From ace0d4650b097b8d3fb04cc729715a92f6db7dee Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Mon, 4 Apr 2016 15:17:17 +0200
Subject: [PATCH] pull-local: Support --gpg-verify and --gpg-verify-summary

Force the otherwise disabled gpg verifications on.
Note: You need to pass --remote=foo so we know what gpg keys to verify
against.

Closes: #237
Approved by: cgwalters
---
 src/libostree/ostree-repo-pull.c   | 20 ++++++++++++---
 src/ostree/ot-builtin-pull-local.c | 12 ++++++++-
 tests/test-local-pull.sh           | 40 +++++++++++++++++++++++++++++-
 3 files changed, 66 insertions(+), 6 deletions(-)

diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index 238fdf65..4d8b6138 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -1900,6 +1900,8 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
   GSource *update_timeout = NULL;
   gboolean disable_static_deltas = FALSE;
   gboolean require_static_deltas = FALSE;
+  gboolean opt_gpg_verify = FALSE;
+  gboolean opt_gpg_verify_summary = FALSE;
 
   if (options)
     {
@@ -1910,6 +1912,8 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
       flags = flags_i;
       (void) g_variant_lookup (options, "subdir", "&s", &dir_to_pull);
       (void) g_variant_lookup (options, "override-remote-name", "s", &pull_data->remote_name);
+      (void) g_variant_lookup (options, "gpg-verify", "b", &opt_gpg_verify);
+      (void) g_variant_lookup (options, "gpg-verify-summary", "b", &opt_gpg_verify_summary);
       (void) g_variant_lookup (options, "depth", "i", &pull_data->maxdepth);
       (void) g_variant_lookup (options, "disable-static-deltas", "b", &disable_static_deltas);
       (void) g_variant_lookup (options, "require-static-deltas", "b", &require_static_deltas);
@@ -1967,10 +1971,18 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
   if (_ostree_repo_remote_name_is_file (remote_name_or_baseurl))
     {
       /* For compatibility with pull-local, don't gpg verify local
-       * pulls.
+       * pulls by default.
        */
-      pull_data->gpg_verify = FALSE;
-      pull_data->gpg_verify_summary = FALSE;
+      pull_data->gpg_verify = opt_gpg_verify;
+      pull_data->gpg_verify_summary = opt_gpg_verify_summary;
+
+      if ((pull_data->gpg_verify || pull_data->gpg_verify_summary) &&
+          pull_data->remote_name == NULL)
+        {
+          g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                       "Must specify remote name to enable gpg verification");
+          goto out;
+        }
     }
   else
     {
@@ -2181,7 +2193,7 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
         result = _ostree_repo_gpg_verify_with_metadata (self,
                                                         bytes_summary,
                                                         sig_variant,
-                                                        remote_name_or_baseurl,
+                                                        pull_data->remote_name,
                                                         NULL,
                                                         NULL,
                                                         cancellable,
diff --git a/src/ostree/ot-builtin-pull-local.c b/src/ostree/ot-builtin-pull-local.c
index f3ca184a..36057ec6 100644
--- a/src/ostree/ot-builtin-pull-local.c
+++ b/src/ostree/ot-builtin-pull-local.c
@@ -33,12 +33,16 @@
 static char *opt_remote;
 static gboolean opt_disable_fsync;
 static gboolean opt_untrusted;
+static gboolean opt_gpg_verify;
+static gboolean opt_gpg_verify_summary;
 static int opt_depth = 0;
 
 static GOptionEntry options[] = {
   { "remote", 0, 0, G_OPTION_ARG_STRING, &opt_remote, "Add REMOTE to refspec", "REMOTE" },
   { "disable-fsync", 0, 0, G_OPTION_ARG_NONE, &opt_disable_fsync, "Do not invoke fsync()", NULL },
   { "untrusted", 0, 0, G_OPTION_ARG_NONE, &opt_untrusted, "Do not trust source", NULL },
+  { "gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify, "GPG verify commits (must specify --remote)", NULL },
+  { "gpg-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify_summary, "GPG verify summary (must specify --remote)", NULL },
   { "depth", 0, 0, G_OPTION_ARG_INT, &opt_depth, "Traverse DEPTH parents (-1=infinite) (default: 0)", "DEPTH" },
   { NULL }
 };
@@ -145,9 +149,15 @@ ostree_builtin_pull_local (int argc, char **argv, GCancellable *cancellable, GEr
     if (opt_remote)
       g_variant_builder_add (&builder, "{s@v}", "override-remote-name",
                              g_variant_new_variant (g_variant_new_string (opt_remote)));
+    if (opt_gpg_verify)
+      g_variant_builder_add (&builder, "{s@v}", "gpg-verify",
+                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
+    if (opt_gpg_verify_summary)
+      g_variant_builder_add (&builder, "{s@v}", "gpg-verify-summary",
+                             g_variant_new_variant (g_variant_new_boolean (TRUE)));
     g_variant_builder_add (&builder, "{s@v}", "depth",
                            g_variant_new_variant (g_variant_new_int32 (opt_depth)));
-    
+
     if (!ostree_repo_pull_with_options (repo, src_repo_uri, 
                                         g_variant_builder_end (&builder),
                                         progress,
diff --git a/tests/test-local-pull.sh b/tests/test-local-pull.sh
index f158f962..a9ac1278 100755
--- a/tests/test-local-pull.sh
+++ b/tests/test-local-pull.sh
@@ -19,11 +19,14 @@
 
 set -euo pipefail
 
+# We don't want OSTREE_GPG_HOME used for these tests.
+unset OSTREE_GPG_HOME
+
 . $(dirname $0)/libtest.sh
 
 skip_without_user_xattrs
 
-echo "1..4"
+echo "1..7"
 
 setup_test_repository "archive-z2"
 echo "ok setup"
@@ -57,3 +60,38 @@ find checkout3 -printf '%P %s %#m %u/%g %y %l\n' | sort > checkout3.files
 cmp checkout1.files checkout2.files
 cmp checkout1.files checkout3.files
 echo "ok checkouts same"
+
+mkdir repo4
+${CMD_PREFIX} ostree --repo=repo4 init --mode="archive-z2"
+${CMD_PREFIX} ostree --repo=repo4 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo
+if ${CMD_PREFIX} ostree --repo=repo4 pull-local --remote=origin --gpg-verify repo test2 2>&1; then
+    assert_not_reached "GPG verification unexpectedly succeeded"
+fi
+echo "ok --gpg-verify with no signature"
+
+${OSTREE} gpg-sign --gpg-homedir=${TEST_GPG_KEYHOME} test2  ${TEST_GPG_KEYID_1}
+
+mkdir repo5
+${CMD_PREFIX} ostree --repo=repo5 init --mode="archive-z2"
+${CMD_PREFIX} ostree --repo=repo5 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo
+${CMD_PREFIX} ostree --repo=repo5 pull-local --remote=origin --gpg-verify repo test2
+echo "ok --gpg-verify"
+
+mkdir repo6
+${CMD_PREFIX} ostree --repo=repo6 init --mode="archive-z2"
+${CMD_PREFIX} ostree --repo=repo6 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo
+if ${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1; then
+    assert_not_reached "GPG summary verification with no summary unexpectedly succeeded"
+fi
+
+${OSTREE} summary -u update
+
+if ${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1; then
+    assert_not_reached "GPG summary verification with signed no summary unexpectedly succeeded"
+fi
+
+${OSTREE} summary -u update --gpg-sign=${TEST_GPG_KEYID_1} --gpg-homedir=${TEST_GPG_KEYHOME}
+
+${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1
+
+echo "ok --gpg-verify-summary"