marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,218 Commits
6 Branches
0 Tags
8.5 MiB
Commit Graph

188 Commits (185fdc194782e24775db22c26a79687b1598be01)

Author SHA1 Message Date
Alexander Larsson 8d4393a7aa build-update: Add installed/download size and metadata cache to summary 2016-04-14 13:53:24 +02:00
Alexander Larsson 3187c0c142 appstream: Don't create new commit for unchanged appstream branch 2016-04-14 11:57:13 +02:00
Alexander Larsson 9ba4030564 Fix crash 2016-04-12 16:19:31 +02:00
Alexander Larsson ba0363bd2a Handle empty subpaths 2016-04-12 16:17:58 +02:00
Alexander Larsson 3cc45ccf13 Add support for subpath limited installs 
This allows you to install e.g. org.freedesktop.Platform.Locale
but only the /sv subdir, and replaces using separate branches for
each locale.
 2016-04-07 20:36:53 +02:00
Alexander Larsson 4beaa990c2 Don't ostree pull while deploying 
This makes no sense, callers should be calling xdg_app_dir_pull() before
 2016-04-06 16:57:31 +02:00
Alexander Larsson 33e09be5c9 helper: Use 64bit capset/capget versions 
This fixed kernel warnings about 32bit capabilities APIs on some distros.
 2016-03-30 10:23:07 +02:00
Alexander Larsson 762d1a6295 seccomp: Allow running the target arch 
This adds the app target arch to the list of the allowed arches
in seccomp. It also allows the native arch, because otherwise
xdg-app-helper can't run.

This means that if your userspace (i.e. xdg-app-helper) is built in
64bit mode, then 64bit apps can't run 32bit apps. However, if you're
running a 32bit app it is allowed to run both 32bit and 64bit apps.

