diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/flatpak')
7 files changed, 522 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/flatpak/binary-path.patch b/nixpkgs/pkgs/development/libraries/flatpak/binary-path.patch new file mode 100644 index 000000000000..9da437df91b7 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/flatpak/binary-path.patch @@ -0,0 +1,29 @@ +diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c +index eba81fef..134024e2 100644 +--- a/common/flatpak-dir.c ++++ b/common/flatpak-dir.c +@@ -7532,8 +7532,13 @@ export_desktop_file (const char *app, + g_key_file_remove_key (keyfile, groups[i], "X-GNOME-Bugzilla-ExtraInfoScript", NULL); + + new_exec = g_string_new (""); +- if ((flatpak = g_getenv ("FLATPAK_BINARY")) == NULL) +- flatpak = FLATPAK_BINDIR "/flatpak"; ++ if (g_str_has_suffix (name, ".service")) ++ { ++ flatpak = "/run/current-system/sw/bin/flatpak"; ++ } else { ++ if ((flatpak = g_getenv ("FLATPAK_BINARY")) == NULL) ++ flatpak = "flatpak"; ++ } + + g_string_append_printf (new_exec, + "%s run --branch=%s --arch=%s", +@@ -8867,7 +8872,7 @@ flatpak_dir_deploy (FlatpakDir *self, + error)) + return FALSE; + if ((flatpak = g_getenv ("FLATPAK_BINARY")) == NULL) +- flatpak = FLATPAK_BINDIR "/flatpak"; ++ flatpak = "flatpak"; + + bin_data = g_strdup_printf ("#!/bin/sh\nexec %s run --branch=%s --arch=%s %s \"$@\"\n", + flatpak, escaped_branch, escaped_arch, escaped_app); diff --git a/nixpkgs/pkgs/development/libraries/flatpak/default.nix b/nixpkgs/pkgs/development/libraries/flatpak/default.nix new file mode 100644 index 000000000000..0c44b99db8d9 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/flatpak/default.nix @@ -0,0 +1,207 @@ +{ lib, stdenv +, fetchurl +, autoreconfHook +, docbook_xml_dtd_45 +, docbook-xsl-nons +, which +, libxml2 +, gobject-introspection +, gtk-doc +, intltool +, libxslt +, pkg-config +, xmlto +, substituteAll +, runCommand +, bison +, xdg-dbus-proxy +, p11-kit +, appstream +, bubblewrap +, bzip2 +, curl +, dbus +, glib +, gpgme +, json-glib +, libarchive +, libcap +, libseccomp +, coreutils +, socat +, gettext +, hicolor-icon-theme +, shared-mime-info +, desktop-file-utils +, gtk3 +, fuse3 +, nixosTests +, xz +, zstd +, ostree +, polkit +, python3 +, systemd +, xorg +, valgrind +, glib-networking +, wrapGAppsNoGuiHook +, dconf +, gsettings-desktop-schemas +, librsvg +, makeWrapper +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "flatpak"; + version = "1.14.4"; + + # TODO: split out lib once we figure out what to do with triggerdir + outputs = [ "out" "dev" "man" "doc" "devdoc" "installedTests" ]; + + src = fetchurl { + url = "https://github.com/flatpak/flatpak/releases/download/${finalAttrs.version}/flatpak-${finalAttrs.version}.tar.xz"; + sha256 = "sha256-ijTb0LZ8Q051mLmOxpCVPQRvDbJuSArq+0bXKuxxZ5k="; # Taken from https://github.com/flatpak/flatpak/releases/ + }; + + patches = [ + # Hardcode paths used by tests and change test runtime generation to use files from Nix store. + # https://github.com/flatpak/flatpak/issues/1460 + (substituteAll { + src = ./fix-test-paths.patch; + inherit coreutils gettext socat gtk3; + smi = shared-mime-info; + dfu = desktop-file-utils; + hicolorIconTheme = hicolor-icon-theme; + }) + + # Hardcode paths used by Flatpak itself. + (substituteAll { + src = ./fix-paths.patch; + p11kit = "${p11-kit.bin}/bin/p11-kit"; + }) + + # Allow gtk-doc to find schemas using XML_CATALOG_FILES environment variable. + # Patch taken from gtk-doc expression. + ./respect-xml-catalog-files-var.patch + + # Nix environment hacks should not leak into the apps. + # https://github.com/NixOS/nixpkgs/issues/53441 + ./unset-env-vars.patch + + # Use flatpak from PATH to avoid references to `/nix/store` in `/desktop` files. + # Applications containing `DBusActivatable` entries should be able to find the flatpak binary. + # https://github.com/NixOS/nixpkgs/issues/138956 + ./binary-path.patch + + # The icon validator needs to access the gdk-pixbuf loaders in the Nix store + # and cannot bind FHS paths since those are not available on NixOS. + finalAttrs.passthru.icon-validator-patch + ]; + + nativeBuildInputs = [ + autoreconfHook + libxml2 + docbook_xml_dtd_45 + docbook-xsl-nons + which + gobject-introspection + gtk-doc + intltool + libxslt + pkg-config + xmlto + bison + wrapGAppsNoGuiHook + ]; + + buildInputs = [ + appstream + bubblewrap + bzip2 + curl + dbus + dconf + gpgme + json-glib + libarchive + libcap + libseccomp + xz + zstd + polkit + python3 + systemd + xorg.libXau + fuse3 + gsettings-desktop-schemas + glib-networking + librsvg # for flatpak-validate-icon + ]; + + # Required by flatpak.pc + propagatedBuildInputs = [ + glib + ostree + ]; + + nativeCheckInputs = [ + valgrind + ]; + + # TODO: some issues with temporary files + doCheck = false; + + NIX_LDFLAGS = "-lpthread"; + + enableParallelBuilding = true; + + configureFlags = [ + "--with-curl" + "--with-system-bubblewrap=${bubblewrap}/bin/bwrap" + "--with-system-dbus-proxy=${xdg-dbus-proxy}/bin/xdg-dbus-proxy" + "--with-dbus-config-dir=${placeholder "out"}/share/dbus-1/system.d" + "--localstatedir=/var" + "--enable-gtk-doc" + "--enable-installed-tests" + ]; + + makeFlags = [ + "installed_testdir=${placeholder "installedTests"}/libexec/installed-tests/flatpak" + "installed_test_metadir=${placeholder "installedTests"}/share/installed-tests/flatpak" + ]; + + postPatch = let + vsc-py = python3.withPackages (pp: [ + pp.pyparsing + ]); + in '' + patchShebangs buildutil + patchShebangs tests + PATH=${lib.makeBinPath [vsc-py]}:$PATH patchShebangs --build subprojects/variant-schema-compiler/variant-schema-compiler + ''; + + passthru = { + icon-validator-patch = substituteAll { + src = ./fix-icon-validation.patch; + inherit (builtins) storeDir; + }; + + tests = { + installedTests = nixosTests.installed-tests.flatpak; + + validate-icon = runCommand "test-icon-validation" { } '' + ${finalAttrs.finalPackage}/libexec/flatpak-validate-icon --sandbox 512 512 ${../../../applications/audio/zynaddsubfx/ZynLogo.svg} > "$out" + grep format=svg "$out" + ''; + }; + }; + + meta = with lib; { + description = "Linux application sandboxing and distribution framework"; + homepage = "https://flatpak.org/"; + license = licenses.lgpl21Plus; + maintainers = with maintainers; [ ]; + platforms = platforms.linux; + }; +}) diff --git