static gboolean
builder_source_git_bundle (BuilderSource *source,
BuilderContext *context,
GError **error)
{
BuilderSourceGit *self = BUILDER_SOURCE_GIT (source);
g_autofree char *location = NULL;
g_autoptr(GFile) mirror_dir = NULL;
location = get_url_or_path (self, context, error);
g_print ("builder_source_git_bundle %s\n", location);
if (location == NULL)
return FALSE;
mirror_dir = flatpak_build_file (builder_context_get_app_dir (context),
"sources/git",
NULL);
if (!flatpak_mkdir_p (mirror_dir, NULL, error))
return FALSE;
if (!builder_git_mirror_repo (location,
flatpak_file_get_path_cached (mirror_dir),
FALSE, TRUE, FALSE,
get_branch (self),
context,
error))
return FALSE;
return TRUE;
}
static gboolean
copy_exports (GFile *source,
GFile *destination,
const char *source_prefix,
const char *required_prefix,
GCancellable *cancellable,
GError **error)
{
if (!flatpak_mkdir_p (destination, cancellable, error))
return FALSE;
/* The fds are closed by this call */
if (!export_dir (AT_FDCWD, flatpak_file_get_path_cached (source), source_prefix,
AT_FDCWD, flatpak_file_get_path_cached (destination),
required_prefix, cancellable, error))
return FALSE;
return TRUE;
}
static gboolean
spawn_delta_generation (GMainContext *context,
int *n_spawned_delta_generate,
OstreeRepo *repo,
GVariant *params,
const char *ref,
const char *from,
const char *to,
GError **error)
{
g_autoptr(GSubprocessLauncher) launcher = g_subprocess_launcher_new (0);
g_autoptr(GSubprocess) subprocess = NULL;
const char *argv[] = {
"/proc/self/exe",
"build-update-repo",
"--generate-static-delta-ref",
ref,
"--generate-static-delta-to",
to,
NULL, NULL, NULL, NULL
};
int i = 6;
g_autofree char *exe = NULL;
exe = flatpak_readlink ("/proc/self/exe", NULL);
if (exe)
argv[0] = exe;
if (from)
{
argv[i++] = "--generate-static-delta-from";
argv[i++] = from;
}
argv[i++] = flatpak_file_get_path_cached (ostree_repo_get_path (repo));
argv[i++] = NULL;
g_assert (i <= G_N_ELEMENTS (argv));
while (*n_spawned_delta_generate >= opt_static_delta_jobs)
g_main_context_iteration (context, TRUE);
subprocess = g_subprocess_launcher_spawnv (launcher, argv, error);
if (subprocess == NULL)
return FALSE;
(*n_spawned_delta_generate)++;
g_subprocess_wait_async (subprocess, NULL, delta_generation_done, n_spawned_delta_generate);
return TRUE;
}
static gboolean
validate_icon_file (GFile *file, GError **error)
{
g_autoptr(GPtrArray) args = NULL;
const char *name;
int status;
g_autofree char *err = NULL;
const char *validate_icon = LIBEXECDIR "/flatpak-validate-icon";
name = flatpak_file_get_path_cached (file);
if (g_getenv ("FLATPAK_VALIDATE_ICON"))
validate_icon = g_getenv ("FLATPAK_VALIDATE_ICON");
args = g_ptr_array_new_with_free_func (g_free);
#ifndef DISABLE_SANDBOXED_TRIGGERS
if (!opt_disable_sandbox)
add_args (args, validate_icon, "--sandbox", "512", "512", name, NULL);
else
#endif
add_args (args, validate_icon, "512", "512", name, NULL);
g_ptr_array_add (args, NULL);
if (!g_spawn_sync (NULL, (char **) args->pdata, NULL, 0, NULL, NULL, NULL, &err, &status, error))
