diff mbox series

[bug#70417] Gnu: update flatpak to 1.45.5.

Message ID 20240416133838.9966-1-dziltener@lyrion.ch
State New
Headers show
Series [bug#70417] Gnu: update flatpak to 1.45.5. | expand

Commit Message

vasilii.smirnov--- via Guix-patches" via April 16, 2024, 1:38 p.m. UTC 
From: Daniel Ziltener <dziltener@lyrion.ch>

---
 gnu/packages/package-management.scm           | 56 ++++++++++++-------
 ...flatpak-unset-gdk-pixbuf-for-sandbox.patch |  4 +-
 2 files changed, 38 insertions(+), 22 deletions(-)

Comments

Nicolas Graves April 16, 2024, 2:17 p.m. UTC | #1 
Hi!

I've noticed you sent two distinct issues for the same patch, could you
close the one that is not relevant? Thanks!
Zheng Junjie April 24, 2024, 2:30 a.m. UTC | #2 
dziltener--- via Guix-patches via <guix-patches@gnu.org> writes:

> From: Daniel Ziltener <dziltener@lyrion.ch>
>
> ---
>  gnu/packages/package-management.scm           | 56 ++++++++++++-------
>  ...flatpak-unset-gdk-pixbuf-for-sandbox.patch |  4 +-
>  2 files changed, 38 insertions(+), 22 deletions(-)
>
> diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
> index 247807c394..8f8cbbdf3e 100644
> --- a/gnu/packages/package-management.scm
> +++ b/gnu/packages/package-management.scm
> @@ -2022,55 +2022,64 @@ (define-public libostree
>  (define-public flatpak
>    (package
>      (name "flatpak")
> -    (version "1.14.4")
> +    (version "1.14.5")
>      (source
>       (origin
>         (method url-fetch)
> -       (uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
> -                           version "/flatpak-" version ".tar.xz"))
> +       (uri
> +        (string-append "https://github.com/flatpak/flatpak/releases/download/"
> +                       version "/flatpak-" version ".tar.xz"))
>         (sha256
> -        (base32 "16b7f7n2mms6zgm0lj3fn86ny11xjn8cd3mrk1slwhvwnv8dnd4a"))
> +        (base32
> +         "1b7z4wzh2zgphcal95vj4x7wbr9s89p2a4c0l0g4w4xcwx6ccw2v"))
>         (patches
>          (search-patches "flatpak-fix-path.patch"
>                          "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
> -
>      ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
>      ;; find the TLS backend in glib-networking.
>      (build-system glib-or-gtk-build-system)
> -
>      (arguments
>       (list
>        #:configure-flags
>        #~(list
> +         "--with-curl"
>           "--enable-documentation=no" ;; FIXME
>           "--enable-system-helper=no"
> -         "--localstatedir=/var"
>           (string-append "--with-system-bubblewrap="
>                          (assoc-ref %build-inputs "bubblewrap")
>                          "/bin/bwrap")
>           (string-append "--with-system-dbus-proxy="
>                          (assoc-ref %build-inputs "xdg-dbus-proxy")
> -                        "/bin/xdg-dbus-proxy"))
> +                        "/bin/xdg-dbus-proxy")
> +         "--localstatedir=/var")
>        #:phases
>        #~(modify-phases %standard-phases
>            (add-after 'unpack 'fix-tests
> -            (lambda* (#:key inputs #:allow-other-keys)
> +            (lambda*
> +                (#:key inputs #:allow-other-keys)
>                (copy-recursively
>                 (search-input-directory inputs "lib/locale")
>                 "/tmp/locale")
> -              (for-each make-file-writable (find-files "/tmp"))
> +              (for-each make-file-writable
> +                        (find-files "/tmp"))
>                (substitute* "tests/make-test-runtime.sh"
> -                (("cp `which.*") "echo guix\n")
> +                (("cp `which.*")
> +                 "echo guix\n")
