diff options
| author | Jonathan Lebon <jonathan@jlebon.com> | 2019-07-26 11:52:18 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2019-07-29 13:58:29 +0000 |
| commit | 9332830e09e285ba1db9357a4e695d1251b00dd7 (patch) | |
| tree | 80cdd4932e9d3f1f59b383bf31f9a2667d1e57f4 /tests/pull-test.sh | |
| parent | c9ecfb1d81b5592ab9b5978da440b2997b8716a3 (diff) | |
| download | ostree-9332830e09e285ba1db9357a4e695d1251b00dd7.tar.gz | |
lib/pull: Allow downgrade protection with overrides
There's a valid use case for enabling the timestamp downgrade check
while still also using override commits.
We'll make use of this in Fedora CoreOS, where the agent specifies the
exact commit to upgrade to, while still enforcing that it be newer.
Closes: #1891
Approved by: cgwalters
Diffstat (limited to 'tests/pull-test.sh')
| -rw-r--r-- | tests/pull-test.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/pull-test.sh b/tests/pull-test.sh index 9d51b151..a8bc49a9 100644 --- a/tests/pull-test.sh +++ b/tests/pull-test.sh @@ -334,6 +334,12 @@ if ${CMD_PREFIX} ostree --repo=repo pull -T origin main 2>err.txt; then fi assert_file_has_content err.txt "Upgrade.*is chronologically older" assert_streq ${newrev} "$(${CMD_PREFIX} ostree --repo=repo rev-parse main)" +# And also check we can't pull it when using overrides +if ${CMD_PREFIX} ostree --repo=repo pull -T origin main@${newrev2} 2>err.txt; then + fatal "pulled older commit override with timestamp checking enabled?" +fi +assert_file_has_content err.txt "Upgrade.*is chronologically older" +assert_streq ${newrev} "$(${CMD_PREFIX} ostree --repo=repo rev-parse main)" # But we can pull it without timestamp checking ${CMD_PREFIX} ostree --repo=repo pull origin main echo "ok pull timestamp checking" |