Commit Graph

1378 Commits

Author SHA1 Message Date
Matthias Clasen
f9a73904bd Set a custom prompt
Differentiate sandbox shells by a custom prompt.
We set FLATPAK_ID to the app id, and PS1 to a prompt
using it. PS1 can be overridden by runtimes or --env.

Closes: #2447
Approved by: alexlarsson
2018-12-19 14:35:39 +00:00
Matthias Clasen
e7871a03c6 transaction: Try harder to identify empty transactions
It turns out a transaction can contain operations, and still
nothing happened after it ran - when all operations are skipped.
We only know this when the transaction is fully resolved, but
we may call is_empty from the ready signal or after run returns,
and it seems nice to tell the truth then.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
3a3ec26ebf transaction: Add api to get the start time of progress
This lets us calculate the download speed, and estimated
time remaining.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
030eb4de3f transaction: Add api to get transferred size
Add a function to FlatpakTransactionProgress to get the
number of transferred bytes. This is useful information
to show during a long-running download.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
a5b9b59c7b Add a utility for formatting choices
This prints the common pattern of

Choices:

  1) bla
  2) bla

with consistent formatting, so we don't have
to worry about matching newlines and spaces
all over the codebase.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
ba92cb7126 Add a way to disable fancy output
We disable fancy output when we can detect it,
but it is a good idea to have a way to explicitly
opt out too.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
19368bd00b transaction: Add api for sizes
Add api to get the download and installed size
of resolved operations. This is useful information
to present to the user before running the transaction.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
03d197f302 p2p resolve: Return sizes as well
Make flatpak_dir_resolve_p2p_refs return the
download and installed sizes as well. This is
useful information to present to the user before
doing an install or update.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
732ee49fee Add some tty handling utilities
Add a function to query the window size and cursor position,
and definitions for some more ANSI escape sequences that we
will use in the following commits.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
970697f21c transaction: Add useful details to the docs
The guaranteed sequence of signals is useful information
for any user this api.

Closes: #2371
Approved by: alexlarsson
2018-12-18 14:50:26 +00:00
Matthias Clasen
2a8a0ec69a Pass host xdg dirs into the sandbox
There are some use cases where apps might legitimately need
to know the host values of xdg variables. Since we use them
for our own purposes, we can't just propagate them as-is.
Instead, set HOST_XDG_{DATA,CONFIG,CACHE}_HOME if the corresponding
xdg variables are set on the host.

Closes: #2424

Closes: #2440
Approved by: alexlarsson
2018-12-17 08:14:43 +00:00
Matthias Clasen
11a9bef97e Merge pull request #2432 from aleixpol/clangbuild
Fix build with clang
2018-12-14 15:55:51 -05:00
Aleix Pol
192066517c Fix build with clang
Fixes #2430
2018-12-14 18:50:05 +01:00
Aleix Pol
b6eddbccff Don't use the last percentage if the total size changed
It happens sometimes that the first processed total is 1, when this gets
downloaded we have 100% already and then the total changes making this
percentage faulty.
This makes the progress regress sometimes, but I'd say it's better than
a permanent, ficticious number.

Fixes #2428
2018-12-14 18:27:17 +01:00
Alexander Larsson
9d8216ece2 Fix memleak in flatpak_bwrap_bundle_args 2018-12-10 13:53:08 +01:00
Alexander Larsson
45171e0ab0 Fix memleak in get_locale_langs_from_accounts_dbus 2018-12-10 13:52:54 +01:00
Alexander Larsson
bfa9fabd52 Fix leak in flatpak_get_current_locale_langs() 2018-12-10 11:50:55 +01:00
Alexander Larsson
185fe43fb7 extra_data: In system-helper case, canonicalize uid/gid
Make sure all files produced by apply_extra are owned by root.

Closes: #2398
Approved by: matthiasclasen
2018-12-07 20:38:45 +00:00
Matthias Clasen
43d4fb6a3e Fix oci pull progress reporting
Comparing the code in flatpak-utils.c:progress_cb,
we need to set bytes-transferred for the total amount
of data that has been transferred so far. The value
we were setting so far, fetched-delta-part-size, refers
to the size of the objects we already have locally, and
is subtracted from the total, which explains oci progress
running backwards.

Closes: #2392

Closes: #2400
Approved by: matthiasclasen
2018-12-07 19:51:11 +00:00
Matthias Clasen
b8cad064eb Add our own polkit listener implementation
This lets us respect the fancy output setting, and
it lets us do some other things that make it better
integrated.

