mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-01-28 01:28:15 -05:00
Code Issues Packages Projects Releases Wiki Activity
1,428 Commits 45 Branches 198 Tags
a512da2592dde978e899fa95e58cd94dea2829b9
Commit Graph

1428 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Clasen
34dda64b95 Add a --title option to repo-update 
This stores a human-readable title in the additional metadata
of the repo summary. We use xa.title as the key.
 2015-02-09 17:17:19 +01:00
Matthias Clasen
2054f0e6f5 change load summary api 
We want to call it before we have added a remote to the config,
so pass in the url directly instead of pulling it out of the
repo config.
 2015-02-09 15:50:05 +01:00
Matthias Clasen
02b6300453 Fix a thinko 2015-02-09 15:21:52 +01:00
Matthias Clasen
4571eb85f7 Factor out summary loading 2015-02-09 15:21:23 +01:00
Matthias Clasen
c07e917b5d Add --allow option to the run command 
Allow to fully override the environment settings from the
application metadata. This can be useful for testing.
 2015-02-09 13:24:19 +01:00
Matthias Clasen
f4b9af3a40 Factor out a utility function 2015-02-09 13:03:39 +01:00
Alexander Larsson
4ff10fee86 Add support for --with-priv-mode=caps 
This allows you to set the privs for the helper via file
capabilities instead of setuid.
You can also set the mode to none, but then you have to
manually set either setuid or filecaps (for instance via
a packaging script).
 2015-02-08 23:37:47 +01:00
Alexander Larsson
c8dd341440 Don't use g_ptr_array_insert 
This is too cool for vbatts
 2015-02-08 17:25:15 +01:00
Alexander Larsson
9a0dcf6470 Add copies of new glib APIs that we use 2015-02-08 17:08:11 +01:00
Alexander Larsson
3ef9c13598 Set PR_SET_NO_NEW_PRIVS 
This means no process in the app can gain any kind of extra
privs during exec() (for instance setuid of file caps).
 2015-02-08 11:32:17 +01:00
Alexander Larsson
79b12777bf Add all (unused) args to prctl call 2015-02-08 11:32:17 +01:00
Matthias Clasen
a2f9562989 Teach completion about --runtime 2015-02-08 11:32:17 +01:00
Alexander Larsson
4fad768593 Merge pull request #48 from matthiasclasen/prefix-ostree-errors 
Prefix many ostree error messages
 2015-02-08 01:15:59 +01:00
Alexander Larsson
6a7b43a3c5 Merge pull request #49 from matthiasclasen/quote-args 
Quote commandline arguments
 2015-02-08 01:14:59 +01:00
Alexander Larsson
b2ec77fb2f Don't run xdg-app-helper as root 
Instead of running as root we setuid to the real user, after
having assured that we have the minimum amount of capabilities
required (which we then drop at the end).

This means we create all files as the actual user, and we never
risk somehow reading a file that otherwise only root could read.
 2015-02-08 01:09:44 +01:00
Matthias Clasen
f412d38458 Quote commandline arguments 
We don't expect branch or arch names to contain spaces. But if
they do, we should not fall over needlessly.
 2015-02-07 18:38:29 +01:00
Matthias Clasen
41ea4e4ebc Prefix many ostree error messages 
Some of the ostree error messages don't contain sufficient detail
to be useful, so use g_prefix_error to add some context.
 2015-02-07 18:02:04 +01:00
Alexander Larsson
f8e4343ff5 Merge pull request #43 from matthiasclasen/remote-title 
Add a --title option to add-remote
 2015-02-07 15:10:30 +01:00
Alexander Larsson
ab91bbf925 Merge pull request #46 from matthiasclasen/run-env 
Add a --forbid option to run
 2015-02-07 13:26:13 +01:00
Matthias Clasen
2a1246d136 Add a prefix to the config key 
This seems to be the common practice for git addons.
Colin recommends that we do the same for ostree config keys.
 2015-02-07 12:01:48 +01:00
Matthias Clasen
763b378590 Add some debug spew 
Show the access we allow.
 2015-02-06 17:43:53 +01:00
Matthias Clasen
c313cafbae Add a --forbid option to run 
This allows to restrict the access that the app gets out of
the sandbox. We allow an access if the app requests it (in its
metadata) and the user doesn't forbid it (with this option).
 2015-02-06 17:39:20 +01:00
Alexander Larsson
0abf45b01b Merge pull request #44 from matthiasclasen/run-runtime 
run-runtinme
 2015-02-06 16:15:55 +01:00
Matthias Clasen
e5ee197b81 Add a --runtime option to run 
The --runtime option lets us completely override the runtime that
is specified in the application metadata. This is useful for testing
compatibility of an application with runtimes.
 2015-02-06 12:11:26 +01:00
Alexander Larsson
287a93742f Put system installed apps/runtimes in localstatedir (/var) 2015-02-06 11:59:38 +01:00
Alexander Larsson
3afe98d614 Try /tmp for .xdg-app-root if /run/user not available 2015-02-06 11:58:57 +01:00
Alexander Larsson
61ababa60e Make /proc/sysrq-trigger /proc/irq, /proc/bus read-only 
We should normally not have any rights to write here, but if
we do that is pretty bad, so might as well cover them read-only
like e.g. docker does.
 2015-02-06 11:21:01 +01:00
Matthias Clasen
06608ba7d5 Add a --title option to add-remote 
This stores a string in the remote configuration which can
be used in UIs when talking about the remote.
 2015-02-06 11:11:10 +01:00
Alexander Larsson
4903fe100d Remove unused removed dirs after install/uninstall 2015-02-05 22:50:38 +01:00
Alexander Larsson
6ea2391583 During undeploy, keep files around if they are in use 
We check for a lock on the .ref file to detect if anything
is using a partilular checkout before we remove it.
 2015-02-05 22:47:48 +01:00
Alexander Larsson
f1091127c5 Add locking of .ref files while a runtime/app is in use 2015-02-05 18:42:36 +01:00
Alexander Larsson
7c8fb83f20 Create files/.ref when deploying 
This will be used later to avoid deleting active mounts.
They have to be created during deploy, because we are
then guaranteed to be able to write to the directory,
and we don't want the resulting file to be hardlinked
to any other deployment (as then locks could be shared).
 2015-02-05 18:34:02 +01:00
Alexander Larsson
c4324ab630 Use a pid namespace 
For the fully sandboxed case we *need* a pid sandbox, so we might as
well always use one to get the same setup always. There should really
be no need for a normal "app" to see host processes.

