marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
892 Commits
6 Branches
0 Tags
8.5 MiB
Commit Graph

144 Commits (9a6bf9505402df3e15541106ecf82dd48187d43b)

Author SHA1 Message Date
Alexander Larsson c382cfc212 lib: Fix compiler warning in test app 2015-12-15 08:44:50 +01:00
Alexander Larsson e9d713cb96 lib: Better fix for old glib 2015-12-15 08:37:24 +01:00
Alexander Larsson ca06b3e66f lib: Fix build with older glib 2015-12-14 22:01:21 +01:00
Alexander Larsson 4177f358cb common: Make it explicit that XdgAppError are portal errors 2015-12-08 12:16:38 +01:00
Alexander Larsson a28ced36c7 lib: Add xdg_app_installation_load_app_overrides() 2015-12-08 11:48:22 +01:00
Alexander Larsson 8d576298ca lib: Minor indentation cleanups 2015-12-08 11:02:32 +01:00
Alexander Larsson a62f64d265 lib: Add xdg_app_remote_ref_fetch_metadata_sync helper 
This does direct soup access on the repo. Not ideal, but good for now.
 2015-12-08 11:01:13 +01:00
Alexander Larsson ef93bd8d15 lib: Fix declaration of xdg_app_installed_ref_load_metadata 
We changed this to not be const
 2015-12-07 16:36:08 +01:00
Alexander Larsson 0fe5f6552a lib: Add XdgAppDir to RemoteRef private 2015-12-07 16:35:53 +01:00
Alexander Larsson d987501e02 lib: Always load installed ref metadata each time 
This is needed in case it changes over time.
 2015-12-07 16:31:01 +01:00
Alexander Larsson 188bb00b1b lib: xdg_app_remote_fetch_ref_sync 
For now this downloads the summary file each time.
 2015-12-07 16:17:06 +01:00
Alexander Larsson 6558c812af lib: Add some more debug spew to test-lib 2015-12-07 16:16:43 +01:00
Alexander Larsson eca699ca5a lib: Rename xdg_app_remote_list_refs to xdg_app_remote_list_refs_sync 2015-12-07 16:16:02 +01:00
Alexander Larsson a8a7b28ce9 lib: Add remote_name to XdgAppRemoteRef 2015-12-07 16:14:52 +01:00
Alexander Larsson 5b1931dc8d lib: Add xdg_app_installed_ref_launch() 2015-12-07 13:36:39 +01:00
Alexander Larsson a4df4ff811 lib: Add XdgAppRemoteRef subclass 
This doesn't do anything yet, but its a place to hang remote-specific
ops off.
 2015-12-04 15:35:13 +01:00
Alexander Larsson 5fd830d3b0 lib: Make getters for XdgAppRemote return copies of strings for options 
This makes it possible to handle the case when these options change
over time.
 2015-12-04 11:46:32 +01:00
Alexander Larsson 1ba476bcbe Merge pull request #90 from ebassi/introspection 
Introspection
 2015-12-04 11:42:47 +01:00
Alexander Larsson ad7b379398 Add no-enumerate flag to remote and set if for bundle origin remotes 2015-12-04 11:40:51 +01:00
Emmanuele Bassi c09375c855 Annotate transfer rules for ambiguous return values 
This silences all the warnings from the introspection scanner.
 2015-12-04 10:17:39 +00:00
Emmanuele Bassi 52ba736518 Add introspection support to libxdg-app 
We may want to use it from non-C languages.
 2015-12-04 09:55:40 +00:00
Alexander Larsson 2f6fc54897 lib: Use the new remote helpers 2015-12-04 10:49:16 +01:00
Emmanuele Bassi 82fa0659f9 build: Fix include path for builddir != srcdir 
We need to add $(top_builddir)/lib to the inclusion path, otherwise the
build will fail.