Closes: #2379
Approved by: alexlarsson
2018-12-06 15:01:14 +00:00
Matthias Clasen
c685f05f8a trivial: Fix a gtk-doc warning
gtk-doc complains if parameter names don't match between
headers and doc comments, so make them match, for a quieter build.

Closes: #2384
Approved by: alexlarsson
2018-12-06 14:47:58 +00:00
Matthias Clasen
a2f57f64fd Add flags that allow to 'upgrade' permissions
This is to avoid multiple polkit dialogs, regardless
of transaction ordering.

FlatpakTransaction calculates the 'strongest' op it has,
and passes the hints accordingly. FlatpakInstallation
doesn't pass hints, since it does individual operations.

The system helper uses the hints to determine which PolicyKit
permission to request. Since the policy typically has 'keep'
set, this mean that the following operations in the same
transaction will be able to reuse the permission obtained
for the first one.

Closes: #2384
Approved by: alexlarsson
2018-12-06 14:47:57 +00:00
Matthias Clasen
c516a22e4d session-helper: Improve HostCommand life-cycle handling
Add flag that instructs the session-helper to kill
the spawned command when the caller drops off the bus.

Closes: #2326

Closes: #2365
Approved by: alexlarsson
2018-12-06 13:10:51 +00:00
Matthias Clasen
f3f7417b16 installation: Add a no-interaction property
Allow to mark a FlatpakInstallation as no-interaction, which
will get passed to the system helper to prevent it from presenting
polkit dialogs.

We make this a property on the object, since not all relevant
methods have flags that would let us pass this information.

Closes: #2367
Approved by: alexlarsson
2018-12-05 10:16:22 +00:00
Matthias Clasen
929da90a3e dir: Add a no-interaction property
Allow to mark a FlatpakDir as no-interaction, which will
get passed to the system helper to prevent it from presenting
polkit dialogs.

We make this a property on the object since the alternative
would require plumbing the flag through tons of API all over
the code.

Closes: #2367
Approved by: alexlarsson
2018-12-05 10:16:22 +00:00
Matthias Clasen
c148c7eeec system-helper: Allow non-interactive tasks
Add a new 'no-interaction' flag to all system-helper methods
that have flags, and don't allow polkit user interaction if
it is set. This will let tools like GNOME Software do automatic
updates in the background without interrupting the user with dialogs.

For methods that don't have flags, we always allow user interaction.

Closes: #2367
Approved by: alexlarsson
2018-12-05 10:16:22 +00:00
Matthias Clasen
1ba30f7ef1 system-helper: Add flags to all methods
Some methods were missing a flags argument. This
will be a problem in the future, when we want to
pass a no-interaction flag to all methods. Therefore,
add an empty flags enum for every method that is lacking
one now.

This is an api change for the system-helper interface.

Closes: #2370
Approved by: alexlarsson
2018-12-03 12:52:17 +00:00
TingPing
e5218a5623 Also add /dev/nvidia-uvm-tools
This may sometimes be needed also.
Closes: #2358
Approved by: matthiasclasen
2018-12-01 00:31:11 +00:00
Alexander Larsson
0b6a66013c OCI: Use system helper to generate summary for OCI remotes
The OCI support relies on downloading a json index and converting it
to a ostree-style summary, which we the use in all sorts of operations
in the client code. Currently this happens in the user code, which means
that it will fail (due to permissions) in the system installation case.

We could do the conversion as the user, but when eventually installing
something the system-helper will anyway do this download and
conversion, so that would only double the work and risk things going out
of sync. Also, the OCI index is not gpg signed, so we can't realy on
downloads done as the user.

So, the solution done here is to add a GenerateOciSummary
system-helper call which we use instead of directly generating the
oci summary.

This fixes https://github.com/flatpak/flatpak/issues/2350

Closes: #2363
Approved by: matthiasclasen
2018-12-01 00:16:08 +00:00
Owen W. Taylor
05cc3c0f66 flatpak_cache_http_uri: save downloaded files with permission 0644
Previously, downloaded files were being saved with 0600 permissions,
which prevented OCI icons downloaded by the system helper at appstream
creation time from being read by users.

