As discussed in #5695, I think we're reaching a point where removing
Autotools is preferable to fixing it.
1.14.x continues to use Autotools, so platforms whose Meson version is
too old can stay on that branch until it becomes unsupported. We have
a very conservative Meson dependency (Ubuntu 20.04).
Signed-off-by: Simon McVittie <smcv@collabora.com>
This allows g_autoptr destructors to run, avoiding memory leaks being
reported by AddressSanitizer; they would be harmless, since we're about
to exit anyway, but AddressSanitizer can't tell the difference between
an O(n) problem and an O(1) harmless "leak".
Signed-off-by: Simon McVittie <smcv@collabora.com>
Flatpak looks for extensions in all installations, but `flatpak info -e`
would display an error when an extension isn't present in the same
installation as the ref.
Also display the installation name for each extension.
In order to maintain a system over time update automatically removes any EOL runtimes that are unused.
This extends it to also remove any autopruned refs. In practice this means removing no longer used driver versions as the system is updated.
Closes#5261
Unlike the instance directory, whose directory structure is
considered public API and is mounted in the sandbox, the private
instance directory is meant to hold private data or metadata about
an instance for use by internal components.
The private instance directory is not meant to be shared with any
external component, and provides no guarantees about its structure
or contents.
While the public instance directory is named "<instance-id>", the
private instance directory is named "<instance-id>-private". Both the
public and private instance directories share the same parent
directory.
The private instance directory relies on the same lock file as the
public instance directory, and both are garbage-collected together.
Use architecture instead of id in call to
flatpak_dir_load_appstream_store ().
Without this, remote-info does not show AppStream metadata.
Fixes: adb3b61f "decomposed: Return FlatpakDecomposed from flatpak_dir_find_remote_ref()"
Our only code that is conditional on the libappstream version wants
version 0.14.0, which conveniently is exactly the version that
introduced AS_CHECK_VERSION.
Signed-off-by: Simon McVittie <smcv@collabora.com>
These functions are to do with being an interactive, terminal-oriented
CLI/TUI, so it would be inappropriate for library code in libflatpak
to call them, and it would also be inappropriate for daemons like the
session and system helpers to call them.
In fact all calls to these were already isolated to app/, so we can
easily move the terminal-related utilities themselves into app/.
As well as shrinking libflatpak, this makes it obvious that the system
helper does not actually need to call flatpak_disable_fancy_output():
it does not link any code that would be affected by that API call.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This fixes the possible situation where an eol-rebase app can be
uninstalled and the new version not correctly installed (due to, for
example, the install op failing due to a lack of disk space).
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #3991
rest_argv_start is initialized whenever rest_argc != 0, so the previous
code was in fact safe; but this wasn't obvious to either a human reader
or the compiler, and some gcc versions warn here.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This prevents someone from placing special characters in order to
manipulate the appearance of the permissions list.
CVE-2023-28101, GHSA-h43h-fwqx-mpp8
Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
Conceptually similar to the previous commit, except it didn't crash
before, just didn't display anything.
Signed-off-by: Simon McVittie <smcv@collabora.com>
flatpak_dir_load_deployed() can fail and return NULL. If that happens,
there is a semi-installed but broken app, and we should show a warning
rather than crashing.
Resolves: https://github.com/flatpak/flatpak/issues/5293
Signed-off-by: Simon McVittie <smcv@collabora.com>
Now that we are logging `flatpak -v` messages with log level INFO,
and printing INFO messages in the same way as DEBUG, we can reserve
log level DEBUG for `flatpak -v -v` messages. This means we no longer
need a weird secondary debug domain.
There is a very small behaviour change here: G_MESSAGES_DEBUG=flatpak
is now similar to `flatpak -v -v` (previously `flatpak -v`), and
G_MESSAGES_DEBUG=flatpak2 no longer has any effect. This seems more in
line with what would be expected from a GLib-based application.
In flatpak(1) and the system helper, this does not change behaviour
other than that: the same messages are logged by `-v` and by `-v -v`
as before.
In daemons that do not implement `-v -v` (the OCI authenticator, portal
and session helper), it continues to be necessary to use
G_MESSAGES_DEBUG to see flatpak_debug2() messages.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This brings us one step closer to being able to stop using the flatpak2
log domain for messages that are exclusive to `flatpak -v -v`.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This makes us consistent with the default behaviour of GLib, and
its behaviour with G_MESSAGES_DEBUG=all. g_debug() and g_info() are
the two lowest priority levels, and GLib normally silences them by
default.