{
g_debug ("Icon validation: %s", (*error)->message);
return FALSE;
}
if (!g_spawn_check_exit_status (status, NULL))
{
g_debug ("Icon validation: %s", err);
return flatpak_fail (error, "%s is not a valid icon: %s", name, err);
}
return TRUE;
}
gboolean
builder_host_spawnv (GFile *dir,
char **output,
GError **error,
const gchar * const *argv)
{
guint32 client_pid;
GVariantBuilder *fd_builder = g_variant_builder_new (G_VARIANT_TYPE("a{uh}"));
GVariantBuilder *env_builder = g_variant_builder_new (G_VARIANT_TYPE("a{ss}"));
g_autoptr(GUnixFDList) fd_list = g_unix_fd_list_new ();
gint stdout_handle, stdin_handle, stderr_handle;
g_autoptr(GDBusConnection) connection = NULL;
g_autoptr(GVariant) ret = NULL;
g_autoptr(GMainLoop) loop = NULL;
g_auto(GStrv) env_vars = NULL;
guint subscription;
HostCommandCallData data = { NULL };
guint sigterm_id = 0, sigint_id = 0;
g_autofree gchar *commandline = NULL;
g_autoptr(GOutputStream) out = NULL;
int pipefd[2];
int i;
commandline = flatpak_quote_argv ((const char **) argv);
g_debug ("Running '%s' on host", commandline);
connection = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, error);
if (connection == NULL)
return FALSE;
loop = g_main_loop_new (NULL, FALSE);
data.connection = connection;
data.loop = loop;
data.refs = 1;
subscription = g_dbus_connection_signal_subscribe (connection,
NULL,
"org.freedesktop.Flatpak.Development",
"HostCommandExited",
"/org/freedesktop/Flatpak/Development",
NULL,
G_DBUS_SIGNAL_FLAGS_NONE,
host_command_exited_cb,
&data, NULL);
stdin_handle = g_unix_fd_list_append (fd_list, 0, error);
if (stdin_handle == -1)
return FALSE;
if (output)
{
g_autoptr(GInputStream) in = NULL;
if (pipe2 (pipefd, O_CLOEXEC) != 0)
{
glnx_set_error_from_errno (error);
return FALSE;
}
data.refs++;
in = g_unix_input_stream_new (pipefd[0], TRUE);
out = g_memory_output_stream_new_resizable ();
g_output_stream_splice_async (out,
in,
G_OUTPUT_STREAM_SPLICE_NONE,
0,
NULL,
output_spliced_cb,
&data);
stdout_handle = g_unix_fd_list_append (fd_list, pipefd[1], error);
close (pipefd[1]);
if (stdout_handle == -1)
return FALSE;
}
else
{
stdout_handle = g_unix_fd_list_append (fd_list, 1, error);
if (stdout_handle == -1)
return FALSE;
}
stderr_handle = g_unix_fd_list_append (fd_list, 2, error);
if (stderr_handle == -1)
return FALSE;
g_variant_builder_add (fd_builder, "{uh}", 0, stdin_handle);
g_variant_builder_add (fd_builder, "{uh}", 1, stdout_handle);
g_variant_builder_add (fd_builder, "{uh}", 2, stderr_handle);
env_vars = g_listenv ();
for (i = 0; env_vars[i] != NULL; i++)
{
const char *env_var = env_vars[i];
g_variant_builder_add (env_builder, "{ss}", env_var, g_getenv (env_var));
}
sigterm_id = g_unix_signal_add (SIGTERM, sigterm_handler, &data);
sigint_id = g_unix_signal_add (SIGINT, sigint_handler, &data);
ret = g_dbus_connection_call_with_unix_fd_list_sync (connection,
"org.freedesktop.Flatpak",
"/org/freedesktop/Flatpak/Development",
"org.freedesktop.Flatpak.Development",
"HostCommand",
g_variant_new ("(^ay^aay@a{uh}@a{ss}u)",