>                  (("cp -r /usr/lib/locale/C\\.\\*")
>                   (string-append "mkdir ${DIR}/usr/lib/locale/en_US; \
>  cp -r /tmp/locale/*/en_US.*")))
>                (substitute* "tests/libtest.sh"
> -                (("/bin/kill") (which "kill"))
> -                (("/usr/bin/python3") (which "python3")))
> +                (("/bin/kill")
> +                 (which "kill"))
> +                (("/usr/bin/python3")
> +                 (which "python3")))
>                #t))
>            (add-after 'unpack 'p11-kit-fix
> -            (lambda* (#:key inputs #:allow-other-keys)
> -              (let ((p11-path (search-input-file inputs "/bin/p11-kit")))
> +            (lambda*
> +                (#:key inputs #:allow-other-keys)
> +              (let
> +                  ((p11-path
> +                    (search-input-file inputs "/bin/p11-kit")))
>                  (substitute* "session-helper/flatpak-session-helper.c"
>                    (("\"p11-kit\",")
>                     (string-append "\"" p11-path "\","))
> @@ -2080,7 +2089,8 @@ (define-public flatpak
>            ;; Many tests fail for unknown reasons, so we just run a few basic
>            ;; tests.
>            (replace 'check
> -            (lambda* (#:key tests? #:allow-other-keys)
> +            (lambda*
> +                (#:key tests? #:allow-other-keys)
>                (when tests?
>                  (setenv "HOME" "/tmp")
>                  (invoke "make" "check"
> @@ -2088,9 +2098,9 @@ (define-public flatpak
>                          testcommon")))))))
>      (native-inputs
>       (list bison
> -           dbus ; for dbus-daemon
> +           dbus                         ; for dbus-daemon
>             gettext-minimal
> -           `(,glib "bin") ; for glib-mkenums + gdbus-codegen
> +           `(,glib "bin")               ; for glib-mkenums + gdbus-codegen
>             (libc-utf8-locales-for-target)
>             gobject-introspection
>             libcap
> @@ -2105,20 +2115,24 @@ (define-public flatpak
>             bubblewrap
>             curl
>             dconf
> -           fuse-2
> +           fuse
>             gdk-pixbuf
>             gpgme
>             json-glib
>             libarchive
> +           libcap
>             libostree
>             libseccomp
>             libsoup-minimal-2
>             libxau
>             libxml2
>             p11-kit
> +           polkit
>             util-linux
> -           xdg-dbus-proxy))
> -    (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
> +           xdg-dbus-proxy
> +           zstd))
> +    (propagated-inputs
> +     (list glib-networking gnupg gsettings-desktop-schemas))
>      (home-page "https://flatpak.org")
>      (synopsis "System for building, distributing, and running sandboxed desktop
>  applications")
> diff --git a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
> index bf9c487ba8..7773b11f7e 100644
> --- a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
> +++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
> @@ -9,11 +9,13 @@ of host system.
>  
>  --- a/common/flatpak-run.c
>  +++ b/common/flatpak-run.c
> -@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = {
> +@@ -1900,8 +1900,9 @@ static const ExportData default_exports[] = {
>     {"XKB_CONFIG_ROOT", NULL},
>     {"GIO_EXTRA_MODULES", NULL},
>     {"GDK_BACKEND", NULL},
>  +  {"GDK_PIXBUF_MODULE_FILE", NULL},
> +   {"VK_DRIVER_FILES", NULL},
> +   {"VK_ICD_FILENAMES", NULL},
>   };
>   
>   static const ExportData no_ld_so_cache_exports[] = {
hello!, i adjust you patch to remove unneed code style adjust, and update to 1.14.6.

