This means we verify the exact data we use, which is
what was signed. In particular, this means in the
system-helper we don't open us up to the user
manipulating the file while it is being applied.
This ensures the actual manifest ref matches what was specified
in the index. This is required as the goal is to sign/trust
the manifest, but not necessarily the index.
We should not terminate the extension search just because
an earlier directory succeeds. Even non-existant directories
succeed, and anyway we should continue searching even if it
wasn't empty, because multiple subdir extensions may match.
Fixes https://github.com/flatpak/flatpak/issues/654
In ostree I maintain what I consider a "baseline" set of compiler
warnings that should *always* be fatal for a modern C project.
I noticed while working on a previous patch that a `-Werror=format`
warning wasn't fatal.
There are a few that are really, really important like
`-Werror=missing-prototypes`. I also take some like `-Werror=misleading-indentation`
which already caught some bugs. See also https://lwn.net/Articles/678019/
One benefit here becomes immediately obvious - `flatpak_fail()` was lacking
`G_GNUC_PRINTF` which meant we missed a lot of type checking. Fix up the
callers.
This is required for e.g. G_DECLARE_FINAL_TYPE, and most current
distros have this now.
This fixes https://github.com/flatpak/flatpak/issues/622
For distributions that want to build against older glib, see
the issue above, it has patches to make that work.
This just adds the arch name to the cache branch names, which
means a build on a different arch will not invalidate the other
arch:s build.
Fixes https://github.com/flatpak/flatpak/issues/628
Avoid setting a temporary variable flatpak_dirs which, while not
exported to the environment, would still be defined as a
shell "parameter" (variable) in the login shell itself.
Consistently put the Flatpak directories before other XDG_DATA_DIRS,
rather than putting them last if XDG_DATA_DIRS happens to be already
set.
Expand XDG_DATA_HOME if necessary, rather than assuming it will
always be ~/.local/share.
I don't know exactly which shells source profile.d, but it's possible
that one of them might only implement POSIX test syntax, so prefer
[ x = y ] over [ x == y ].
Fix some insufficient quoting that could have gone wrong if
XDG_DATA_DIRS somehow contained spaces.
Signed-off-by: Simon McVittie <smcv@debian.org>