dir ? flatpak_file_get_path_cached (dir) : "",
argv,
g_variant_builder_end (fd_builder),
g_variant_builder_end (env_builder),
FLATPAK_HOST_COMMAND_FLAGS_CLEAR_ENV),
G_VARIANT_TYPE ("(u)"),
G_DBUS_CALL_FLAGS_NONE, -1,
fd_list, NULL,
NULL, error);
if (ret == NULL)
return FALSE;
g_variant_get (ret, "(u)", &client_pid);
data.client_pid = client_pid;
g_main_loop_run (loop);
g_source_remove (sigterm_id);
g_source_remove (sigint_id);
g_dbus_connection_signal_unsubscribe (connection, subscription);
if (!g_spawn_check_exit_status (data.exit_status, error))
return FALSE;
if (out)
{
if (data.splice_error)
{
g_propagate_error (error, data.splice_error);
return FALSE;
}
/* Null terminate */
g_output_stream_write (out, "\0", 1, NULL, NULL);
g_output_stream_close (out, NULL, NULL);
*output = g_memory_output_stream_steal_data (G_MEMORY_OUTPUT_STREAM (out));
}
return TRUE;
}
char *sha256,
SoupSession *session,
GError **error)
{
g_autoptr(SoupRequest) req = NULL;
g_autoptr(GInputStream) input = NULL;
g_autoptr(GFileOutputStream) out = NULL;
g_autoptr(GFile) tmp = NULL;
g_autoptr(GFile) dir = NULL;
g_autoptr(GChecksum) checksum = g_checksum_new (G_CHECKSUM_SHA256);
DownloadPromptData progress_data = {0};
g_autofree char *basename = g_file_get_basename (dest);
g_autofree char *template = g_strconcat (".", basename, "XXXXXX", NULL);
dir = g_file_get_parent (dest);
g_mkdir_with_parents (flatpak_file_get_path_cached (dir), 0755);
tmp = flatpak_file_new_tmp_in (dir, template, error);
if (tmp == NULL)
return FALSE;
out = g_file_replace (tmp, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION,
NULL, error);
if (out == NULL)
return FALSE;
req = soup_session_request (session, url, error);
if (req == NULL)
return FALSE;
input = soup_request_send (req, NULL, error);
static gboolean
rewrite_delta (OstreeRepo *src_repo,
const char *src_commit,
OstreeRepo *dst_repo,
const char *dst_commit,
GVariant *dst_commitv,
const char *from,
GError **error)
{
g_autoptr(GFile) src_delta_file = NULL;
g_autoptr(GFile) dst_delta_file = NULL;
g_autofree char *src_detached_key = _ostree_get_relative_static_delta_path (from, src_commit, "commitmeta");
g_autofree char *dst_detached_key = _ostree_get_relative_static_delta_path (from, dst_commit, "commitmeta");
g_autofree char *src_delta_dir = _ostree_get_relative_static_delta_path (from, src_commit, NULL);
g_autofree char *dst_delta_dir = _ostree_get_relative_static_delta_path (from, dst_commit, NULL);
g_autofree char *src_superblock_path = _ostree_get_relative_static_delta_path (from, src_commit, "superblock");
g_autofree char *dst_superblock_path = _ostree_get_relative_static_delta_path (from, dst_commit, "superblock");
GMappedFile *mfile = NULL;
g_auto(GVariantBuilder) superblock_builder = FLATPAK_VARIANT_BUILDER_INITIALIZER;
g_autoptr(GVariant) src_superblock = NULL;
g_autoptr(GVariant) dst_superblock = NULL;
g_autoptr(GBytes) bytes = NULL;
g_autoptr(GVariant) dst_detached = NULL;
g_autoptr(GVariant) src_metadata = NULL;
g_autoptr(GVariant) src_recurse = NULL;
g_autoptr(GVariant) src_parts = NULL;