This has broken gnome-continuous builds of xdg-app.
 2015-12-04 01:13:45 +00:00
Alexander Larsson 132d1186d9 Initial version of libxdg-app 
This is a highlevel library for working with xdg-app without using
the commandline interface. The primary usecase for this is for
creating a graphical frontend for app installation/update.
 2015-12-03 22:41:16 +01:00
Alexander Larsson 106a5b06ec Rename lib/ to common/ in preparation for public xdg-app library 2015-11-26 22:05:38 +01:00
Alexander Larsson 49af288937 Add standard errors needed for portal 2015-11-26 19:18:58 +01:00
Alexander Larsson 47c705db03 portals: Only give blanket access to session-*.scope systemd cgroup 
This way we won't give false positives if the user systemd session is
not running.
 2015-11-26 17:37:46 +01:00
Alexander Larsson f5cadc018b Support defining read-only filesystem access 
If you do something like "--filesystem=host:ro" you get a read-only mount
of the specified filesystem location.
 2015-11-26 17:22:37 +01:00
Alexander Larsson 612bf0d08c xdg-app run: Fix support for --filesystem=~/dir 
There was a typo here
 2015-11-26 15:37:17 +01:00
Alexander Larsson a16f0251ad Remove unused helper function 2015-11-26 15:25:57 +01:00
Alexander Larsson f710eb9322 Correct license, we're LGPL 2+, not 3+ 
Some files accidentally got the LGPL 3+ header, but we
want to be LGPL2+.
 2015-11-26 14:50:21 +01:00
Alexander Larsson 787fdee634 Handle PWD env var correctly when spawning apps/builds 
Propagate PWD to child, and use it (if correct) instead of getcwd
as the cwd and PWD in the child. This makes things nicer if the
PWD contains a symlink, as we avoid to resolve that symlink.
 2015-11-25 13:43:22 +01:00
Alexander Larsson dcd17f82a5 Add autoptr cleanup backport for SoupUri 2015-11-25 12:39:41 +01:00
Alexander Larsson 7962be90f2 deploy: Explicitly pull from the origin 
If the same branch has been pulled from multiple origins, pick the current
one. This could happen e.g. during update if you change the origin.
 2015-11-16 08:25:47 +01:00
Alexander Larsson c6f4eccd04 lib: Export xdg_app_context_set_session_bus_policy 2015-11-11 11:26:03 +01:00
Alexander Larsson 13b3f19acc Add install-bundle command 2015-11-11 09:38:39 +01:00
Alexander Larsson 368eb5f304 utils: Add xdg_app_supports_bundles 
This uses some hacks to check at runtime if ostree is new enough
to support making bundles.
 2015-11-10 11:57:30 +01:00
Alexander Larsson d3b207a0d6 Create custom /etc/passwd and /etc/group with minimal content 
There is no particular reason to leak the entire host passwd and group
files, as only the users uid/gid is mapped anyway. If fact, injecting
the tty group while also not being allowed to chmod the pty to that group
will make grantpt() fail.
 2015-10-26 17:23:31 +01:00
Christian Hergert f06a09b0f9 helper: unblock SIGCHILD before execvp() of child 
We don't want to block SIGCHILD from being handled by the child process,
as that could be necessary for g_child_watch_add(), waitpid(), or similar.
 2015-10-26 09:07:04 +01:00
Christian Hergert f83224c948 helper: match whitespace to other options 2015-10-26 09:07:04 +01:00
Christian Hergert 14bd531121 helper: give xdg-app process access to /dev/ptmx 
This is needed for posix_openpt() to locate the proper ptmx path. We can
just symlink into /dev/pts/ptmx which is already in the mount namespace.
 2015-10-26 09:07:04 +01:00
Alexander Larsson 64d7c00045 Move dbus invocation peer app detection to lib/ 2015-10-21 10:23:37 +02:00
Alexander Larsson 477de4c217 Always remove all leftover app/runtime traces on uninstall 
Even if there is no deploy directory we make sure to remove any
refs with the same name in the repo, and purge the repo.
 2015-10-19 10:41:47 +02:00
Alexander Larsson 9855ac23b4 utils: Add xdg_app_decompose_ref() 2015-10-19 10:41:47 +02:00
Alexander Larsson c26510295f helper: Also copy extra symlinks from / 2015-10-05 11:24:40 +02:00
Alexander Larsson dbc92635cc helper: Correctly zero terminate symlink targets 2015-10-05 11:24:26 +02:00
