From b7ff1612eae3e5aa88fc52d59f7511c7046152fb Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Fri, 15 May 2020 10:19:04 -0400
Subject: [PATCH] upgrader: Reset ref before fetching commit by override
This is a short-term hack until we can depend on the new
`timestamp-check-from-rev` from ostree:
https://github.com/ostreedev/ostree/pull/2099
That way, we still get downgrade protection, but wrt the checked out
deployment, not the local ref.
For more information, see
https://github.com/coreos/rpm-ostree/pull/2094
https://github.com/coreos/fedora-coreos-tracker/issues/481
---
src/daemon/rpmostree-sysroot-upgrader.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/daemon/rpmostree-sysroot-upgrader.c b/src/daemon/rpmostree-sysroot-upgrader.c
index 4e595b1b..45aaf282 100644
--- a/src/daemon/rpmostree-sysroot-upgrader.c
+++ b/src/daemon/rpmostree-sysroot-upgrader.c
@@ -419,8 +419,19 @@ rpmostree_sysroot_upgrader_pull_base (RpmOstreeSysrootUpgrader *self,
/* Add the timestamp check, unless disabled. The option was added in
* libostree v2017.11 */
if (!allow_older)
- g_variant_builder_add (optbuilder, "{s@v}", "timestamp-check",
- g_variant_new_variant (g_variant_new_boolean (TRUE)));
+ {
+ g_variant_builder_add (optbuilder, "{s@v}", "timestamp-check",
+ g_variant_new_variant (g_variant_new_boolean (TRUE)));
+ /* XXX: Short-term hack until we switch to timestamp-check-from-rev:
+ * https://github.com/coreos/rpm-ostree/pull/2094. This ensures that
+ * timestamp-check is comparing against our deployment csum's timestamp, not
+ * whatever the ref is pointing to.
+ */
+ if (override_commit &&
+ !ostree_repo_set_ref_immediate (self->repo, origin_remote, origin_ref,
+ self->base_revision, cancellable, error))
+ return FALSE;
+ }
g_variant_builder_add (optbuilder, "{s@v}", "refs",
g_variant_new_variant (g_variant_new_strv (
(const char *const *)&origin_ref, 1)));
--
2.25.4