This was not a typo for "located": the daemon is systemd-localed,
or localed for short.
Fixes: bb549168 "fix: cross typos, detail below"
Signed-off-by: Simon McVittie <smcv@collabora.com>
What I did
Repository rules / “don’t edit” areas
From CONTRIBUTING.md and subprojects/README.md, subprojects/ contains vendored/submodule/copylib code (bubblewrap, libglnx, dbus-proxy, variant-schema-compiler). I treated subprojects/ as third-party and excluded it from typo fixing.
You already skip po/ (translations) and node_modules/, and I kept those exclusions.
Typos fixed (project-owned files only)
I ran codespell with write mode and exclusions, and fixed the reported typos across:
NEWS
app/…
common/…
doc/…
tests/…
session-helper/…
portal/…
data/…
Then I handled the remaining items individually:
NEWS: thse -> these
common/flatpak-utils-private.h: Thse -> These
app/flatpak-polkit-agent-text-listener.c: identies -> identities
tests/test-auth.sh: Propertly -> Properly
tests/testlibrary.c: remore -> remote
common/flatpak-transaction.c: improved wording to avoid the xwindows typo (X11 window ID)
Added .codespellrc
Created .codespellrc:
skip: node_modules,po,subprojects
ignore-regex: .*(ratatui|Affinitized|affinitized).*
ignore-words-list: nd,ot,THUR,IST,fo,hel,bu
(these were confirmed as legitimate tokens/abbreviations/namespace prefix/test strings in this repo, so they should not be “fixed”)
Verification:
codespell --config .codespellrc . now exits clean.
Signed-off-by: rezky_nightky <with.rezky@gmail.com>
Since commit d10e1148 "Add initial support for preinstalling flatpaks",
the test suite sets FLATPAK_DATA_DIR to a temporary directory, both
while running uninstalled and as-installed.
While running uninstalled we already set FLATPAK_TRIGGERSDIR to the
trigger scripts in the source tree, but when running "as-installed",
we need to run the triggers that the OS installs as part of the flatpak
package (or equivalent).
Not having this caused autopkgtests (automated as-installed tests) in
Debian to regress with 1.17.x.
Fixes: d10e1148 "Add initial support for preinstalling flatpaks"
Signed-off-by: Simon McVittie <smcv@debian.org>
This gives us conditionals for shares and features. So far we have no
use case for this, but the system already exists, it makes the code
simpler, and when we need this in the future, we don't have to wait for
it to roll out.
journalctl also prints something when the message didn't make it to
whatever journalctl connects to. Check for the specific message showing
up instead to make sure it all works as expected.
A few years ago there was a very painful attempt at porting from
libsoup2 to libsoup3. Flatpak libsoup3 support never landed and it seems
like a large amount of distros have switched over to libcurl instead.
This commit removes libsoup2 support completely instead of growing
libsoup3 support.
Closes#5915Closes#4582
We could previously just assume that the first enabled remote
(potentially matching the collection ID) contains the ref, but that
obviously is not always the case.
The change here looks up the remote state of the remotes to figure out
if they actually contain the ref, and adds the first matching remote to
the transaction.
Otherwise we try to call setfattr which fails and have_xattr reports
that there is no xattr support. This might then obviously be wrong and
the test can fail because of that.
If the binaries are not available in the environment, the trigger will
not do anything. The tests will not know about this and fail. So only
test for the results of the triggers if they have the dependencies they
require.
If the internal_tests option is enabled we build some internal tests
into the binary. These are added to the tests we run in testlibrary.
This is not intended to be enabled in production, as it adds size to
the real binary, but is useful for CI and development.
Fixes#2489
Adds and wires up a `reinstall` option to
`flatpak_dir_install_bundle`. Previously, bundle install
transactions would silently drop the reinstall flag.
The F_DUPFD and its relative F_DUPFD_CLOEXEC both expect an int argument
as extra argument, being the minimal value for the new FD. This argument
must be within the accepted range (see ulimit -H -n).
This was detected in Ubuntu during testing against the latest glibc,
stracing resulted in:
107244 fcntl(1, F_DUPFD_CLOEXEC, 1847846346272) = -1 EINVAL (Invalid argument)
On the system in question (ppc64el machine running Ubuntu Questing), the
relevant limit is 524288.
For the fix we use 3 as a reasonable floor value, as in the first one
after stderr. It also happens to be the one used in revokefs/main.c.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2121039
This adds new FlatpakTransaction API, and a new top level CLI command to
preinstall flatpaks, that is to install flatpaks that are considered
part of the operating system.
A new drop-in directory /etc/flatpak/preinstall.d/ allows configuring
what apps should be preinstalled, and a new flatpak preinstall command
installs and removes apps based on the current configuration.
A drop-in loupe.preinstall file can look something like this:
[Flatpak Preinstall org.gnome.Loupe]
Branch=stable
IsRuntime=false
The corresponding API is flatpak_transaction_add_sync_preinstalled()
which can be implemented by GUI clients to drive the actual installs
on system startup.
Resolves: https://github.com/flatpak/flatpak/issues/5579
Co-authored-by: Sebastian Wick <sebastian.wick@redhat.com>
Add support for `oci-archive:` image sources by temporarily
unpacking the archive using libarchive.
