From 93357d357119093804df05acc32ff335839c6451 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 11 Jan 2022 10:27:46 +0100
Subject: [PATCH] Require metadata in commit also for OCI remotes

This was disables a long time ago because the fedora remotes didn't
contain metadata, but that has been added since then. Requiring fixes
a security concern where an app claims to require no permissions (by
having no metadata in commit) but then actually requires permissions
in the installed app.

Conflict:NA
Reference:https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451

---
 common/flatpak-dir.c | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index e6c8046..e6a83cf 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -1763,7 +1763,6 @@ validate_commit_metadata (GVariant   *commit_data,
                           const char *ref,
                           const char *required_metadata,
 			  gsize       required_metadata_size,
-                          gboolean   require_xa_metadata,
                           GError   **error)
 {
   g_autoptr(GVariant) commit_metadata = NULL;
@@ -1782,9 +1781,9 @@ validate_commit_metadata (GVariant   *commit_data,
         xa_metadata = g_variant_get_string (xa_metadata_v, &xa_metadata_size);
     }
 
-  if ((xa_metadata == NULL && require_xa_metadata) ||
-      (xa_metadata != NULL && (xa_metadata_size != required_metadata_size ||
-                               memcmp (xa_metadata, required_metadata, xa_metadata_size) != 0)))
+  if (xa_metadata == NULL ||
+      xa_metadata_size != required_metadata_size ||
+      memcmp (xa_metadata, required_metadata, xa_metadata_size) != 0)
     {
       g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
                    _("Commit metadata for %s not matching expected metadata"), ref);
@@ -5814,7 +5813,6 @@ flatpak_dir_pull (FlatpakDir                           *self,
                                      ref,
                                      (const char *)g_bytes_get_data (require_metadata, NULL),
                                      g_bytes_get_size (require_metadata),
-                                     TRUE,
                                      error))
         goto out;
     }
@@ -8128,7 +8126,6 @@ flatpak_dir_deploy (FlatpakDir          *self,
   g_autoptr(GFile) metadata_file = NULL;
   g_autofree char *metadata_contents = NULL;
   gsize metadata_size = 0;
-  gboolean is_oci;
 
   if (!flatpak_dir_ensure_repo (self, cancellable, error))
     return FALSE;
@@ -8353,12 +8350,9 @@ flatpak_dir_deploy (FlatpakDir          *self,
   /* Check the metadata in the commit to make sure it matches the actual
    * deployed metadata, in case we relied on the one in the commit for
    * a decision
-   * Note: For historical reason we don't enforce commits to contain xa.metadata
-   * since this was lacking in fedora builds.
    */
-  is_oci = flatpak_dir_get_remote_oci (self, origin);
   if (!validate_commit_metadata (commit_data, flatpak_decomposed_get_ref (ref),
-                                 metadata_contents, metadata_size, !is_oci, error))
+                                 metadata_contents, metadata_size, error))
     return FALSE;
 
   dotref = g_file_resolve_relative_path (checkoutdir, "files/.ref");
-- 
2.27.0