Closes: #2362
Approved by: matthiasclasen
2018-11-30 23:53:10 +00:00
Patrick Griffis
9895014124 Grant access to /dev/nvidia-uvm for OpenCL/CUDA
Closes #2266

Closes: #2356
Approved by: alexlarsson
2018-11-30 07:36:41 +00:00
Kalev Lember
c915f73b41 remote: Add a way to get/set xa.main-ref
This is useful for gnome-software in order to figure out which app to
show from noenumerate remotes.

Closes: #2340
Approved by: matthiasclasen
2018-11-25 18:31:06 +00:00
Patrick Griffis
182b2674aa Add condition for XDG_CURRENT_DESKTOP checks
Firstly this changes the "download-if" and "enable-if" properties
to accept a `;` separated list of multiple conditions.

Secondly it adds `on-xdg-desktop-*` which will check against
the XDG_CURRENT_DESKTOP env var (case-insensitively).

This is done entirely for the Qt GNOME Platform so it can do this:

```
"org.kde.PlatformTheme.QGnomePlugin" : {
  "download-if": "on-xdg-desktop-GNOME;on-xdg-desktop-GNOME-classic"
}
```

Closes: #1436
Approved by: matthiasclasen
2018-11-17 23:42:49 +00:00
Matthew Leeds
5fe2a0aabe uninstall: Add support for fuzzy matching
This adds support for fuzzy matching ref names (AKA "typo helper") to
the uninstall command to mirror what the install command has. In short,
this means you can do "flatpak uninstall gedit" instead of "flatpak
uninstall org.gnome.gedit". Flatpak will prompt you to choose between
similarly named installed refs, and will only make the choice for you if
--assumeyes was used and there's only one match.

Note that this commit does have the side effect that if there are
multiple matching refs with the same ID (e.g. with different branches or
in different installations) you are prompted to choose between them.
Previously you were shown an error message.

Closes: #2330
Approved by: matthiasclasen
2018-11-17 13:00:33 +00:00
Matthew Leeds
7d35de18e4 app: Fix a couple memory leaks
Closes: #2330
Approved by: matthiasclasen
2018-11-17 13:00:33 +00:00
Erick555
ad9599d3e3 Mount common sockets as read-only
This is similar case as with x11_socket, 0af71792b4

Closes: #2333
Approved by: matthiasclasen
2018-11-16 21:18:12 +00:00
Matthew Leeds
3f13babb5a dir: Emit better errors for invalid flatpakrepo files
Closes: #2327
Approved by: matthiasclasen
2018-11-16 14:04:48 +00:00
Alexander Larsson
03732121db Make sure we dist flatpak-instance-private.h 2018-11-16 14:34:15 +01:00
Alexander Larsson
35598f46a5 extra-data: Don't allow creating files with non-canonical permissions in apply_extra
When installing a flatpak with extra-data we execute the apply_extra
script from the flatpak to extract the extra data files we
created. This script runs with very little filesystem acces, but it
does have write permissions to the location that will eventually be
/app/extra in the finished flatpak. This is especially problematic for
the systemwide install case, because the script is then run as root,
so it could potentially create a setuid file there.

Such a file would not be usable inside the sandbox (because setuid is
disabled in the sandbox), but it could potentially be a problem if the
user could be tricked into running the file directly on the host. This
is the same behaviour as e.g. rpm or deb which both can install setuid
files, but we want to guarantee that flatpak is better than that.

The fix is to run the script with all capabilities dropped (bwrap
--cap-drop ALL) which removes a bunch of possible attack vectors (for
instance setting file capabilities). However, even without
capabilities, it is possible for a user to make any file setuid to the
same user, so we also need to canonicalize the permissions of all
files generated by running the script.

Additionally, while running the script we set the toplevel directory
only be accessible to the user, meaning we will not temporarily leak
any potential setuid files to other users.

Note, this commit actually goes furthen than that and completely
canonicalizes all the file permissions to be the same as those
otherwise used by flatpak. For example we fix up cases where the
script creates files writable or unreadable by non-root users.

Closes: #2323
Approved by: alexlarsson
2018-11-16 10:20:20 +00:00
Alexander Larsson
1ce0246b0d dir: Match pre-existing remotes better wrt collection-id
If you have a pre-existing remote configured its exact definition
might differ from the one specified in a flatpakrepo file and yet
be the same.