Alexander Larsson 208eb7b1aa Propagate Xauthority details to the sandbox if X11 is enabled 
Some xservers out there (like xorg 1.17.1) have a broken server interpreted
local xauth, which causes apps to fail to connect to the xserver.
This fixes that by propagating Xauthority data such as the MIT-MAGIC-COOKIE-1.
 2015-10-01 21:23:23 +02:00
Alexander Larsson eedbeab9d0 helper: Handle existing mounts with escaped characters 2015-10-01 18:59:32 +02:00
Alexander Larsson 279558b6bf cleanup: Simplify code using xdg_app_fail 2015-09-28 16:54:24 +02:00
Alexander Larsson b08f650b07 Add --nofilesystem commandline arg 2015-09-25 17:04:50 +02:00
Alexander Larsson dc6c6826ab utils: Add xdg_app_fail 2015-09-25 17:04:32 +02:00
Alexander Larsson afda9d54c4 list-apps/runtimes: User table printer 2015-09-24 21:36:35 +02:00
Alexander Larsson 66e61764f3 list-remotes: Add support for listing both user and system remotes 2015-09-24 21:36:35 +02:00
Alexander Larsson c40f2ad74e Move table printer to xdg-app-utils.c 2015-09-24 21:36:35 +02:00
Alexander Larsson 41af86dc69 Add xdg-app enter command 
This lets you enter a sandbox and run a command there, which is useful
for debugging purposes.
 2015-09-24 19:23:24 +02:00
Alexander Larsson 1917e1fd38 Make seccomp optional 
Several architectures does not have seccomp yet.
 2015-09-24 14:57:53 +02:00
Alexander Larsson 3240ac6d3f remove some unused code 2015-09-23 13:54:25 +02:00
Alexander Larsson 752b1a0a4b run: Fix handling of which filesystems you can access 2015-09-23 13:53:04 +02:00
Alexander Larsson 727f50e923 xdg-app build: Support extensions 2015-09-22 13:57:20 +02:00
Alexander Larsson 3334c08f6e run: When creating /etc symlinks, don't make symlinks to symlinks 
Instead we just copy the original symlink. This makes things like
/etc/localtime symlink value parsing work.
 2015-09-21 10:43:10 +02:00
Alexander Larsson 5e6960353d Mount nvidia device nodes in sandbox if dri allowed 2015-09-18 14:15:56 +02:00
Alexander Larsson 5065e431a2 run: Allow perf and ptrace in debug and build mode. 
Without this you can't e.g. run a debugger or profiler in the sandbox.
 2015-09-18 14:11:15 +02:00
Alexander Larsson 645c433960 Fix distcheck issues 2015-09-17 20:24:04 +02:00
Alexander Larsson f866097c94 Add XdgAppChainInputStream based on ostree version 
This should really be in some library, but lets just copy it for now.
 2015-09-17 15:27:04 +02:00
Alexander Larsson 7c788adb20 lib: Handle libsoup now having built-in autocleanup support 2015-09-17 10:56:14 +02:00
Alexander Larsson 7ef861cedf Add new override builtin to override app permissions 2015-09-11 16:07:31 +02:00
Alexander Larsson c87e7e4e4f create dirs with 755, not 777 2015-09-11 15:30:39 +02:00
Alexander Larsson 9d1cfd7688 run: Support system overrides as well as per-user 2015-09-11 13:01:39 +02:00
Alexander Larsson c702fa2555 XdgAppContext: Always initialize bitfields 2015-09-11 13:01:06 +02:00
Alexander Larsson 90718549ee run: Read per-app override metadata file 2015-09-09 16:31:49 +02:00
Alexander Larsson 6d98e56c55 run: Never propagate DISPLAY if X socket not requested 
This is just confusing.
 2015-09-09 16:31:07 +02:00
Alexander Larsson 5610b97455 XdgAppContext: Properly handle masking things from parent context 
This allows you to use things like --nosocket in build-finish to
override runtime defaults. But it is also a building block for
later changes.
 2015-09-09 14:11:05 +02:00
Alexander Larsson 60fc11035e db: Fix leak 2015-09-07 11:13:24 +02:00
Alexander Larsson c0e480df94 Add xdg_app_mkstempat 
This is like g_mkstemp except it uses openat
 2015-09-03 22:17:00 +02:00
Alexander Larsson 58fb2c4e50 Markup AUTOLOCK with unused to avoid warnings 2015-09-03 22:16:43 +02:00
Colin Walters 8bbe3b3e41 helper: Add perf and ptrace to seccomp blacklist 
Note that I copied this xdg-app blacklist into linux-user-chroot:
https://git.gnome.org/browse/linux-user-chroot/commit/?id=8cee4ab7345f126d1dec55b7ca1f28e8090a58d3