g_auto(GVariantDict) dst_metadata_dict = FLATPAK_VARIANT_DICT_INITIALIZER;
int i;
src_delta_file = g_file_resolve_relative_path (ostree_repo_get_path (src_repo), src_superblock_path);
mfile = g_mapped_file_new (flatpak_file_get_path_cached (src_delta_file), FALSE, NULL);
if (mfile == NULL)
return TRUE; /* No superblock, not an error */
bytes = g_mapped_file_get_bytes (mfile);
g_mapped_file_unref (mfile);
src_superblock = g_variant_ref_sink (g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT), bytes, FALSE));
src_metadata = g_variant_get_child_value (src_superblock, 0);
src_recurse = g_variant_get_child_value (src_superblock, 5);
src_parts = g_variant_get_child_value (src_superblock, 6);
if (g_variant_n_children (src_recurse) != 0)
return flatpak_fail (error, "Recursive deltas not supported, ignoring");
g_variant_builder_init (&superblock_builder, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT));
g_variant_dict_init (&dst_metadata_dict, src_metadata);
g_variant_dict_remove (&dst_metadata_dict, src_detached_key);
if (ostree_repo_read_commit_detached_metadata (dst_repo, dst_commit, &dst_detached, NULL, NULL) &&
dst_detached != NULL)
g_variant_dict_insert_value (&dst_metadata_dict, dst_detached_key, dst_detached);
g_variant_builder_add_value (&superblock_builder, g_variant_dict_end (&dst_metadata_dict));
g_variant_builder_add_value (&superblock_builder, g_variant_get_child_value (src_superblock, 1)); /* timestamp */
g_variant_builder_add_value (&superblock_builder, from ? ostree_checksum_to_bytes_v (from) : new_bytearray ((guchar *) "", 0));
g_variant_builder_add_value (&superblock_builder, ostree_checksum_to_bytes_v (dst_commit));
g_variant_builder_add_value (&superblock_builder, dst_commitv);
g_variant_builder_add_value (&superblock_builder, src_recurse);
g_variant_builder_add_value (&superblock_builder, src_parts);
g_variant_builder_add_value (&superblock_builder, g_variant_get_child_value (src_superblock, 7)); /* fallback */
dst_superblock = g_variant_ref_sink (g_variant_builder_end (&superblock_builder));
if (!glnx_shutil_mkdir_p_at (ostree_repo_get_dfd (dst_repo), dst_delta_dir, 0755, NULL, error))
return FALSE;
for (i = 0; i < g_variant_n_children (src_parts); i++)
{
g_autofree char *src_part_path = g_strdup_printf ("%s/%d", src_delta_dir, i);
g_autofree char *dst_part_path = g_strdup_printf ("%s/%d", dst_delta_dir, i);
if (!glnx_file_copy_at (ostree_repo_get_dfd (src_repo),
src_part_path,
NULL,
ostree_repo_get_dfd (dst_repo),
dst_part_path,
GLNX_FILE_COPY_OVERWRITE | GLNX_FILE_COPY_NOXATTRS,
NULL, error))
return FALSE;
}
dst_delta_file = g_file_resolve_relative_path (ostree_repo_get_path (dst_repo), dst_superblock_path);
if (!flatpak_variant_save (dst_delta_file, dst_superblock, NULL, error))
return FALSE;
return TRUE;
}
gboolean
flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError **error)
{
g_autoptr(GOptionContext) context = NULL;
g_autoptr(FlatpakDeploy) runtime_deploy = NULL;
g_autoptr(GVariant) runtime_deploy_data = NULL;
