ostree-image: accept only signed updates (cherry-picked from 2022dev1) (!337) · Merge requests · infrastructure / apertis-image-recipes

Denis Pynkin requested to merge wip/d4s/accept_only_signed into apertis/v2021pre Dec 15, 2020

Starting version v2020.7 libostree upstream provides deltas with signed metadata allowing to validate the creator of the delta file itself, not only the commit inside.

The new repository option core.sign-verify-deltas=true forces both libostree and AUM to accept deltas with signed metadata only.

This change affect only to systems using libostree v2020.7+. Apertis Update Manager must be updated to accept deltas with signed metadata.

Signed-off-by: Denis Pynkin denis.pynkin@collabora.com

Admin message

ostree-image: accept only signed updates (cherry-picked from 2022dev1)

Merge request reports