Add an --allow option to build-finish

Change the default [Environment] that is written to be all locked up. The --allow option can be used multiple times, to override specific keys to be more permissive.
2015-01-16 10:57:40 -05:00 · 2015-01-16 10:57:40 -05:00 · 2630d8bda3
parent 123b0f34d4
commit 2630d8bda3
2 changed files with 49 additions and 17 deletions
--- a/doc/xdg-app-build-finish.xml
+++ b/doc/xdg-app-build-finish.xml
@ -46,11 +46,11 @@
        <para>
            The result of this command is that desktop files, icons and
            D-Bus service files from the <filename>files</filename> subdirectory
-            are copied to a new <filename>export</filename> subdirectory,
-            a <literal>command</literal> key and a permissive
-            <literal>[Environment]</literal> group are added to the
-            <filename>metadata</filename> file, and the <filename>var</filename>
-            subdirectory is removed.
+            are copied to a new <filename>export</filename> subdirectory. In the
+            <filename>metadata</filename> file, the command key is set in the
+            [Application] group, and the supported keys in the [Environment]
+            group are set according to the options.
+            The <filename>var</filename> subdirectory is removed.
        </para>
        <para>
            You should review the exported files and the application metadata
@ -81,7 +81,19 @@
                <term><option>--command=COMMAND</option></term>

                <listitem><para>
-                    The command to use.
+                    The command to use. If this option is not specified,
+                    the first executable found in <filename>files/bin</filename>
+                    is used.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--allow=KEY</option></term>
+
+                <listitem><para>
+                    Set the KEY in the [Environment] group to true. KEY must
+                    be one of: x11, ipc, pulseaudio, system-dbus, session-dbus,
+                    network, host-fs, homedir.
                </para></listitem>
            </varlistentry>

@ -108,14 +120,13 @@
        <title>Examples</title>

        <para>
-            <command>$ xdg-app build-finish /build/my-app</command>
+            <command>$ xdg-app build-finish /build/my-app --allow=x11 --allow=ipc</command>
        </para>
 <programlisting>
 Exporting share/applications/gnome-calculator.desktop
 Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
 More than one executable
 Using gcalccmd as command
-Adding permissive environment
 Please review the exported files and the metadata
 </programlisting>

--- a/xdg-app-builtins-build-finish.c
+++ b/xdg-app-builtins-build-finish.c
@ -12,9 +12,11 @@
 #include "xdg-app-utils.h"

 static char *opt_command;
+static char **opt_allow;

 static GOptionEntry options[] = {
  { "command", 0, 0, G_OPTION_ARG_STRING, &opt_command, "Command to set", "COMMAND" },
+  { "allow", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_allow, "Environment options to set to true", "KEY" },
  { NULL }
 };

@ -91,6 +93,12 @@ update_metadata (GFile *base, GCancellable *cancellable, GError **error)
  gs_free char *path = NULL;
  gs_unref_keyfile GKeyFile *keyfile = NULL;
  GError *temp_error = NULL;
+  const char *environment_keys[] = {
+    "x11", "ipc", "pulseaudio", "system-dbus", "session-dbus",
+    "network", "host-fs", "homedir", NULL
+  };
+  const char *key;
+  int i;

  metadata = g_file_get_child (base, "metadata");
  if (!g_file_query_exists (metadata, cancellable))
@ -156,15 +164,28 @@ update_metadata (GFile *base, GCancellable *cancellable, GError **error)
        }
    }

-  g_print ("Adding permissive environment\n");
-  g_key_file_set_boolean (keyfile, "Environment", "x11", TRUE);
-  g_key_file_set_boolean (keyfile, "Environment", "ipc", TRUE);
-  g_key_file_set_boolean (keyfile, "Environment", "pulseaudio", TRUE);
-  g_key_file_set_boolean (keyfile, "Environment", "system-dbus", TRUE);
-  g_key_file_set_boolean (keyfile, "Environment", "session-dbus", TRUE);
-  g_key_file_set_boolean (keyfile, "Environment", "network", TRUE);
-  g_key_file_set_boolean (keyfile, "Environment", "host-fs", TRUE);
-  g_key_file_set_boolean (keyfile, "Environment", "homedir", TRUE);
+  g_debug ("Setting environment");
+
+  for (i = 0; environment_keys[i]; i++)
+    {
+      key = environment_keys[i];
+      g_key_file_set_boolean (keyfile, "Environment", key, FALSE);
+    }
+
+  if (opt_allow)
+    {
+      for (i = 0; opt_allow[i]; i++)
+        {
+          key = opt_allow[i];
+          if (!g_strv_contains (environment_keys, key))
+            {
+              g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key);
+              goto out;
+            }
+
+          g_key_file_set_boolean (keyfile, "Environment", key, TRUE);
+        }
+    }

  if (!g_key_file_save_to_file (keyfile, path, error))
    goto out;