From fdc7287d217706f89267b2c28a98c4fc69a2d0eb Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Wed, 19 Oct 2022 15:49:26 +0100 Subject: [PATCH] flatpak-dir: Clean up temp deploy dir on failure of flatpak_dir_deploy() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This already happens for installs due to the cleanup path in `flatpak_dir_deploy_install()`, but it doesn’t happen for other calls to `flatpak_dir_deploy()`. Notably, during updates of already installed apps. Specifically, this means that if an app update is cancelled due to being blocked by a parental controls policy, the temp deploy dir for that app (such as `~/.local/share/flatpak/app/com.corp.App/x86_64/stable/.somehex-XXXXXX`) will be leaked. It will never be automatically cleaned up, as it’s not in `/var/tmp` either. Fix that by using `glnx_mkdtempat()` to create a scoped temporary directory. Signed-off-by: Philip Withnall (cherry picked from commit ce1829a703f2bc2e7868fd314ddefb63fbf7dce1) --- common/flatpak-dir.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index ca64902c..6b499f19 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -8525,6 +8525,7 @@ flatpak_dir_deploy (FlatpakDir *self, g_autofree char *ref_id = NULL; g_autoptr(GFile) root = NULL; g_autoptr(GFile) deploy_base = NULL; + glnx_autofd int deploy_base_dfd = -1; g_autoptr(GFile) checkoutdir = NULL; g_autoptr(GFile) bindir = NULL; g_autofree char *checkoutdirpath = NULL; @@ -8541,8 +8542,6 @@ flatpak_dir_deploy (FlatpakDir *self, OstreeRepoCheckoutAtOptions options = { 0, }; const char *checksum; glnx_autofd int checkoutdir_dfd = -1; - g_autoptr(GFile) tmp_dir_template = NULL; - g_autofree char *tmp_dir_path = NULL; const char *xa_ref = NULL; g_autofree char *checkout_basename = NULL; gboolean created_extra_data = FALSE; @@ -8552,6 +8551,7 @@ flatpak_dir_deploy (FlatpakDir *self, g_autofree char *metadata_contents = NULL; gsize metadata_size = 0; const char *flatpak; + g_auto(GLnxTmpDir) tmp_dir_handle = { 0, }; if (!flatpak_dir_ensure_repo (self, cancellable, error)) return FALSE; @@ -8566,6 +8566,9 @@ flatpak_dir_deploy (FlatpakDir *self, deploy_base = flatpak_dir_get_deploy_dir (self, ref); + if (!glnx_opendirat (AT_FDCWD, flatpak_file_get_path_cached (deploy_base), TRUE, &deploy_base_dfd, error)) + return FALSE; + if (checksum_or_latest == NULL) { g_debug ("No checksum specified, getting tip of %s from origin %s", flatpak_decomposed_get_ref (ref), origin); @@ -8600,17 +8603,15 @@ flatpak_dir_deploy (FlatpakDir *self, _("%s commit %s already installed"), flatpak_decomposed_get_ref (ref), checksum); g_autofree char *template = g_strdup_printf (".%s-XXXXXX", checkout_basename); - tmp_dir_template = g_file_get_child (deploy_base, template); - tmp_dir_path = g_file_get_path (tmp_dir_template); - if (g_mkdtemp_full (tmp_dir_path, 0755) == NULL) + if (!glnx_mkdtempat (deploy_base_dfd, template, 0755, &tmp_dir_handle, NULL)) { g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, _("Can't create deploy directory")); return FALSE; } - checkoutdir = g_file_new_for_path (tmp_dir_path); + checkoutdir = g_file_get_child (deploy_base, tmp_dir_handle.path); if (!ostree_repo_read_commit (self->repo, checksum, &root, NULL, cancellable, error)) { @@ -8909,6 +8910,8 @@ flatpak_dir_deploy (FlatpakDir *self, cancellable, NULL, NULL, error)) return FALSE; + glnx_tmpdir_unset (&tmp_dir_handle); + if (!flatpak_dir_set_active (self, ref, checkout_basename, cancellable, error)) return FALSE;