Co-authored-by: Sebastian Wick <sebastian.wick@redhat.com>
Similar to bundle installs, add:
flatpak install [--image] docker://registry.example.com/image:latest
flatpak install [--image] oci:/path/to/image
These is useful for testing purposes and in certain cases when installing
Flatpaks on disconnected systems.
Docker and podman can be configured to use mutual TLS authentication
to the registry by dropping files into system-wide and user
directories. Implement this in a largely compatible way.
(Because of the limitations of our underlying libraries, we
can't support multiple certificates within the same host config,
but I don't expect anybody actually needs that.)
The certs.d handling is extended so that certificates are separately
looked up when downloading the look-aside index. This is mostly
to simplify our tests, so we can use one web server for both -
in actual operation, we expect the indexes to be unauthenticated.
Also for testing purposes, FLATPAK_CONTAINER_CERTS_D is supported
to override the standard search path.
Co-authored-by: Sebastian Wick <sebastian.wick@redhat.com>
Now that we read remotes from $datadir/flatpaks/remotes.d as well as
/etc/flatpaks/remotes.d, we should have a mechanism to redirect this, as
we do for almost all other filesystem path locations.
To avoid an explosion of new variables, we introduce FLATPAK_DATA_DIR to
represent configuration that ships with the operating system.
This is useful:
- To fix sandboxing of tests
- When installing using flatpak into a chroot, so that we read
the chroot's configuration rather than the host.
It also is used when reading triggers, but the current
FLATPAK_TRIGGERSDIR is left for compatibility.
Co-authored-by: Sebastian Wick <sebastian.wick@redhat.com>
Without this, "as-installed" tests via `ginsttest-runner` will fail,
for example in Debian's autopkgtest framework.
Fixes: 1d56bd37 "context: Implement device lists for usb"
Signed-off-by: Simon McVittie <smcv@debian.org>
Add '--usb' and '--nousb' to the FlatpakContext option group.
Map these parameters to either the enumarable list, or the hidden
list, of a new "USB Devices" group in the metadata key file. It looks
like this:
```
[USB Devices]
hidden-devices=cls:01:*;
enumerable-devices=vnd:0fd9+dev:0080;vnd:0fd9+dev:0080;
```
Flatpak itself does not use these values, they're meant to be used
by e.g. XDG Desktop Portal to filter which devices the app can see
through the USB portal.
Hidden devices must always take precedence over enumerable devices.
This is heavily inspired by https://github.com/flatpak/flatpak/pull/4083
Co-Authored-By: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
Co-Authored-By: Ryan Gonzalez <rymg19@gmail.com>
Signed-off-by: Hubert Figuière <hub@figuiere.net>
For historical reasons g_qsort_with_data() "only" works with up to 2**31
items, so it won't necessarily work for pathologically large arrays
and therefore is deprecated.
One advantage of g_qsort_with_data() and its replacement g_sort_array()
is that GLib guarantees that they are a stable sort (will not permute
items that already compare equal), which is not a guarantee for glibc's
qsort() and qsort_r(). However, I don't think it's actually relevant
whether we are doing a stable sort in any of these places: most of the
time we are sorting an array of unique items (often the keys of a hash
table, which are necessarily unique), therefore the compare function
will not compare equal in any case.
Another advantage of the GLib functions is that they are portable,
unlike qsort_r(). However, Flatpak is Linux-only, so we can freely use
useful functions like qsort_r().
Signed-off-by: Simon McVittie <smcv@collabora.com>
KDE krunner supports DBus plugins that allow search completion
comparable to the already supported gnome-shell searchprovider.
Exporting the contents of the runner directory enables us to enable
search results from within flatpack applications.
In context of the previous commit, this allows Flatpak apps to spawn
subsandboxes with `--a11y-own-name=DBUS_NAME`, where `DBUS_NAME` must
have the app id as prefix.
For example, `org.webkitgtk.MiniBrowser` would be able to spawn a Web
process using the Flatpak portal, and by passing
`org.webkitgtk.MiniBrowser.Sandboxed.WebProcess0`, this Web process
would be able to own this name in the a11y bus. This allows the Web
process and the main WebKit process to connect their a11y trees across
sandboxes.
These are passed to non-const-correct APIs which still need a cast, but
at least we can declare the array in a way that reduces mistakes.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This adds three "positive" tests: the common case --persist=.persist, the
deprecated spelling --persist=/.persist, and the less common special case
--persist=. as used by Steam.
It also adds "negative" tests for CVE-2024-42472: if the --persist
directory is a symbolic link or contains path segment "..", we want that
to be rejected.
Reproduces: CVE-2024-42472, GHSA-7hgv-f2j8-xw87
[smcv: Add "positive" tests]
[smcv: Exercise --persist=..]
[smcv: Assert that --persist with a symlink produces expected message]
Co-authored-by: Simon McVittie <smcv@collabora.com>
Signed-off-by: Simon McVittie <smcv@collabora.com>
There are two places where we deliberately leak some memory. There are
some cases which look like leaks in libostree but it's not impossible
that we made a mistake in flatpak.
Two other cases seem like issues in flatpak that I couldn't figure out.
