Commit Graph

7164 Commits

Author SHA1 Message Date
Owen W. Taylor
fe3f17a89a flatpak-oci-authenticator: try getting a token without credentials
Some registries require getting a token even to download an image
anonymously. So, if no auth has been configured, before prompting
the user for username/password, try without a BasicAuth header.

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
2020-03-16 09:13:41 +01:00
Matthew Leeds
00d1988310 README: Change LGTM badge to C
Flatpak has barely any Python code; there's not much point in
advertising that grade.

This badge will work after the merge of #3430
2020-03-11 14:28:44 +01:00
Matthew Leeds
8fb7876305 Add .lgtm.yml
Without this, lgtm.com can't successfully build the C code in Flatpak.
2020-03-11 14:28:44 +01:00
Simon McVittie
a36e0183b1 run: Cope with the primary gid not being in the nsswitch database
If it's an opaque integer on the host system, it might as well be an
opaque integer in the container too.

Fixes: #3416
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-03-11 14:27:59 +01:00
Erick555
b4c29df7bd Mount systemd sockets as read-only
This is continuation of ad9599d3e3 (diff-9efab2399c7c560b34de477b9aa0a465)
and should complete coverage of read-only bind-mounts of sockets.
2020-03-11 14:24:24 +01:00
Matthew Leeds
c7a6141dfe Merge pull request #3440 from AsciiWolf/l10n
Update Czech translation
2020-03-04 14:04:13 -08:00
Matthew Leeds
c41aae4256 Merge pull request #3433 from smcv/out-of-tree
Fix (and test) out-of-tree builds
2020-03-04 14:03:34 -08:00
AsciiWolf
6443cdb244 Update Czech translation 2020-03-04 16:06:48 +01:00
Simon McVittie
0d58999756 CI: Do one build out-of-tree
With the gcc build out-of-tree and the clang build in-tree, we're
testing both ways.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-02-27 12:49:12 +00:00
Simon McVittie
189394653c build: Fix out-of-tree build with variant-schema-compiler
The variant-schema-compiler and its input are in the $(srcdir).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-02-27 12:46:01 +00:00
Danilo Spinella
f3b863a187 Add --with-systemd arg to make systemd optional 2020-02-18 12:02:27 +01:00
Alexander Larsson
567bddf25c Use generated variant accessors for commit objects 2020-02-17 16:10:50 +01:00
Alexander Larsson
f29830b4a4 Convert sparse cache API to generated variant APIs 2020-02-17 16:10:50 +01:00
Alexander Larsson
61da44a5e3 Convert flatpak_summary_lookup_ref from GVariants
Now it returns a VarRefInfoRef instead of a GVariant
2020-02-17 16:10:50 +01:00
Alexander Larsson
9f6c60405d utils: Convert summary ref lookup code to variant codegen
We can't use the built-in bsearch from the codegen because its an array
instead of a dict, so we have to keep that but its now not using
variant at least.
2020-02-17 16:10:50 +01:00
Alexander Larsson
7c4fd8891e Convert deploy data to use variant schemas 2020-02-17 16:10:50 +01:00
Alexander Larsson
0f028e5329 flatpak_remote_state_lookup_sparse_cache: Use variant schema 2020-02-17 16:10:50 +01:00
Alexander Larsson
8fe634d047 Remove unused flatpak_remote_state_lookup_repo_metadata() 2020-02-17 16:10:50 +01:00
Alexander Larsson
93d44413e6 flatpak_dir_list_all_remote_refs: Implement using variant schemas 2020-02-17 16:10:50 +01:00
Alexander Larsson
00283943f2 flatpak_remote_state_lookup_cache: Implement using variant schemas 2020-02-17 16:10:50 +01:00
Alexander Larsson
4f2c4a5b1c Add schema for some ostree/flatpak variant type and generate header 2020-02-17 16:10:50 +01:00
Alexander Larsson
4046741e5c Add (and dist) variant-schema-compiler to sources 2020-02-17 16:10:50 +01:00
Alexander Larsson
966c6e2a25 CI: Add python3-pyparsing deps 2020-02-17 16:10:50 +01:00
Alexander Larsson
ebca05ff10 utils: Add flatpak_bytes_save() 2020-02-17 16:10:50 +01:00
Alexander Larsson
2d2dd37741 flatpak-dir: Fix doc-comment for flatpak_deploy_data_get_subpaths 2020-02-17 16:10:50 +01:00
Piotr Drąg
9610d2ef01 Update Polish translation 2020-02-17 15:41:24 +01:00
Simon McVittie
fe2536b844 exports: Add host-etc and host-os keywords
These are subsets of the host keyword, which provide access to operating
system files but not to users' personal files.

