Commit Graph

7309 Commits

Author SHA1 Message Date
Simon McVittie
ba86840f83 NEWS: Update
Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-11-14 15:35:02 +00:00
Simon McVittie
6e7eb1e19a portal, session-helper: Save original environment and use it for child
Otherwise, the child process will inherit GIO_USE_VFS=local, breaking
its ability to use GVfs and other GIO plugin interfaces.

Resolves: https://github.com/flatpak/flatpak/issues/5567
Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-11-14 15:28:51 +00:00
Alberto Garcia
14d735bfda data: Remove all /var/tmp/flatpak-cache-* directories on boot
No one is clearing those directories so they pile up and can take a
significant amount of disk space.

Resolves: https://github.com/flatpak/flatpak/issues/1119
Signed-off-by: Alberto Garcia <berto@igalia.com>
2023-11-10 13:32:14 -06:00
bbhtt
ec3989def6 Make flatpak-metadata sections linkable 2023-11-07 12:40:51 -06:00
bbhtt
c8e7b8df5c Clarify that an app can own its app-id as subname of MPRIS bus 2023-11-07 12:40:51 -06:00
Simon McVittie
2cf969af7d Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-10-27 18:18:56 +01:00
Dor Askayo
7e91d344b6 portal: Inherit flatpak-run environment from parent when spawning
Instead of inheriting the portal's environment when spawning a
subsandbox using flatpak-run, inherit the environment in which
flatpak-run was originally executed for the parent instance.

This means that environment variables that affect the sandbox setup
of the parent instance now also propagate to the setup of
subsandboxes, including "FLATPAK_GL_DRIVERS".

Closes: https://github.com/flatpak/flatpak/issues/5278
2023-10-27 17:09:52 +01:00
Dor Askayo
df4e98fc15 instance: Add flatpak_instance_get_run_environ()
This private function returns the environment in which flatpak-run
was executed for a given FlatpakInstance.
2023-10-27 17:09:52 +01:00
Dor Askayo
5a7ea354d3 context: Use flatpak_parse_env_block()
No change in behavior, except minor wording of the error message.
2023-10-27 17:09:52 +01:00
Dor Askayo
2804cd4116 utils: Add flatpak_parse_env_block()
This function can be used to parse environment variable blocks in
"env -0" format from a buffer. It performs a few format checks during
its parsing and returns an error if an issue is found.

When successful, it returns a string array containing each individual
environment variable parsed from the buffer, in the same format as
the return value of g_get_environ().

The implementation of this function is based on
flatpak_context_parse_env_block().
2023-10-27 17:09:52 +01:00
Dor Askayo
c262e5ff0b run: Save flatpak-run environment
Save the environment in which flatpak-run was executed in the private
instance directory.

The environment is saved in "env -0" format.
2023-10-27 17:09:52 +01:00
Dor Askayo
c5a4ec0fa9 instance: Create private instance directory
Unlike the instance directory, whose directory structure is
considered public API and is mounted in the sandbox, the private
instance directory is meant to hold private data or metadata about
an instance for use by internal components.

The private instance directory is not meant to be shared with any
external component, and provides no guarantees about its structure
or contents.

While the public instance directory is named "<instance-id>", the
private instance directory is named "<instance-id>-private". Both the
public and private instance directories share the same parent
directory.

The private instance directory relies on the same lock file as the
public instance directory, and both are garbage-collected together.
2023-10-27 17:09:52 +01:00
Dor Askayo
2ba322b1c0 instance: Extract lock creation logic and reverse checks
This allows extending the instance ID allocation logic with less
impact on readability.

No change in behavior.
2023-10-27 17:09:52 +01:00
lumingzh
5a247b0d41 Update zh_CN.po file 2023-10-24 14:21:25 +01:00
Sabri Ünal
d2247448d9 Update Turkish translation
Align the translations for 'Bus' with the official GNOME translations.
2023-10-24 14:19:15 +01:00
Matthias Klumpp
c0c466f269 Adjust to AppStream 1.0 API changes 2023-10-24 14:17:48 +01:00
Sebastian Wick
08090f90c7 flatpak-run-wayland: Change security-context sandbox engine name
To align with work in D-Bus, the security-context's sandbox engine names
are now supposed to follow the reverse-DNS style.

