We include the app extension ld.so.conf files before the app
and after that the runtime extension conf files.
This matches what is described in https://github.com/flatpak/flatpak/issues/1075Closes: #1076
Approved by: alexlarsson
We were creating names for all extensions, even those that did
not get a ld.so.conf file created, so the count in was weirdly
inconsistent.
Closes: #1076
Approved by: alexlarsson
We strip PYTHONPATH, PERLLIB, PERL5LIB and XCURSOR_PATH from the
environment in the sandbox, because these kind of path variables
can badly affect the sandbox (e.g. pulling in host-side code).
Closes: #1078
Approved by: alexlarsson
When building the ostree-metadata branch (which only happens when
configured with --enable-p2p), we are supposed to create empty commits
which contain only metadata. However, the code to do this was wrong, and
was instead pulling in all the files from the current working directory
and committing them.
Fix that code to actually create an empty commit.
This could have been a fairly serious bug were it not for the fact that
nobody’s using this code because it’s all experimental.
Spotted as part of https://github.com/ostreedev/ostree/pull/1158.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1066
Approved by: alexlarsson
It's easy to end up with multiple flatpak installations on a system, and
it's not always clear which one(s) flatpak is using. So this commit adds
some debug output in some cases when flatpak opens an installation
directory such as /var/lib/flatpak. This is especially important for
people who build flatpak themselves because if you omit --prefix=/usr
or use --with-system-install-dir your flatpak will look in non-standard
locations like /usr/local/var/lib/flatpak.
If we were to print this every time a flatpak directory is opened, it
would flood the log. So instead add a utility function and use it
strategically. Many flatpak commands will log the directory when they
use flatpak_option_context_parse(), others in
flatpak_find_deploy_for_ref(), and for others the logging has been
added manually.
Closes: #1067
Approved by: alexlarsson
Instead of setting LD_LIBRARY_PATH to make the app load the right
libraries we run ldconfig to generate a ld.so.cache that we feed
to the sandbox as /etc/ld.so.cache. The cache itself is generated
by running ldconfig at run time, but for apps we cache the
result in $HOME/.var/app/$APPID/.ld.so/cache based on the
current app/runtime/extensions commit ids.
We also unset LD_LIBRARY_PATH, to ensure any host-side value
does not mess with the sandbox.
The default ld.so.conf we set (if the runtime has none, or an empty
one) is:
include /run/flatpak/ld.so.conf.d/*.conf
include /app/etc/ld.so.conf
/app/lib
Additionally all the extension points that have add_ld_path set gets a
ld.so.conf snippet in /run/flatpak/ld.so.conf.d.
This allows applications and extensions to install their own paths if
needed, and if the runtime wants more location they can install a
custom ld.so.conf that includes the above.
In the flatpak build case we still use LD_LIBRARY_PATH like before,
because there is no good key (like the commit ids) for keeping the
cache up-to-date. Also, the behaviour is different when building an
app for instance. If /app/lib is not in LD_LIBRARY_PATH then the
sandbox-wide /etc/ld.so.cache must be updated for a newly installed
library to work, but the sandbox is not allowed to update
/etc/ld.so.cache.
This code was originally written by Valentin David <valentin.david@gmail.com>
with changes by Alexander Larsson <alexl@redhat.com>.
Closes: #1073
Approved by: alexlarsson
This is the code needed to set up the symlinks into the runtime
to make stuff work. We will need this separately for minimal runtime
use.
Closes: #1073
Approved by: alexlarsson
This creates a symlink pointing to a target, but if the symlink
already exists, it ensures (atomically) that the previous target
is deleted. This is useful to keep a single-item cache around.
Closes: #1073
Approved by: alexlarsson
We might want to prune the repo from within the library or
the command line and may not be in a privileged context, so
we'll need to jump through the system helper to prune the refs.
Closes: #1034
Approved by: alexlarsson
It might be more efficient to perform this operation at the end of
removing a batch of refs, so perform it there instead.
Closes: #1034
Approved by: alexlarsson
In some cases, we want to include the repo part of the refspec,
for instance, if we are to pass refs directly to flatpak_dir_remove_ref
Closes: #1034
Approved by: alexlarsson
A few fixes worth having, also just testing Homu.