The other nice thing about this is that we get somewhere to run code
when the app stops, which means we can do things like delay uninstall
while apps are running.

The unfortunate drawback of this is that we get 2 extra processes per
app, one is the pid1 in the sandbox, and the other is the monitor
process to return the exit code to the spawner of xdg-appp-helper.
 2015-02-05 17:36:43 +01:00
Alexander Larsson
6f023b4ee3 Clean up namespace initialization 
Rather than do the fork workaround we make / rslave, which means
we will still get new mounts/unmounts propagated to us from the root,
but will not leak any mounts to the host.

We also use a single directory in the users run dir as the mountpoint
for the tmpfs.
 2015-02-05 11:34:43 +01:00
Alexander Larsson
55a3f413c2 build-finish: Don't error out on exports 
gs_shutil_cp_a dies if the target exists, so only create the
parent dir before copying.
 2015-02-03 10:53:02 +01:00
Alexander Larsson
bc460da1c5 Don't make dconf runtime dir readonly 
This breaks dconf
 2015-02-03 10:52:34 +01:00
Alexander Larsson
f66c232edf Mount /run/user/$uid/dconf if the app has access to $HOME 
This is needed because while the dconf database is stored in
the home dir, the run dir is used to trigger re-mapping of the
database files.
 2015-02-03 09:29:51 +01:00
Alexander Larsson
ab3709aa83 Fix warning 2015-02-02 11:02:41 +01:00
Alexander Larsson
db2019a8ff Merge pull request #41 from matthiasclasen/repo-update-manpage 
Add repo-update man page to the build
 2015-01-30 09:52:58 +01:00
Alexander Larsson
6c362273c3 Merge pull request #42 from matthiasclasen/kill-dotref 
Don't create a useless .ref file
 2015-01-30 09:51:13 +01:00
Matthias Clasen
b01a6e3523 Don't create a useless .ref file 
This serves no purpose.
 2015-01-29 21:16:34 -05:00
Matthias Clasen
33e31213bd Add repo-update man page to the build 2015-01-29 14:42:31 -05:00
Matthias Clasen
e28eaf1c1d Merge remote-tracking branch 'upstream/master' 2015-01-29 14:40:46 -05:00
Matthias Clasen
6417994d37 Revert "Fix a copy-paste error" 
This reverts commit 1e36721951.
 2015-01-29 14:39:26 -05:00
Alexander Larsson
c83e3a7f83 Properly handle the session daemon not running 2015-01-29 15:11:51 +01:00
Alexander Larsson
2c50ebad51 Remove duplicated manpage 2015-01-29 11:23:20 +01:00
Alexander Larsson
57254de73a If the monitor dir is available, set the TZ env into it 
This means we'll pull in changes from the timezone on the
host system.
 2015-01-28 20:03:13 +01:00
Alexander Larsson
a36122edc9 Make the /etc handling optional 
The gnome-sdk-image build need to actually write to /etc, so
we need to keep supporting it being a link to usr/etc.
 2015-01-28 20:03:13 +01:00
Alexander Larsson
3a56d3f465 Call out to the session helper and get the monitor dir 2015-01-28 20:03:13 +01:00
Alexander Larsson
fca4a16209 Add xdg-app-session-helper 
This is a small app that makes copies of various system files to a directory
in /run so that the app sandbox can receive updates to these. This solves
the issue that we can't generally bind-mount say /etc/resolv.conf, because
it will be replaced with rename-over.
 2015-01-28 20:03:13 +01:00