In particular, the experimental support for namespace-based sandboxes
in the Steam Runtime[1] uses the graphics stack from the host system,
which requires access to the host /usr/libQUAL, /libQUAL (even if the
host OS has undergone the /usr merge, the canonical paths of ELF
interpreters start with /lib), /etc/ld.so.cache, and for some libraries
on Debian-based systems, /etc/alternatives. It will not be possible to
do similar things in Flatpak without either allowing full host
filesystem access (which exposes personal files, and in any case cannot
be done by the Steam app because it is incompatible with --persist=.),
or adding the ability to expose /usr and related directories without
including the rest of the host filesystem.

To the best of my knowledge, host-etc is not necessary for anything;
I've mainly provided it for symmetry, since it's the other significant
thing that we mount in /run/host and cannot get via --filesystem=/path.

Some notes on the security/privacy implications of the new keywords:

- Neither new keyword allows anything that was not already allowed
  by "host".
- Neither new keyword can allow anything that was not already allowed
  to the user outside the sandbox.
- "host-os" allows enumeration of the installed packages on the host
  system, and often their version numbers too. A malicious app could
  use this to look for exploitable security vulnerabilities on the
  host system. An app could also use this for fingerprinting, although
  this is not a regression, because the systemd/D-Bus machine ID,
  MAC addresses, hostname, kernel boot UUID, DMI product ID and many
  other unique or relatively unique properties are already available
  inside the sandbox.
- "host-os" allows read access, and possibly write access (if the user
  has it outside the sandbox, for example members of group 'staff' in
  older Debian installations), to /usr/local.
- "host-etc" allows reading configuration files whose contents might
  be considered sensitive, such as /etc/passwd.

[1] https://steamcommunity.com/app/221410/discussions/0/1638675549018366706/

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-02-14 15:41:59 +01:00
Simon McVittie
949a3ec479 context: Generalize handling of special filesystems a bit
Currently there are only "home" and "host", but I'm going to add one
that represents /usr and friends (/usr, /lib, ...), and one for /etc.
These differ from ordinary filesystem mounts because they are redirected
into /run/host to avoid conflicting with the runtime.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-02-14 15:41:59 +01:00
Simon McVittie
08d65c5414 exports: If --filesystem=host, provide /run/host/lib etc.
In a host system where the /usr merge has not been implemented, these can
be necessary to load or inspect libraries or executables from the host
system. They are conceptually the same as /usr.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-02-14 15:41:59 +01:00
Simon McVittie
b34ccef1c0 common: Unify some lists of /usr-merged directories
In some places we want a list of basenames, and in others we want a list
of absolute paths. Use the absolute paths, because converting those into
basenames doesn't require memory allocation.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-02-14 15:41:59 +01:00
Simon McVittie
66aee5a342 icon-validator: Add lib32 to usrmerged_dirs, for completeness
This syncs it up with our other lists of /usr-merged directories.

In particular, this could matter on Arch Linux, which uses /usr/lib
and /usr/lib32 for 64- and 32-bit libraries (respectively), instead
of the more common /usr/lib64 and /usr/lib.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-02-14 15:41:59 +01:00
Simon McVittie
b2adbe2a74 exports: Only choose bwrap --bind/--ro-bind for host FS once
We can choose this once and use it repeatedly, which will be simpler
when we add more directories that work this way.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-02-14 15:41:59 +01:00
AsciiWolf
fb97782d26 Update Czech translation 2020-02-14 15:21:53 +01:00
Alexander Larsson
81665617d1 Bump version on master to 1.7.1, new stable branch is flatpatk-1.6.x. 2020-02-14 15:20:05 +01:00
Alexander Larsson
c80eae2f91 Update pofiles for release 1.6.2 2020-02-13 15:25:32 +01:00
Alexander Larsson
01a8f5ad2c Update NEWS for 1.6.2 2020-02-13 14:57:36 +01:00
Alexander Larsson
609217650d Bump version to 1.6.2 2020-02-13 14:57:27 +01:00
Alexander Larsson
b03916f5bd setup-extra-data: Avoid extra work for ostree-metadata and appstream branches
We never have extra data for non app/ or runtime/ refs, so lets not
do an unnecessary pull there.
2020-02-13 14:47:00 +01:00
Alexander Larsson
2481207a6f run: Fix uninitialized use warning
This isn't actually used ununitialized, but gcc can't figure that out.
2020-02-13 14:47:00 +01:00
Alexander Larsson
9aecad7f4f p2p: Don't mirror ostree-metadata refs when pulling into the child repo
This breaks Deploy which can't find the ref. It used to work due to
the extra non-mirroring pull in flatpak_dir_setup_extra_data, but
this is not needed here.
2020-02-13 14:47:00 +01:00
Alexander Larsson
b371ef9007 Actually use from-scratch deltas
As noticed in https://github.com/flatpak/flatpak/issues/3412 we
regressed at some point and are no longer using from-scratch deltas.
This is caused by an optimization in ostree where it decides to not
use a from-scratch deltas if theres is *some* version of the ref
locally available.

