From 764e5a4d0cd7f5b39d569fac62faa018b48d6d1b Mon Sep 17 00:00:00 2001 From: Nick Reiley Date: Tue, 21 Jun 2022 00:51:18 +0500 Subject: [PATCH] Add --socket=gpg-agent --- common/flatpak-context-private.h | 1 + common/flatpak-context.c | 1 + common/flatpak-run.c | 45 ++++++++++++++++++++++++++++++++ doc/flatpak-build-finish.xml | 4 +-- doc/flatpak-build.xml | 4 +-- doc/flatpak-override.xml | 4 +-- doc/flatpak-run.xml | 4 +-- 7 files changed, 55 insertions(+), 8 deletions(-) diff --git a/common/flatpak-context-private.h b/common/flatpak-context-private.h index 099b6275..d9a79777 100644 --- a/common/flatpak-context-private.h +++ b/common/flatpak-context-private.h @@ -49,6 +49,7 @@ typedef enum { FLATPAK_CONTEXT_SOCKET_SSH_AUTH = 1 << 6, FLATPAK_CONTEXT_SOCKET_PCSC = 1 << 7, FLATPAK_CONTEXT_SOCKET_CUPS = 1 << 8, + FLATPAK_CONTEXT_SOCKET_GPG_AGENT = 1 << 9, } FlatpakContextSockets; typedef enum { diff --git a/common/flatpak-context.c b/common/flatpak-context.c index 17f4d6c5..e0f52892 100644 --- a/common/flatpak-context.c +++ b/common/flatpak-context.c @@ -61,6 +61,7 @@ const char *flatpak_context_sockets[] = { "ssh-auth", "pcsc", "cups", + "gpg-agent", NULL }; diff --git a/common/flatpak-run.c b/common/flatpak-run.c index 62bc21e9..523c5b31 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -601,6 +601,46 @@ flatpak_run_add_cups_args (FlatpakBwrap *bwrap) NULL); } +static void +flatpak_run_add_gpg_agent_args (FlatpakBwrap *bwrap) +{ + const char * agent_socket; + g_autofree char * sandbox_agent_socket = NULL; + g_autoptr(GError) gpgconf_error = NULL; + g_autoptr(GSubprocess) process = NULL; + g_autoptr(GInputStream) base_stream = NULL; + g_autoptr(GDataInputStream) data_stream = NULL; + + process = g_subprocess_new (G_SUBPROCESS_FLAGS_STDOUT_PIPE, + &gpgconf_error, + "gpgconf", "--list-dir", "agent-socket", NULL); + + if (gpgconf_error) + { + g_debug ("GPG-Agent directories: %s", gpgconf_error->message); + return; + } + + base_stream = g_subprocess_get_stdout_pipe (process); + data_stream = g_data_input_stream_new (base_stream); + + agent_socket = g_data_input_stream_read_line (data_stream, + NULL, NULL, + &gpgconf_error); + + if (!agent_socket || gpgconf_error) + { + g_debug ("GPG-Agent directories: %s", gpgconf_error->message); + return; + } + + sandbox_agent_socket = g_strdup_printf ("/run/user/%d/gnupg/S.gpg-agent", getuid ()); + + flatpak_bwrap_add_args (bwrap, + "--ro-bind-try", agent_socket, sandbox_agent_socket, + NULL); +} + /* Try to find a default server from a pulseaudio confguration file */ static char * flatpak_run_get_pulseaudio_server_user_config (const char *path) @@ -1783,6 +1823,11 @@ flatpak_run_add_environment_args (FlatpakBwrap *bwrap, flatpak_run_add_cups_args (bwrap); } + if (context->sockets & FLATPAK_CONTEXT_SOCKET_GPG_AGENT) + { + flatpak_run_add_gpg_agent_args (bwrap); + } + flatpak_run_add_session_dbus_args (bwrap, proxy_arg_bwrap, context, flags, app_id); flatpak_run_add_system_dbus_args (bwrap, proxy_arg_bwrap, context, flags); flatpak_run_add_a11y_dbus_args (bwrap, proxy_arg_bwrap, context, flags); diff --git a/doc/flatpak-build-finish.xml b/doc/flatpak-build-finish.xml index 81a72452..fa5c9ff0 100644 --- a/doc/flatpak-build-finish.xml +++ b/doc/flatpak-build-finish.xml @@ -134,7 +134,7 @@ Expose a well-known socket to the application. This updates the [Context] group in the metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, - ssh-auth, pcsc, cups. + ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times. The fallback-x11 option makes the X11 socket available only if @@ -151,7 +151,7 @@ Don't expose a well known socket to the application. This updates the [Context] group in the metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, - ssh-auth, pcsc, cups. + ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times. diff --git a/doc/flatpak-build.xml b/doc/flatpak-build.xml index a48e2acd..d1157667 100644 --- a/doc/flatpak-build.xml +++ b/doc/flatpak-build.xml @@ -149,7 +149,7 @@ Expose a well-known socket to the application. This overrides to the Context section from the application metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, - ssh-auth, pcsc, cups. + ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times. @@ -161,7 +161,7 @@ Don't expose a well-known socket to the application. This overrides to the Context section from the application metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, - ssh-auth, pcsc, cups. + ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times. diff --git a/doc/flatpak-override.xml b/doc/flatpak-override.xml index 8a2e2ee5..bdd9d974 100644 --- a/doc/flatpak-override.xml +++ b/doc/flatpak-override.xml @@ -134,7 +134,7 @@ Expose a well-known socket to the application. This overrides to the Context section from the application metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, - ssh-auth, pcsc, cups. + ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times. @@ -146,7 +146,7 @@ Don't expose a well-known socket to the application. This overrides to the Context section from the application metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, - ssh-auth, pcsc, cups. + ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times. diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml index 56582ebf..e1aa5e1c 100644 --- a/doc/flatpak-run.xml +++ b/doc/flatpak-run.xml @@ -299,7 +299,7 @@ Expose a well known socket to the application. This overrides to the Context section from the application metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, - ssh-auth, pcsc, cups. + ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times. @@ -311,7 +311,7 @@ Don't expose a well known socket to the application. This overrides to the Context section from the application metadata. SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, - ssh-auth, pcsc, cups. + ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple times.