From: Owen W. Taylor Date: Wed, 7 Jun 2017 02:51:00 +0000 (-0400) Subject: lib/repo: Don't copy xattrs when manipulating the GPG keyring X-Git-Tag: archive/raspbian/2022.1-3+rpi1~1^2~4^2~36^2~43 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=25696b3fb064bd933d1e05e8175e6d95891fa2c0;p=ostree.git lib/repo: Don't copy xattrs when manipulating the GPG keyring Copying xattrs when manipulating the GPG keyring for a repository causes errors when the underlying filesystem doesn't support writing xattrs - overlayfs is a common example. It also causes the selinux attributes of the keyring files to be copied from the temporary location instead of properly inherited from the destination directory (ending up, for example, as unconfined_u:object_r:user_tmp_t:s0, rather than unconfined_u:object_r:data_home_t:s0) Closes: #910 Approved by: cgwalters --- diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c index cbbaec9b..abdb63c1 100644 --- a/src/libostree/ostree-repo.c +++ b/src/libostree/ostree-repo.c @@ -1329,7 +1329,6 @@ ostree_repo_remote_gpg_import (OstreeRepo *self, struct stat stbuf; gpgme_error_t gpg_error; gboolean ret = FALSE; - const GLnxFileCopyFlags copyflags = self->disable_xattrs ? GLNX_FILE_COPY_NOXATTRS : 0; g_return_val_if_fail (OSTREE_IS_REPO (self), FALSE); g_return_val_if_fail (name != NULL, FALSE); @@ -1453,7 +1452,7 @@ ostree_repo_remote_gpg_import (OstreeRepo *self, { if (!glnx_file_copy_at (self->repo_dir_fd, remote->keyring, &stbuf, target_temp_fd, "pubring.gpg", - copyflags, cancellable, error)) + GLNX_FILE_COPY_NOXATTRS, cancellable, error)) { g_prefix_error (error, "Unable to copy remote's keyring: "); goto out; @@ -1537,7 +1536,7 @@ ostree_repo_remote_gpg_import (OstreeRepo *self, * updated keyring in the target context's temporary directory. */ if (!glnx_file_copy_at (target_temp_fd, "pubring.gpg", NULL, self->repo_dir_fd, remote->keyring, - copyflags | GLNX_FILE_COPY_OVERWRITE, + GLNX_FILE_COPY_NOXATTRS | GLNX_FILE_COPY_OVERWRITE, cancellable, error)) goto out;