gboolean
flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError **error)
{
g_autoptr(GOptionContext) context = NULL;
g_autoptr(FlatpakDeploy) runtime_deploy = NULL;
g_autoptr(GVariant) runtime_deploy_data = NULL;
g_autoptr(FlatpakDeploy) extensionof_deploy = NULL;
g_autoptr(GFile) var = NULL;
g_autoptr(GFile) var_tmp = NULL;
g_autoptr(GFile) var_lib = NULL;
g_autoptr(GFile) usr = NULL;
g_autoptr(GFile) res_deploy = NULL;
g_autoptr(GFile) res_files = NULL;
g_autoptr(GFile) app_files = NULL;
gboolean app_files_ro = FALSE;
g_autoptr(GFile) runtime_files = NULL;
g_autoptr(GFile) metadata = NULL;
g_autofree char *metadata_contents = NULL;
g_autofree char *runtime = NULL;
g_autofree char *runtime_ref = NULL;
g_autofree char *extensionof_ref = NULL;
g_autofree char *extensionof_tag = NULL;
g_autofree char *extension_point = NULL;
g_autofree char *extension_tmpfs_point = NULL;
g_autoptr(GKeyFile) metakey = NULL;
g_autoptr(GKeyFile) runtime_metakey = NULL;
g_autoptr(FlatpakBwrap) bwrap = NULL;
g_auto(GStrv) minimal_envp = NULL;
gsize metadata_size;
const char *directory = NULL;
const char *command = "/bin/sh";
g_autofree char *id = NULL;
int i;
int rest_argv_start, rest_argc;
g_autoptr(FlatpakContext) arg_context = NULL;
g_autoptr(FlatpakContext) app_context = NULL;
gboolean custom_usr;
g_auto(GStrv) runtime_ref_parts = NULL;
FlatpakRunFlags run_flags;
const char *group = NULL;
const char *runtime_key = NULL;
const char *dest = NULL;
gboolean is_app = FALSE;
gboolean is_extension = FALSE;
gboolean is_app_extension = FALSE;
g_autofree char *app_info_path = NULL;
g_autofree char *app_extensions = NULL;
g_autofree char *runtime_extensions = NULL;
g_autofree char *instance_id_host_dir = NULL;
char pid_str[64];
g_autofree char *pid_path = NULL;
g_autoptr(GFile) app_id_dir = NULL;
context = g_option_context_new (_("DIRECTORY [COMMAND [ARGUMENT…]] - Build in directory"));
g_option_context_set_translation_domain (context, GETTEXT_PACKAGE);
rest_argc = 0;
for (i = 1; i < argc; i++)
{
/* The non-option is the directory, take it out of the arguments */
if (argv[i][0] != '-')
{
rest_argv_start = i;
rest_argc = argc - i;
argc = i;
break;
}
}
arg_context = flatpak_context_new ();
g_option_context_add_group (context, flatpak_context_get_options (arg_context));
if (!flatpak_option_context_parse (context, options, &argc, &argv, FLATPAK_BUILTIN_FLAG_NO_DIR, NULL, cancellable, error))
return FALSE;
if (rest_argc == 0)
return usage_error (context, _("DIRECTORY must be specified"), error);
directory = argv[rest_argv_start];
if (rest_argc >= 2)
command = argv[rest_argv_start + 1];
res_deploy = g_file_new_for_commandline_arg (directory);
metadata = g_file_get_child (res_deploy, opt_metadata ? opt_metadata : "metadata");
if (!g_file_query_exists (res_deploy, NULL) ||
!g_file_query_exists (metadata, NULL))
return flatpak_fail (error, _("Build directory %s not initialized, use flatpak build-init"), directory);
if (!g_file_load_contents (metadata, cancellable, &metadata_contents, &metadata_size, NULL, error))
return FALSE;
metakey = g_key_file_new ();
if (!g_key_file_load_from_data (metakey, metadata_contents, metadata_size, 0, error))