This change should be fine because there has not been a release of
flatpak with security-context support, yet.
2023-10-24 14:16:48 +01:00
Bastien Nocera
c2045cbded ci: Set the locale under which to run tests
Rather than expecting a particular locale to already be set.
2023-10-13 14:44:46 -03:00
Bastien Nocera
14c548301c dir: Get user's languages from AccountsService
Instead of getting it from locale environment variables as
g_get_language_names() and derivates do.
2023-10-13 14:44:46 -03:00
Bastien Nocera
dfba3853c7 dir: Use AccountsService to get system languages
Use the new GetUsersLanguages() method from AccountsService to get the
list of all the locales that each user is interested in.

See https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/99

Closes: #5006
2023-10-13 14:44:46 -03:00
Steveice10
b8d8d80c61 flatpak-run: Unset VK_DRIVER_FILES and VK_ICD_FILENAMES
These environment variables inform the Vulkan loader on where to find driver files.
Since they typically point to locations on the host filesystem, any application that
attempts to load Vulkan within the flatpak sandbox would break with these set.
2023-10-08 11:33:57 -05:00
Georges Basile Stavracas Neto
6a57fa42e4 tests: Check if program exists before using it
The tests/make-test-runtime.sh scripts sets '-e' in lieu of
implementing useful error checking, but doesn't actually check
if the programs it uses exist in the first place; and aborts
silently when they're not available.

It is more useful to warn about them, and stop execution earlier.
This leaves some leftover files, but arguably that's better than
leaving leftover files AND people scratching their heads.

Warn about missing required programs.

Related: https://github.com/flatpak/flatpak/issues/5020
2023-10-04 13:04:08 +01:00
Dor Askayo
f66b1ecb74 revokefs: Use glnx_opendirat_with_errno()
No change in behavior.
2023-09-22 14:32:17 +01:00
Dor Askayo
0eeaacaf63 portal: Use glnx_opendirat()
Also print error message in case the operation fails.

No change in behavior apart from printing the error message.
2023-09-22 14:32:17 +01:00
Dor Askayo
1dc334c8a9 instance: Use glnx_opendirat() where possible
Doing so adds the following flags to the openat() call:
O_RDONLY | O_NONBLOCK | O_NOCTTY

And removes the following flag: O_PATH

Also let libglnx handle the error message formatting.
2023-09-22 14:32:17 +01:00
Timo Eisenmann
02bef871c0 remote-info: Fix call to flatpak_dir_load_appstream_store()
Use architecture instead of id in call to
flatpak_dir_load_appstream_store ().

Without this, remote-info does not show AppStream metadata.

Fixes: adb3b61f "decomposed: Return FlatpakDecomposed from flatpak_dir_find_remote_ref()"
2023-09-18 19:42:13 -05:00
Philip Withnall
d6b10c26ef utils-http: Add transfer speed timeout for libcurl HTTP downloads
There was already a timeout set using `CURLOPT_CONNECTTIMEOUT`, but that
only affects the initial connection. Once a HTTP connection is
established, the timeout is ineffective.

That means that once a HTTP connection is established, there is no bound
on the length of time a download can take. Sometimes, downloads drop to
very low speeds (for Networking Reasons) and we need a way to give up on
a download if that happens.

So, set a low speed limit of 10KB/s for 60s. If a curl download goes
more slowly than this, it will be considered timed out, and the
`CURLE_OPERATION_TIMEDOUT` code path will be taken.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: https://github.com/flatpak/flatpak/issues/5519
2023-09-15 12:36:25 +01:00
Simon McVittie
106d2065c8 Update NEWS to date
Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-09-10 13:59:24 +01:00
Simon McVittie
e6bd149c25 build: Generate Wayland glue code as private
The `code` argument to wayland-scanner is deprecated in favour of
`private-code`, which marks the symbols as private, avoiding them
leaking into the ABI of `libflatpak.so.0`.

