The compiler warning flag which was supposed to warn about this was not
being included in the CFLAGS for these targets. That will be fixed in an
upcoming commit.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This adds a step to the build process to bundle
the module sources, used for building the flatpak,
as a runtime extension.
The sources can then be installed like the
debug or translation runtime.
This also adds an option to flatpak-builder
for specifying sources directories. One can specify
source dirctories with the use-sources argument. This
will skip the download part of the processing
and will extract the sources from the given sources
directory directly for further processing.
Those source directories do need the same
structure as the ones that flatpak-builder
creates during processing in .flatpak-builder
and which is also used in the exported sources
runtime.
This way you can e.g. do network i/o in them.
Thats not a recommended way to do it though, as you work around
a lot of the feature in flatpak-builder like the caching and
verification.
Substituting into a shell command-line without escaping is a bad idea.
If the argument is attacker-controlled, it's a security vulnerability;
if the argument is legitimate-user-controlled (as I think it is here)
it's merely wrong.
We could escape the filename with g_shell_quote(), but it's more
straightforward to take advantage of the shell's argument processing.
The first positional parameter (if given) is $0, and the rest are $@.
Signed-off-by: Simon McVittie <smcv@debian.org>
Without this if you run as root (which is generally a poor idea) it will
extract the sources with the user/group specified on the archive, which
is never what you want when building code.