parse_ref_file() cleared all its out params to NULL, with the exception
of collection_id_out. Make sure to clear this one as well to avoid
surprises in the future.
Fixes commit ae7d96037 that added collection ID support to flatpakref.
In some restrictive environments like Whonix, access to /sys/ is blocked by file
permissions (chmod 0700 /sys). Previously, Flatpak would give bwrap a
command-line that will fail altogether in these locked-down environments.
Instead, fall back to running the app with no access to these /sys
subdirectories.
The application will be unable to enumerate game controllers and similar
hardware devices in this situation, but that's the same limited functionality
that would be seen for a non-sandboxed application.
Resolves: https://github.com/flatpak/flatpak/issues/5138
Include flatpak-ref-utils-private.h explicitly in each remaining
module that needs it (mostly for FlatpakDecomposed).
Signed-off-by: Simon McVittie <smcv@collabora.com>
This further reduces circular dependencies: utils no longer has a
circular dependency with repo-utils or xml-utils.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The declaration was already in flatpak-ref-utils-private.h.
Fixes: 5dae1fc6 "Break out ref helper functions to separate file"
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is a step towards removing the libostree dependency from
flatpak-utils, which should be one of the lowest-level components.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This breaks the circular dependency between flatpak-utils and flatpak-dir.
There is still a circular dependency between flatpak-dir and
flatpak-dir-utils, but I don't want to make flatpak-dir even larger.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is a step towards making flatpak-utils conceptually "smaller"
than all other translation units, with no dependencies beyond GLib and
libglnx. In particular, consolidating all the OCI registry manipulation
into one place means we can build other translation units without
libarchive.
This would also be a step towards being able to provide a build-time
option to build a libostree-only version of Flatpak without the OCI
feature or the direct libarchive dependency, if someone wanted to
implement that.
Signed-off-by: Simon McVittie <smcv@collabora.com>
To include all languages, the languages key must be set to `*all*`, not
`all`. That was apparently intended to provide symmetry with how the
value is represented in the output of `flatpak config`.
These signals can be used by apps to monitor whether they need to emit
signals on the a11y bus or not. This can very significantly reduce
chattery on the a11y bus, and at least WebKit relies on these signals
to be broadcasted in.
The PR https://github.com/flatpak/xdg-dbus-proxy/pull/61 is required
for this changeset to work as expected, but it can land independently
as `--broadcast` is supported by xdg-dbus-proxy.
I was trying to get the `flatpak` for Chimera Linux template to run
tests. However, due to Chimera Linux using core utilities based on
FreeBSD's, some stuff used in the test shell scripts didn't work there
and caused issues. While I eventually gave that endeavour up, I wanted
to upstream the upstreamable changes I had anyway.
When combined with using `git subtree` for our mandatory vendored
dependencies, this avoids differences between what we ship in our git
repository (available to users via `git clone` or by unpacking the
result of `git archive`), and what's in our official source code
releases (which are the result of `meson dist`).
Differences between those artifacts would provide an attractive place
for attackers to hide malware, for example in CVE-2024-3094, so
avoiding differences is a good "nothing up my sleeve" mechanism to
make it less appealing for attackers to target Flatpak.
With default Meson settings, the wrap files will be used automatically
to download our suggested versions of these dependencies, unless
the `-Dsystem_bubblewrap=...`, `-Dsystem_dbus_proxy=...` Meson options
are used. In environments where automatic downloads are disabled via
`-Dwrap_mode=nodownload`, for example many Linux distributions,
specifying a system copy becomes mandatory.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The workflow is the same as for libglnx.
git-subtree-dir: subprojects/variant-schema-compiler
git-subtree-mainline: 96a8e55b85
git-subtree-split: cfc356c38e
Signed-off-by: Simon McVittie <smcv@collabora.com>
This makes the flatpak project more self-contained, and would have
avoided the problems we encountered with unintended changes in the
1.14.7 release. See <https://diziet.dreamwidth.org/14666.html> for an
opinionated description of some of the problems with submodules.
If we can eliminate submodules altogether, then it will become possible
to build Flatpak from a simple `git clone` or `git archive`, or from the
source tarballs auto-generated by Github (which are equivalent to a `git
archive`), without needing an extra step to populate the submodules. As
well as reducing the support burden from users periodically complaining
that our source releases are incomplete, this is a useful "nothing up
my sleeve" mechanism to make it easy to verify that our source releases
do not contain malicious changes hidden in vendored or generated files,
like the one that made CVE-2024-3094 possible.
Added with:
git remote add --no-tags libglnx https://gitlab.gnome.org/GNOME/libglnx.git
git fetch libglnx
git subtree add -P subprojects/libglnx 202b294e60
git commit --amend -s
To compare with upstream:
git remote add --no-tags libglnx https://gitlab.gnome.org/GNOME/libglnx.git
git fetch libglnx
git diff HEAD:subprojects/libglnx libglnx/master
After checking the diff, updates can be merged into this project with:
git subtree merge -P subprojects/libglnx libglnx/master
git commit --amend -s
The commit merged here is the same one that was previously a submodule.
A subsequent commit will update it to the latest version of libglnx,
demonstrating how to review such updates.
git-subtree-dir: subprojects/libglnx
git-subtree-mainline: 7df25d63dfde9b4755479950f5b87bafe85cd277
git-subtree-split: 202b294e60
Signed-off-by: Simon McVittie <smcv@collabora.com>
This will allow it to be re-added as a `git subtree`, which stores
commit history inline in the flatpak git repository.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This seems like an obvious set of functionality to be grouped together
in service of the wider goal of making flatpak-utils smaller and more
manageable.
Signed-off-by: Simon McVittie <smcv@collabora.com>
