If the user presses any key while we the CLI transaction UI is being
shown, it ends up in stdin. When we issue the Cursor Position command,
the result is appended to stdin and we fail to match on it because of
the proceeding bytes.
Similarily, if we fail to match the command output (bad data, too slow,
..), we leave behind data in stdin which will be echoed back to the
terminal when we restore the initial termios which icnludes ECHO in
c_lflag.
Let's use TCSAFLUSH to flush out stdin data before we issue the command,
which should help with matching the expected response.
Let's also use TCSAFLUSH when we restore the previous termios to make
sure the stdin is clean and we don't echo whatever remains in stdin.
Closes: #2712
The 'arch' parameter of flatpak_dir_remote_fetch_indexed_summary() is
used to construct the names of the caches, and can't be NULL. This
function is used by flatpak_remote_state_ensure_subsummary(), which is
used by ensure_remote_state_arch(). So, the parameter can't be NULL in
those either.
Here are some strings representing valid refs:
app/org.test.App/x86_64/stable - full ref
org.test.App/x86_64/stable - full ref without prefix
org.test.App - only app ID
org.test.App/x86_64 - only app ID and arch
org.test.App//stable - only app ID and branch
Therefore, if a ref's prefix (ie., 'app/' or 'runtime/) is skipped,
then there can only be a maximum of 3 other elements in it.
Right now, it's possible for find_current_element() to return a count
of 4, if the string being completed is invalid and has some extra
elements or slashes in it. This count is later used to index the
cur_parts array which only has 4 elements in it. This opens up the
possibility of a buffer overrun.
Invalid strings with extra elements or slashes can't be further
completed because none of the existing refs will match them.
Therefore, such strings should be outright skipped.
For the rest of the valid strings, the exact intended branch name is
never known, because the branch element doesn't have a trailing slash
and hence appears to be a prefix. Therefore, it's not possible to use
the branch to find a list of existing refs that could possibly
complete the string.
Fallout from 7018717ce2
OpenScanHub [1] triggered this and flagged it as CWE-476 [2]:
app/flatpak-builtins-document-unexport.c:90:7:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘doc_id’
app/flatpak-builtins-document-unexport.c:48:1: enter_function: entry
to ‘flatpak_builtin_document_unexport’
app/flatpak-builtins-document-unexport.c:56:20: release_memory:
‘doc_id’ is NULL
app/flatpak-builtins-document-unexport.c:61:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:66:7: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:66:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:69:6: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:69:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:72:3: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:75:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:78:15: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:82:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:85:7: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:85:6: branch_true: following
‘true’ branch...
app/flatpak-builtins-document-unexport.c:86:14: call_function: inlined
call to ‘g_strdup_inline’ from ‘flatpak_builtin_document_unexport’
app/flatpak-builtins-document-unexport.c:90:7: release_memory:
‘doc_id’ is NULL
app/flatpak-builtins-document-unexport.c:90:7: danger: dereference of
NULL ‘doc_id’
# 88| return FALSE;
# 89|
# 90|-> if (strcmp (doc_id, "") == 0)
# 91| {
# 92| g_print (_("Not exported\n"));
Add an assertion to express that 'doc_id' can't be NULL unless there's a
programmer error.
Spotted by Siteshwar Vashisht.
[1] https://openscanhub.dev/
[2] https://cwe.mitre.org/data/definitions/476.html
Use opt_noninteractive instead of hardcoded values so AppStream
refresh is quiet only when --noninteractive is specified. This allows
to show a better messsage instead of repeating and makes the errors
visible as well.
Related: #5716
Replace the "Nothing to do" message with "Nothing to update." when no
refs have updates available which is slightly clearer.
Fixes: #5716
Co-authored-by: Patrick <github.calorie764@passmail.net>
Co-authored-by: bbhtt <bbhtt.zn0i8@slmail.me>
Since this bug can be reproduced on Ubuntu, Debian, and Fedora, we should set `FLATPAK_FORCE_TEXT_AUTH=1` for all WSL users instead of ignoring its existence. After all, the so-called `graphical prompt` in the flatpak documentation seems to be something unique to GNOME. `WSL_DISTRO_NAME` and `WSL_INTEROP` are both located at https://github.com/microsoft/WSL/blob/master/src/linux/init/util.h .