Not ideal, but at least the common case is safer.
 2016-03-24 21:04:01 +01:00
Alexander Larsson c25786ffa1 seccomp: Always try to do the socket filtering, but don't fail if not supported 
This is better than guessing if it will work before.
However, we need to add the rule with _rule_add_exact, or it can try
to do something else which breaks the app.
 2016-03-24 21:04:01 +01:00
Alexander Larsson 5ce0184cc7 Support endianness markers in bundle files 2016-03-24 11:04:23 +01:00
Giovanni Campagna b4de1f15a7 Extract icons for all appstream components 
Not just the one with the name exactly matching the app id
 2016-03-21 19:07:36 -07:00
Alexander Larsson 1b1e8c26a2 Prefer non-subdir extensions over subdir ones. 
This allows us to have e.g. org.*.Locale that contains *all* the locales.
 2016-03-21 16:37:51 +01:00
Alexander Larsson f031650e2d Don't unnecessarily grow the buffer when loading files. 2016-03-14 16:21:55 +01:00
Alexander Larsson 56f0ffcb2b Avoid warning about refing null GVariant 2016-03-14 14:26:05 +01:00
Alexander Larsson 2f01bb3aaa Don't enumerate noenumerate remotes 2016-03-14 09:51:36 +01:00
Alexander Larsson 765c0af2fe Ensure that the .ref file is always replaced 
We need a unique inode in the deploy dir, if it is hardlinked the file
lock will be shared.
 2016-03-02 11:03:51 +01:00
Thibault Saunier 8aa1effe26 Force /bin/sh as a shell 
https://bugs.freedesktop.org/show_bug.cgi?id=94333
 2016-03-02 09:50:41 +01:00
Alexander Larsson 26c2bb1b81 lib: Add xdg_app_bundle_ref_get_installed_size() 2016-02-25 21:34:44 +01:00
Alexander Larsson ef14c9f8db common: Add and use xdg_app_appstream_xml_root_to_data 2016-02-25 19:38:08 +01:00
Alexander Larsson 7ac2722800 common: Add xdg_app_read_stream helper 2016-02-25 19:34:04 +01:00
Alexander Larsson 73defceec6 common: Break out xml appstream rewriting to helper functions 2016-02-25 18:26:40 +01:00
Alexander Larsson c84ebe0440 Support --filesystem=xdg-run/foo 2016-02-25 17:11:37 +01:00
Alexander Larsson 26cd90e100 Allow specifying subdir of xdg dir, like: --filesytem=xdg-download/subdir 2016-02-25 16:51:45 +01:00
Alexander Larsson 6c5e1a8a92 Fix some compiler warning (unused vars) 2016-02-25 16:09:49 +01:00
Alexander Larsson 382ae396b3 lib: Add xdg_app_installation_install_bundle 2016-02-25 16:05:13 +01:00
Alexander Larsson eadb10cba7 common: Move part of bundle install to helper functions 2016-02-25 11:31:22 +01:00
Alexander Larsson cbf3d25440 Remove unused variable 2016-02-24 14:33:00 +01:00
Alexander Larsson 4c6a05aba1 common: Break out bundle loader to helper utility 2016-02-24 14:16:52 +01:00
Alexander Larsson c071916ac8 Make /run/build and /run/build-runtime symlinks to the right place 2016-02-23 14:13:58 +01:00
Alexander Larsson 1e83b2c021 Fix xml printing of nodes with no children 2016-02-19 14:57:53 +01:00
Alexander Larsson 593bca9fb9 When deploying, always make /etc/resolve.conf a symlink into the monitor dir 
This way we can use the deployed etc dir instead of having to create
our own.
 2016-02-19 11:31:18 +01:00
Alexander Larsson 01bfb2e996 helper: Put monitor path in /run/host instead of /run/user/$uid 
This means we can always find it in a fixed place, and thus we can
have a static symlink pointing to this.
 2016-02-19 11:24:32 +01:00
Alexander Larsson eb2edc578a Fix use after free 2016-02-19 09:48:18 +01:00
Alexander Larsson d62a731cd4 Always create /etc/passwd,group,resolve.conf,machine-id when deploying 
This means we can rely on these and bind-mount on top of them when
running.
 2016-02-18 22:43:14 +01:00
Alexander Larsson 6428fcce45 common: Add XDG_APP_CP_FLAGS_MOVE support 2016-02-18 17:31:43 +01:00
Alexander Larsson abdbb17a72 Remove all appstream checkouts and mirrored refs when deleting remote 2016-02-18 12:54:40 +01:00
Alexander Larsson 5a7e894edd appstream: Add runtime, sdk and tags to appstream xml 2016-02-17 16:21:20 +01:00
Alexander Larsson c01ec3fae5 deploy: Add metadata tags to exported desktop files. 2016-02-17 15:24:30 +01:00
Alexander Larsson be4b6b8013 helper: drop caps in launcher 
We don't need any capabilities in the launcher when waiting for the child
to die, so drop them as early as possible.
 2016-02-15 10:54:49 +01:00
Alexander Larsson e26bf79857 Make system repo bare-user too, to avoid any chance of creating setuid bits 
There is no real reason for the system repo to be plain "bare" anyway,
bare-user works fine for us.
 2016-02-12 17:17:36 +01:00
Alexander Larsson c0a18e38c8 Work around race when doing first initial appstream checkout. 
Whenever we finish the first update of appstream for a remote we
touch the toplevel appstream directory. This avoids an race-like issue
where you can't put a watch on the non-existant timestamp file for
a remote before it is created.
 2016-02-12 13:03:24 +01:00
Alexander Larsson 767b89cd71 Revert "When rewriting Exec lines, don't use full bindir" 
This is not right, dbus service files need an absolute path.