At the moment, Flatpak uses G_LOG_LEVEL_DEBUG in the flatpak2 domain
as its lowest-priority log level (only shown with flatpak -v -v), and
G_LOG_LEVEL_DEBUG in the flatpak domain as its second-lowest
(shown with flatpak -v or higher). I want to move towards using
G_LOG_LEVEL_INFO for flatpak -v messages, and G_LOG_LEVEL_DEBUG for
flapak -v -v, so that we don't need a second log domain: this is a
policy I've used successfully in Flatpak-derived Steam Runtime code.
This change does not fully implement that policy, but gives us a
migration path towards it, by allowing us to start using g_info() for
flatpak -v messages.
Helps: https://github.com/flatpak/flatpak/issues/5001
Signed-off-by: Simon McVittie <smcv@collabora.com>
g_memdup() is subject to an integer overflow on 64-bit machines if the
object being copied is larger than UINT_MAX bytes. I suspect none of
these objects can actually be that large in practice, but it's easier
to replace all the calls than it is to assess whether we need to
replace them.
A backport in libglnx is used on systems where GLib is older than 2.68.x.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(flatpak documents:2965757): GLib-CRITICAL **: 11:27:35.128: g_variant_iter_next_value: must not be called again after NULL has already been returned.
This is due to the applications iterator being checked twice even though it is empty.
To make indentation work with less effort. The modeline was copied from
libostree with minor modification and the .editorconfig from GLib.
The advantage of having both a modeline and an editorconfig is we can
work out of the box on more editor setups, and the modeline allows us to
specify the style with a lot more fine grained control.
Save folks a few keystrokes. There is a command which already has a '-u'
option, document-export, but it doesn't support --user so there should
be no conflict. However '-s' is used by the info command among others,
so we can't use that for --system.
Now that we're using the same display number in the sandbox as on the
host, we can forget about overwriting it with :99.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The Desktop Entry spec says that Exec= is only required if
DBusActivatable= is not set to true, so don't emit a warning when Exec=
is missing but not required.
The docs for g_spawn_sync() say:
"Note that you must set the G_SPAWN_STDOUT_TO_DEV_NULL and
G_SPAWN_STDERR_TO_DEV_NULL flags when passing NULL for standard_output
and standard_error."
So add in the stdout flag when calling flatpak-validate-icon in the
build-export command. Without this, there's output in the test logs
from when they're building the test app, due to
https://github.com/flatpak/flatpak/pull/4803
As with the previous commits, try not to split translatable sentences.
See the discussion here about whether the "Warning: "/"Error: " prefix
should be separable:
https://github.com/flatpak/flatpak/pull/4963#discussion_r908326539
Also, don't translate the "(internal error..." message since internal
errors shouldn't be translated to make debugging easier.
It doesn't make a lot of sense to prompt for confirmation when an in-use
extension is requested to be uninstalled, but not do so for an in-use
runtime, even if (or perhaps especially since) the latter causes the
transaction to fail later on.
Use a "Info: " prefix which matches the message printed in
print_eol_info_message(). Also make the message accurately use either
the word "runtime" or "extension" as appropriate.
Based on discussions on the issue tracker, it seems that users sometimes
remove runtime extensions without really understanding whether they're
in use. Add a confirmation prompt to address this.
Helps: #4549
flatpak_dir_list_app_refs_with_runtime_extension() only works when the
runtime extension it is passed and the apps it returns are both
installed. Sometimes a end-of-life message is printed for a runtime that
is not installed but is being installed by the current transaction, or a
runtime that is installed but one of the apps that needs it is being
installed by the current transaction. To cover these cases, check the
operations in the current transaction when building informational
messages about EOL runtimes.
Currently if a runtime extension, e.g.
org.freedesktop.Platform.html5-codecs//18.08 is used by a runtime
org.kde.Platform//5.12 which itself is used by one or more apps, when we
print a message to the user about html5-codecs being EOL, we don't find
any apps using it and don't print any. Fix this by including apps that
indirectly use a runtime extension in the "Applications using this
runtime:" list.
In a later commit we can re-use the helper function added here to add a
confirmation dialog if the user tries to remove a runtime extension
that's being used; currently we just let them remove it.
This is limited to only looking in the current flatpak installation, so
a per-user app using a system-wide runtime extension would not be found.
This is implemented using in-memory caches because otherwise it is
horribly slow; see
https://github.com/flatpak/flatpak/pull/4835#discussion_r876425289
Helps: #3531