return FALSE;
if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_APPLICATION))
{
group = FLATPAK_METADATA_GROUP_APPLICATION;
is_app = TRUE;
}
else if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_RUNTIME))
{
group = FLATPAK_METADATA_GROUP_RUNTIME;
}
else
return flatpak_fail (error, _("metadata invalid, not application or runtime"));
extensionof_ref = g_key_file_get_string (metakey,
FLATPAK_METADATA_GROUP_EXTENSION_OF,
FLATPAK_METADATA_KEY_REF, NULL);
if (extensionof_ref != NULL)
{
is_extension = TRUE;
if (g_str_has_prefix (extensionof_ref, "app/"))
is_app_extension = TRUE;
}
extensionof_tag = g_key_file_get_string (metakey,
FLATPAK_METADATA_GROUP_EXTENSION_OF,
FLATPAK_METADATA_KEY_TAG, NULL);
id = g_key_file_get_string (metakey, group, FLATPAK_METADATA_KEY_NAME, error);
if (id == NULL)
return FALSE;
if (opt_runtime)
runtime_key = FLATPAK_METADATA_KEY_RUNTIME;
else
runtime_key = FLATPAK_METADATA_KEY_SDK;
runtime = g_key_file_get_string (metakey, group, runtime_key, error);
if (runtime == NULL)
return FALSE;
runtime_ref = g_build_filename ("runtime", runtime, NULL);
runtime_ref_parts = flatpak_decompose_ref (runtime_ref, error);
if (runtime_ref_parts == NULL)
return FALSE;
custom_usr = FALSE;
usr = g_file_get_child (res_deploy, opt_sdk_dir ? opt_sdk_dir : "usr");
if (g_file_query_exists (usr, cancellable))
{
custom_usr = TRUE;
runtime_files = g_object_ref (usr);
}
else
{
runtime_deploy = flatpak_find_deploy_for_ref (runtime_ref, NULL, cancellable, error);
if (runtime_deploy == NULL)
return FALSE;
runtime_deploy_data = flatpak_deploy_get_deploy_data (runtime_deploy, FLATPAK_DEPLOY_VERSION_ANY, cancellable, error);
if (runtime_deploy_data == NULL)
return FALSE;
runtime_metakey = flatpak_deploy_get_metadata (runtime_deploy);
runtime_files = flatpak_deploy_get_files (runtime_deploy);
}
var = g_file_get_child (res_deploy, "var");
var_tmp = g_file_get_child (var, "tmp");
if (!flatpak_mkdir_p (var_tmp, cancellable, error))
return FALSE;
var_lib = g_file_get_child (var, "lib");
if (!flatpak_mkdir_p (var_lib, cancellable, error))
return FALSE;
res_files = g_file_get_child (res_deploy, "files");
if (is_app)
{
app_files = g_object_ref (res_files);
if (opt_with_appdir)
app_id_dir = flatpak_ensure_data_dir (id, cancellable, NULL);
}
else if (is_extension)
{
g_autoptr(GKeyFile) x_metakey = NULL;
g_autofree char *x_group = NULL;
g_autofree char *x_dir = NULL;
g_autofree char *x_subdir_suffix = NULL;
char *x_subdir = NULL;
g_autofree char *bare_extension_point = NULL;
extensionof_deploy = flatpak_find_deploy_for_ref (extensionof_ref, NULL, cancellable, error);
if (extensionof_deploy == NULL)
return FALSE;
x_metakey = flatpak_deploy_get_metadata (extensionof_deploy);
/* Since we have tagged extensions, it is possible that an extension could
* be listed more than once in the "parent" flatpak. In that case, we should
* try and disambiguate using the following rules:
*
* 1. Use the 'tag=' key in the ExtensionOfSection and if not found:
* 2. Use the only extension point available if there is only one.
* 3. If there are no matching groups, return NULL.
* 4. In all other cases, error out.
