We pass FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY when running the
sandboxed apply_extra_data script, because otherwise we run into
a crash due to the lack of an .flatpak-info file (and also, because
it is not needed).
Icons are really only a bunch of pngs, and the icon theme specification
has been stable since forever and never broke ABI. So, exposing the
host fonts should be pretty safe, comparable to the fonts that we
already expose.
This ends up being kind of important since a lot of things pick up the
icon theme from the host. In particular, it means that libXcursor can pick up
the correct cursor icons for the current cursor theme.
In case the summary file is GPG-signed, we already have other better
ways of verifying expectations around the installed ref.
If the deployed branch does not match xa.ref, simply warn instead of
aborting.
Based on a patch by Dan Nicholson <nicholson@endlessm.com>
Since flatpak can now install from *.flatpak and *.flatpakref files
rather than just remotes, show those files in the bash completion of a
"flatpak install ..." command.
Fixes https://github.com/flatpak/flatpak/issues/672
Many flatpak commands only work on *.flatpak or *.flatpakref files, so
the bash auto completion showing every file is distracting and
unnecessary. This commit makes flatpak only show relevant files when
possible by using the "-G globpattern" compgen option.
For instance, org.my.App.* will now match org.my.App.foo.bar, and even
org.my.App, where it would previously only match org.my.App.foo.
This makes a lot of sense, because it allows you to structure the
subset of the dbus namespace you're granted how you please, and
there is no real security problem with this.
It also matches how arg0namespace works in dbus matches and how the
proposed dbus-implemented filterin works in:
https://bugs.freedesktop.org/show_bug.cgi?id=101902
In this mode all clients get NameOwnerChanged events for all
unique names. This means you can track lifetimes of these, even if
you can't talk to them. This is useful on the a11y bus, because
we want to track when there are any listeners to a particular event,
and this is done my listing unique id:s and tracking them.
This adds a new policy level FILTERED which is betweew SEEN
and TALK. It implies all that SEEN does, but additionally lets
you send method calls to a well known name that matches a
filter which can match against interface name, member name and
object path.
Note: To make the implementation simpler, this does not grant
similar access when sending the peer messages via the unique name,
only when using the well known name does this work.
We'll need this to be able to skip system-mode tests without xattrs.
This partially reverts commit a53a752a35.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This makes it easier to reason about. In the absence of
FLATPAK_SYSTEM_CACHE_DIR, it would use /var/tmp even during tests that
prefer /tmp.
Signed-off-by: Simon McVittie <smcv@collabora.com>
- Replace `if (g_test_verbose ()) g_print("...\n")` with
`g_test_message ("...")`, which prints the message if the test is
either verbose or in TAP mode. Otherwise, post-mortem debugging
of failing tests on an autobuilder is very difficult.
In some cases, since commit f1dbe9bc "tests: Print spawned program
argv in testlibrary" we already had the g_test_message(), but
still had the redundant g_print() too.
- Factor out running a subprocess into a helper function to reduce
duplication.
- Capture invoked subprocesses' stderr and stdout where possible, so we
can log it as diagnostics. Again, this should make it easier to carry
out post-mortem debugging based on autobuilder logs.
Signed-off-by: Simon McVittie <smcv@collabora.com>
