I don't think it makes sense to have to enable this for everything.
It should be safe in the sense that you can't ever do more than
the user can do anyway, and there is no way to use this to communicate
with the rest of the system because you can't read from it.
The worst this could ever cause is to overload the system, but the
sandbox doesn't protect against that in any other way anyway.
One of the variations tested on Debian's reproducible build
infrastructure is that the second build is done in a French locale.
This test fails there, because it doesn't see "Usage:" in the help.
Signed-off-by: Simon McVittie <smcv@debian.org>
This lets distributors share a system copy of bubblewrap (>= 0.1.0)
between Flatpak and any other projects that benefit from it, if they are
careful to keep new versions in sync. The default is still to use the
bundled submodule, ensuring compatibility and simplifying dependencies.
Enable $PATH search everywhere that runs bwrap, so that $BWRAP doesn't
necessarily need to be a fully-qualified path.
Signed-off-by: Simon McVittie <smcv@debian.org>
Otherwise, service activation will start a new xdg-document-portal
(because we're using a private DBUS_SESSION_BUS_ADDRESS), but because
XDG_RUNTIME_DIR is shared with the real system, it won't be able to
mount its filesystem.
We need to unmount the document portal before removing the private
XDG_RUNTIME_DIR.
Signed-off-by: Simon McVittie <smcv@debian.org>
We shouldn't install .test metadata for these, and run them as TAP
test scripts. In glib-tap.mk jargon that makes them "extra scripts".
Signed-off-by: Simon McVittie <smcv@debian.org>
As soon as we get our D-Bus name, we can start receiving method calls. If
we reply immediately, callers will think our mount point is ready.
In particular, if FUSE is unavailable, we want "flatpak run" to proceed
with no document portal; it currently tries and fails to bind-mount the
nonexistent document portal mount-point into the container.
Signed-off-by: Simon McVittie <smcv@debian.org>
Due to an issue with ostree (https://github.com/ostreedev/ostree/pull/362)
applying non-from-scratch deltas fail when using parent_repo such as
in the system-helper case. We fix this temporarily by disabling the
use of deltas for that case.
The xdp-impl-dbus.h header no longer exists - it came from an
earlier version of the document commands branch where I introduced
a separate interface. Just drop the include, it is not needed.