*/
if (!find_matching_extension_group_in_metakey (x_metakey,
id,
extensionof_tag,
&x_group,
error))
return FALSE;
if (x_group == NULL)
{
/* Failed, look for subdirectories=true parent */
char *last_dot = strrchr (id, '.');
if (last_dot != NULL)
{
char *parent_id = g_strndup (id, last_dot - id);
if (!find_matching_extension_group_in_metakey (x_metakey,
parent_id,
extensionof_tag,
&x_group,
error))
return FALSE;
if (x_group != NULL &&
g_key_file_get_boolean (x_metakey, x_group,
FLATPAK_METADATA_KEY_SUBDIRECTORIES,
NULL))
x_subdir = last_dot + 1;
}
if (x_subdir == NULL)
return flatpak_fail (error, _("No extension point matching %s in %s"), id, extensionof_ref);
}
x_dir = g_key_file_get_string (x_metakey, x_group,
FLATPAK_METADATA_KEY_DIRECTORY, error);
if (x_dir == NULL)
return FALSE;
x_subdir_suffix = g_key_file_get_string (x_metakey, x_group,
FLATPAK_METADATA_KEY_SUBDIRECTORY_SUFFIX,
NULL);
if (is_app_extension)
{
app_files = flatpak_deploy_get_files (extensionof_deploy);
app_files_ro = TRUE;
if (x_subdir != NULL)
extension_tmpfs_point = g_build_filename ("/app", x_dir, NULL);
bare_extension_point = g_build_filename ("/app", x_dir, x_subdir, NULL);
}
else
{
if (x_subdir != NULL)
extension_tmpfs_point = g_build_filename ("/usr", x_dir, NULL);
bare_extension_point = g_build_filename ("/usr", x_dir, x_subdir, NULL);
}
extension_point = g_build_filename (bare_extension_point, x_subdir_suffix, NULL);
}
app_context = flatpak_app_compute_permissions (metakey,
runtime_metakey,
error);
if (app_context == NULL)
return FALSE;
flatpak_context_allow_host_fs (app_context);
flatpak_context_merge (app_context, arg_context);
minimal_envp = flatpak_run_get_minimal_env (TRUE, FALSE);
bwrap = flatpak_bwrap_new (minimal_envp);
flatpak_bwrap_add_args (bwrap, flatpak_get_bwrap (), NULL);
run_flags =
FLATPAK_RUN_FLAG_DEVEL | FLATPAK_RUN_FLAG_MULTIARCH | FLATPAK_RUN_FLAG_NO_SESSION_HELPER |
FLATPAK_RUN_FLAG_SET_PERSONALITY | FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY;
if (opt_die_with_parent)
run_flags |= FLATPAK_RUN_FLAG_DIE_WITH_PARENT;
if (custom_usr)
run_flags |= FLATPAK_RUN_FLAG_WRITABLE_ETC;
run_flags |= flatpak_context_get_run_flags (app_context);
/* Unless manually specified, we disable dbus proxy */
if (!flatpak_context_get_needs_session_bus_proxy (arg_context))
run_flags |= FLATPAK_RUN_FLAG_NO_SESSION_BUS_PROXY;
if (!flatpak_context_get_needs_system_bus_proxy (arg_context))
run_flags |= FLATPAK_RUN_FLAG_NO_SYSTEM_BUS_PROXY;
if (opt_log_session_bus)
run_flags |= FLATPAK_RUN_FLAG_LOG_SESSION_BUS;
if (opt_log_system_bus)
run_flags |= FLATPAK_RUN_FLAG_LOG_SYSTEM_BUS;
/* Never set up an a11y bus for builds */
run_flags |= FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY;
if (!flatpak_run_setup_base_argv (bwrap, runtime_files, app_id_dir, runtime_ref_parts[2],
run_flags, error))
return FALSE;
flatpak_bwrap_add_args (bwrap,
(custom_usr && !opt_readonly) ? "--bind" : "--ro-bind", flatpak_file_get_path_cached (runtime_files), "/usr",
NULL);
if (!custom_usr)
flatpak_bwrap_add_args (bwrap,
"--lock-file", "/usr/.ref",
NULL);
if (app_files)
flatpak_bwrap_add_args (bwrap,
(app_files_ro || opt_readonly) ? "--ro-bind" : "--bind", flatpak_file_get_path_cached (app_files), "/app",
NULL);
else
flatpak_bwrap_add_args (bwrap,
"--dir", "/app",
NULL);
if (extension_tmpfs_point)
flatpak_bwrap_add_args (bwrap,
"--tmpfs", extension_tmpfs_point,
NULL);
/* We add the actual bind below so that we're not shadowed by other extensions or their tmpfs */
if (extension_point)
dest = extension_point;
else if (is_app)
dest = g_strdup ("/app");
else
dest = g_strdup ("/usr");
flatpak_bwrap_add_args (bwrap,
"--setenv", "FLATPAK_DEST", dest,
"--setenv", "FLATPAK_ID", id,
"--setenv", "FLATPAK_ARCH", runtime_ref_parts[2],
NULL);
/* Persist some stuff in /var. We can't persist everything because that breaks /var things
* from the host to work. For example the /home -> /var/home on atomic.
