As it uses directives that POSIX yacc doesn't support:
app/parse-datetime.y:302.1-12: warning: POSIX Yacc does not support %pure-parser [-Wyacc]
302 | %pure-parser
| ^~~~~~~~~~~~
app/parse-datetime.y:307.1-7: warning: POSIX Yacc does not support %expect [-Wyacc]
307 | %expect 31
| ^~~~~~~
This passes -fsanitize=address in the right place.
Passing it this way instead of CFLAGS allows us to strategically
not add sanitize in specific places as needed.
This reduces the amount of shell in use, and the number of subprocesses
spawned by that, so our system environment generator is as fast as
possible when used in the critical startup path.
It adds a new system environment generator so that the system flatpak
installation can be used outside of a user session. In particular, this
allows enumeration of system-installed flatpaks in gnome-initial-setup
in order to set parental controls on them.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Avoid shadowing variables that are already declared in a previous scope,
and make such occurrences compile-time errors. These are not functional
changes.
In a few places do related code cleanup.
A similar ostree PR is here:
https://github.com/ostreedev/ostree/pull/2195
Previously, there were three different DTDs used. Let's switch to a single one.
We will go with 4.5, since it is latest version that does not have any backwards incompatible changes.
Currently with the sideload implementation of offline updates you have
to manually create a symlink to your USB drive to sideload from it,
which is a regression compared to the previous implementation which
scanned all mounted filesystems in OstreeRepoFinderMount in libostree.
So this commit adds a few systemd units and a bash script so that any
time a USB drive is plugged in and automatically mounted by udisks, a
symlink to it is created in /run/flatpak/sideload-repos. When the drive
is unplugged the symlink is removed.
However this solution still has a lot of moving parts, so we may want to
instead have libflatpak use GVolumeMonitor and find the mounted
filesystems itself; see https://github.com/flatpak/flatpak/issues/3705
Fixes https://github.com/flatpak/flatpak/issues/3490
Prevent the user from running a flatpak app if that app is filtered by
the parental controls applied to the user.
If flatpak is running as a system user (UID < 1000), ignore failure to
load the app filter. This could happen if a flatpak is run in the
gnome-initial-setup session, before the user’s account is created.
Includes contributions by André Magalhães.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://github.com/flatpak/flatpak/pull/2797
Otherwise the build failed on older glib version, but with this setup
we still disable all the GTimeVal deprecation warnings.
Closes: #3122
Approved by: alexlarsson
We generally want to avoid using deprecated stuff as much as we
can, while still depending on an old glib version. However, the GTimeVal
deprecation in 2.62 just is impossible to work around without bumping
the requirements, so ignore newer deprecations.
Closes: #3119
Approved by: alexlarsson
The libxml API is used in a relatively few places inside the 'common'
sub-directory. It's definitely not as widespread as GLib. A subsequent
commit will leverage this to prevent unused shared libraries from
being linked to the session helper.
Closes: #3052
Approved by: alexlarsson
The libarchive API is used in a relatively few places inside the
'common' sub-directory. It's definitely not as widespread as GLib. A
subsequent commit will leverage this to prevent unused shared
libraries from being linked to the session helper.
Closes: #3052
Approved by: alexlarsson
Historycally the system helper has been running in a generic
unconfined_service_t domain. However, this caused problems with the
new revokefs support, because passing the revokefs unix domain socket
over the system bus got it kicked of the bus, because to do this
dbus-daemon needs rw rights to the socket.
So, this module creates a custom domain flatpak_helper_t, which
allows us to add special permissions to dbus-daemon to allow
access to its sockets.
The domain is otherwise uncontained just like before. I did try
to make it contained, but that is a lot of work as the permissions
it needs are very complex.
Note to packagers on selinux systems, for flatpak to work well
you need to install this module and relabel the system-helper
binary.
In my testing on fedora I used something like this:
%post
%selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
%postun
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
fi
With these new files:
%{_datadir}/selinux/packages/flatpak.pp.bz2
%{_datadir}/selinux/devel/include/contrib/flatpak.if
Closes: #2657
Approved by: alexlarsson
This adds a new helper method "GetRevokefsFd" which is responsible
for spawning the backend part of the revokefs filesystem. It takes care
of creating a cache location for the backing directory in repo/tmp.
This cache location is transferred over D-Bus to the client with the
other end socket fd.
The client on receiving the socket fd creates a mountpoint directory and
spawns the revokefs-fuse filesystem. It then creates a child repo for the
pull. In any case of failure, it fallbacks on the current code path
(which causes temporary duplication of files on disk).
The backing dir itself and all files written to it by the revokefs-fuse
backend process are owned by the "flatpak" user. After the pull in the
child repo is completed, it's ownership is then canoncalized with owner=root
and permissions as per bare-user-only in Deploy().
Now we have fulfilled all the criteria to hardlink the child repo into
the system one and avoid duplication. See [1].
If there is existing cache directory available in repo/tmp, it will be
mounted using revokefs-fuse for the current pull. Hence, it is possible
to recover the previous partial pull which might have failed due to some
error.
[1] https://github.com/ostreedev/ostree/pull/1776Closes: #2657
Approved by: alexlarsson
