lib/pull: Don’t cache summary file until its signature is verified

This makes no difference to the validity of the code, since any summary file loaded from the cache will be verified before being read anyway; but it will make some upcoming changes a little simpler. Signed-off-by: Philip Withnall <withnall@endlessm.com> Closes: #961 Approved by: cgwalters
2017-06-19 15:26:50 +01:00 · 2017-06-19 15:26:50 +01:00 · eb4887d619
parent e0ad9b2266
commit eb4887d619
1 changed files with 21 additions and 22 deletions
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@ -3339,28 +3339,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
        goto out;
      }

-    if (bytes_summary)
-      {
-        pull_data->summary_data = g_bytes_ref (bytes_summary);
-        pull_data->summary = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT, bytes_summary, FALSE);
-
-        if (bytes_sig)
-          pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
-      }
-
-
-    if (!summary_from_cache && bytes_summary && bytes_sig)
-      {
-        if (!pull_data->remote_repo_local &&
-            !_ostree_repo_cache_summary (self,
-                                         remote_name_or_baseurl,
-                                         bytes_summary,
-                                         bytes_sig,
-                                         cancellable,
-                                         error))
-          goto out;
-      }
-
    if (pull_data->gpg_verify_summary && bytes_summary && bytes_sig)
      {
        g_autoptr(GVariant) sig_variant = NULL;
@ -3379,6 +3357,27 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
          goto out;
      }

+    if (bytes_summary)
+      {
+        pull_data->summary_data = g_bytes_ref (bytes_summary);
+        pull_data->summary = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT, bytes_summary, FALSE);
+
+        if (bytes_sig)
+          pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
+      }
+
+    if (!summary_from_cache && bytes_summary && bytes_sig)
+      {
+        if (!pull_data->remote_repo_local &&
+            !_ostree_repo_cache_summary (self,
+                                         remote_name_or_baseurl,
+                                         bytes_summary,
+                                         bytes_sig,
+                                         cancellable,
+                                         error))
+          goto out;
+      }
+
    if (pull_data->summary)
      {
        additional_metadata = g_variant_get_child_value (pull_data->summary, 1);