
   const char *url_override = NULL;
   gboolean inherit_transaction = FALSE;
@@ -3370,10 +3372,8 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
         g_variant_lookup (options, "gpg-verify", "b", &pull_data->gpg_verify);
       opt_gpg_verify_summary_set =
         g_variant_lookup (options, "gpg-verify-summary", "b", &pull_data->gpg_verify_summary);
-      opt_sign_verify_set =
-        g_variant_lookup (options, "sign-verify", "b", &pull_data->sign_verify);
-      opt_sign_verify_summary_set =
-        g_variant_lookup (options, "sign-verify-summary", "b", &pull_data->sign_verify_summary);
+      g_variant_lookup (options, "disable-sign-verify", "b", &disable_sign_verify);
+      g_variant_lookup (options, "disable-sign-verify-summary", "b", &disable_sign_verify_summary);
       (void) g_variant_lookup (options, "depth", "i", &pull_data->maxdepth);
       (void) g_variant_lookup (options, "disable-static-deltas", "b", &pull_data->disable_static_deltas);
       (void) g_variant_lookup (options, "require-static-deltas", "b", &pull_data->require_static_deltas);
@@ -3525,8 +3525,7 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
        * pulls by default.
        */
       if ((pull_data->gpg_verify ||
-           pull_data->gpg_verify_summary ||
-           pull_data->sign_verify
+           pull_data->gpg_verify_summary
           ) &&
           pull_data->remote_name == NULL)
         {
@@ -3553,18 +3552,31 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
         if (!ostree_repo_remote_get_gpg_verify_summary (self, pull_data->remote_name,
                                                         &pull_data->gpg_verify_summary, error))
           goto out;
-      /* Fetch verification settings from remote if it wasn't already
-       * explicitly set in the options. */
-      if (!opt_sign_verify_set)
-        if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
-                                                    "sign-verify", FALSE,
-                                                    &pull_data->sign_verify, error))
-          goto out;
-      if (!opt_sign_verify_summary_set)
-        if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
-                                                    "sign-verify-summary", FALSE,
-                                                    &pull_data->sign_verify_summary, error))
-          goto out;
+      /* signapi differs from GPG in that it can only be explicitly *disabled*
+       * transiently during pulls, not enabled.
+       */
+      if (disable_sign_verify)
+        {
+          pull_data->sign_verify = FALSE;
+        }
+      else
+        {
+          if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
+                                                      "sign-verify", FALSE,
+                                                      &pull_data->sign_verify, error))
+            goto out;
+        }
+      if (disable_sign_verify_summary)
+        {
+          pull_data->sign_verify_summary = FALSE;
+        }
+      else
+        {
+          if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
+                                                      "sign-verify-summary", FALSE,
+                                                      &pull_data->sign_verify_summary, error))
+            goto out;
+        }
 
       /* NOTE: If changing this, see the matching implementation in
        * ostree-sysroot-upgrader.c
diff --git a/src/ostree/ot-builtin-pull-local.c b/src/ostree/ot-builtin-pull-local.c
index 695b09e5..c42d38d7 100644
--- a/src/ostree/ot-builtin-pull-local.c
+++ b/src/ostree/ot-builtin-pull-local.c
@@ -39,8 +39,6 @@ static gboolean opt_bareuseronly_files;
 static gboolean opt_require_static_deltas;
 static gboolean opt_gpg_verify;
 static gboolean opt_gpg_verify_summary;
-static gboolean opt_sign_verify;
-static gboolean opt_sign_verify_summary;
 static int opt_depth = 0;
 
