This allows you to add multiple paths at the same time, plus
grant an app access to it, plus it returns the fuse mount path.
This allows you to avoid a lot of roundtrip in common cases.
This removes some duplicated code, and also follows the new
redirect-url property on initial add.
This also means we're requiring gpg signatures to be correct
on remote-add, so fix up the tests
I was seeing this when trying to run flatpak's tests in ostree's CI:
https://github.com/ostreedev/ostree/pull/824
The race here is that the python process can still be writing to the output
while sed is reading it, and hence we'll find a difference on the next line.
Fix this by making a tmp copy of the file, which then both sed and cmp will
read consistently.
I'm not *entirely* sure this will fix the problem as I couldn't easily reproduce
the race locally, but I believe it at least fixes *a* race.
If you run "flatpak update" then we will never update to
a commit that is older than the currently installed one. This
protects against a man-in-the-middle attack that would otherwise
let the attacker downgrade to a previously signed version that
may have some vulnerability.
This makes the ostree trivial-httpd --autoexit feature work better,
because it seems to exit whenever the root directory changes (i.e. not
only when its deleted).
This means the root dir can't be the repo (because then we can't
update the repo), or the base testdir (because we create files there
too), so instead we make the repo $testdir/repos/test and
$testdir/repos as the httpd root.
If the bundle contains an origin link we can now install related
things from it, such as locale data.
You can also build the bundle with --runtime-repo=URL, where the url
points to a flatpakrepo file for a repo with runtimes. This works
similar to the RuntimeRepo= feature in flatpakref files.
Use FLATPAK_TESTS_VALGRIND_LEAKS to check for leaks.
We're not currently passing the leak checks, so this helps letting
us make valgrind checks useful.
This means we don't have to add it to EXTRA_DIST, and also means
we can have generated (non-distributed) test data in future if we
want to.
Signed-off-by: Simon McVittie <smcv@debian.org>
In autobuilder environments that deprive the build of capabilities,
it is entirely possible that we have a system bwrap(1) but cannot
run it, for example because CAP_SYS_ADMIN has been excluded from
the capability bounding set. Tell the tests which bwrap we are
going to run, so we can run it in a simpler way and see whether
it works.
Debian's sbuild autobuilder currently suffers from a different
issue in which pivot_root(2) returns EINVAL, possibly caused by
sbuild being chroot-based and so not having the mount point
structure that is required for pivot_root. This avoids the
problematic build-time tests there too; they work on ci.debian.net,
which uses lxc instead of chroots, and in virtual machines.
Because $(BWRAP) might be non-absolute, we need to search PATH for it.
Signed-off-by: Simon McVittie <smcv@debian.org>