This reverts commit 23cd97a919.
 2016-02-11 13:31:05 +01:00
Alexander Larsson 23cd97a919 When rewriting Exec lines, don't use full bindir 
This breaks for instance when installing an app from inside a sandbox,
or when installing it with an out-of-tree xdg-app build that would not
necessary be used later. Instead rely on the PATH to pick up the right one.
 2016-02-11 11:30:41 +01:00
Alexander Larsson fc986d7814 helper: If stdout is a tty, mount tty as /dev/console 
This means ttyname() works in the sandbox. We already have access
to the tty via stdin, so this will not elevate privs.
 2016-02-10 14:48:56 +01:00
Alexander Larsson 0c9d1538c9 Add option to disable sandbox triggers 
This is not something you should normally do, but the gnome-software
app needs this, as recursive sandboxes don't work.
 2016-02-09 15:02:56 +01:00
Alexander Larsson 5dfc59ee02 Pass location of exports to triggers as arg1 
This changes nothing but is a preparation for later changes
 2016-02-09 14:50:35 +01:00
Alexander Larsson 51fcc6e281 install: Fix assertion on runtime install 2016-02-09 11:48:33 +01:00
Alexander Larsson 8f6e6c0dab Make sure we export files during install 
is_data was never set to true, so we didn't run the exports
during install.
 2016-02-09 10:32:36 +01:00
Alexander Larsson 22522c2ac6 Make arches canonical 
Mostly we just pass on the uname() machine, but for arm, x86
and mips we need some special handling.
 2016-02-08 12:52:46 +01:00
Alexander Larsson dd1e967b60 Don't export app-info files 
Also, pick up the non-exported files when updating the appdata branch
 2016-02-08 10:19:30 +01:00
Timm Bäder fbcdb07768 app-utils: typo 2016-02-03 15:43:49 +01:00
Alexander Larsson 2d85126fc4 Add app-path to the xdg-app-info in the sandbox 
This lets you find where the host can see your files.  This is useful
for instance when you want an external app (such as a help reader) to
read your files.
 2016-02-03 14:12:36 +01:00
Alexander Larsson 05f79d8d66 common: Always resolve active symlink when looking up deploy dir 2016-02-03 14:12:08 +01:00
Alexander Larsson 8144a70bd7 helper: Make ~/.local/share/xdg-app writable again (if you have homedir access) 
This makes the gnome-software app work, and if you have homedir access
you have all sort of ways to mess up apps anyway, so this is fake security.
 2016-02-01 21:39:20 +01:00
Alexander Larsson a754db12a2 Merge pull request #106 from smcv/symbol-hiding 
Hide non-public symbols from libglnx and libxdgapp-common
 2016-01-29 09:01:37 +01:00
Alexander Larsson 4ac5befb7f Support a proxy on the system bus similar to the one on the session bus 2016-01-29 08:50:11 +01:00
Simon McVittie 73b0adfe0a Hide non-public symbols from libglnx and libxdgapp-common 
This avoids exporting glnx_*, calc_sizes(), etc. However, we do want to
export xdg_app_error_quark(), so do that.

Signed-off-by: Simon McVittie <smcv@debian.org>
 2016-01-28 23:43:30 +01:00
Alexander Larsson a12bb89c9c utils: Fix nul termination of xdg_app_spawn output 
The terminating zero byte was written after the output stream
was closed, so it never got added to the string.
 2016-01-28 16:20:59 +01:00
Alexander Larsson 96d9204f86 helper: Update the error messages to not refer to --disable-userns 2016-01-28 14:38:59 +01:00
Alexander Larsson 225c359128 Fix include order to build with older libsoup versions 2016-01-28 14:35:46 +01:00
Alexander Larsson a741ba418f Finish the optional xauth work 2016-01-28 14:34:22 +01:00
Alexander Larsson 927e3cab48 Make xauth use optional 
This is not needed on some Xservers, and not if you're only building stuff.
So, lets make it optional.
 2016-01-28 12:01:08 +01:00
Alexander Larsson f8d502ad19 Require some way to set cgroup for apps (currently systemd --user) 
When the portal looks up the peer app id it needs to know whether it
can trust that the cgroup path would be set, so that it can tell
whether the app is sandboxed or trusted. We used to check if the
cgroup was session-$uid.slice, and if so it was trusted, but this
failed in the case of per-user dbus (not per-session) where
e.g. gnome-terminal would be outside the session.