fix CVE-2024-32462, see https://nvd.nist.gov/vuln/detail/CVE-2024-32462

push at https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d115af1bcc48f07a40dafd94d1d00926d446d068
diff mbox series

Patch

diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 247807c394..8f8cbbdf3e 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -2022,55 +2022,64 @@  (define-public libostree
 (define-public flatpak
   (package
     (name "flatpak")
-    (version "1.14.4")
+    (version "1.14.5")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
-                           version "/flatpak-" version ".tar.xz"))
+       (uri
+        (string-append "https://github.com/flatpak/flatpak/releases/download/"
+                       version "/flatpak-" version ".tar.xz"))
        (sha256
-        (base32 "16b7f7n2mms6zgm0lj3fn86ny11xjn8cd3mrk1slwhvwnv8dnd4a"))
+        (base32
+         "1b7z4wzh2zgphcal95vj4x7wbr9s89p2a4c0l0g4w4xcwx6ccw2v"))
        (patches
         (search-patches "flatpak-fix-path.patch"
                         "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
-
     ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
     ;; find the TLS backend in glib-networking.
     (build-system glib-or-gtk-build-system)
-
     (arguments
      (list
       #:configure-flags
       #~(list
+         "--with-curl"
          "--enable-documentation=no" ;; FIXME
          "--enable-system-helper=no"
-         "--localstatedir=/var"
          (string-append "--with-system-bubblewrap="
                         (assoc-ref %build-inputs "bubblewrap")
                         "/bin/bwrap")
          (string-append "--with-system-dbus-proxy="
                         (assoc-ref %build-inputs "xdg-dbus-proxy")
-                        "/bin/xdg-dbus-proxy"))
+                        "/bin/xdg-dbus-proxy")
+         "--localstatedir=/var")
       #:phases
       #~(modify-phases %standard-phases
           (add-after 'unpack 'fix-tests
-            (lambda* (#:key inputs #:allow-other-keys)
+            (lambda*
+                (#:key inputs #:allow-other-keys)
               (copy-recursively
                (search-input-directory inputs "lib/locale")
                "/tmp/locale")
-              (for-each make-file-writable (find-files "/tmp"))
+              (for-each make-file-writable
+                        (find-files "/tmp"))
               (substitute* "tests/make-test-runtime.sh"
-                (("cp `which.*") "echo guix\n")
+                (("cp `which.*")
+                 "echo guix\n")
                 (("cp -r /usr/lib/locale/C\\.\\*")
                  (string-append "mkdir ${DIR}/usr/lib/locale/en_US; \
 cp -r /tmp/locale/*/en_US.*")))
               (substitute* "tests/libtest.sh"
-                (("/bin/kill") (which "kill"))
-                (("/usr/bin/python3") (which "python3")))
+                (("/bin/kill")
+                 (which "kill"))
+                (("/usr/bin/python3")
+                 (which "python3")))
               #t))
           (add-after 'unpack 'p11-kit-fix
-            (lambda* (#:key inputs #:allow-other-keys)
-              (let ((p11-path (search-input-file inputs "/bin/p11-kit")))
+            (lambda*
+                (#:key inputs #:allow-other-keys)
+              (let
+                  ((p11-path
+                    (search-input-file inputs "/bin/p11-kit")))
                 (substitute* "session-helper/flatpak-session-helper.c"
                   (("\"p11-kit\",")
                    (string-append "\"" p11-path "\","))
@@ -2080,7 +2089,8 @@  (define-public flatpak
           ;; Many tests fail for unknown reasons, so we just run a few basic
           ;; tests.
           (replace 'check
-            (lambda* (#:key tests? #:allow-other-keys)
+            (lambda*
+                (#:key tests? #:allow-other-keys)
               (when tests?
                 (setenv "HOME" "/tmp")
                 (invoke "make" "check"
@@ -2088,9 +2098,9 @@  (define-public flatpak
                         testcommon")))))))
     (native-inputs
      (list bison
-           dbus ; for dbus-daemon
+           dbus                         ; for dbus-daemon
            gettext-minimal
-           `(,glib "bin") ; for glib-mkenums + gdbus-codegen
+           `(,glib "bin")               ; for glib-mkenums + gdbus-codegen
            (libc-utf8-locales-for-target)
            gobject-introspection
            libcap
@@ -2105,20 +2115,24 @@  (define-public flatpak
            bubblewrap
            curl
            dconf
-           fuse-2
+           fuse
            gdk-pixbuf
            gpgme
            json-glib
            libarchive
+           libcap
            libostree
            libseccomp
            libsoup-minimal-2
            libxau
            libxml2
            p11-kit
+           polkit
            util-linux
-           xdg-dbus-proxy))
-    (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
+           xdg-dbus-proxy
+           zstd))
+    (propagated-inputs
+     (list glib-networking gnupg gsettings-desktop-schemas))
     (home-page "https://flatpak.org")
     (synopsis "System for building, distributing, and running sandboxed desktop
 applications")
diff --git a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
index bf9c487ba8..7773b11f7e 100644
--- a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
+++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
@@ -9,11 +9,13 @@  of host system.
 
 --- a/common/flatpak-run.c
 +++ b/common/flatpak-run.c
-@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = {
+@@ -1900,8 +1900,9 @@ static const ExportData default_exports[] = {
    {"XKB_CONFIG_ROOT", NULL},
    {"GIO_EXTRA_MODULES", NULL},
    {"GDK_BACKEND", NULL},
 +  {"GDK_PIXBUF_MODULE_FILE", NULL},
+   {"VK_DRIVER_FILES", NULL},
+   {"VK_ICD_FILENAMES", NULL},
  };
  
  static const ExportData no_ld_so_cache_exports[] = {