dir: Validate locally configured collection IDsvalidate-local-collection-ids-take2

Currently if the user configures a collection ID on a remote which is
incorrect, either because it doesn't match the one configured server
side or because the server doesn't have one configured at all, Flatpak
will not notice the issue and happily still pull from the remote. This
is new since 1.7.1; before that such a problem would be caught because
the server wouldn't provide the ostree-metadata ref for the configured
collection ID.

This commit catches such errors by checking commit metadata, as we
already do for the ref binding metadata. Otherwise such a mismatch would
prevent successful offline distribution of the apps/runtimes provided by
the remote.

The impetus for this is to keep an eos-updater unit test passing with
Flatpak 1.8.x:
"/updater/install-flatpaks-pull-to-repo-error-if-collection-id-invalid"

1 files changed, 34 insertions, 0 deletions

diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 2d2bf153..0de14a49 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -876,6 +876,7 @@ flatpak_remote_state_fetch_commit_object (FlatpakRemoteState *self,
   if (ref != NULL)
     {
       const char *xa_ref = NULL;
+      const char *collection_binding = NULL;
       g_autofree const char **commit_refs = NULL;
 
       if ((g_variant_lookup (commit_metadata, "xa.ref", "&s", &xa_ref) &&
@@ -886,6 +887,39 @@ flatpak_remote_state_fetch_commit_object (FlatpakRemoteState *self,
           flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _("Commit has no requested ref ‘%s’ in ref binding metadata"),  ref);
           return NULL;
         }
+
+      /* Check that the locally configured collection ID is correct by looking
+       * for it in the commit metadata */
+      if (self->collection_id != NULL &&
+          (!g_variant_lookup (commit_metadata, OSTREE_COMMIT_META_KEY_COLLECTION_BINDING, "&s", &collection_binding) ||
+           g_strcmp0 (self->collection_id, collection_binding) != 0))
+        {
+          g_autoptr(GVariantIter) collection_refs_iter = NULL;
+          gboolean found_in_collection_refs_binding = FALSE;
+          /* Note: the OSTREE_COMMIT_META_... define for this is not yet merged
+           * in https://github.com/ostreedev/ostree/pull/1805 */
+          if (g_variant_lookup (commit_metadata, "ostree.collection-refs-binding", "a(ss)", &collection_refs_iter))
+            {
+              const gchar *crb_collection_id, *crb_ref_name;
+              while (g_variant_iter_loop (collection_refs_iter, "(&s&s)", &crb_collection_id, &crb_ref_name))
+                {
+                  if (g_strcmp0 (self->collection_id, crb_collection_id) == 0 &&
+                      g_strcmp0 (ref, crb_ref_name) == 0)
+                    {
+                      found_in_collection_refs_binding = TRUE;
+                      break;
+                    }
+                }
+            }
+
+          if (!found_in_collection_refs_binding)
+            {
+              flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA,
+                                  _("Configured collection ID ‘%s’ not in binding metadata"),
+                                  self->collection_id);
+              return NULL;
+            }
+        }
     }
 
   return g_steal_pointer (&commit_data);