This is a step towards removing the libostree dependency from
flatpak-utils, which should be one of the lowest-level components.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This breaks the circular dependency between flatpak-utils and flatpak-dir.
There is still a circular dependency between flatpak-dir and
flatpak-dir-utils, but I don't want to make flatpak-dir even larger.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is a step towards making flatpak-utils conceptually "smaller"
than all other translation units, with no dependencies beyond GLib and
libglnx. In particular, consolidating all the OCI registry manipulation
into one place means we can build other translation units without
libarchive.
This would also be a step towards being able to provide a build-time
option to build a libostree-only version of Flatpak without the OCI
feature or the direct libarchive dependency, if someone wanted to
implement that.
Signed-off-by: Simon McVittie <smcv@collabora.com>
To include all languages, the languages key must be set to `*all*`, not
`all`. That was apparently intended to provide symmetry with how the
value is represented in the output of `flatpak config`.
These signals can be used by apps to monitor whether they need to emit
signals on the a11y bus or not. This can very significantly reduce
chattery on the a11y bus, and at least WebKit relies on these signals
to be broadcasted in.
The PR https://github.com/flatpak/xdg-dbus-proxy/pull/61 is required
for this changeset to work as expected, but it can land independently
as `--broadcast` is supported by xdg-dbus-proxy.
I was trying to get the `flatpak` for Chimera Linux template to run
tests. However, due to Chimera Linux using core utilities based on
FreeBSD's, some stuff used in the test shell scripts didn't work there
and caused issues. While I eventually gave that endeavour up, I wanted
to upstream the upstreamable changes I had anyway.
This seems like an obvious set of functionality to be grouped together
in service of the wider goal of making flatpak-utils smaller and more
manageable.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Each of these is only needed in one place, so move them there. This is
another step towards the utils module being the lowest-level.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The exports module doesn't actually need these, and this removes a
circular dependency: previously, exports both depended on and was
depended on by dir.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Following on from b8d8d80c61, add more environment variables used by
the Vulkan loader which expect paths to be provided.
These paths are typically referencing the host filesystem; if the user
is referencing paths only available in the sandbox, they can use --env
or overrides for them.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Similar to how b8d8d80c61 inhibited passthrough of environment
variables pointing the Vulkan loader towards a specific ICD, do the same
for the EGL paths used by libglvnd to discover the GL driver to use, as
well as for NVIDIA's EGLStream shim.
These paths are typically referencing the host filesystem; if the user
is referencing paths only available in the sandbox, they can use --env
or overrides for them.
Signed-off-by: Daniel Stone <daniels@collabora.com>
I don't think this env var makes much sense to pass into the sandbox
for similar reasons to LD_LIBRARY_PATH. Libraries from the host
just aren't relevant.
Users can still pass `--env=LD_PRELOAD=/foo` to use this functionality.
The release was prepared under embargo and it wasn't immediately obvious
which day it was going to be released, so I left out the release date
at the time.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Arguably bwrap should exit with status 127 if it can't find the
executable, but right now it exits 1, so we accept any nonzero status.
The implementation was correct, but the comment was wrong.
Fixes: 84984e49 "test-run: Add a reproducer for CVE-2024-32462"
Signed-off-by: Simon McVittie <smcv@collabora.com>
This particular bwrap invocation cannot cause a sandbox escape because
the command to run is hard-coded, but it's more clearly correct if we
pass "--" to every bwrap invocation.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This particular bwrap invocation cannot cause a sandbox escape because
the command to run is hard-coded, but it's more clearly correct if we
pass "--" to every bwrap invocation.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This ensures that the command is not taken to be a bwrap option.
Resolves: CVE-2024-32462
Resolves: GHSA-phv6-cpc2-2fgj
Signed-off-by: Alexander Larsson <alexl@redhat.com>
[smcv: Fix DISABLE_SANDBOXED_TRIGGERS code path]
[smcv: Make flatpak_run_maybe_start_dbus_proxy() more obviously correct]
Signed-off-by: Simon McVittie <smcv@collabora.com>
Otherwise, tests for OCI and the update portal fail with:
/usr/libexec/installed-tests/Flatpak/libtest.sh: line 611: FUSERMOUNT: unbound variable
Fixes: 2cb17b4e "Do not hard-code fusermount, add option or auto-detect instead"
Signed-off-by: Simon McVittie <smcv@collabora.com>
As of LLVM/Clang 18 and LLD18 linker with the -export-dynamic option compilation ends with an error:
cc: error: unknown argument: '-export-dynamic'
For GCC and the default compiler this is not a problem. The problem occurs in Clang/LLD 18.
Fix tested on Mandriva via 39f1c03e91