* The interesting things to contain during the build is /var/tmp (for tempfiles shared during builds)
* and things like /var/lib/rpm, if the installation uses packages.
*/
flatpak_bwrap_add_args (bwrap,
"--bind", flatpak_file_get_path_cached (var_lib), "/var/lib",
NULL);
flatpak_bwrap_add_args (bwrap,
"--bind", flatpak_file_get_path_cached (var_tmp), "/var/tmp",
NULL);
flatpak_run_apply_env_vars (bwrap, app_context);
if (is_app)
{
/* We don't actually know the final branchname yet, so use "nobranch" as fallback to avoid unexpected matches.
This means any extension point used at build time must have explicit versions to work. */
g_autofree char *fake_ref = g_strdup_printf ("app/%s/%s/nobranch", id, runtime_ref_parts[2]);
if (!flatpak_run_add_extension_args (bwrap, metakey, fake_ref, FALSE, &app_extensions, cancellable, error))
return FALSE;
}
if (!custom_usr &&
!flatpak_run_add_extension_args (bwrap, runtime_metakey, runtime_ref, FALSE, &runtime_extensions, cancellable, error))
return FALSE;
/* Mount this after the above extensions so we always win */
if (extension_point)
flatpak_bwrap_add_args (bwrap,
"--bind", flatpak_file_get_path_cached (res_files), extension_point,
NULL);
if (!flatpak_run_add_app_info_args (bwrap,
app_files, NULL, app_extensions,
runtime_files, runtime_deploy_data, runtime_extensions,
id, NULL,
runtime_ref,
app_id_dir, app_context, NULL,
FALSE, TRUE, TRUE,
&app_info_path,
&instance_id_host_dir,
error))
return FALSE;
if (!flatpak_run_add_environment_args (bwrap, app_info_path, run_flags, id,
app_context, app_id_dir, NULL, cancellable, error))
return FALSE;
for (i = 0; opt_bind_mounts != NULL && opt_bind_mounts[i] != NULL; i++)
{
char *split = strchr (opt_bind_mounts[i], '=');
if (split == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
_("Missing '=' in bind mount option '%s'"), opt_bind_mounts[i]);
return FALSE;
}
*split++ = 0;
flatpak_bwrap_add_args (bwrap,
"--bind", split, opt_bind_mounts[i],
NULL);
}
if (opt_build_dir != NULL)
{
flatpak_bwrap_add_args (bwrap,
"--chdir", opt_build_dir,
NULL);
}
if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
return FALSE;
flatpak_bwrap_add_args (bwrap, command, NULL);
flatpak_bwrap_append_argsv (bwrap,
&argv[rest_argv_start + 2],
rest_argc - 2);
g_ptr_array_add (bwrap->argv, NULL);
g_snprintf (pid_str, sizeof (pid_str), "%d", getpid ());
pid_path = g_build_filename (instance_id_host_dir, "pid", NULL);
g_file_set_contents (pid_path, pid_str, -1, NULL);
/* Ensure we unset O_CLOEXEC */
child_setup (bwrap->fds);
if (execvpe (flatpak_get_bwrap (), (char **) bwrap->argv->pdata, bwrap->envp) == -1)
{
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errno),
_("Unable to start app"));
return FALSE;
}
/* Not actually reached... */
return TRUE;
}
int inetd_connected(int sock, struct clientinfo* clntinfo) {
if (stage_action("startsetup") < 0) {
return -1;
}
return child_setup(sock, clntinfo);
}
static int check_sigqueuinfo()
{
int ret;
siginfo_t info = { .si_code = 1 };
signal(SIGUSR1, SIG_IGN);
ret = sys_rt_sigqueueinfo(getpid(), SIGUSR1, &info);
if (ret < 0) {
errno = -ret;
pr_perror("Unable to send siginfo with positive si_code to itself");
return -1;
}
return 0;
}
static pid_t fork_and_ptrace_attach(int (*child_setup)(void))
{
pid_t pid;
int sk_pair[2], sk;
char c = 0;
if (socketpair(PF_LOCAL, SOCK_SEQPACKET, 0, sk_pair)) {
pr_perror("socketpair");
return -1;
}
pid = fork();
if (pid < 0) {
