* backports, local-alloc: Provide a backport of g_autofd
* build: Add meson.override_dependency('libglnx', libglnx_dep)
* fdio: Add support for name_to_handle_at
* chase: Add glnx_chase_and_mkdirat
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
1. Removed unnecessary punctuation to help with readability
2. Loop over RES elements directly instead of indexing
3. Declare COMPGEN_OPTS only once vs redeclaring on each iteration
A few global variables were being created unecessarily still. This makes
sure that users shell environments are not polluted by extra variables
and that the completion doesn't modify unrelated variables
We found that there is a common use case where we need to get a
subdirectory (potentially multiple levels) which might not exist yet.
Adding another flag for this to GlnxChaseFlags is what systemd has done,
but creating a directory takes a mode, so the flag creates directories
with a fixed mode. This approach instead takes the mode as argument.
It takes a callback which gets called every time we try to open the next
segment of the path. This allows implementing more specific and advanced
use cases to be implemented without adding more complexity to the chase
algorithm itself.
We were handling null properties the same as missing properties
*except* that the MANDATORY flag allowed null properties but
not missing properties. Fix this, so null is disallowed by
MANDATORY.
When checking signatures, the image identity could only have
been NULL if it was null in the input file - so replace a
conditional check on it being non-null with an assertion.
It's legitimate to have manifests listed in an image index that
have no platform object, and hence no architecture - avoid crashing
if we encounter such a manifest.
Mark all properties required by the OCI specification as required;
this eliminates a bunch of cases where we were assuming that
descriptor->digest was non-NULL, and potentially generating
critical errors from g_return_if_fail().
Both collect exports and flatpak_export_dir recursively export the
directories in their respective directory lists. Because of this,
including share/metainfo/releases when share/metainfo is already in the
lists is unnecessary and can cause exporting to fail because of
duplicate files.
Signature downloads can use a different URL from the OCI registry
itself, so they must not depend on TLS options left on the reused curl
handle. Resolve certificates for the URI and pass them explicitly.
Annotating the return as (transfer full) causes bindings to additionally
unref each element on array free, resulting in a use-after-free.
Change the annotation to (transfer container) so bindings know to unref
the array only.
Fixes: https://github.com/flatpak/flatpak/issues/6666
It was solved partially in e0e1b20, but not for completely disallowed code path.
Steps to reproduce:
1. Run any flatpak with explicit --unshare option, e.g:
[user@user-standardpc ~]$ flatpak run --unshare=network --command=bash io.gitlab.librewolf-community
2. Inside flatpak shell spawn any executable:
[io.gitlab.librewolf-community ~]$ flatpak-spawn ls /
Result is:
error: Unknown option --noshare=network
Add a regression test that installs from an auth-protected OCI registry.
The registry requires a bearer token for all /v2/ requests; the client
authenticates via the mock test authenticator and the installation
completes successfully. The test runs for both user and system install
paths.
Assisted-by: Cursor
Add infrastructure for testing OCI installations from auth-protected
registries. The mock server now supports requiring a bearer token on all
/v2/ requests, configurable via a new POST /testing-auth/configure admin
endpoint. The client gains a corresponding 'configure-auth' subcommand.
Assisted-by: Cursor
In flatpak_pull_from_oci we can be in in the system helper where we pull
the mirrored OCI image into the system repo. However, to fetch the
signatures in GPG signed repos, we used a remote OciImageSource created
through `flatpak_remote_state_fetch_image_source`. This caused fetching
some data from the registry which we don't want in the deploy method,
and also fails if a token is required to access the repo.
This change fetches the signatures from the mirrored OCI repo instead of
pulling them from the remote OciImageSource. The signatures can come from
anywhere because we verify them against the GPG key in the system repo.
The important bit is the change in `flatpak_pull_from_oci` where we now
pass in the local image_source to fetch the signatures from, and in the
system helper, where we get the right metadata to check the signatures
against (eventually ends up in `flatpak_oci_signatures_verify`).
The bare tuple unpack 'executable, = re.findall(...)' raises a cryptic
ValueError if the pattern matches zero or more than one line. Replace it
with an explicit length check and a clear error message.
Also pass count=1 to str.replace() so a /newroot prefix is only stripped
once and /app/ paths are passed through unchanged.
This fixes a bug where the warning about not being a flatpaked
application was being printed for flatpaks. This was due to a
change in bwrap so that the paths no longer start with /newroot.
Being unable to access the system-bus is nto a security boundry since,
in that case it's trivial to start your own session and set
DBUS_SYSTEM_BUS_ADDRESS. This is the same fix as 3afdfd2 but for handling
installation instead. See said commit for more details.
Adapted from #5609Fixes#5076
Co-authored-by: Dan Nicholson <dbn@endlessaccess.org>
/dev/kfd is used for AMD ROCm/OpenCL compute. Add it to the dri
device list so apps can request GPU compute access without
needing --device=all.
Fixes: https://github.com/flatpak/flatpak/issues/5383
Sourcing profile/flatpak.fish spawns `flatpak --installations` on every
fish shell startup, which costs ~15 ms on a typical desktop and
dominates fish's non-interactive init time when flatpak is installed.
On any system where the login stack (pam_env, systemd user session,
distro-specific init) has already populated XDG_DATA_DIRS with the
canonical user flatpak export path, this spawn is redundant: the
subsequent `contains` loop would be a no-op because the canonical
entry is already there.
Add a fast-path guard that checks for `$XDG_DATA_HOME/flatpak/exports/share`
(falling back to `$HOME/.local/share/flatpak/exports/share` when
XDG_DATA_HOME is unset) at the top of the script. When present, skip
the slow path entirely.
The slow path is preserved verbatim for sessions where the canonical
entry is missing — e.g. a freshly-created user, or environments where
session init hasn't populated XDG_DATA_DIRS yet — so custom
installations configured via /etc/flatpak/installations.d/*.conf are
still discovered in that case.
Measured on Linux with `hyperfine --warmup 5 'fish -c exit'`:
before: ~23 ms of startup spent in `flatpak --installations`
after: ~10 us (a single `contains` check) on the common path.
The warning seems to happen with GCC 11 but not with GCC 13 or newer.
A simple void cast still leaves the warning enabled due to a bug
or intentional choice in GCC [1], so it is assigned to a variable first
and then void-ed.
[1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
I accidentally screwed up the arch I passed to a `flatpak update`
invocation and was very confused as to what actually went wrong. Adding
the actual refs in the commit should help make failure cause more
obvious.
Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
GTimeVal and g_get_current_time() are deprecated since GLib 2.62
and tv_sec is 32-bit on 32-bit platforms, causing Y2038 overflow.
g_get_real_time() returns gint64 and is safe on all platforms.
polkit_subject_to_string() is called inside the HAVE_LIBSYSTEMD guard
in flatpak_dir_log(), but <polkit/polkit.h> is only included when
USE_SYSTEM_HELPER is defined. This causes a build failure on
configurations that have libsystemd but no system helper.
Guard the polkit call with USE_SYSTEM_HELPER and fall back to "(none)"
so the subject string is always valid for the sd_journal_send() call.
Fixes: f9d5c5c ("dir: Free result of polkit_subject_to_string")
Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
