lib/commit: Don't copy xattrs for metadata objects

Copying the xattrs on metadata objects is wrong in general, we
don't "own" them.  Notably this would fail in the situation of
doing a pull from e.g. a `bare-user` source to a destination
that was on a different mount point (so we couldn't hardlink),
and the source had e.g. a `security.selinux` attribute.

Closes: #1734

Closes: #1736
Approved by: jlebon

src/libostree/ostree-repo-commit.c

@@ -4293,11 +4293,12 @@ import_one_object_direct (OstreeRepo    *dest_repo,
         }
 
       /* Don't want to copy xattrs for archive repos, nor for
-       * bare-user-only.
+       * bare-user-only.  We also only do this for content
+       * objects.
        */
       const gboolean src_is_bare_or_bare_user =
         G_IN_SET (src_repo->mode, OSTREE_REPO_MODE_BARE, OSTREE_REPO_MODE_BARE_USER);
-      if (src_is_bare_or_bare_user)
+      if (src_is_bare_or_bare_user && !OSTREE_OBJECT_TYPE_IS_META(objtype))
         {
           g_autoptr(GVariant) xattrs = NULL;
 

tests/installed/nondestructive/itest-pull.sh

@@ -62,6 +62,19 @@ ostree --repo=repo init --mode=bare
 log_timestamps ostree --repo=repo pull-local /ostree/repo ${host_commit}
 log_timestamps ostree --repo=repo fsck
 cd ..
+
+# Also, we shouldn't copy xattrs on metadata objects
+commit_path=objects/${host_commit:0:2}/${host_commit:2}.commit
+ostree --repo=testarchive init --mode=archive
+ostree --repo=testarchive pull-local --commit-metadata-only /ostree/repo ${host_commit}
+setfattr -n user.ostreetesting -v hello testarchive/${commit_path}
+ostree --repo=mnt/testarchive2 init --mode=archive
+ostree --repo=mnt/testarchive2 pull-local --commit-metadata-only testarchive ${host_commit}
+if getfattr -m user.ostreetesting mnt/testarchive2/${commit_path} 2>/dev/null; then
+    fatal "copied metadata xattr"
+fi
+echo "ok no metadata xattr copy"
+
 umount mnt
 
 # Cleanup