From e89facde7f343f546278a014ea3368c2858fd5e4 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 23 May 2017 11:41:58 +0200
Subject: [PATCH] deploy: Ensure xa.ref, if set, is correct

---
 common/flatpak-dir.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index d92dce66..2bebc38a 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -4347,6 +4347,7 @@ flatpak_dir_deploy (FlatpakDir          *self,
   g_autofree char *tmp_dir_path = NULL;
   g_autofree char *alt_id = NULL;
   const char *xa_metadata = NULL;
+  const char *xa_ref = NULL;
   g_autofree char *checkout_basename = NULL;
   gboolean created_extra_data = FALSE;
   g_autoptr(GVariant) commit_metadata = NULL;
@@ -4532,6 +4533,17 @@ flatpak_dir_deploy (FlatpakDir          *self,
         }
     }
 
+  g_variant_lookup (commit_metadata, "xa.ref", "s", &xa_ref);
+  if (xa_ref != NULL)
+    {
+      if (strcmp (ref, xa_ref) != 0)
+        {
+          g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+                       _("Deployed ref %s does not match commit (%s)"), ref, xa_ref);
+          return FALSE;
+        }
+    }
+
   /* Check the metadata in the commit to make sure it matches the actual
      deployed metadata, in case we relied on the one in the commit for
      a decision */