mirror of
https://github.com/flatpak/flatpak.git
synced 2026-03-17 14:39:13 -04:00
37ad100cfe
This reverts commit ed1d7eacf4 and fixes
the issue in a different way.
With the introduction of peer (LAN/USB) sources of refs comes a problem:
they may have outdated repository metadata (which is stored as
contentless commits on the branch "ostree-metadata"). Currently Flatpak
allows the older metadata to be pulled into the local repo, but this is
undesirable for a few reasons: it hurts the security properties of the
system because for example the GPG keys might have been rotated and you
don't want to go back to using the old ones, and it's undesirable
because the old metadata might have missing or wrong information about
the apps installed on the system.
So this commit makes Flatpak ignore the downgrade and use the newer
metadata for the offline operation. This is not a perfect solution,
because the newer metadata might have information (such as the download
size or needed runtime) that's not accurate for the old versions of the
refs that are available offline. This issue is significantly mitigated
by the fact that FlatpakTransaction operations use commit metadata to
make decisions, rather than depending on the xa.cache.
Another possible solution would be to read the outdated metadata into
the FlatpakRemoteState object without pulling it into the local repo or
using it to update the remote config, but that's not perfect either
because there's no guarantee you'll pull the metadata from the same
source as the refs (perhaps one comes from a USB drive and the other
from a LAN peer). Longer term, we should figure out how to rely less on
the xa.cache (which is stored in ostree-metadata) or otherwise make
architectural changes to solve those issues. For now, I think this fix
will be enough to make USB updates usable and secure.
Fixes https://github.com/flatpak/flatpak/issues/1473
Closes: #1965
Approved by: alexlarsson