g_autoptr(FlatpakDeploy) extensionof_deploy = NULL;
g_autoptr(GFile) var = NULL;
g_autoptr(GFile) var_tmp = NULL;
g_autoptr(GFile) var_lib = NULL;
g_autoptr(GFile) usr = NULL;
g_autoptr(GFile) res_deploy = NULL;
g_autoptr(GFile) res_files = NULL;
g_autoptr(GFile) app_files = NULL;
gboolean app_files_ro = FALSE;
g_autoptr(GFile) runtime_files = NULL;
g_autoptr(GFile) metadata = NULL;
g_autofree char *metadata_contents = NULL;
g_autofree char *runtime = NULL;
g_autofree char *runtime_ref = NULL;
g_autofree char *extensionof_ref = NULL;
g_autofree char *extensionof_tag = NULL;
g_autofree char *extension_point = NULL;
g_autofree char *extension_tmpfs_point = NULL;
g_autoptr(GKeyFile) metakey = NULL;
g_autoptr(GKeyFile) runtime_metakey = NULL;
g_autoptr(FlatpakBwrap) bwrap = NULL;
g_auto(GStrv) minimal_envp = NULL;
gsize metadata_size;
const char *directory = NULL;
const char *command = "/bin/sh";
g_autofree char *id = NULL;
int i;
int rest_argv_start, rest_argc;
g_autoptr(FlatpakContext) arg_context = NULL;
g_autoptr(FlatpakContext) app_context = NULL;
gboolean custom_usr;
g_auto(GStrv) runtime_ref_parts = NULL;
FlatpakRunFlags run_flags;
const char *group = NULL;
const char *runtime_key = NULL;
const char *dest = NULL;
gboolean is_app = FALSE;
gboolean is_extension = FALSE;
gboolean is_app_extension = FALSE;
g_autofree char *app_info_path = NULL;
g_autofree char *app_extensions = NULL;
g_autofree char *runtime_extensions = NULL;
g_autofree char *instance_id_host_dir = NULL;
char pid_str[64];
g_autofree char *pid_path = NULL;
g_autoptr(GFile) app_id_dir = NULL;
context = g_option_context_new (_("DIRECTORY [COMMAND [ARGUMENT…]] - Build in directory"));
g_option_context_set_translation_domain (context, GETTEXT_PACKAGE);
rest_argc = 0;
for (i = 1; i < argc; i++)
{
/* The non-option is the directory, take it out of the arguments */
if (argv[i][0] != '-')
{
rest_argv_start = i;
rest_argc = argc - i;
argc = i;
break;
}
}
arg_context = flatpak_context_new ();
g_option_context_add_group (context, flatpak_context_get_options (arg_context));
if (!flatpak_option_context_parse (context, options, &argc, &argv, FLATPAK_BUILTIN_FLAG_NO_DIR, NULL, cancellable, error))
return FALSE;
if (rest_argc == 0)
return usage_error (context, _("DIRECTORY must be specified"), error);
directory = argv[rest_argv_start];
if (rest_argc >= 2)
command = argv[rest_argv_start + 1];
res_deploy = g_file_new_for_commandline_arg (directory);
metadata = g_file_get_child (res_deploy, opt_metadata ? opt_metadata : "metadata");
if (!g_file_query_exists (res_deploy, NULL) ||
!g_file_query_exists (metadata, NULL))
return flatpak_fail (error, _("Build directory %s not initialized, use flatpak build-init"), directory);
if (!g_file_load_contents (metadata, cancellable, &metadata_contents, &metadata_size, NULL, error))
return FALSE;
metakey = g_key_file_new ();
if (!g_key_file_load_from_data (metakey, metadata_contents, metadata_size, 0, error))
return FALSE;
if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_APPLICATION))
{
