lib/repo: Don't copy xattrs when manipulating the GPG keyring

Copying xattrs when manipulating the GPG keyring for a repository
causes errors when the underlying filesystem doesn't support writing
xattrs - overlayfs is a common example. It also causes the selinux
attributes of the keyring files to be copied from the temporary
location instead of properly inherited from the destination directory
(ending up, for example, as unconfined_u:object_r:user_tmp_t:s0, rather
than unconfined_u:object_r:data_home_t:s0)

Closes: #910
Approved by: cgwalters

diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index cbbaec9b0aaf99f7d5d35f87fd79410d4a851d2d..abdb63c151beb950414cde94e252a56129c80113 100644 (file)
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -1329,7 +1329,6 @@ ostree_repo_remote_gpg_import (OstreeRepo         *self,
   struct stat stbuf;
   gpgme_error_t gpg_error;
   gboolean ret = FALSE;
-  const GLnxFileCopyFlags copyflags = self->disable_xattrs ? GLNX_FILE_COPY_NOXATTRS : 0;
 
   g_return_val_if_fail (OSTREE_IS_REPO (self), FALSE);
   g_return_val_if_fail (name != NULL, FALSE);
@@ -1453,7 +1452,7 @@ ostree_repo_remote_gpg_import (OstreeRepo         *self,
     {
       if (!glnx_file_copy_at (self->repo_dir_fd, remote->keyring,
                               &stbuf, target_temp_fd, "pubring.gpg",
-                              copyflags, cancellable, error))
+                              GLNX_FILE_COPY_NOXATTRS, cancellable, error))
         {
           g_prefix_error (error, "Unable to copy remote's keyring: ");
           goto out;
@@ -1537,7 +1536,7 @@ ostree_repo_remote_gpg_import (OstreeRepo         *self,
    * updated keyring in the target context's temporary directory. */
   if (!glnx_file_copy_at (target_temp_fd, "pubring.gpg", NULL,
                           self->repo_dir_fd, remote->keyring,
-                          copyflags | GLNX_FILE_COPY_OVERWRITE,
+                          GLNX_FILE_COPY_NOXATTRS | GLNX_FILE_COPY_OVERWRITE,
                           cancellable, error))
     goto out;