Now we just fail if we can't set up a cgroup, thus whenever the cgroup
path is not right we know that the app is trusted.
 2016-01-28 11:15:58 +01:00
Alexander Larsson 6349b3ffc1 helper: Make user namespace support vs setuid a runtime, not build-time option 
We now check at runtime if we have raised privs, and only if not so do we try
to use unprivileged user namespaces. This means you can build xdg-app however,
and then setuid/setcap the binary however you want afterwards.
 2016-01-28 09:43:45 +01:00
Alexander Larsson 4671149722 update-repo: Escape text when writing xml 2016-01-25 13:13:24 +01:00
Alexander Larsson 4eb7b14996 update-appstream: Fix crash in case there are no 128x128 icons 2016-01-24 21:26:40 +01:00
Alexander Larsson a95c99270a Move the GZlib* autoptr backport to libglnx 2016-01-22 15:30:48 +01:00
Alexander Larsson a7b2f05a6a dir: Properly finish OstreeAsyncProgress objects 2016-01-22 15:12:05 +01:00
Alexander Larsson 85aef6666e XdgAppDir: Make sure we always constole end status lines that we start 2016-01-22 15:01:09 +01:00
Alexander Larsson 47fb77ec45 common: fix handling of no_chown in xdg_app_cp_a 2016-01-22 11:58:00 +01:00
Alexander Larsson b099dc7021 common: Add xdg_app_cp_a 2016-01-22 11:43:58 +01:00
Alexander Larsson 33fba3c67e xdg-app-utils: Add autocleanup for GZlib* 2016-01-22 10:55:01 +01:00
Alexander Larsson 64da5f5602 utils: Extract the xml helpers 2016-01-21 21:37:29 +01:00
Alexander Larsson 455d3a7b29 build-update-repo: Update the appstream using a GMarkup parser on the app-info files 2016-01-21 21:16:37 +01:00
Alexander Larsson 8da9d592ba appstream: Add timestamp which is updated each time the appstream is pulled 2016-01-20 15:14:01 +01:00
Alexander Larsson bc892f1745 run: Use the new xdg_app_list_extensions helper 2016-01-20 14:00:49 +01:00
Alexander Larsson d959ed016c common: Add xdg_app_list_extensions util 2016-01-20 14:00:49 +01:00
Alexander Larsson c6df1665a6 appstream: Don't try to remove old appstream if it doesn't exist 2016-01-19 22:05:16 +01:00
Alexander Larsson 0b8515ac07 update-appstream: Don't fail badly if remote has not appstream branch 2016-01-19 21:58:44 +01:00
Alexander Larsson 2bede34952 lib: Add getter for installed size on InstalledRef 2016-01-19 15:05:06 +01:00
Alexander Larsson 071561637a Remove unused variables 2016-01-19 12:37:51 +01:00
Alexander Larsson 24ec8445a3 override: Fix error if override file doesn't already exist 2016-01-19 12:09:54 +01:00
Alexander Larsson 6e204a4d2e Add support to gpg sign summaries and appstream 2016-01-18 21:36:57 +01:00
Alexander Larsson de7e19e40f The plural of appdata is appstream 2016-01-18 21:06:42 +01:00
Alexander Larsson d114069b8a XdgAppDir: Document some args to xdg_app_dir_fetch_sizes 2016-01-15 16:06:26 +01:00
Alexander Larsson 51e9fa2b8d build-update-repo: Add --appdata update option 2016-01-15 15:59:22 +01:00
Alexander Larsson cd2c5af974 build-repo-update: Update appdata branch using appdata-builder 2016-01-15 14:39:11 +01:00
Alexander Larsson a79ea2e890 common: Add XdgAppTempDir which cleans up temporary directories 2016-01-15 12:04:46 +01:00
Alexander Larsson cb971722fe Better handling of the title in the summary 
Now we store the title in the repo config and re-apply it every time
we regenerate the summary.
 2016-01-14 21:26:51 +01:00
Alexander Larsson 839c5ca885 XdgAppDir: Add helper to fetch the size info for a commit 2016-01-14 16:45:28 +01:00
Alexander Larsson f7a1fdaa99 xdg-app: Deprecate install/update/uninstall-app/runtime 
We just have install/updata/uninstall and have --app and --runtime
options if you really want to specify the type. Otherwise we just
automatically chose the right thing.
 2016-01-13 15:34:08 +01:00
Alexander Larsson a241610793 helper: Align help output 2016-01-12 11:21:14 +01:00
Alexander Larsson 5c578946bf helper: Allow specifying initial cwd 2016-01-12 10:39:03 +01:00
Alexander Larsson b60e81271e helper: Add missing arguments to usage output 2016-01-12 10:33:43 +01:00
Alexander Larsson 1934562ca2 run: Be more flexible with --runtime option, and add --runtime-version 
This makes it easier to experiment with running an app with a
different runtime.
 2016-01-12 09:57:20 +01:00
Alexander Larsson 5a905d913c helper: Print nicer error messages when user namespaces don't work. 2016-01-12 09:33:55 +01:00
Alexander Larsson e2b347ba76 run: Fix support for app extensions 2016-01-11 15:34:54 +01:00
Alexander Larsson b4fbb84f0a common: Move path_match_prefix to common 2016-01-11 13:56:07 +01:00
Alexander Larsson 6ddee9905b build-export: Add --runtime commit support 2015-12-21 15:38:42 +01:00
Alexander Larsson d99c4f6568 XdgAppDir: Remove leftover spew 2015-12-21 13:21:01 +01:00