group = FLATPAK_METADATA_GROUP_APPLICATION;
is_app = TRUE;
}
else if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_RUNTIME))
{
group = FLATPAK_METADATA_GROUP_RUNTIME;
}
else
return flatpak_fail (error, _("metadata invalid, not application or runtime"));
extensionof_ref = g_key_file_get_string (metakey,
FLATPAK_METADATA_GROUP_EXTENSION_OF,
FLATPAK_METADATA_KEY_REF, NULL);
if (extensionof_ref != NULL)
{
is_extension = TRUE;
if (g_str_has_prefix (extensionof_ref, "app/"))
is_app_extension = TRUE;
}
extensionof_tag = g_key_file_get_string (metakey,
FLATPAK_METADATA_GROUP_EXTENSION_OF,
FLATPAK_METADATA_KEY_TAG, NULL);
id = g_key_file_get_string (metakey, group, FLATPAK_METADATA_KEY_NAME, error);
if (id == NULL)
return FALSE;
if (opt_runtime)
runtime_key = FLATPAK_METADATA_KEY_RUNTIME;
else
runtime_key = FLATPAK_METADATA_KEY_SDK;
runtime = g_key_file_get_string (metakey, group, runtime_key, error);
if (runtime == NULL)
return FALSE;
runtime_ref = g_build_filename ("runtime", runtime, NULL);
runtime_ref_parts = flatpak_decompose_ref (runtime_ref, error);
if (runtime_ref_parts == NULL)
return FALSE;
custom_usr = FALSE;
usr = g_file_get_child (res_deploy, opt_sdk_dir ? opt_sdk_dir : "usr");
if (g_file_query_exists (usr, cancellable))
{
custom_usr = TRUE;
runtime_files = g_object_ref (usr);
}
else
{
runtime_deploy = flatpak_find_deploy_for_ref (runtime_ref, NULL, cancellable, error);
if (runtime_deploy == NULL)
return FALSE;
runtime_deploy_data = flatpak_deploy_get_deploy_data (runtime_deploy, FLATPAK_DEPLOY_VERSION_ANY, cancellable, error);
if (runtime_deploy_data == NULL)
return FALSE;
runtime_metakey = flatpak_deploy_get_metadata (runtime_deploy);
runtime_files = flatpak_deploy_get_files (runtime_deploy);
}
var = g_file_get_child (res_deploy, "var");
var_tmp = g_file_get_child (var, "tmp");
if (!flatpak_mkdir_p (var_tmp, cancellable, error))
return FALSE;
var_lib = g_file_get_child (var, "lib");
if (!flatpak_mkdir_p (var_lib, cancellable, error))
return FALSE;
res_files = g_file_get_child (res_deploy, "files");
if (is_app)
{
app_files = g_object_ref (res_files);
if (opt_with_appdir)
app_id_dir = flatpak_ensure_data_dir (id, cancellable, NULL);
}
else if (is_extension)
{
g_autoptr(GKeyFile) x_metakey = NULL;
g_autofree char *x_group = NULL;
g_autofree char *x_dir = NULL;
g_autofree char *x_subdir_suffix = NULL;
char *x_subdir = NULL;
g_autofree char *bare_extension_point = NULL;
extensionof_deploy = flatpak_find_deploy_for_ref (extensionof_ref, NULL, cancellable, error);
if (extensionof_deploy == NULL)
return FALSE;
x_metakey = flatpak_deploy_get_metadata (extensionof_deploy);
/* Since we have tagged extensions, it is possible that an extension could
* be listed more than once in the "parent" flatpak. In that case, we should
* try and disambiguate using the following rules:
*
* 1. Use the 'tag=' key in the ExtensionOfSection and if not found:
* 2. Use the only extension point available if there is only one.
* 3. If there are no matching groups, return NULL.
* 4. In all other cases, error out.