 /* ATTENTION:
@@ -57,8 +55,6 @@ static GOptionEntry options[] = {
   { "require-static-deltas", 0, 0, G_OPTION_ARG_NONE, &opt_require_static_deltas, "Require static deltas", NULL },
   { "gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify, "GPG verify commits (must specify --remote)", NULL },
   { "gpg-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify_summary, "GPG verify summary (must specify --remote)", NULL },
-  { "sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_sign_verify, "Verify commits signature (must specify --remote)", NULL },
-  { "sign-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_sign_verify, "Verify summary signature (must specify --remote)", NULL },
   { "depth", 0, 0, G_OPTION_ARG_INT, &opt_depth, "Traverse DEPTH parents (-1=infinite) (default: 0)", "DEPTH" },
   { NULL }
 };
@@ -185,13 +181,13 @@ ostree_builtin_pull_local (int argc, char **argv, OstreeCommandInvocation *invoc
                              g_variant_new_variant (g_variant_new_boolean (TRUE)));
     g_variant_builder_add (&builder, "{s@v}", "depth",
                            g_variant_new_variant (g_variant_new_int32 (opt_depth)));
-
-    if (opt_sign_verify)
-      g_variant_builder_add (&builder, "{s@v}", "sign-verify",
-                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
-    if (opt_sign_verify_summary)
-      g_variant_builder_add (&builder, "{s@v}", "sign-verify-summary",
-                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
+    /* local pulls always disable signapi verification.  If you don't want this, use
+     * ostree remote add --sign-verify=<key> file://
+     */
+    g_variant_builder_add (&builder, "{s@v}", "disable-sign-verify",
+                           g_variant_new_variant (g_variant_new_boolean (TRUE)));
+    g_variant_builder_add (&builder, "{s@v}", "disable-sign-verify-summary",
+                           g_variant_new_variant (g_variant_new_boolean (TRUE)));
 
     if (console.is_tty)
       progress = ostree_async_progress_new_and_connect (ostree_repo_pull_default_console_progress_changed, &console);
diff --git a/tests/test-local-pull.sh b/tests/test-local-pull.sh
index d443421a..555e9b26 100755
--- a/tests/test-local-pull.sh
+++ b/tests/test-local-pull.sh
@@ -28,7 +28,7 @@ unset OSTREE_GPG_HOME
 
 skip_without_user_xattrs
 
-echo "1..11"
+echo "1..8"
 
 setup_test_repository "archive"
 echo "ok setup"
@@ -115,39 +115,3 @@ for src_object in `find repo/objects -name '*.filez'`; do
     assert_files_hardlinked "$src_object" "$dst_object"
 done
 echo "ok pull-local z2 to z2 default hardlink"
-
-if has_sign_ed25519; then
-    gen_ed25519_keys
-
-    mkdir repo8
-    ostree_repo_init repo8 --mode="archive"
-    ${CMD_PREFIX} ostree --repo=repo8 remote add --set=verification-ed25519-key="${ED25519PUBLIC}" origin repo
-    cat repo8/config
-
-    if ${CMD_PREFIX} ostree --repo=repo8 pull-local --remote=origin --sign-verify repo test2 2>err.txt; then
-        assert_not_reached "Ed25519 signature verification unexpectedly succeeded"
-    fi
-    assert_file_has_content err.txt 'ed25519: commit have no signatures of my type'
-    echo "ok --sign-verify with no signature"
-
-    ${OSTREE} sign test2 ${ED25519SECRET}
-
-    mkdir repo9
-    ostree_repo_init repo9 --mode="archive"
-    ${CMD_PREFIX} ostree --repo=repo9 remote add --set=verification-ed25519-key="$(gen_ed25519_random_public)" origin repo
-    if ${CMD_PREFIX} ostree --repo=repo9 pull-local --remote=origin --sign-verify repo test2 2>err.txt; then
-        assert_not_reached "Ed25519 signature verification unexpectedly succeeded"
-    fi
-    assert_file_has_content err.txt 'no valid ed25519 signatures found'
-    echo "ok --sign-verify with wrong signature"
-
-    mkdir repo10
-    ostree_repo_init repo10 --mode="archive"
-    ${CMD_PREFIX} ostree --repo=repo10 remote add --set=verification-ed25519-key="${ED25519PUBLIC}" origin repo
-    ${CMD_PREFIX} ostree --repo=repo10 pull-local --remote=origin --sign-verify repo test2
-    echo "ok --sign-verify"
-else
-    echo "ok --sign-verify with no signature | # SKIP due libsodium unavailability"
-    echo "ok --sign-verify with wrong signature | # SKIP due libsodium unavailability"
-    echo "ok --sign-verify | # SKIP libsodium unavailability"
-fi