For example, i have:

$ flatpak --user remotes -d
Name      Title      URL                            Collection ID          Priority Options
flathub   Flathub    https://dl.flathub.org/repo/   org.flathub.Stable     1

Yet when i install a flatpakref:

$ flatpak --user install http://flathub.org/repo/appstream/org.gnome.gedit.flatpakref
The application org.gnome.gedit depends on runtimes from:
  https://dl.flathub.org/repo/
Configure this as new remote 'flathub-1' [y/n]:

Because the flathub flatpakrepo does not yet have the collection id specified.

So, we need to be more lenient when matching the pre-configured remotes.

Closes: #2324
Approved by: alexlarsson
2018-11-16 10:06:22 +00:00
Matthew Leeds
348fcc3f97 Add a DeployCollectionID key to replace CollectionID
This commit adds a key called DeployCollectionID to the flatpakref and
flatpakrepo file formats, which is intended to replace the CollectionID
key (which is still supported but deprecated). The reason for the change
is the same as for the metadata key change from xa.collection-id to
ostree.deploy-collection-id, which is that old versions of Flatpak
(roughly 0.9.8 through 1.0.1 depending on compile time options) hit
various bugs when collection IDs are in use. Flathub will soon enable
the metadata key to deploy collection IDs, and this change means Flathub
can also deploy the collection ID in flatpakref and flatpakrepo files
without affecting old clients.

Adding DeployCollectionID to the flatpakref and flatpakrepo files will
mean the flathub remote can be automatically configured with a
collection ID without depending on the metadata key to do that.

Closes: #2329
Approved by: alexlarsson
2018-11-16 09:17:07 +00:00
Erick555
0af71792b4 Mount x11_socket as read-only
Fixes https://github.com/flatpak/flatpak/issues/2315
Closes: #2316
Approved by: alexlarsson
2018-11-15 12:24:00 +00:00
Philip Withnall
9e9b8b75fc ref: Fix a typo in a documentation string
Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #2317
Approved by: matthiasclasen
2018-11-14 12:34:30 +00:00
Matthias Clasen
c4572c17f8 Merge pull request #2311 from matthiasclasen/name-validation
Name validation
2018-11-14 00:12:16 -05:00
Matthias Clasen
3a536f3878 Clarify FlatpakInstallation docs
Several doc comments were mistakenly talking
about a 'system installation'.

Closes: #2310
Approved by: matthiasclasen
2018-11-13 00:29:55 +00:00
Matthias Clasen
54f38284f6 Validate custom installation IDs
We want to avoid unnecessary confusion and complications,
so we rule out IDs that are problematic because they will
clash with the default installations.

At the same time, make the error messages for parsing
custom installations more informative.
2018-11-12 19:25:34 -05:00
Matthias Clasen
91f88dd204 Don't allow empty remote names
Prevent remotes from having empty names. This can only lead
to confusion and unnecessary complications.
2018-11-12 19:18:07 -05:00
Philip Withnall
4a1c11dba9 dir: Factor out code to load AppStream cache for a remote
This is currently only used in the ‘search’ built-in command, but will
need to be used in upcoming parental controls filtering changes in
Endless OS (which will go upstream eventually) too.

This introduces no functional changes.

The CFLAGS/LIBADD changes are necessary because of the new
AppStream #includes.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #2296
Approved by: matthiasclasen
2018-11-12 13:13:09 +00:00
Alexander Larsson
7078a7f087 Make per-app generated files read-only
We generate various configuration files for each sandbox instance,
and expose them to the sandbox using flatpak_bwrap_add_args_data,
which in the end passed --bind-data to bwrap. These files are not
sensitive or shared, but it still doesn't really make sense for
the sandbox to allow them to be modified, so lets switch them
to --ro-bind-data.

This affects these files in the sandbox:

 $HOME/.var/app/$APPID/config/user-dirs.dirs
 /etc/group
 /etc/ld.so.conf
 /etc/passwd
 /etc/pkcs11/modules/p11-kit-trust.module
 /etc/pkcs11/pkcs11.conf
 /etc/timezone
 /run/flatpak/ld.so.conf.d/*.conf
 /run/user/$UID/pulse/config
 /run/user/$UID/Xauthority
2018-11-12 14:13:05 +01:00
Alexander Larsson
6711d7ae99 Don't allow writes to runtime files in /etc
We mistakenly bind-mounted the runtime /usr/etc files read-write in
/etc, which means that application could modify some parts of the
runtimes (at least when using a per-user installed runtime). Fix
this by using a --ro-bind.
2018-11-12 14:13:05 +01:00