*/
if (!find_matching_extension_group_in_metakey (x_metakey,
id,
extensionof_tag,
&x_group,
error))
return FALSE;
if (x_group == NULL)
{
/* Failed, look for subdirectories=true parent */
char *last_dot = strrchr (id, '.');
if (last_dot != NULL)
{
char *parent_id = g_strndup (id, last_dot - id);
if (!find_matching_extension_group_in_metakey (x_metakey,
parent_id,
extensionof_tag,
&x_group,
error))
return FALSE;
if (x_group != NULL &&
g_key_file_get_boolean (x_metakey, x_group,
FLATPAK_METADATA_KEY_SUBDIRECTORIES,
NULL))
x_subdir = last_dot + 1;
}
if (x_subdir == NULL)
return flatpak_fail (error, _("No extension point matching %s in %s"), id, extensionof_ref);
}
x_dir = g_key_file_get_string (x_metakey, x_group,
FLATPAK_METADATA_KEY_DIRECTORY, error);
if (x_dir == NULL)
return FALSE;
x_subdir_suffix = g_key_file_get_string (x_metakey, x_group,
FLATPAK_METADATA_KEY_SUBDIRECTORY_SUFFIX,
NULL);
if (is_app_extension)
{
app_files = flatpak_deploy_get_files (extensionof_deploy);
app_files_ro = TRUE;
if (x_subdir != NULL)
extension_tmpfs_point = g_build_filename ("/app", x_dir, NULL);
bare_extension_point = g_build_filename ("/app", x_dir, x_subdir, NULL);
}
else
{
if (x_subdir != NULL)
extension_tmpfs_point = g_build_filename ("/usr", x_dir, NULL);
bare_extension_point = g_build_filename ("/usr", x_dir, x_subdir, NULL);
}
extension_point = g_build_filename (bare_extension_point, x_subdir_suffix, NULL);
}
app_context = flatpak_app_compute_permissions (metakey,
runtime_metakey,
error);
if (app_context == NULL)
return FALSE;
flatpak_context_allow_host_fs (app_context);
flatpak_context_merge (app_context, arg_context);
minimal_envp = flatpak_run_get_minimal_env (TRUE, FALSE);
bwrap = flatpak_bwrap_new (minimal_envp);
flatpak_bwrap_add_args (bwrap, flatpak_get_bwrap (), NULL);
run_flags =
FLATPAK_RUN_FLAG_DEVEL | FLATPAK_RUN_FLAG_MULTIARCH | FLATPAK_RUN_FLAG_NO_SESSION_HELPER |
FLATPAK_RUN_FLAG_SET_PERSONALITY | FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY;
if (opt_die_with_parent)
run_flags |= FLATPAK_RUN_FLAG_DIE_WITH_PARENT;
if (custom_usr)
run_flags |= FLATPAK_RUN_FLAG_WRITABLE_ETC;
run_flags |= flatpak_context_get_run_flags (app_context);
/* Unless manually specified, we disable dbus proxy */
if (!flatpak_context_get_needs_session_bus_proxy (arg_context))
run_flags |= FLATPAK_RUN_FLAG_NO_SESSION_BUS_PROXY;
if (!flatpak_context_get_needs_system_bus_proxy (arg_context))
run_flags |= FLATPAK_RUN_FLAG_NO_SYSTEM_BUS_PROXY;
if (opt_log_session_bus)
run_flags |= FLATPAK_RUN_FLAG_LOG_SESSION_BUS;
if (opt_log_system_bus)
run_flags |= FLATPAK_RUN_FLAG_LOG_SYSTEM_BUS;
/* Never set up an a11y bus for builds */
run_flags |= FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY;
if (!flatpak_run_setup_base_argv (bwrap, runtime_files, app_id_dir, runtime_ref_parts[2],
run_flags, error))
return FALSE;
flatpak_bwrap_add_args (bwrap,
(custom_usr && !opt_readonly) ? "--bind" : "--ro-bind", flatpak_file_get_path_cached (runtime_files), "/usr",
NULL);
if (!custom_usr)
flatpak_bwrap_add_args (bwrap,
"--lock-file", "/usr/.ref",
NULL);
if (app_files)
flatpak_bwrap_add_args (bwrap,
(app_files_ro || opt_readonly) ? "--ro-bind" : "--bind", flatpak_file_get_path_cached (app_files), "/app",
NULL);
else
flatpak_bwrap_add_args (bwrap,
"--dir", "/app",
NULL);
if (extension_tmpfs_point)
flatpak_bwrap_add_args (bwrap,
"--tmpfs", extension_tmpfs_point,
NULL);
/* We add the actual bind below so that we're not shadowed by other extensions or their tmpfs */
if (extension_point)
dest = extension_point;
else if (is_app)
dest = g_strdup ("/app");
else
dest = g_strdup ("/usr");
flatpak_bwrap_add_args (bwrap,
"--setenv", "FLATPAK_DEST", dest,
"--setenv", "FLATPAK_ID", id,
"--setenv", "FLATPAK_ARCH", runtime_ref_parts[2],
NULL);
/* Persist some stuff in /var. We can't persist everything because that breaks /var things
* from the host to work. For example the /home -> /var/home on atomic.
