From c141fe610b652f383a9c445169d3cc6f28f99bd1 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Mon, 24 Sep 2018 13:37:29 -0400
Subject: [PATCH] lib/commit: Don't copy xattrs for metadata objects

Copying the xattrs on metadata objects is wrong in general, we
don't "own" them.  Notably this would fail in the situation of
doing a pull from e.g. a `bare-user` source to a destination
that was on a different mount point (so we couldn't hardlink),
and the source had e.g. a `security.selinux` attribute.

Closes: #1734

Closes: #1736
Approved by: jlebon
---
 src/libostree/ostree-repo-commit.c           |  5 +++--
 tests/installed/nondestructive/itest-pull.sh | 13 +++++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c
index 7c676f4c..e883cedc 100644
--- a/src/libostree/ostree-repo-commit.c
+++ b/src/libostree/ostree-repo-commit.c
@@ -4293,11 +4293,12 @@ import_one_object_direct (OstreeRepo    *dest_repo,
         }
 
       /* Don't want to copy xattrs for archive repos, nor for
-       * bare-user-only.
+       * bare-user-only.  We also only do this for content
+       * objects.
        */
       const gboolean src_is_bare_or_bare_user =
         G_IN_SET (src_repo->mode, OSTREE_REPO_MODE_BARE, OSTREE_REPO_MODE_BARE_USER);
-      if (src_is_bare_or_bare_user)
+      if (src_is_bare_or_bare_user && !OSTREE_OBJECT_TYPE_IS_META(objtype))
         {
           g_autoptr(GVariant) xattrs = NULL;
 
diff --git a/tests/installed/nondestructive/itest-pull.sh b/tests/installed/nondestructive/itest-pull.sh
index fc2047ed..07056ea1 100755
--- a/tests/installed/nondestructive/itest-pull.sh
+++ b/tests/installed/nondestructive/itest-pull.sh
@@ -62,6 +62,19 @@ ostree --repo=repo init --mode=bare
 log_timestamps ostree --repo=repo pull-local /ostree/repo ${host_commit}
 log_timestamps ostree --repo=repo fsck
 cd ..
+
+# Also, we shouldn't copy xattrs on metadata objects
+commit_path=objects/${host_commit:0:2}/${host_commit:2}.commit
+ostree --repo=testarchive init --mode=archive
+ostree --repo=testarchive pull-local --commit-metadata-only /ostree/repo ${host_commit}
+setfattr -n user.ostreetesting -v hello testarchive/${commit_path}
+ostree --repo=mnt/testarchive2 init --mode=archive
+ostree --repo=mnt/testarchive2 pull-local --commit-metadata-only testarchive ${host_commit}
+if getfattr -m user.ostreetesting mnt/testarchive2/${commit_path} 2>/dev/null; then
+    fatal "copied metadata xattr"
+fi
+echo "ok no metadata xattr copy"
+
 umount mnt
 
 # Cleanup