a/nixpkgs/pkgs/development/libraries/flatpak/fix-icon-validation.patch b/nixpkgs/pkgs/development/libraries/flatpak/fix-icon-validation.patch new file mode 100644 index 000000000000..0e4db2b162f1 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/flatpak/fix-icon-validation.patch @@ -0,0 +1,31 @@ +--- a/icon-validator/validate-icon.c ++++ b/icon-validator/validate-icon.c +@@ -163,7 +163,7 @@ rerun_in_sandbox (const char *arg_width, + const char *arg_height, + const char *filename) + { +- const char * const usrmerged_dirs[] = { "bin", "lib32", "lib64", "lib", "sbin" }; ++ const char * const usrmerged_dirs[] = { }; + int i; + g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free); + char validate_icon[PATH_MAX + 1]; +@@ -183,8 +183,7 @@ rerun_in_sandbox (const char *arg_width, + "--unshare-ipc", + "--unshare-net", + "--unshare-pid", +- "--ro-bind", "/usr", "/usr", +- "--ro-bind-try", "/etc/ld.so.cache", "/etc/ld.so.cache", ++ "--ro-bind", "@storeDir@", "@storeDir@", + "--ro-bind", validate_icon, validate_icon, + NULL); + +@@ -227,6 +226,9 @@ rerun_in_sandbox (const char *arg_width, + add_args (args, "--setenv", "G_MESSAGES_DEBUG", g_getenv ("G_MESSAGES_DEBUG"), NULL); + if (g_getenv ("G_MESSAGES_PREFIXED")) + add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL); ++ if (g_getenv ("GDK_PIXBUF_MODULE_FILE")) ++ add_args (args, "--setenv", "GDK_PIXBUF_MODULE_FILE", g_getenv ("GDK_PIXBUF_MODULE_FILE"), NULL); ++ + + add_args (args, validate_icon, arg_width, arg_height, filename, NULL); + g_ptr_array_add (args, NULL); diff --git a/nixpkgs/pkgs/development/libraries/flatpak/fix-paths.patch b/nixpkgs/pkgs/development/libraries/flatpak/fix-paths.patch new file mode 100644 index 000000000000..67f0d4eba71f --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/flatpak/fix-paths.patch @@ -0,0 +1,22 @@ +diff --git a/session-helper/flatpak-session-helper.c b/session-helper/flatpak-session-helper.c +index 5dd7629e..ddc71a4c 100644 +--- a/session-helper/flatpak-session-helper.c ++++ b/session-helper/flatpak-session-helper.c +@@ -693,7 +693,7 @@ start_p11_kit_server (const char *flatpak_dir) + g_auto(GStrv) stdout_lines = NULL; + int i; + char *p11_argv[] = { +- "p11-kit", "server", ++ "@p11kit@", "server", + /* We explicitly request --sh here, because we then fail on earlier versions that doesn't support + * this flag. This is good, because those earlier versions did not properly daemonize and caused + * the spawn_sync to hang forever, waiting for the pipe to close. +@@ -836,7 +836,7 @@ main (int argc, + exit (1); + } + +- if (g_find_program_in_path ("p11-kit")) ++ if (TRUE) + start_p11_kit_server (flatpak_dir); + else + g_debug ("p11-kit not found"); diff --git a/nixpkgs/pkgs/development/libraries/flatpak/fix-test-paths.patch b/nixpkgs/pkgs/development/libraries/flatpak/fix-test-paths.patch new file mode 100644 index 000000000000..da1475009009 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/flatpak/fix-test-paths.patch @@ -0,0 +1,206 @@ +diff --git a/app/flatpak-builtins-build-export.c b/app/flatpak-builtins-build-export.c +index 3f5d8a1f..79493e61 100644 +--- a/app/flatpak-builtins-build-export.c ++++ b/app/flatpak-builtins-build-export.c +@@ -464,7 +464,7 @@ validate_desktop_file (GFile *desktop_file, + subprocess = g_subprocess_new (G_SUBPROCESS_FLAGS_STDOUT_PIPE | + G_SUBPROCESS_FLAGS_STDERR_PIPE | + G_SUBPROCESS_FLAGS_STDERR_MERGE, +- &local_error, "desktop-file-validate", path, NULL); ++ &local_error, "@dfu@/bin/desktop-file-validate", path, NULL); + if (!subprocess) + { + if (!g_error_matches (local_error, G_SPAWN_ERROR, G_SPAWN_ERROR_NOENT)) +diff --git a/tests/libtest.sh b/tests/libtest.sh +index 36d39ac4..3ad2c7a6 100644 +--- a/tests/libtest.sh ++++ b/tests/libtest.sh +@@ -511,7 +511,7 @@ if [ -z "${FLATPAK_BWRAP:-}" ]; then + # running installed-tests: assume we know what we're doing + _flatpak_bwrap_works=true + elif ! "$FLATPAK_BWRAP" --unshare-ipc --unshare-net --unshare-pid \ +- --ro-bind / / /bin/true > bwrap-result 2>&1; then ++ --ro-bind / / @coreutils@/bin/true > bwrap-result 2>&1; then + _flatpak_bwrap_works=false + else + _flatpak_bwrap_works=true +@@ -591,7 +591,7 @@ dbus-daemon --fork --config-file=session.conf --print-address=3 --print-pid=4 \ + export DBUS_SESSION_BUS_ADDRESS="$(cat dbus-session-bus-address)" + DBUS_SESSION_BUS_PID="$(cat dbus-session-bus-pid)" + +-if ! /bin/kill -0 "$DBUS_SESSION_BUS_PID"; then ++if ! @coreutils@/bin/kill -0 "$DBUS_SESSION_BUS_PID"; then + assert_not_reached "Failed to start dbus-daemon" + fi + +@@ -606,7 +606,7 @@ commit_to_path () { + } + + cleanup () { +- /bin/kill -9 $DBUS_SESSION_BUS_PID ++ @coreutils@/bin/kill -9 $DBUS_SESSION_BUS_PID + gpg-connect-agent --homedir "${FL_GPG_HOMEDIR}" killagent /bye >&2 || true + fusermount -u $XDG_RUNTIME_DIR/doc >&2 || : + kill $(jobs -p) &> /dev/null || true +diff --git a/tests/make-test-app.sh b/tests/make-test-app.sh +index afa11a6b..5b12055f 100755 +--- a/tests/make-test-app.sh ++++ b/tests/make-test-app.sh +@@ -190,13 +190,13 @@ msgid "Hello world" + msgstr "Hallo Welt" + EOF + mkdir -p ${DIR}/files/de/share/de/LC_MESSAGES +-msgfmt --output-file ${DIR}/files/de/share/de/LC_MESSAGES/helloworld.mo de.po ++@gettext@/bin/msgfmt --output-file ${DIR}/files/de/share/de/LC_MESSAGES/helloworld.mo de.po + cat > fr.po <<EOF + msgid "Hello world" + msgstr "Bonjour le monde" + EOF + mkdir -p ${DIR}/files/fr/share/fr/LC_MESSAGES +-msgfmt --output-file ${DIR}/files/fr/share/fr/LC_MESSAGES/helloworld.mo fr.po ++@gettext@/bin/msgfmt --output-file ${DIR}/files/fr/share/fr/LC_MESSAGES/helloworld.mo fr.po + + flatpak build-finish ${DIR} >&2 + mkdir -p repos +diff --git a/tests/make-test-runtime.sh b/tests/make-test-runtime.sh +index 4ba950df..fd50fab3 100755 +--- a/tests/make-test-runtime.sh ++++ b/tests/make-test-runtime.sh +@@ -28,9 +28,10 @@ EOF + + # On Debian derivatives, /usr/sbin and /sbin aren't in ordinary users' + # PATHs, but ldconfig is kept in /sbin +-PATH="$PATH:/usr/sbin:/sbin" ++PATH="$PATH:@socat@/bin:/usr/sbin:/sbin" + + # Add bash and dependencies ++mkdir -p ${DIR}/nix/store + mkdir -p ${DIR}/usr/bin + mkdir -p ${DIR}/usr/lib + ln -s ../lib ${DIR}/usr/lib64 +@@ -40,40 +41,17 @@ if test -f /sbin/ldconfig.real; then + else + cp "$(type -P ldconfig)" "${DIR}/usr/bin" + fi +-LIBS=`mktemp` +-BINS=`mktemp` +- +-add_bin() { +- local f=$1 +- shift +- +- if grep -qFe "${f}" $BINS; then +- # Already handled +- return 0 +- fi +- +- echo $f >> $BINS +- +- # Add library dependencies +- (ldd "${f}" | sed "s/.