* The interesting things to contain during the build is /var/tmp (for tempfiles shared during builds)
* and things like /var/lib/rpm, if the installation uses packages.
*/
flatpak_bwrap_add_args (bwrap,
"--bind", flatpak_file_get_path_cached (var_lib), "/var/lib",
NULL);
flatpak_bwrap_add_args (bwrap,
"--bind", flatpak_file_get_path_cached (var_tmp), "/var/tmp",
NULL);
flatpak_run_apply_env_vars (bwrap, app_context);
if (is_app)
{
/* We don't actually know the final branchname yet, so use "nobranch" as fallback to avoid unexpected matches.
This means any extension point used at build time must have explicit versions to work. */
g_autofree char *fake_ref = g_strdup_printf ("app/%s/%s/nobranch", id, runtime_ref_parts[2]);
if (!flatpak_run_add_extension_args (bwrap, metakey, fake_ref, FALSE, &app_extensions, cancellable, error))
return FALSE;
}
if (!custom_usr &&
!flatpak_run_add_extension_args (bwrap, runtime_metakey, runtime_ref, FALSE, &runtime_extensions, cancellable, error))
return FALSE;
/* Mount this after the above extensions so we always win */
if (extension_point)
flatpak_bwrap_add_args (bwrap,
"--bind", flatpak_file_get_path_cached (res_files), extension_point,
NULL);
if (!flatpak_run_add_app_info_args (bwrap,
app_files, NULL, app_extensions,
runtime_files, runtime_deploy_data, runtime_extensions,
id, NULL,
runtime_ref,
app_id_dir, app_context, NULL,
FALSE, TRUE, TRUE,
&app_info_path,
&instance_id_host_dir,
error))
return FALSE;
if (!flatpak_run_add_environment_args (bwrap, app_info_path, run_flags, id,
app_context, app_id_dir, NULL, cancellable, error))
return FALSE;
for (i = 0; opt_bind_mounts != NULL && opt_bind_mounts[i] != NULL; i++)
{
char *split = strchr (opt_bind_mounts[i], '=');
if (split == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
_("Missing '=' in bind mount option '%s'"), opt_bind_mounts[i]);
return FALSE;
}
*split++ = 0;
flatpak_bwrap_add_args (bwrap,
"--bind", split, opt_bind_mounts[i],
NULL);
}
if (opt_build_dir != NULL)
{
flatpak_bwrap_add_args (bwrap,
"--chdir", opt_build_dir,
NULL);
}
if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
return FALSE;
flatpak_bwrap_add_args (bwrap, command, NULL);
flatpak_bwrap_append_argsv (bwrap,
&argv[rest_argv_start + 2],
rest_argc - 2);
g_ptr_array_add (bwrap->argv, NULL);
g_snprintf (pid_str, sizeof (pid_str), "%d", getpid ());
pid_path = g_build_filename (instance_id_host_dir, "pid", NULL);
g_file_set_contents (pid_path, pid_str, -1, NULL);
/* Ensure we unset O_CLOEXEC */
child_setup (bwrap->fds);
if (execvpe (flatpak_get_bwrap (), (char **) bwrap->argv->pdata, bwrap->envp) == -1)
{
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errno),
_("Unable to start app"));
return FALSE;
}
/* Not actually reached... */
return TRUE;
}