This conflicts with some code in flatpak that pulls *only* the commit
object in order to look for extra data size information so that we can
get the progress reporting right. Unfortunately the existance of
just the object triggers the above causing us to *never* use from-scratch
deltas.

We fix this by throwing away the partial pull in an aborted ostree
transaction.
2020-02-13 14:47:00 +01:00
Alexander Larsson
087ba2d23f system-helper: Support -vv and --ostree-verbose 2020-02-13 14:47:00 +01:00
Alexander Larsson
30636a508d system-helper: Change debug prefix from F to FH
This makes it easier to see what message comes from where.
2020-02-13 14:47:00 +01:00
Patrick Griffis
1a735f2f1a run: Prevent accidentally running with sudo
It is a common user error to prepend many flatpak commands with sudo
and doing so with run is quite unsafe and can cause issues.

This check simply handles the `sudo flatpak run foo` case and does
not prevent running as root or even running in a shell created by
sudo.

See also #1357
2020-02-13 11:52:56 +01:00
Matthew Leeds
bbd4ee68b4 app: Don't print "< 0 bytes"
Don't imply a download or install uses a negative number of bytes.
2020-02-12 16:45:41 +01:00
Matthew Leeds
5a94edaef3 portal: Add g_autoptr() defines for old GLib versions
We don't need to check for GLib 2.44 (the first release with g_autoptr()
support) since Flatpak requires that version in configure.ac.

Fixes https://github.com/flatpak/flatpak/issues/3403
2020-02-12 16:43:18 +01:00
Matthew Leeds
5d382f3211 dir: Avoid unnecessary _flatpak_dir_reload_config()
There's no point in reloading the config when it didn't change.
2020-02-12 16:41:06 +01:00
Matthew Leeds
5836de30e3 common: Properly reload config when it changes
In flatpak_dir_create_origin_remote() we reload the repo config after
adding an origin remote to it, but this only applies to the FlatpakDir
object used. In the case of flatpak_transaction_add_ref(), there is
another FlatpakDir object in the installation (priv->installation) which
needs to also be reloaded using flatpak_installation_drop_caches(). So
add a boolean out variable to flatpak_dir_create_origin_remote() and use
it to determine if it's necessary to call
flatpak_installation_drop_caches() (because if the origin remote already
exists we don't create another).

This commit also makes related changes at the other call sites of
create_origin_remote() (some indirectly via
flatpak_dir_ensure_bundle_remote()):
- in flatpak_dir_ensure_bundle_remote(), only set the out variable
  created_remote to TRUE if a new remote was actually created
- in flatpak_installation_install_bundle(), only drop the installation
  caches if a new remote was actually created
- in flatpak_transaction_resolve_bundles(), drop a redundant
  flatpak_dir_recreate_repo() call and only drop installation caches
  when necessary

Without these changes, this unit test failure occurs:
ERROR: testlibrary - Bail out!
flatpak:ERROR:tests/testlibrary.c:3311:test_transaction_install_local:
assertion failed (error == NULL): Remote "hello-origin" not found
(flatpak-error-quark, 7)
2020-02-12 16:41:06 +01:00
Matthew Leeds
8d49baaff9 testlibrary: Account for when origin remote is created
In test_transaction_install_local(), we test that the origin remote
created when installing from a local repo doesn't exist before
flatpak_transaction_run() is executed and does exist afterward. However,
the origin remote is created before the transaction is run; see the
flatpak_dir_create_origin_remote() call in
flatpak_transaction_add_ref(). The only reason this discrepancy has not
caused a test failure is that the FlatpakDir object held by the
FlatpakInstallation object is not reloaded when the origin remote is
added (so it's reading an old copy of the repo config). This issue will
be fixed in the commit following this one.
2020-02-12 16:41:06 +01:00
Matthew Leeds
04757e31d9 transaction: Fix a typo in a g_debug() 2020-02-12 16:41:06 +01:00