From b7ff1612eae3e5aa88fc52d59f7511c7046152fb Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 15 May 2020 10:19:04 -0400 Subject: [PATCH] upgrader: Reset ref before fetching commit by override This is a short-term hack until we can depend on the new `timestamp-check-from-rev` from ostree: https://github.com/ostreedev/ostree/pull/2099 That way, we still get downgrade protection, but wrt the checked out deployment, not the local ref. For more information, see https://github.com/coreos/rpm-ostree/pull/2094 https://github.com/coreos/fedora-coreos-tracker/issues/481 --- src/daemon/rpmostree-sysroot-upgrader.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/daemon/rpmostree-sysroot-upgrader.c b/src/daemon/rpmostree-sysroot-upgrader.c index 4e595b1b..45aaf282 100644 --- a/src/daemon/rpmostree-sysroot-upgrader.c +++ b/src/daemon/rpmostree-sysroot-upgrader.c @@ -419,8 +419,19 @@ rpmostree_sysroot_upgrader_pull_base (RpmOstreeSysrootUpgrader *self, /* Add the timestamp check, unless disabled. The option was added in * libostree v2017.11 */ if (!allow_older) - g_variant_builder_add (optbuilder, "{s@v}", "timestamp-check", - g_variant_new_variant (g_variant_new_boolean (TRUE))); + { + g_variant_builder_add (optbuilder, "{s@v}", "timestamp-check", + g_variant_new_variant (g_variant_new_boolean (TRUE))); + /* XXX: Short-term hack until we switch to timestamp-check-from-rev: + * https://github.com/coreos/rpm-ostree/pull/2094. This ensures that + * timestamp-check is comparing against our deployment csum's timestamp, not + * whatever the ref is pointing to. + */ + if (override_commit && + !ostree_repo_set_ref_immediate (self->repo, origin_remote, origin_ref, + self->base_revision, cancellable, error)) + return FALSE; + } g_variant_builder_add (optbuilder, "{s@v}", "refs", g_variant_new_variant (g_variant_new_strv ( (const char *const *)&origin_ref, 1)));