mirror of
https://github.com/flatpak/flatpak.git
synced 2026-05-03 13:36:02 -04:00
bc46274ae4
When pulling from a local, untrusted repo (i.e. one which the user downloaded into, and we want to pull into the trusted system repo), verify the collection ID and ref bindings in the commit metadata for each commit. This is something which is normally done by libostree, but since we’re rewriting the commit manually, we’re bypassing that part of the pull() code path. This is an inlined version of the check from verify_bindings() in libostree. Signed-off-by: Philip Withnall <withnall@endlessm.com>