forked from Mirrors/flatpak-builder
common/dir: Support updating collection-id from remote configuration
To allow staged deployment of collection-ID-based repositories, introduce the code to update a local repository configuration to add a collection ID to it, based on updated metadata from the remote (as is currently supported for other configuration keys). As a security measure, this only allows updating the collection ID from an empty to a non-empty value. We do not allow collection IDs to be renamed (or a malicious repository owner could bypass the user’s manual verification of the collection ID by changing it after the user has configured an unrelated remote). The idea is that most repositories should remain without collection IDs for now, and use this mechanism to set their collection IDs in future, once the functionality is more stable. Signed-off-by: Philip Withnall <withnall@endlessm.com>tingping/wmclass
parent
550ebcc4f9
commit
36c8fdb4a4
|
@ -8872,6 +8872,7 @@ flatpak_dir_update_remote_configuration_for_dict (FlatpakDir *self,
|
|||
"xa.default-branch",
|
||||
"xa.gpg-keys",
|
||||
"xa.redirect-url",
|
||||
"xa.collection-id",
|
||||
NULL
|
||||
};
|
||||
|
||||
|
@ -8914,6 +8915,8 @@ flatpak_dir_update_remote_configuration_for_dict (FlatpakDir *self,
|
|||
{
|
||||
if (strcmp (key, "xa.redirect-url") == 0)
|
||||
g_ptr_array_add (updated_params, g_strdup ("url"));
|
||||
else if (strcmp (key, "xa.collection-id") == 0)
|
||||
g_ptr_array_add (updated_params, g_strdup ("collection-id"));
|
||||
else
|
||||
g_ptr_array_add (updated_params, g_strdup (key));
|
||||
g_ptr_array_add (updated_params, g_strdup (value));
|
||||
|
@ -8951,10 +8954,26 @@ flatpak_dir_update_remote_configuration_for_dict (FlatpakDir *self,
|
|||
if (!is_set)
|
||||
{
|
||||
current_val = g_key_file_get_string (config, group, key, NULL);
|
||||
if (g_strcmp0 (current_val, new_val) != 0)
|
||||
if ((!g_str_equal (key, "collection-id") &&
|
||||
g_strcmp0 (current_val, new_val) != 0) ||
|
||||
(g_str_equal (key, "collection-id") &&
|
||||
(current_val == NULL || *current_val == '\0') &&
|
||||
new_val != NULL && *new_val != '\0'))
|
||||
{
|
||||
has_changed = TRUE;
|
||||
g_key_file_set_string (config, group, key, new_val);
|
||||
|
||||
/* Special case for collection-id: if it’s set, gpg-verify-summary
|
||||
* must be set to false. The logic above ensures that the
|
||||
* collection-id is only set if we’re transitioning from an
|
||||
* unset to a set collection-ID. We *must not* allow the
|
||||
* collection ID to be changed from one set value to another
|
||||
* without the user manually verifying it; or a malicious
|
||||
* repository could assume the collection ID of another without
|
||||
* the user’s consent. */
|
||||
if (g_str_equal (key, "collection-id") &&
|
||||
new_val != NULL && *new_val != '\0')
|
||||
g_key_file_set_boolean (config, group, "gpg-verify-summary", FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue