Now that validate-icon uses execvpe(), status and error were never set,
so rerun_in_sandbox() would have crashed while dereferencing a NULL
error if execvpe() failed. This is reproducible with, for example:
FLATPAK_BWRAP=/bin/nope flatpak-validate-icon --sandbox 48 48 /path/to/icon
execvpe() does not return on success (the process image is replaced),
and sets errno on failure, so behave accordingly.
Also print the error message to stderr, even if G_MESSAGES_DEBUG is not
set, since it's our only opportunity to indicate to a caller what has
gone wrong.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #2950
Approved by: alexlarsson
If the buffer is too small, readlink() returns the number of bytes that
would have been stored if the buffer had been large enough.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #2873
Approved by: matthiasclasen
The size is just a number, but the resulting GdkPixbuf could still be
quite big compared to the amount of data we're processing, so keep
4096x4096 as maximum dimensions.
Closes: #2747
Approved by: alexlarsson
Uncrustify has an option "nl_func_var_def_blk" which is supposed to
ensure there's a newline character between the block of variable
definitions and the rest of the function body, but it gets confused and
thinks that the first instance of "g_autoptr" or "g_auto" being used on
a variable is the start of the function body. So this commit removes
those extra newline characters and removes that option in uncrustify.cfg
so they don't get re-added the next time uncrustify is run.
Here's the command I used:
perl -0777 -i -pe 's/\n(\n\s*g_auto\()/\1/g' `git ls-tree --name-only
-r HEAD | grep \\\.[ch]$ | grep -v common/valgrind-private.h |
grep -v app/flatpak-polkit-agent-text-listener\\\.[ch]`
I ran it again with "g_autoptr" in place of "g_auto", and made a few
manual edits to add back the newline when the g_auto* was in the middle
of a function body rather than at the top.
Closes: #2715
Approved by: matthiasclasen
We don't really need a separate process here, and
doing things this way makes output from the sandbox
appear outside, thereby giving us meaningful error
messages for invalid icons.
Related: #2669Closes: #2677
Approved by: alexlarsson
This function helpfully does not 0-terminate the buffer,
so we have to do that ourselves. Also make the buffer
as large as possibly required, and handle errors.
Closes: #2630
Approved by: matthiasclasen
We can't look at the FLATPAK_VALIDATE_ICON environment variable
inside the sandbox. Use /proc/self/exe to find the binary to reexec.
Closes: #2618
Approved by: alexlarsson
We need to handle source directories not existing, for example /lib64
on a pure 32-bit system.
Because relative symlinks in a directory that is itself a symlink do
not have the same meaning as the same relative symlink in a bind-mount
of that directory, ideally we want to use --symlink for /lib and /lib64
on merged-/usr systems, but --ro-bind on non-merged-/usr systems.
Also bind /etc/ld.so.cache into the sandbox.
This is especially important for libstdc++ on distributions that
don't have it directly in a libdir and the runtime linker doesn't
look where needed without /etc/ld.so.cache (e.g. if libstdc++ is
in a GCC per-version subdirectory handled via /etc/ld.so.conf.d/).
Changes originally made in libgnome-desktop by Iain Lane (see
<https://bugzilla.gnome.org/show_bug.cgi?id=787072>).
Adapted from https://github.com/flatpak/xdg-desktop-portal/pull/289
by Simon McVittie.
Closes: #2618
Approved by: alexlarsson
Make the icon validator reexec itself inside a sandbos
if the --sandbox option is given. This lets us share
the sandbox setup between all users of this tool.
An additional advantage is that this makes the sandbox
setup code testable by iself.
Closes: #2618
Approved by: alexlarsson
