Skip to content

Commit 93357d3

Browse files
committed
Require metadata in commit also for OCI remotes
This was disables a long time ago because the fedora remotes didn't contain metadata, but that has been added since then. Requiring fixes a security concern where an app claims to require no permissions (by having no metadata in commit) but then actually requires permissions in the installed app.
1 parent d9a8f9d commit 93357d3

File tree

1 file changed

+4
-10
lines changed

1 file changed

+4
-10
lines changed

Diff for: common/flatpak-dir.c

+4-10
Original file line numberDiff line numberDiff line change
@@ -1795,7 +1795,6 @@ validate_commit_metadata (GVariant *commit_data,
17951795
const char *ref,
17961796
const char *required_metadata,
17971797
gsize required_metadata_size,
1798-
gboolean require_xa_metadata,
17991798
GError **error)
18001799
{
18011800
g_autoptr(GVariant) commit_metadata = NULL;
@@ -1814,9 +1813,9 @@ validate_commit_metadata (GVariant *commit_data,
18141813
xa_metadata = g_variant_get_string (xa_metadata_v, &xa_metadata_size);
18151814
}
18161815

1817-
if ((xa_metadata == NULL && require_xa_metadata) ||
1818-
(xa_metadata != NULL && (xa_metadata_size != required_metadata_size ||
1819-
memcmp (xa_metadata, required_metadata, xa_metadata_size) != 0)))
1816+
if (xa_metadata == NULL ||
1817+
xa_metadata_size != required_metadata_size ||
1818+
memcmp (xa_metadata, required_metadata, xa_metadata_size) != 0)
18201819
{
18211820
g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
18221821
_("Commit metadata for %s not matching expected metadata"), ref);
@@ -5848,7 +5847,6 @@ flatpak_dir_pull (FlatpakDir *self,
58485847
ref,
58495848
(const char *)g_bytes_get_data (require_metadata, NULL),
58505849
g_bytes_get_size (require_metadata),
5851-
TRUE,
58525850
error))
58535851
goto out;
58545852
}
@@ -8173,7 +8171,6 @@ flatpak_dir_deploy (FlatpakDir *self,
81738171
g_autoptr(GFile) metadata_file = NULL;
81748172
g_autofree char *metadata_contents = NULL;
81758173
gsize metadata_size = 0;
8176-
gboolean is_oci;
81778174
const char *flatpak;
81788175

81798176
if (!flatpak_dir_ensure_repo (self, cancellable, error))
@@ -8399,12 +8396,9 @@ flatpak_dir_deploy (FlatpakDir *self,
83998396
/* Check the metadata in the commit to make sure it matches the actual
84008397
* deployed metadata, in case we relied on the one in the commit for
84018398
* a decision
8402-
* Note: For historical reason we don't enforce commits to contain xa.metadata
8403-
* since this was lacking in fedora builds.
84048399
*/
8405-
is_oci = flatpak_dir_get_remote_oci (self, origin);
84068400
if (!validate_commit_metadata (commit_data, flatpak_decomposed_get_ref (ref),
8407-
metadata_contents, metadata_size, !is_oci, error))
8401+
metadata_contents, metadata_size, error))
84088402
return FALSE;
84098403

84108404
dotref = g_file_resolve_relative_path (checkoutdir, "files/.ref");

0 commit comments

Comments
 (0)