diff options
| author | Alexander Larsson <alexl@redhat.com> | 2020-03-17 14:13:14 +0100 |
|---|---|---|
| committer | Alexander Larsson <alexl@redhat.com> | 2020-03-23 17:58:04 +0100 |
| commit | 116a8b848788c582fb2c8577f1250438b100da25 (patch) | |
| tree | 17abe210b8be92efa666dd3ba8e8320800bc5dc7 /system-helper | |
| parent | 32194f2d29490d809323054b0d87988fff07d764 (diff) | |
| download | flatpak-116a8b848788c582fb2c8577f1250438b100da25.tar.gz | |
transaction: Ensure the metadata in the pulled commit matches what we resolved
We're using the metadata from the summary, ostree-metadata or available
commit when making security sensitive decisions, so lets verify this
matches what we get in the actual commit we pulled.
We already did check that this then actually also matches what gets deployed,
so the new check shares code with that.
Note, we don't do this for OCI installs, because it seems the current
fedora flatpaks don't have this set, and we don't want to break
existing remotes.
Diffstat (limited to 'system-helper')
| -rw-r--r-- | system-helper/flatpak-system-helper.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c index f69b9b40..61f82e30 100644 --- a/system-helper/flatpak-system-helper.c +++ b/system-helper/flatpak-system-helper.c @@ -674,7 +674,7 @@ handle_deploy (FlatpakSystemHelper *object, ostree_progress = ostree_async_progress_new_and_connect (no_progress_cb, NULL); - if (!flatpak_dir_pull (system, state, arg_ref, NULL, NULL, (const char **) arg_subpaths, NULL, NULL, + if (!flatpak_dir_pull (system, state, arg_ref, NULL, NULL, (const char **) arg_subpaths, NULL, NULL, NULL, FLATPAK_PULL_FLAGS_NONE, OSTREE_REPO_PULL_FLAGS_UNTRUSTED, ostree_progress, NULL, &error)) { @@ -911,11 +911,11 @@ handle_deploy_appstream (FlatpakSystemHelper *object, ostree_progress = ostree_async_progress_new_and_connect (no_progress_cb, NULL); - if (!flatpak_dir_pull (system, state, new_branch, NULL, NULL, NULL, NULL, NULL, + if (!flatpak_dir_pull (system, state, new_branch, NULL, NULL, NULL, NULL, NULL, NULL, FLATPAK_PULL_FLAGS_NONE, OSTREE_REPO_PULL_FLAGS_UNTRUSTED, ostree_progress, NULL, &first_error)) { - if (!flatpak_dir_pull (system, state, old_branch, NULL, NULL, NULL, NULL, NULL, + if (!flatpak_dir_pull (system, state, old_branch, NULL, NULL, NULL, NULL, NULL, NULL, FLATPAK_PULL_FLAGS_NONE, OSTREE_REPO_PULL_FLAGS_UNTRUSTED, ostree_progress, NULL, &second_error)) { |