lib/repo-pull: Disable LAN updates by default

This commit disables searching on the local network for refs, unless explicitly requested by the user either by changing the value of the "core.repo-finders" config option, or by passing an OstreeRepoFinderAvahi to ostree_repo_find_remotes_async() / ostree_repo_finder_resolve_async(), or by specifying "lan" in the --finders option of the find-remotes command. The primary reason for this is that ostree_repo_find_remotes_async() takes about 40% longer to complete with the LAN finder enabled, and that API is used widely (e.g. in every flatpak operation). It's also probable that some users don't want ostree doing potentially unexpected traffic on the local network, even though everything pulled from a peer is GPG verified. Flathub will soon deploy collection IDs to everyone[1] so these code paths will soon see a lot more use and that's why this change is being made now. Endless is the only potential user of the LAN updates feature, and we can revert this patch on our fork of ostree. For it to be used outside Endless OS we will need to upstream eos-updater-avahi and eos-update-server into ostree. [1] flathub/flathub#676
ostreedev · Oct 18, 2018 · a10a38f · a10a38f
1 parent 65562df
commit a10a38f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/man/ostree.repo-config.xml b/man/ostree.repo-config.xml
@@ -224,8 +224,8 @@ Boston, MA 02111-1307, USA.
         local network, or the Internet. Possible values:
         <literal>config</literal>, <literal>lan</literal>, and
         <literal>mount</literal> (or any combination thereof). The default is
-        to pull from all three, unless Avahi support was disabled at compile
-        time, in which case <literal>lan</literal> is disabled.
+        to pull from the Internet and mounted filesystems, since the LAN finder
+        is more costly.
         </para></listitem>
       </varlistentry>
     </variablelist>

diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
@@ -5013,7 +5013,8 @@ ostree_repo_find_remotes_async (OstreeRepo                     *self,
         default_finders[finder_index++] = finder_mount = OSTREE_REPO_FINDER (ostree_repo_finder_mount_new (NULL));
 
 #ifdef HAVE_AVAHI
-      if (self->repo_finders == NULL || g_strv_contains ((const char * const *)self->repo_finders, "lan"))
+      /* Only check the LAN if it was explicitly enabled (it's more expensive) */
+      if (self->repo_finders != NULL && g_strv_contains ((const char * const *)self->repo_finders, "lan"))
         default_finders[finder_index++] = finder_avahi = OSTREE_REPO_FINDER (ostree_repo_finder_avahi_new (context));
 #endif  /* HAVE_AVAHI */