Icons are really only a bunch of pngs, and the icon theme specification
has been stable since forever and never broke ABI. So, exposing the
host fonts should be pretty safe, comparable to the fonts that we
already expose.
This ends up being kind of important since a lot of things pick up the
icon theme from the host. In particular, it means that libXcursor can pick up
the correct cursor icons for the current cursor theme.
In case the summary file is GPG-signed, we already have other better
ways of verifying expectations around the installed ref.
If the deployed branch does not match xa.ref, simply warn instead of
aborting.
Based on a patch by Dan Nicholson <nicholson@endlessm.com>
Since flatpak can now install from *.flatpak and *.flatpakref files
rather than just remotes, show those files in the bash completion of a
"flatpak install ..." command.
Fixes https://github.com/flatpak/flatpak/issues/672
Many flatpak commands only work on *.flatpak or *.flatpakref files, so
the bash auto completion showing every file is distracting and
unnecessary. This commit makes flatpak only show relevant files when
possible by using the "-G globpattern" compgen option.
For instance, org.my.App.* will now match org.my.App.foo.bar, and even
org.my.App, where it would previously only match org.my.App.foo.
This makes a lot of sense, because it allows you to structure the
subset of the dbus namespace you're granted how you please, and
there is no real security problem with this.
It also matches how arg0namespace works in dbus matches and how the
proposed dbus-implemented filterin works in:
https://bugs.freedesktop.org/show_bug.cgi?id=101902
In this mode all clients get NameOwnerChanged events for all
unique names. This means you can track lifetimes of these, even if
you can't talk to them. This is useful on the a11y bus, because
we want to track when there are any listeners to a particular event,
and this is done my listing unique id:s and tracking them.
This adds a new policy level FILTERED which is betweew SEEN
and TALK. It implies all that SEEN does, but additionally lets
you send method calls to a well known name that matches a
filter which can match against interface name, member name and
object path.
Note: To make the implementation simpler, this does not grant
similar access when sending the peer messages via the unique name,
only when using the well known name does this work.
We'll need this to be able to skip system-mode tests without xattrs.
This partially reverts commit a53a752a35.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This makes it easier to reason about. In the absence of
FLATPAK_SYSTEM_CACHE_DIR, it would use /var/tmp even during tests that
prefer /tmp.
Signed-off-by: Simon McVittie <smcv@collabora.com>
- Replace `if (g_test_verbose ()) g_print("...\n")` with
`g_test_message ("...")`, which prints the message if the test is
either verbose or in TAP mode. Otherwise, post-mortem debugging
of failing tests on an autobuilder is very difficult.
In some cases, since commit f1dbe9bc "tests: Print spawned program
argv in testlibrary" we already had the g_test_message(), but
still had the redundant g_print() too.
- Factor out running a subprocess into a helper function to reduce
duplication.
- Capture invoked subprocesses' stderr and stdout where possible, so we
can log it as diagnostics. Again, this should make it easier to carry
out post-mortem debugging based on autobuilder logs.
Signed-off-by: Simon McVittie <smcv@collabora.com>
As discussed in https://github.com/flatpak/flatpak/issues/975, it is
better to have the temporary repos for installing into the system repo
outside the home directory. This helps in the case when the home
directory is on a different filesystem. In particular it is more
likely to be on the same partition as the system repo in /var/lib.
There are multiple advantages if the two repos are on the same filesystem:
* Less chance of filling up the space on a filesystem that is not
the final target.
* It is possible to use fs operations like reflink or copy_file_range to
optimize the copies from the temporary repo to the system repo.
* The home directory is more often on NFS or other weird filesystem
type.
We no longer use bwrap --die-with-parent by default, because it has
problems due to the semantics of PR_SET_PDEATHSIG. In particular, it
will kill bwrap as soon as *any* thread in the parent exits, not just
the main one.
This caused weird problems in gnome-builder, as seen in:
https://bugzilla.gnome.org/show_bug.cgi?id=783950#c14
It should be safe to use this from single-threaded apps though,
so flatpak-builder can still use it. It just has to explicitly
enable it.
If a flatpakref has this set, for instance:
SuggestRemoteName=gnome-apps
Then flatpak install will ask if you want to configure
this as a "real" remote, rather than an origin remote (which
will only install that app).
This is useful when creating flatpakref files for remotes
that have multiple applications in them, such as e.g. flathub
or the gnome nightly builds. However, it should not be
set of one-application repositories.
