diff --git a/app/flatpak-builtins-build-import-bundle.c b/app/flatpak-builtins-build-import-bundle.c index 6b06073f3..5455bb534 100644 --- a/app/flatpak-builtins-build-import-bundle.c +++ b/app/flatpak-builtins-build-import-bundle.c @@ -68,7 +68,7 @@ import_oci (OstreeRepo *repo, GFile *file, ref = flatpak_image_source_get_ref (image_source); - commit_checksum = flatpak_pull_from_oci (repo, image_source, NULL, NULL, + commit_checksum = flatpak_pull_from_oci (repo, image_source, NULL, NULL, NULL, ref, FLATPAK_PULL_FLAGS_NONE, NULL, NULL, cancellable, error); if (commit_checksum == NULL) diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 73118e112..36d9b4314 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -6926,7 +6926,7 @@ flatpak_dir_pull_oci (FlatpakDir *self, g_info ("Pulling OCI image %s", oci_digest); - checksum = flatpak_pull_from_oci (repo, image_source, NULL, + checksum = flatpak_pull_from_oci (repo, image_source, NULL, NULL, state->remote_name, ref, flatpak_flags, oci_pull_progress_cb, progress, cancellable, error); if (checksum == NULL) diff --git a/common/flatpak-oci-registry-private.h b/common/flatpak-oci-registry-private.h index ca56eab39..451f77086 100644 --- a/common/flatpak-oci-registry-private.h +++ b/common/flatpak-oci-registry-private.h @@ -194,7 +194,8 @@ typedef void (*FlatpakOciPullProgress) (guint64 total_size, char * flatpak_pull_from_oci (OstreeRepo *repo, FlatpakImageSource *image_source, - FlatpakImageSource *opt_dst_image_source, + const char *opt_sigcheck_repository, + const char *opt_sigcheck_registry_uri, const char *remote, const char *ref, FlatpakPullFlags flags, diff --git a/common/flatpak-oci-registry.c b/common/flatpak-oci-registry.c index 0a442cd40..07b194e0c 100644 --- a/common/flatpak-oci-registry.c +++ b/common/flatpak-oci-registry.c @@ -3301,7 +3301,8 @@ flatpak_mirror_image_from_oci (FlatpakOciRegistry *dst_registry, char * flatpak_pull_from_oci (OstreeRepo *repo, FlatpakImageSource *image_source, - FlatpakImageSource *opt_dst_image_source, + const char *opt_sigcheck_repository, + const char *opt_sigcheck_registry_uri, const char *remote, const char *ref, FlatpakPullFlags flags, @@ -3334,23 +3335,20 @@ flatpak_pull_from_oci (OstreeRepo *repo, g_autoptr(GVariantBuilder) metadata_builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}")); g_autoptr(GVariant) metadata = NULL; g_autoptr(FlatpakOciSignatures) signatures = NULL; - FlatpakOciRegistry *dst_registry = opt_dst_image_source ? - flatpak_image_source_get_registry (opt_dst_image_source) : registry; - const char *dest_oci_repository = opt_dst_image_source ? - flatpak_image_source_get_oci_repository (opt_dst_image_source) : oci_repository; + const char *sigcheck_registry_uri = opt_sigcheck_registry_uri ? opt_sigcheck_registry_uri : registry->uri; + const char *sigcheck_repository = opt_sigcheck_repository ? opt_sigcheck_repository : oci_repository; int n_layers; int i; g_assert (g_str_has_prefix (digest, "sha256:")); - signatures = load_signatures (opt_dst_image_source ? opt_dst_image_source : image_source, - cancellable, error); + signatures = load_signatures (image_source, cancellable, error); if (!signatures) return FALSE; if (!flatpak_oci_signatures_verify (signatures, repo, remote, - dst_registry->uri, - dest_oci_repository, + sigcheck_registry_uri, + sigcheck_repository, digest, error)) return FALSE; diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c index 81c080162..f6156b70a 100644 --- a/system-helper/flatpak-system-helper.c +++ b/system-helper/flatpak-system-helper.c @@ -492,6 +492,9 @@ handle_deploy (FlatpakSystemHelper *object, const char *verified_digest; g_autofree char *upstream_url = NULL; g_autoptr(FlatpakImageSource) system_image_source = NULL; + g_autoptr(GVariant) metadata = NULL; + const char *sigcheck_repository = NULL; + g_autofree char *sigcheck_registry_uri = NULL; if (!ostree_repo_remote_get_url (flatpak_dir_get_repo (system), arg_origin, @@ -546,21 +549,26 @@ handle_deploy (FlatpakSystemHelper *object, return G_DBUS_METHOD_INVOCATION_HANDLED; } - system_image_source = - flatpak_remote_state_fetch_image_source (state, - system, - arg_ref, - verified_digest, - NULL, - NULL, &error); - if (!system_image_source) + flatpak_remote_state_lookup_ref (state, arg_ref, + NULL, NULL, + &metadata, + NULL, NULL, NULL); + + if (!g_variant_lookup (metadata, "xa.oci-repository", "s", &sigcheck_repository)) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, - "Can't fetch image source: %s", error->message); + "Can't get the OCI repository from the summary"); return G_DBUS_METHOD_INVOCATION_HANDLED; } - checksum = flatpak_pull_from_oci (flatpak_dir_get_repo (system), image_source, system_image_source, + if (!ostree_repo_remote_get_url (flatpak_dir_get_repo (system), arg_origin, &sigcheck_registry_uri, NULL)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, + "Can't get the OCI registry URI"); + return G_DBUS_METHOD_INVOCATION_HANDLED; + } + + checksum = flatpak_pull_from_oci (flatpak_dir_get_repo (system), image_source, sigcheck_repository, sigcheck_registry_uri, arg_origin, arg_ref, FLATPAK_PULL_FLAGS_NONE, NULL, NULL, NULL, &error); if (checksum == NULL) {