We add socat to the test runtime, and then we use that to run a
test app outside the sandbox as if it was inside.
The testcase connects creates a monitor and ensure we properly get signals
for updates.
There's not much point in using /bin/bash for all but three scripts and
using /bin/sh for those, so use bash for everything.
Closes: #2705
Approved by: alexlarsson
This commit makes it so that a unit test can create the test app and
runtime using a branch other than master, and changes test-run.sh to use
the branch "stable". This will allow the run command to be tested better
in the following commit.
Closes: #2788
Approved by: matthiasclasen
During build-time tests, bwrap doesn't necessarily work. In particular,
official Debian autobuilders can't enter namespaces.
We continue to leave the sandbox enabled in the build-export calls in
tests/test-extensions.sh, tests/test-unsigned-summaries.sh
and tests/test-update-remote-configuration.sh, which are already
skipped if bwrap isn't available. This means we exercise both the
normal and --disable-sandbox code paths.
Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #2661
Approved by: alexlarsson
Rather than specify this in multiple places we now list the most
core binaries needed for the tests inside the script.
Closes: #2188
Approved by: alexlarsson
This is only used in the flatpak-builder tests now, not the main
flatpak tests.
Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1990
Approved by: alexlarsson
In the Fedora 28 base container, `coreutils-single` is used and so
`/usr/bin/ls` is actually a "script":
```
$ file /usr/bin/ls
/usr/bin/ls: a /usr/bin/coreutils --coreutils-prog-shebang=ls script, ASCII text executable
```
We handle this by detecting shebangs in dependencies and recursively adding them.
Closes: #1741
Approved by: alexlarsson
Under normal circumstances ldconfig isn't required to be in ordinary
users' PATHs, but running this script is not a normal circumstance.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1630
Approved by: alexlarsson
Instead of setting LD_LIBRARY_PATH to make the app load the right
libraries we run ldconfig to generate a ld.so.cache that we feed
to the sandbox as /etc/ld.so.cache. The cache itself is generated
by running ldconfig at run time, but for apps we cache the
result in $HOME/.var/app/$APPID/.ld.so/cache based on the
current app/runtime/extensions commit ids.
We also unset LD_LIBRARY_PATH, to ensure any host-side value
does not mess with the sandbox.
The default ld.so.conf we set (if the runtime has none, or an empty
one) is:
include /run/flatpak/ld.so.conf.d/*.conf
include /app/etc/ld.so.conf
/app/lib
Additionally all the extension points that have add_ld_path set gets a
ld.so.conf snippet in /run/flatpak/ld.so.conf.d.
This allows applications and extensions to install their own paths if
needed, and if the runtime wants more location they can install a
custom ld.so.conf that includes the above.
In the flatpak build case we still use LD_LIBRARY_PATH like before,
because there is no good key (like the commit ids) for keeping the
cache up-to-date. Also, the behaviour is different when building an
app for instance. If /app/lib is not in LD_LIBRARY_PATH then the
sandbox-wide /etc/ld.so.cache must be updated for a newly installed
library to work, but the sandbox is not allowed to update
/etc/ld.so.cache.
This code was originally written by Valentin David <valentin.david@gmail.com>
with changes by Alexander Larsson <alexl@redhat.com>.
Closes: #1073
Approved by: alexlarsson
This adds variable support for collection IDs: they can either be
enabled on the server, on the server and client, or not at all. If
enabled on the server, apps and runtimes are built with collection IDs
and the repository has one set. If enabled on the client, the remote
config is added to the local repository with a collection ID and GPG
verification enabled. They are controlled with
USE_COLLECTIONS_IN_{SERVER,CLIENT}={yes,no}.
These variables are used in the new wrapper tests,
test-repo-collections.sh and test-repo-collections-server-only.sh.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This makes the ostree trivial-httpd --autoexit feature work better,
because it seems to exit whenever the root directory changes (i.e. not
only when its deleted).
This means the root dir can't be the repo (because then we can't
update the repo), or the base testdir (because we create files there
too), so instead we make the repo $testdir/repos/test and
$testdir/repos as the httpd root.
This catches regressions in the fix in the previous commit, where old
stale .py[oc] files can wrongly become "unstale" when we change the
.py file mtime to 1.