```
Colin Walters (2):
fdio: Open target dirname for glnx_file_copy_at()
lockfile: Use an `initialized` member rather than explicit init
Jonathan Lebon (1):
macros: use size_t for glnx_strjoina len
Philip Withnall (1):
shutil: Fix assertion failure in glnx_shutil_mkdir_p_at()
```
Closes: #1046
Approved by: alexlarsson
We used to only expose symlinks if the path to one was explicitly exposed,
like --filesystem=/symlink, but if you did say --filesystem=/symlink/dir, then
we would make /symlink be a regular directory in the sandbox tmpfs.
This means all exports are fully resolved, which allows use to remove the
workaround for symlinks that we had with sorting by "level".
We also add a FAKE_MODE_DIR, which is used to ensure the homedir is there,
created on tmpfs if needed only, while handling symlinks correctly.
This means that flatpak works well even if $HOME is on a symlink.
If the target of a direct bind, such as $home/.var/app/$appid/ is
a symlink, and the symlink contains absolute pathnames, then they
will not resolve correctly in the bwrap setup code due to the
fact that the final root is on /newroot, not /, so we resolve
the target paths before we call bwrap.
When we're resolving a symlink to see if the destination is visible, then
we have to actually append the rest of the path to look at the final
target, not just the intermediate symlinked directory.
When we hide a directory like that and it is a symlink we need
to hide the symlink target. Additionally, when we're checking
whether we need to mount the tmpfs we need to check that the
target is an actual dir, rather than a symlink to a dir.
Fixes https://github.com/flatpak/flatpak/issues/1032
This is taken in exclusive mode whenever we prune the repo. Anything
that is not protected against object disappearing from the repo can
take the lock in a shared mode to avoid running at the same
time as a prune operation.
The two operations the are problematic in this respect is
Pull:
* During the pull we see that some object we require is already available
and doesn't need downloading. We can't have it be removed before we
commit the transaction.
* During the transaction commit we're moving the object to the
repo, and they risk being pruned as unreachable until we have updated
the ref.
Deploy:
* Once we start checking out a particular ref we assume all the object
from it is reachable. If the ref is updated in parallel some object
can become unreachable and removed.
So, we take shared locks in these operations.
In the prune operation we take the block non-blocking, and skip
the prune entirely if some other operation is outstanding, because
we don't want to block a long time, and its likely that due to the other
operation we will run prune shortly anyway.
Note: Nothing protects the system-helper case when we download to a separate
repo. However, if there is a race we will get an error when importing this
to the system repo, so we'll never end up in an inconsistent state.
Previously we would still try to look up the remote information
to get the correct ref, this might not be supported in a case where
the user does not have an internet connection at the time that
applications are to be installed from the local repository.
This is the first step in increasing the startup performance for
font use in flatpak. Right now every app has its own cache
for the system font dirs, which means they must be fully regenerated
the first time the app starts.
With this we now expose the host system and per-use fontconfig caches
in the sandbox (read-only). This allows the sandbox to re-use caches
from the host, if the runtime fontconfig configuration is correct.
Unfortunately, this doesn't currently work, because the font caches
are looked up based on absolute paths to the font directories and they
are different in the host and the sandbox. There is some work in
progress to fix this in fontconfig here:
https://bugs.freedesktop.org/show_bug.cgi?id=101889
Previously, it was possible to enter ‘ ’ (a space) at a number prompt,
and it would be stripped, passed to is_number() (which would erroneously
return TRUE), then passed to strtol() and the return value used
unconditionally.
Fix that by fixing is_number() to return FALSE for the empty string.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We're scoping the deploy directory by the subpaths these days, so
we need to take that into account when finding the metadata file.
Fixes https://github.com/flatpak/flatpak/issues/1014
We pass FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY when running the
sandboxed apply_extra_data script, because otherwise we run into
a crash due to the lack of an .flatpak-info file (and also, because
it is not needed).
Icons are really only a bunch of pngs, and the icon theme specification
has been stable since forever and never broke ABI. So, exposing the
host fonts should be pretty safe, comparable to the fonts that we
already expose.
This ends up being kind of important since a lot of things pick up the
icon theme from the host. In particular, it means that libXcursor can pick up
the correct cursor icons for the current cursor theme.
In case the summary file is GPG-signed, we already have other better
ways of verifying expectations around the installed ref.
If the deployed branch does not match xa.ref, simply warn instead of
aborting.
Based on a patch by Dan Nicholson <nicholson@endlessm.com>
Many flatpak commands only work on *.flatpak or *.flatpakref files, so
the bash auto completion showing every file is distracting and
unnecessary. This commit makes flatpak only show relevant files when
possible by using the "-G globpattern" compgen option.