Several glibc functions now return a const pointer if the input is a const pointer and a non-const pointer if the input is non-const, causing a build failure.
Fix this by declaring the output pointers as const if they are never modified and for the lone failure where the output is modified instead make the input non-const.
What I did
Repository rules / “don’t edit” areas
From CONTRIBUTING.md and subprojects/README.md, subprojects/ contains vendored/submodule/copylib code (bubblewrap, libglnx, dbus-proxy, variant-schema-compiler). I treated subprojects/ as third-party and excluded it from typo fixing.
You already skip po/ (translations) and node_modules/, and I kept those exclusions.
Typos fixed (project-owned files only)
I ran codespell with write mode and exclusions, and fixed the reported typos across:
NEWS
app/…
common/…
doc/…
tests/…
session-helper/…
portal/…
data/…
Then I handled the remaining items individually:
NEWS: thse -> these
common/flatpak-utils-private.h: Thse -> These
app/flatpak-polkit-agent-text-listener.c: identies -> identities
tests/test-auth.sh: Propertly -> Properly
tests/testlibrary.c: remore -> remote
common/flatpak-transaction.c: improved wording to avoid the xwindows typo (X11 window ID)
Added .codespellrc
Created .codespellrc:
skip: node_modules,po,subprojects
ignore-regex: .*(ratatui|Affinitized|affinitized).*
ignore-words-list: nd,ot,THUR,IST,fo,hel,bu
(these were confirmed as legitimate tokens/abbreviations/namespace prefix/test strings in this repo, so they should not be “fixed”)
Verification:
codespell --config .codespellrc . now exits clean.
Signed-off-by: rezky_nightky <with.rezky@gmail.com>
If the command calling `flatpak build` has already specified a
font-dirs.xml to map, then mapping in again may break (as exemplified in
Builder and Foundry).
This checks to see if an argument has already been mapped in before doing
so and resolves the issue with Builder/Foundry.
Follow-up to !6138Fixes: GNOME/gnome-builder#2387
In the following usages, the "Install:" and "Download:" strings were used as a short form
of the "Download Size" and "Installed Size", which makes translation tricky.
Therefore, using the normal forms will be good from the translation side.
This gives us conditionals for shares and features. So far we have no
use case for this, but the system already exists, it makes the code
simpler, and when we need this in the future, we don't have to wait for
it to roll out.
Allow specifying a lookside URL for downloading signatures for
an OCI remote. This can be specified:
In a .repofile with the SignatureLookaside key
As the --signature-lookaside option to remote-add/remote-modify
At the moment the --runtime-repo flags of flatpak build-bundle export is
ignored when building an OCI image. So an Flatpak OCI registry which
wants to supports a .flatpakref file has no information about the
runtime repo. With this PR the runtime repo gets added as the
org.flatpak.runtime-repo label to the OCI image.
This is currently only metadata to be used by repositories and not
used by flatpak during install.
A few years ago there was a very painful attempt at porting from
libsoup2 to libsoup3. Flatpak libsoup3 support never landed and it seems
like a large amount of distros have switched over to libcurl instead.
This commit removes libsoup2 support completely instead of growing
libsoup3 support.
Closes#5915Closes#4582
Add an option to build OCI bundles with zstd compressed layers.
gzip is kept as the default for maximum compatibility:
Ecosystem support:
distribution/distribution: no explicit support, but works
quay.io: sinc 2021
Amazon ECR: supported
pulp_container: since 2022
flatpak: since first-OCI supporting version
tardiff: since first version
- Make percent values translatable
Various languages use different ways to format the percentage
values[1], making it translatable will allow a more coherent way to
display the information.
- Make remaining time abbreviation translatable
Making this value translatable will allow languages to display the
seconds abbreviation in their language. This is particulary an issue
for Turkish, in which hours and seconds start with the same letter, so
it's not possible to distinguish which is which. We use a second
letter (sa, sn) to figure it out.
[1] https://en.wikipedia.org/wiki/Percent_sign#Form_and_spacing
Signed-off-by: Emir SARI <emir_sari@icloud.com>
In 4febfb59 ("flatpak: Disable progress escape sequence by default") the
escape sequence has been disabled by default, but we want to enable it
again for 1.18.
There are a number of races, and failure conditions which can lead to a
pid of 0 being returned from flatpak_instance_get_child_pid. This would
lead to a whole bunch of things getting killed.
