From 25696b3fb064bd933d1e05e8175e6d95891fa2c0 Mon Sep 17 00:00:00 2001 From: "Owen W. Taylor" Date: Tue, 6 Jun 2017 22:51:00 -0400 Subject: [PATCH] lib/repo: Don't copy xattrs when manipulating the GPG keyring Copying xattrs when manipulating the GPG keyring for a repository causes errors when the underlying filesystem doesn't support writing xattrs - overlayfs is a common example. It also causes the selinux attributes of the keyring files to be copied from the temporary location instead of properly inherited from the destination directory (ending up, for example, as unconfined_u:object_r:user_tmp_t:s0, rather than unconfined_u:object_r:data_home_t:s0) Closes: #910 Approved by: cgwalters --- src/libostree/ostree-repo.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c index cbbaec9b..abdb63c1 100644 --- a/src/libostree/ostree-repo.c +++ b/src/libostree/ostree-repo.c @@ -1329,7 +1329,6 @@ ostree_repo_remote_gpg_import (OstreeRepo *self, struct stat stbuf; gpgme_error_t gpg_error; gboolean ret = FALSE; - const GLnxFileCopyFlags copyflags = self->disable_xattrs ? GLNX_FILE_COPY_NOXATTRS : 0; g_return_val_if_fail (OSTREE_IS_REPO (self), FALSE); g_return_val_if_fail (name != NULL, FALSE); @@ -1453,7 +1452,7 @@ ostree_repo_remote_gpg_import (OstreeRepo *self, { if (!glnx_file_copy_at (self->repo_dir_fd, remote->keyring, &stbuf, target_temp_fd, "pubring.gpg", - copyflags, cancellable, error)) + GLNX_FILE_COPY_NOXATTRS, cancellable, error)) { g_prefix_error (error, "Unable to copy remote's keyring: "); goto out; @@ -1537,7 +1536,7 @@ ostree_repo_remote_gpg_import (OstreeRepo *self, * updated keyring in the target context's temporary directory. */ if (!glnx_file_copy_at (target_temp_fd, "pubring.gpg", NULL, self->repo_dir_fd, remote->keyring, - copyflags | GLNX_FILE_COPY_OVERWRITE, + GLNX_FILE_COPY_NOXATTRS | GLNX_FILE_COPY_OVERWRITE, cancellable, error)) goto out;