|
|
19210e |
From 962a7f560ee0fa08eb30b0536d4ae9659ceaf163 Mon Sep 17 00:00:00 2001
|
|
|
19210e |
From: Alexander Larsson <alexl@redhat.com>
|
|
|
19210e |
Date: Wed, 8 May 2019 16:54:55 +0200
|
|
|
19210e |
Subject: [PATCH 3/3] update: Fix OCI updates in the system repo
|
|
|
19210e |
|
|
|
19210e |
We need to check whether the remote is gpg verified after handling
|
|
|
19210e |
the oci case, because OCI is fine to update systemwide without gpg
|
|
|
19210e |
verification (in fact it doesn't support verification).
|
|
|
19210e |
|
|
|
19210e |
This just reorders the code, matching what is done in the install
|
|
|
19210e |
case already.
|
|
|
19210e |
|
|
|
19210e |
Closes: #2891
|
|
|
19210e |
Approved by: alexlarsson
|
|
|
19210e |
|
|
|
19210e |
(cherry picked from commit 4c4c80b85d629bad1a377524b7787200f1c831a0)
|
|
|
19210e |
---
|
|
|
19210e |
common/flatpak-dir.c | 32 ++++++++++++++++----------------
|
|
|
19210e |
1 file changed, 16 insertions(+), 16 deletions(-)
|
|
|
19210e |
|
|
|
19210e |
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
|
|
|
19210e |
index 79fa361d..1fc6a90c 100644
|
|
|
19210e |
--- a/common/flatpak-dir.c
|
|
|
19210e |
+++ b/common/flatpak-dir.c
|
|
|
19210e |
@@ -8364,22 +8364,6 @@ flatpak_dir_update (FlatpakDir *self,
|
|
|
19210e |
if (no_pull)
|
|
|
19210e |
{
|
|
|
19210e |
}
|
|
|
19210e |
- else if ((!gpg_verify_summary && state->collection_id == NULL) || !gpg_verify)
|
|
|
19210e |
- {
|
|
|
19210e |
- /* The remote is not gpg verified, so we don't want to allow installation via
|
|
|
19210e |
- a download in the home directory, as there is no way to verify you're not
|
|
|
19210e |
- injecting anything into the remote. However, in the case of a remote
|
|
|
19210e |
- configured to a local filesystem we can just let the system helper do
|
|
|
19210e |
- the installation, as it can then avoid network i/o and be certain the
|
|
|
19210e |
- data comes from the right place.
|
|
|
19210e |
-
|
|
|
19210e |
- If @collection_id is non-%NULL, we can verify the refs in commit
|
|
|
19210e |
- metadata, so don’t need to verify the summary. */
|
|
|
19210e |
- if (g_str_has_prefix (url, "file:"))
|
|
|
19210e |
- helper_flags |= FLATPAK_HELPER_DEPLOY_FLAGS_LOCAL_PULL;
|
|
|
19210e |
- else
|
|
|
19210e |
- return flatpak_fail_error (error, FLATPAK_ERROR_UNTRUSTED, _("Can't pull from untrusted non-gpg verified remote"));
|
|
|
19210e |
- }
|
|
|
19210e |
else if (is_oci)
|
|
|
19210e |
{
|
|
|
19210e |
g_autoptr(FlatpakOciRegistry) registry = NULL;
|
|
|
19210e |
@@ -8396,6 +8380,22 @@ flatpak_dir_update (FlatpakDir *self,
|
|
|
19210e |
if (!flatpak_dir_mirror_oci (self, registry, state, ref, NULL, progress, cancellable, error))
|
|
|
19210e |
return FALSE;
|
|
|
19210e |
}
|
|
|
19210e |
+ else if ((!gpg_verify_summary && state->collection_id == NULL) || !gpg_verify)
|
|
|
19210e |
+ {
|
|
|
19210e |
+ /* The remote is not gpg verified, so we don't want to allow installation via
|
|
|
19210e |
+ a download in the home directory, as there is no way to verify you're not
|
|
|
19210e |
+ injecting anything into the remote. However, in the case of a remote
|
|
|
19210e |
+ configured to a local filesystem we can just let the system helper do
|
|
|
19210e |
+ the installation, as it can then avoid network i/o and be certain the
|
|
|
19210e |
+ data comes from the right place.
|
|
|
19210e |
+
|
|
|
19210e |
+ If @collection_id is non-%NULL, we can verify the refs in commit
|
|
|
19210e |
+ metadata, so don’t need to verify the summary. */
|
|
|
19210e |
+ if (g_str_has_prefix (url, "file:"))
|
|
|
19210e |
+ helper_flags |= FLATPAK_HELPER_DEPLOY_FLAGS_LOCAL_PULL;
|
|
|
19210e |
+ else
|
|
|
19210e |
+ return flatpak_fail_error (error, FLATPAK_ERROR_UNTRUSTED, _("Can't pull from untrusted non-gpg verified remote"));
|
|
|
19210e |
+ }
|
|
|
19210e |
else
|
|
|
19210e |
{
|
|
|
19210e |
/* We're pulling from a remote source, we do the network mirroring pull as a
|
|
|
19210e |
--
|
|
|
19210e |
2.21.0
|
|
|
19210e |
|