* => //" | awk '{ print $1}' | grep ^/ | sort -u -o $LIBS $LIBS -) || true +- +- local shebang=$(sed -n '1s/^#!\([^ ]*\).*/\1/p' "${f}") +- if [ x$shebang != x ]; then +- add_bin "$shebang" +- fi +-} +- + for i in $@ bash ls cat echo readlink socat; do +- I=$(type -P "$i") +- add_bin "$I" +-done +-for i in `cat $BINS`; do +- #echo Adding binary $i 1>&2 +- cp "$i" ${DIR}/usr/bin/ +-done +-for i in `cat $LIBS`; do +- #echo Adding library $i 1>&2 +- cp "$i" ${DIR}/usr/lib/ ++ I=$(readlink -f "$(type -P "$i")") ++ [ -e "${DIR}/usr/bin/$i" ] && continue ++ requisites=$(nix-store --query --requisites "$I") ++ for r in $requisites; do ++ # a single store item can be needed by multiple paths, no need to copy it again ++ if [ ! -e "${DIR}/$r" ]; then ++ cp -r "$r" "${DIR}/$r" ++ fi ++ done ++ ln -s "$I" "${DIR}/usr/bin/$i" + done + ln -s bash ${DIR}/usr/bin/sh + +@@ -84,11 +62,13 @@ echo "Hello world, from a runtime$EXTRA" + EOF + chmod a+x ${DIR}/usr/bin/runtime_hello.sh + +-# We copy the C.UTF8 locale and call it en_US. Its a bit of a lie, but +-# the real en_US locale is often not available, because its in the +-# local archive. +-mkdir -p ${DIR}/usr/lib/locale/ +-cp -r /usr/lib/locale/C.* ${DIR}/usr/lib/locale/en_US ++# We do not copy C.UTF8 locale because it is in locale archive and ++# that is already copied with glibc. ++ ++mv "${DIR}/nix/store" "${DIR}/usr/store" # files outside /usr are not permitted, we will have to replace /nix/store with /usr/store ++chmod -R u+w "${DIR}" # nix store has read-only directories which would cause problems during clean-up, files need to be writable for sed ++find "${DIR}" -type f -print0 | xargs -0 sed -i 's~/nix/store/~/usr/store/~g' # replace hardcoded paths ++find "${DIR}" -type l | xargs -I '{}' sh -c 'tg="$(readlink "$1")"; newtg="${tg#/nix/store/}"; if [ "$tg" != "$newtg" ]; then ln -fs "/usr/store/$newtg" "$1"; fi' -- '{}' # replace symlink targets + + if [ x$COLLECTION_ID != x ]; then + collection_args=--collection-id=${COLLECTION_ID} +diff --git a/tests/testlibrary.c b/tests/testlibrary.c +index 831d85c1..ae4f03d0 100644 +--- a/tests/testlibrary.c ++++ b/tests/testlibrary.c +@@ -1601,7 +1601,7 @@ check_bwrap_support (void) + { + gint exit_code = 0; + char *argv[] = { (char *) bwrap, "--unshare-ipc", "--unshare-net", +- "--unshare-pid", "--ro-bind", "/", "/", "/bin/true", NULL }; ++ "--unshare-pid", "--ro-bind", "/", "/", "@coreutils@/bin/true", NULL }; + g_autofree char *argv_str = g_strjoinv (" ", argv); + g_test_message ("Spawning %s", argv_str); + g_spawn_sync (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL, &exit_code, &error); +diff --git a/triggers/desktop-database.trigger b/triggers/desktop-database.trigger +index 1037466d..c4c7ed6d 100755 +--- a/triggers/desktop-database.trigger ++++ b/triggers/desktop-database.trigger +@@ -1,5 +1,5 @@ + #!