`private-code` was new in wayland-scanner 1.15, which is available in
relatively old LTS distributions like CentOS 7, Debian 10 and
Ubuntu 18.04, and is much older than wayland-protocols 1.32.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-09-10 13:58:53 +01:00
Simon McVittie
bb8afb0328 build: Link Wayland code into full libflatpak-common only
This is only needed in flatpak-run-wayland.c, so we don't need it when
linking ancillary daemons that don't need any of flatpak-run, such as
the portal, session helper, system helper and OCI authenticator.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-09-10 13:58:53 +01:00
Forest
738a0b14de Add --device=input permission
This new permission exposes the host's /dev/input directory, providing
minimal game controller support without resorting to --device=all.
2023-09-08 19:03:24 +01:00
K.B.Dharun Krishna
0e2508a843 CI: bump actions/checkout to v4 2023-09-04 19:49:55 +01:00
Simon McVittie
d42d3e9772 dir: Use g_strv_equal()
This was new in GLib 2.60, but libglnx now provides a backport, so we
can use it unconditionally.

We still need a wrapper because g_strv_equal() is not NULL-safe, but
it's a very thin wrapper now.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-09-04 13:25:32 +01:00
Simon McVittie
5009857b5a Use g_steal_fd()
This was new in GLib 2.70, but libglnx now provides a backport, so we
can use it unconditionally.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-09-04 13:25:32 +01:00
Simon McVittie
17202b16e1 Update submodule: libglnx 2023-08-29
* Add g_steal_fd() backport
* Add g_strv_equal() backport
* Disable crash reporting when testing assertions

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-09-04 13:25:32 +01:00
EkaterinePapava
ff9af52b6f po: Add Georgian translation 2023-08-30 12:15:15 +01:00
EkaterinePapava
58b70e31ea Update LINGUAS: Add Georgian 2023-08-30 12:15:15 +01:00
Sabri Ünal
5a9a56b605 Update Turkish translation 2023-08-30 12:10:33 +01:00
Kukuh Syafaat
601e6e43a6 Update Indonesian translation 2023-08-30 12:09:27 +01:00
Philip Goto
431b79f52e Add Dutch translation 2023-08-30 12:08:52 +01:00
Simon Ser
f0e626a4b6 common: add support for Wayland security context
This exposes a reliable way for Wayland compositors to get
identifying information about a client. Compositors can then
apply security policies if desirable.

See: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68
2023-08-24 12:17:53 +02:00
Simon Ser
b4822e2230 common: split Wayland socket setup to separate file
More complicated setup logic will be added next commit.
2023-08-24 12:17:53 +02:00
Simon Ser
522dd8b911 common: introduce flatpak_bwrap_add_sync_fd
The same logic will be used for Wayland security context.
2023-08-24 12:17:53 +02:00
Adrian Vovk
c6164ab269 meson: Properly install tmpfiles.d config 2023-08-16 11:50:37 +01:00
Simon McVittie
7a55b7c49f app: Use AS_FORMAT_STYLE_CATALOG if available
AS_FORMAT_STYLE_COLLECTION is a deprecated alias for ..._CATALOG, and
was removed entirely in appstream git main (presumably version 0.17
or 1.0).

Resolves: https://github.com/flatpak/flatpak/issues/5472
Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-07-11 13:34:41 +01:00
Simon McVittie
556984e1c1 app: Provide a stub implementation of AS_CHECK_VERSION if needed
Our only code that is conditional on the libappstream version wants
version 0.14.0, which conveniently is exactly the version that
introduced AS_CHECK_VERSION.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-07-11 13:34:41 +01:00
Simon McVittie
ad17979018 tests: Move test coverage for app/ into a new executable
Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-07-03 20:19:00 +02:00
Simon McVittie
ae2579637a app: Move terminal-related utility functions from common into app
These functions are to do with being an interactive, terminal-oriented
CLI/TUI, so it would be inappropriate for library code in libflatpak
to call them, and it would also be inappropriate for daemons like the
session and system helpers to call them.

In fact all calls to these were already isolated to app/, so we can
easily move the terminal-related utilities themselves into app/.

As well as shrinking libflatpak, this makes it obvious that the system
helper does not actually need to call flatpak_disable_fancy_output():
it does not link any code that would be affected by that API call.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-07-03 20:19:00 +02:00
Simon McVittie
36bc1bd382 common: Break circular dependency between context and dir/run
By giving the context a bit more knowledge of which directories Flatpak
uses for what, we can stop it from depending on the dir/run modules,
which themselves depend on FlatpakContext.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-07-03 20:07:57 +02:00
Simon McVittie
a898065a66 common: Move metadata to its own header
This cuts more circular dependencies between flatpak-run and
flatpak-exports.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2023-07-03 20:07:57 +02:00