Authenticated downloads & summary file
Alexander Larsson
alexl at redhat.com
Tue Apr 28 10:02:01 UTC 2020
On Mon, Feb 17, 2020 at 7:38 AM Daniel Drake <drake at endlessm.com> wrote:
>
> Hi,
>
> I'm working on an OS-level feature around managing OS aspects which
> are not managed by ostree itself:
> https://mail.gnome.org/archives/ostree-list/2020-February/msg00000.html
>
> Working through this in our product context, I am facing the necessity
> of authenticated access to ostree branches. Right now I just need a
> design - the implementation can come later. And naturally adopting the
> same design as flatpak would be ideal.
>
> Looking through the current flatpak authenticated downloads work, I
> have a couple of questions.
>
> 1. Am I right in saying that the current design does not protect the
> summary file? The ref name and commit ID for all private flatpak refs
> can be seen by anyone, without authentication?
Yes, that is currently the case. I don't think it would be impossible
to change the code to also allow a case where even getting the summary
at all requires authentication. However, in such a setup you would
always need authentication and couldn't mix non-authenticated and
authenticated content.
> Omitting the summary file on a production server doesn't appear
> practical, because static delta functionality relies on it being
> there.
As Dan said, there is more information than just the list of apps that
flatpak needs in the summary. Its also used for permissions checking
ahead of time as well as dependency resolution, so this is not
generally workable.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list