/bin/sh + +-if command -v update-desktop-database >/dev/null && test -d "$1/exports/share/applications"; then +- exec update-desktop-database -q "$1/exports/share/applications" ++if test -d "$1/exports/share/applications"; then ++ exec @dfu@/bin/update-desktop-database -q "$1/exports/share/applications" + fi +diff --git a/triggers/gtk-icon-cache.trigger b/triggers/gtk-icon-cache.trigger +index d9fc8251..d8ddb96e 100755 +--- a/triggers/gtk-icon-cache.trigger ++++ b/triggers/gtk-icon-cache.trigger +@@ -1,10 +1,10 @@ + #!/bin/sh + +-if command -v gtk-update-icon-cache >/dev/null && test -d "$1/exports/share/icons/hicolor"; then +- cp /usr/share/icons/hicolor/index.theme "$1/exports/share/icons/hicolor/" ++if test -d "$1/exports/share/icons/hicolor"; then ++ @coreutils@/bin/cp -f @hicolorIconTheme@/share/icons/hicolor/index.theme "$1/exports/share/icons/hicolor/" + for dir in "$1"/exports/share/icons/*; do + if test -f "$dir/index.theme"; then +- if ! gtk-update-icon-cache --quiet "$dir"; then +- echo "Failed to run gtk-update-icon-cache for $dir" ++ if ! @gtk3@/bin/gtk-update-icon-cache --quiet "$dir"; then ++ @coreutils@/bin/echo "Failed to run gtk-update-icon-cache for $dir" + exit 1 + fi +diff --git a/triggers/mime-database.trigger b/triggers/mime-database.trigger +index 10ddbbb3..c270998a 100755 +--- a/triggers/mime-database.trigger ++++ b/triggers/mime-database.trigger +@@ -1,5 +1,5 @@ + #!/bin/sh + +-if command -v update-mime-database >/dev/null && test -d "$1/exports/share/mime/packages"; then +- exec update-mime-database "$1/exports/share/mime" ++if test -d "$1/exports/share/mime/packages"; then ++ exec @smi@/bin/update-mime-database "$1/exports/share/mime" + fi diff --git a/nixpkgs/pkgs/development/libraries/flatpak/respect-xml-catalog-files-var.patch b/nixpkgs/pkgs/development/libraries/flatpak/respect-xml-catalog-files-var.patch new file mode 100644 index 000000000000..4cee60be2d07 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/flatpak/respect-xml-catalog-files-var.patch @@ -0,0 +1,15 @@ +diff --git a/acinclude.m4 b/acinclude.m4 +index 92ec3985..b3fccf1d 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -40,8 +40,8 @@ AC_DEFUN([JH_CHECK_XML_CATALOG], + [ + AC_REQUIRE([JH_PATH_XML_CATALOG],[JH_PATH_XML_CATALOG(,[:])])dnl + AC_MSG_CHECKING([for ifelse([$2],,[$1],[$2]) in XML catalog]) +- if $jh_found_xmlcatalog && \ +- AC_RUN_LOG([$XMLCATALOG --noout "$XML_CATALOG_FILE" "$1" >&2]); then ++ # empty argument forces libxml to use XML_CATALOG_FILES variable ++ if AC_RUN_LOG([$XMLCATALOG --noout "" "$1" >&2]); then + AC_MSG_RESULT([found]) + ifelse([$3],,,[$3 + ])dnl diff --git a/nixpkgs/pkgs/development/libraries/flatpak/unset-env-vars.patch b/nixpkgs/pkgs/development/libraries/flatpak/unset-env-vars.patch new file mode 100644 index 000000000000..fec0573ed950 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/flatpak/unset-env-vars.patch @@ -0,0 +1,12 @@ +diff --git a/common/flatpak-run.c b/common/flatpak-run.c +index 8fa8c0e0..e1cdeba0 100644 +--- a/common/flatpak-run.c ++++ b/common/flatpak-run.c +@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = { + {"XKB_CONFIG_ROOT", NULL}, + {"GIO_EXTRA_MODULES", NULL}, + {"GDK_BACKEND", NULL}, ++ {"GDK_PIXBUF_MODULE_FILE", NULL}, + }; + + static const ExportData no_ld_so_cache_exports[] = { |