If we use a remote name containing questionable characters
such as newlines or '[', we will run into assertions in
GKeyFile. To avoid that, check that the group name we
pass is valid, and throw an error otherwise.
Found while writing tests.
Closes: #2244
Approved by: alexlarsson
When trying to uninstall a non-installed app, we run
into an assertion, because the code forgets to return
after setting the expected error.
Found while writing tests.
Closes: #2244
Approved by: alexlarsson
Some remote metadata can cause changes to the local configuration for a
remote, but Flatpak is not properly reloading the new config after
making changes. Specifically in flatpak_transaction_update_metadata() we
call flatpak_dir_update_remote_configuration() for each remote and then
try to reload the configuration by calling flatpak_dir_recreate_repo().
The problem is that while this reloads the config instance stored by the
repo member of the FlatpakDir, the FlatpakTransaction object still has
FlatpakRemoteState objects stored which were initialized from the old
config.
A consequence of this is that if a remote repository has the
"ostree.deploy-collection-id" key set in its metadata, the next
install/update operation from that remote will fail with the error
message "Can't pull from untrusted non-gpg verified remote", and then
subsequent operations will succeed. This is because during the first
operation Flatpak will add the collection ID to the local configuration
in flatpak_transaction_update_metadata() but then in
flatpak_dir_install() the outdated FlatpakRemoteState object will be
used which still has no collection ID.
So this commit frees all the stored FlatpakRemoteState objects on the
transaction, so they will be recreated when they're needed (based on the
new config).
Closes: #2243
Approved by: alexlarsson
Write to the systemd journal for basic operations
that modify installations, such as pull, deploy,
uninstall. Include some useful information as
separate fields, such as OPERATION, INSTALLATION,
REMOTE, REF, COMMIT.
We add the logging in the api layer that is used
by the system-helper as well, so that changes
from that side are logged as well.
All logs we write currently use the same message
ID, defined as FLATPAK_MESSAGE_ID in the headers,
for easy retrieval of messages.
If a transaction contains both an install for an app
and an uninstall for the runtime that it needs, error
out, since this is inconsistent.
Closes: #2196
In version 0.99.1 (065053775b) flatpak
stopped inheriting permissions from the runtime, because that made
the story about application permissions way to complicated. What
we want is to have a static set of permissions for the app that
is frozen at install time.
However, inheriting permissions from the runtime makes a lot of sense
as certain permissions are required from the runtime, in particular this
is used by the kde runtime to read the kdeglobals file, etc.
So, to combine the best of the two worlds, we now do inherit permissions,
but at build-time (and you can disable it if you want). This way
kde apps don't have to repeat themselves, but we still get static
application permissions.
Closes: #2230
Approved by: alexlarsson
This exposes a /etc/timezone with the current timezone, as per the old
debian spec: https://wiki.debian.org/TimeZoneChanges
In case we're using the session-helper this will be extracted from
the host config and applied whenever that changes.
Normally timezone info is specified by /etc/localtime being a symlink
into the locale data, and you can look at the symlink value itself.
However, in the sandbox we can't update a symlink in /etc at runtime,
nor can we make it of the canonical form as that would point into the
runtime. This is why /etc/timezone is used.
This fixes https://github.com/flatpak/flatpak/issues/2190Closes: #2214
Approved by: alexlarsson
Currently, if flatpak_installed_ref_get_latest_commit() returns NULL
(which means the ref doesn't exist in the local repo) we assume any
remote commit could be an update in
flatpak_installation_list_installed_refs_for_update() when a collection
ID is not configured on the remote. When a collection ID is configured,
if get_latest_commit() returns NULL it causes a crash in
ostree_repo_load_commit(). So this commit prevents the crash and makes
the behavior in the post-collection-id world consistent with the
behavior in the pre-collection-id world.
It's difficult to write a test for this that's not contrived, without
knowing what circumstances led to the disappearance of the ref from the
repo.
Fixes https://github.com/flatpak/flatpak/issues/2216Closes: #2229
Approved by: alexlarsson
There is a race; flatpak_installation_launch may return
before bubblewrap has written the bwrapinfo.json file.
Make flatpak_instance_get_child_pid() deal with this and
document that the function may return 0 for a little
while.
Currently, the code will happily run an already-executed
transaction again, with dubious outcomes. Just prevent
this from happening.
Closes: #2195
Approved by: alexlarsson
flatpak_installation_modify_remote was not saving the nodeps
state. Found while writing FlatpakTransaction tests.
Closes: #2198
Approved by: alexlarsson
This was found while writing transaction tests.
We were passing error, but trying to use the local_error
message.
Closes: #2198
Approved by: alexlarsson
We were emitting the ::operation-done signal with
different arguments than declared for the signal.
This showed up as test failure when comparing
the result argument.
Closes: #2187
Approved by: alexlarsson
Instead of FLATPAK_ERROR_ABORTED, return G_IO_ERROR_CANCELLED when the
passed in GCancellable gets cancelled. This makes it possible to cancel
updates in gnome-software without getting a generic "Aborted due to
failure" error popup.
Closes: #2178
Approved by: alexlarsson
--device=all really means the device nodes, we should not expose the host
shared memory objects.
This change incidentally fixes issues with --device=all on debian (#2136)
where /dev/shm is a symlink to /run/shm, which doesn't exist in the sandbox.
Closes: #2160
Approved by: alexlarsson
It is not really nice to have g_warnings pop out of
the library left and right, they should be replaced
by proper errors as far as possible. This is a small
start.
Closes: #2150
Approved by: alexlarsson
Add FLATPAK_ERROR_INVALID_DATA and use if for cases where
the incoming data for an update or install is faulty, and
add FLATPAK_ERROR_UNTRUSTED, FLATPAK_ERROR_SETUP_FAILED and
FLATPAK_ERROR_EXPORT_FAILED to cover more error conditions.
Closes: #2150
Approved by: alexlarsson
flatpak_fail is a convenient shortcut, but falls short
for actual error reporting. Use proper G_OPTION_ERROR
error codes here.
Closes: #2150
Approved by: alexlarsson
flatpak_find_deploy_for_ref_in is a variation of
flatpak_find_deploy_for_ref that allows to restrict
what installations to search in.
Closes: #2158
Approved by: alexlarsson
We were exporting files in subdirectories of all the common
directories. This only really makes sense for icons. For
desktop files, D-Bus service files and mime types, we should
only export from the exact directory itself.
Note that this makes us no longer support the obsolescent
vendor-prefix convention of the desktop entry spec, which was
only relevant for KDE4 and breaks app-id matching.
Closes: #2142Closes: #2152
Approved by: alexlarsson