We will skip the instance in those cases now, and retry a few times. We
also notice when the instance just goes away by itself now.
This should make killing more robust, and especially not SIGKILL pid 0.
Sudo can be used in several ways other than calling a command with the
root user. For example, one can use -u to run the command as the
specified user, or -g to specify a primary group to run the command
as.
Flatpak adds a check when --user is used to prevent an installation in
the root's directory, for example, but it does it by only checking if
sudo was used. As stated previously, it does not necessarily imply
root, so this patch explicitly checks if the command is being run with
the root user.
Fixes: https://github.com/flatpak/flatpak/issues/5979
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Those schemes are in use by flathub, usually to be handled by an app
store, but we can also handle it directly with `flatpak install`.
Base on an idea from user bbb651 in
https://github.com/flatpak/flatpak/pull/6259.
The appstream docs say:
Release data may be present directly in a component metainfo file, but
also optionally be split out into an external metadata file.
The file must be installed as
/usr/share/metainfo/releases/%{cid}.releases.xml, where cid is the
component ID of the component the release information belongs to.
This change allows flatpak build-finish to export those external release
files.
Closes#6057
For OCI remotes, the existing sideload repository system doesn't
work: identity for OCI remotes is done by manifest digest (disguised
as a fake commit ID internally), instead of by ostree commit, so
we have no way of knowing whether a sideloaded image matches the
summary.
Allow specifying a new form of sideload repository with:
--sideload-repo=oci:<path>
The desired use case for this is preinstalling Flatpaks during OS
install, and for this, binding the entire repository to a single
collection ID is both inconvenient and not useful, so OCI sideload
repostories don't have a defined collection ID - they just apply to
all OCI remotes. (And, because of this, they are restricted to
the command line.)
For some reason, flatpak build always had host permissions set by
default. There really isn't a good reason for this. The build should be
isolated from the host as much as possible by default.
This adds new FlatpakTransaction API, and a new top level CLI command to
preinstall flatpaks, that is to install flatpaks that are considered
part of the operating system.
A new drop-in directory /etc/flatpak/preinstall.d/ allows configuring
what apps should be preinstalled, and a new flatpak preinstall command
installs and removes apps based on the current configuration.
A drop-in loupe.preinstall file can look something like this:
[Flatpak Preinstall org.gnome.Loupe]
Branch=stable
IsRuntime=false
The corresponding API is flatpak_transaction_add_sync_preinstalled()
which can be implemented by GUI clients to drive the actual installs
on system startup.
Resolves: https://github.com/flatpak/flatpak/issues/5579
Co-authored-by: Sebastian Wick <sebastian.wick@redhat.com>
Instead of passing the delta URL along with the image source, when
we create an image source for a remote registry, if we find a delta
URL in the metadata, set it on the FlatpakImageSource for later use.
Centralize duplicated code for creating an image source for a remote
repository based on a summary lookup into one place.
Add support for `oci-archive:` image sources by temporarily
unpacking the archive using libarchive.
Co-authored-by: Sebastian Wick <sebastian.wick@redhat.com>
Similar to bundle installs, add:
flatpak install [--image] docker://registry.example.com/image:latest
flatpak install [--image] oci:/path/to/image
These is useful for testing purposes and in certain cases when installing
Flatpaks on disconnected systems.
To avoid passing around combinations of a FlaptakOciRegistry with
repository and digest, add a FlatpakImageSource type.
This also reduces duplicated code where every place that did
this independently retrieved the repository and image config.
flatpak run writes /run/host/font-dirs.xml, but flatpak build so far
didn't. This resulted in fontconfig writing:
Fontconfig error: Cannot load config file "/run/host/font-dirs.xml": No such file: /run/host/font-dirs.xml
to the stderr of all processes utilizing fontconfig and run during
flatpak build, as /run/host/font-dirs.xml is included via
/etc/fonts/50-flatpak.conf. This could cause issues for tests run during
building an application, for example.
Closes#6137
confirm_runtime_removal() doesn't know about autoprune-unless
extensions, so it prompts unnecessarily when they're removed by
`flatpak uninstall --unused`. To avoid this, we can simply skip it and
trust flatpak_dir_list_unused_refs().
Closes#5712
Helps #2718
