forked from Mirrors/flatpak-builder
![]() In order to eliminate some race conditions around updating the summary{,.sig} file on the server, and to decouple signing the summary from signing commits, and to support peer to peer mirrors of content from multiple upstream collections: add support for unsigned summary files. This relaxes the requirement for gpg-verify-summary=true iff collection-id is set in a remote’s local configuration. It depends on some pending libostree changes to verify the ref for each commit using the commit’s signed metadata. See https://github.com/ostreedev/ostree/issues/983. Metadata storage has moved from the summary file to a new ostree-metadata well-known branch on each repository, since this can be signed for each update and for each collection separately. If the collection-id is set in a remote’s local configuration, flatpak will retrieve all repository metadata from this branch rather than from the summary file. If collection-id is unset, it will ignore this branch and continue to use the summary file, which will continue to be updated (and externally signed as summary.sig) for backwards compatibility. Signed-off-by: Philip Withnall <withnall@endlessm.com> |
||
---|---|---|
.. | ||
Makefile.am.inc | ||
flatpak-system-helper.c | ||
flatpak-system-helper.service.in | ||
org.freedesktop.Flatpak.SystemHelper.conf | ||
org.freedesktop.Flatpak.SystemHelper.service.in | ||
org.freedesktop.Flatpak.policy.in | ||
org.freedesktop.Flatpak.rules.in |