pr_perror("fork");
return -1;
} else if (pid == 0) {
sk = sk_pair[1];
close(sk_pair[0]);
if (child_setup && child_setup() != 0)
exit(1);
if (write(sk, &c, 1) != 1) {
pr_perror("write");
exit(1);
}
while (1)
sleep(1000);
exit(1);
}
sk = sk_pair[0];
close(sk_pair[1]);
if (read(sk, &c, 1) != 1) {
close(sk);
kill(pid, SIGKILL);
pr_perror("read");
return -1;
}
close(sk);
if (ptrace(PTRACE_ATTACH, pid, NULL, NULL) == -1) {
pr_perror("Unable to ptrace the child");
kill(pid, SIGKILL);
return -1;
}
waitpid(pid, NULL, 0);
return pid;
}
int waitclient(const char* hostnames, struct clientinfo* clntinfo) {
int chldpid =0;
const char* option = 0;
int ahandle, i;
struct sigaction sa;
struct descriptor_set d_set;
unsigned int peer_ip;
struct sockaddr_in c_in;
time_t now;
if (srvinfo.multithread) {
daemonize();
}
if (changeid(UNPRIV, EUID,
"Changing id back (socket(), bind())") < 0) {
return -1;
}
d_set = listen_on_ifaces(hostnames, clntinfo);
if (d_set.maxfd < 0) {
jlog(8, "d_set.maxfd was negative: %d", d_set.maxfd);
return -1;
}
/* we have successfully bound */
/* become root again - use our function instead of plain
* setuid() for the logging */
if (changeid(PRIV, UID, "Changing ID to root (pidfile)") < 0) {
return -1;
}
option = config_get_option("pidfile");
if (option) {
FILE* pidf;
umask(022);
pidf = fopen(option, "w");
if (pidf) {
fprintf(pidf, "%ld\n", (long) getpid());
fclose(pidf);
/* if successful register function to remove the
* pidfile */
atexit(removepidfile);
} else {
jlog(2, "Error creating pidfile %s", option);
}
}
/* this has to be done for the daemonization. We do it now after
* the pidfile has been created */
umask(0);
srvinfo.ready_to_serve = SVR_LAUNCH_READY;
if (stage_action("startsetup") < 0) {
return -1;
}
sa.sa_handler = childterm;
chlds_exited = 0;
sigemptyset (&sa.sa_mask);
#ifndef WINDOWS
sa.sa_flags = SA_RESTART;
#endif
sigaction (SIGCHLD, &sa, 0);
/* Close stdin,stdout,stderr */
for(i = 0; i <= 2 && srvinfo.multithread; i++) {
close(i);
}
srvinfo.main_server_pid = getpid();
atexit(sayterminating);
while(1) {
ahandle = get_connecting_socket(d_set);
if (ahandle == -1) {
/* either select() or accept() failed */
/* I don't try resume here because we are in an
* endless loop. The danger of the programm falling
* into an infinite loop consuming all cpu time is
* too big... */
jlog(8, "get_connecting_socket() returned error code");
return -1;
}
c_in = socketinfo_get_local_sin(ahandle);
peer_ip = get_uint_peer_ip(ahandle);
now = time(NULL);
config_counter_increase(peer_ip, /* from ip */
c_in.sin_addr.s_addr, /* proxy_ip */
ntohs(c_in.sin_port), /* proxy_port */
now); /* specific_time */
if (config_check_limit_violation()) {
say(ahandle, "500 Too many connections, sorry\r\n");
close(ahandle);
config_counter_decrease(peer_ip, /* from ip */
c_in.sin_addr.s_addr, /* proxy_ip */
ntohs(c_in.sin_port), /* proxy_port */
now); /* specific_time */
continue;
}
if (srvinfo.multithread) {
if ((chldpid = fork()) < 0) {
jlog(1, "Error forking: %s", strerror(errno));
close(ahandle);
return -1;
}
if (chldpid > 0) {
/* parent process */
/* register the PID */
register_pid(chldpid, peer_ip,
c_in.sin_addr.s_addr, /* proxy_ip */
ntohs(c_in.sin_port), /* proxy_port */
now); /* specific_time */
close(ahandle);
}
if (chldpid == 0) {
/* child process */
jlog(8, "forked to pid %d", getpid());
}
}
if (!srvinfo.multithread || chldpid == 0) {
return child_setup(ahandle, clntinfo);
}
}
}
