From 9332830e09e285ba1db9357a4e695d1251b00dd7 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 26 Jul 2019 11:52:18 -0400 Subject: [PATCH] lib/pull: Allow downgrade protection with overrides There's a valid use case for enabling the timestamp downgrade check while still also using override commits. We'll make use of this in Fedora CoreOS, where the agent specifies the exact commit to upgrade to, while still enforcing that it be newer. Closes: #1891 Approved by: cgwalters --- src/libostree/ostree-repo-pull.c | 50 ++++++++++++++++---------------- tests/pull-test.sh | 6 ++++ 2 files changed, 31 insertions(+), 25 deletions(-) diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c index bb7bc02b..67b28f8c 100644 --- a/src/libostree/ostree-repo-pull.c +++ b/src/libostree/ostree-repo-pull.c @@ -4335,16 +4335,16 @@ ostree_repo_pull_with_options (OstreeRepo *self, const char*, override_commitid) { g_autofree char *contents = NULL; + g_autoptr(OstreeCollectionRef) ref_with_collection = NULL; /* Support specifying "" for an override commitid */ if (override_commitid && *override_commitid) { - g_hash_table_replace (updated_requested_refs_to_fetch, ostree_collection_ref_dup (ref), g_strdup (override_commitid)); + ref_with_collection = ostree_collection_ref_dup (ref); + contents = g_strdup (override_commitid); } else { - g_autoptr(OstreeCollectionRef) ref_with_collection = NULL; - if (pull_data->summary) { gsize commit_size = 0; @@ -4367,29 +4367,29 @@ ostree_repo_pull_with_options (OstreeRepo *self, ref_with_collection = ostree_collection_ref_dup (ref); } - - /* If we have timestamp checking enabled, find the current value of - * the ref, and store its timestamp in the hash map, to check later. - */ - if (pull_data->timestamp_check) - { - g_autofree char *from_rev = NULL; - if (!ostree_repo_resolve_rev (pull_data->repo, ref_with_collection->ref_name, TRUE, - &from_rev, error)) - goto out; - /* Explicitly store NULL if there's no previous revision. We do - * this so we can assert() if we somehow didn't find a ref in the - * hash at all. Note we don't copy the collection-ref, so the - * lifetime of this hash must be equal to `requested_refs_to_fetch`. - */ - g_hash_table_insert (pull_data->ref_original_commits, ref_with_collection, - g_steal_pointer (&from_rev)); - } - - g_hash_table_replace (updated_requested_refs_to_fetch, - g_steal_pointer (&ref_with_collection), - g_steal_pointer (&contents)); } + + /* If we have timestamp checking enabled, find the current value of + * the ref, and store its timestamp in the hash map, to check later. + */ + if (pull_data->timestamp_check) + { + g_autofree char *from_rev = NULL; + if (!ostree_repo_resolve_rev (pull_data->repo, ref_with_collection->ref_name, TRUE, + &from_rev, error)) + goto out; + /* Explicitly store NULL if there's no previous revision. We do + * this so we can assert() if we somehow didn't find a ref in the + * hash at all. Note we don't copy the collection-ref, so the + * lifetime of this hash must be equal to `requested_refs_to_fetch`. + */ + g_hash_table_insert (pull_data->ref_original_commits, ref_with_collection, + g_steal_pointer (&from_rev)); + } + + g_hash_table_replace (updated_requested_refs_to_fetch, + g_steal_pointer (&ref_with_collection), + g_steal_pointer (&contents)); } g_hash_table_unref (requested_refs_to_fetch); diff --git a/tests/pull-test.sh b/tests/pull-test.sh index 9d51b151..a8bc49a9 100644 --- a/tests/pull-test.sh +++ b/tests/pull-test.sh @@ -334,6 +334,12 @@ if ${CMD_PREFIX} ostree --repo=repo pull -T origin main 2>err.txt; then fi assert_file_has_content err.txt "Upgrade.*is chronologically older" assert_streq ${newrev} "$(${CMD_PREFIX} ostree --repo=repo rev-parse main)" +# And also check we can't pull it when using overrides +if ${CMD_PREFIX} ostree --repo=repo pull -T origin main@${newrev2} 2>err.txt; then + fatal "pulled older commit override with timestamp checking enabled?" +fi +assert_file_has_content err.txt "Upgrade.*is chronologically older" +assert_streq ${newrev} "$(${CMD_PREFIX} ostree --repo=repo rev-parse main)" # But we can pull it without timestamp checking ${CMD_PREFIX} ostree --repo=repo pull origin main echo "ok pull timestamp checking"