We should figure out a better way down the line to share code - maybe
we can share a setup-seccomp.c?

Possibly in the long run we'll end up with diverging blacklists, as
linux-user-chroot can be a lot more aggressive, as its primary
audience is build side, not generic applications.  We'll see.

But in this patch I added a big comment on how we should share code,
and in particular credit sandstorm.io for some of these filters.
(Although they may have gotten some of them from Android or Chromium?)

Going back to the high level topic - let's add perf and ptrace to the
blacklist.  We expect profiling to be done from a non-sandboxed
terminal, or a less-restricted IDE type process which can look at the
namespace of other apps and the desktop/kernel.
 2015-09-02 09:08:06 +02:00
Alexander Larsson 6775dc1002 Use g_auto(GStrv) instead of glnx_strfreev 2015-08-31 09:51:48 +02:00
Colin Walters bfeaccb822 Update libglnx, use its copy of backports 
This fixes the build on GLib 2.42 at least - the conditionals for
g_strv_contains() weren't right.  I'm trying to have libglnx also be a
centralized "glib backports" area, so having g_strv_contains() there
is better.
 2015-08-31 09:40:45 +02:00
Alexander Larsson f6657901c4 utils: Add AUTOLOCK macro 2015-08-27 19:42:15 +02:00
Alexander Larsson d442e9bb4c Fix const marking of string arrays. 2015-08-27 16:16:58 +02:00
Alexander Larsson 909aa7a762 Fix error check of policy parsing 2015-08-27 16:16:38 +02:00
Alexander Larsson cbdd412d71 Fix type of return 2015-08-27 16:16:02 +02:00
Alexander Larsson 52525f46fd Remove ununsed variables reported by clang 2015-08-27 16:13:15 +02:00
Alexander Larsson 12fbd9ff95 Make document portal use the new permission store 2015-08-26 17:11:35 +02:00
Alexander Larsson c4e500db37 Add XdgAppError 2015-08-25 13:16:34 +02:00
Alexander Larsson d9f9080967 Initial version of XdgAppDb 2015-08-25 13:16:31 +02:00
Alexander Larsson 2d0866cac8 gvdb: Add gvdb_table_get_content 
This is useful if you want to apply outstanding changes to
a table withough immediately persisting it to disk.
 2015-08-25 09:27:35 +02:00
Alexander Larsson a9ffa4960d Move gvdb to lib/ 2015-08-25 09:27:35 +02:00
Alexander Larsson ffa1acea75 Rename dbus file to org.freedesktop.XdgApp 2015-08-25 09:27:35 +02:00
Alexander Larsson f76f6a39ef document-portal: *always* use the by-app location 
This is better as you can't accidentally access another apps docs (although
you can still see the backing real files)
 2015-07-11 10:48:53 +02:00
Alexander Larsson 08d05a30a3 Automatically start and mount document portal in sandbox 2015-07-10 17:49:59 +02:00
Alexander Larsson 929071ad10 Import xdg-document-portal from github repo 
This pulls in the daemon code from:
     https://github.com/alexlarsson/xdg-document-portal/

We need this in xdg-app because we need to set up the mounts correctly.
 2015-07-10 16:56:39 +02:00
Alexander Larsson 0040312b07 If home is accessible, make user-dirs.dir visible in custom config dir 
This makes xdg user dirs work in the sandbox too.
 2015-07-10 12:36:54 +02:00
Alexander Larsson 302f88e69d Restructure directories and build 
This moves a all source code into separate subdirs per binary. The
helper and the generic stuff goes into lib/ which is then used by all
the others. For now this is a completely internal library, but at
some point we will probably clean it up and expose some subset.

Also, we move the dbus proxy to libexecdir.
 2015-07-10 12:15:45 +02:00