-
-
Notifications
You must be signed in to change notification settings - Fork 389
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Convert libglnx into a git subtree
#5800
base: main
Are you sure you want to change the base?
Conversation
Still has a bug, and needs a lookup function
These are all the same anyway
This way you can add typedefs inline with the idl, like so: typedef Foo { bar: 'Bar { x: int32; }; bar_again: Bar; }
This is not ideal, as we still don't quite separate function prefixes and type prefixes for generated types, but at least we're not crowding the global namespace.
We weren't passing the right path argument here. This bug would've been quickly noticed if the function were actually used but I still did at least a global GitHub search which didn't return any users.
glnx-xattrs: Fix invalid argument to lsetxattr() See merge request GNOME/libglnx!52
These will be new API in GLib 2.79.2. The only code change in the implementation, other than the _glnx wrappers, was to use `close()` instead of `g_close (fd, NULL)` in a context where it must be async-signal safe. The test-case needed some more adjustments to be backwards-compatible with GLib from the distant past. Signed-off-by: Simon McVittie <[email protected]>
backports: Add a backport of g_closefrom(), g_fdwalk_set_cloexec() See merge request GNOME/libglnx!53
Signed-off-by: Simon McVittie <[email protected]>
Taken from systemd, but replacing assert_cc with G_STATIC_ASSERT. Signed-off-by: Simon McVittie <[email protected]>
This is not the same as systemd's, because systemd's disagrees with glibc on the signedness of the arguments (systemd/systemd#31270). Signed-off-by: Simon McVittie <[email protected]>
Signed-off-by: Simon McVittie <[email protected]>
Signed-off-by: Simon McVittie <[email protected]>
Fixes for g_closefrom() backport See merge request GNOME/libglnx!54
To be able to use this technique, someone with admin powers on this repository will have to enable the "Allow merge commits — Add all commits from the head branch to the base branch with a merge commit" option. Rebasing or squashing subtree commits is undesired because it would cause the history that we merge from https://gitlab.steamos.cloud/steamrt/steam-runtime-tools is an example of a public project where I am already using the |
smcv#1 is what the equivalent of #5799 would look like if we switched to using a subtree. I think it's a much more useful representation of the change. If we go this route, we should follow it up by also converting |
Using a subtree is very new to me and I don't see it often. That said the reasoning is compelling and this looks pretty good.
Done. |
This repo crashes git-cola. It's not a tool I use often but I happened to have around; Not a blocker or anything but worth mentioning. |
This will allow it to be re-added as a `git subtree`, which stores commit history inline in the flatpak git repository. Signed-off-by: Simon McVittie <[email protected]>
…39841d1210b' This makes the flatpak project more self-contained, and would have avoided the problems we encountered with unintended changes in the 1.14.7 release. See <https://diziet.dreamwidth.org/14666.html> for an opinionated description of some of the problems with submodules. If we can eliminate submodules altogether, then it will become possible to build Flatpak from a simple `git clone` or `git archive`, or from the source tarballs auto-generated by Github (which are equivalent to a `git archive`), without needing an extra step to populate the submodules. As well as reducing the support burden from users periodically complaining that our source releases are incomplete, this is a useful "nothing up my sleeve" mechanism to make it easy to verify that our source releases do not contain malicious changes hidden in vendored or generated files, like the one that made CVE-2024-3094 possible. Added with: git remote add --no-tags libglnx https://gitlab.gnome.org/GNOME/libglnx.git git fetch libglnx git subtree add -P subprojects/libglnx 202b294 git commit --amend -s To compare with upstream: git remote add --no-tags libglnx https://gitlab.gnome.org/GNOME/libglnx.git git fetch libglnx git diff HEAD:subprojects/libglnx libglnx/master After checking the diff, updates can be merged into this project with: git subtree merge -P subprojects/libglnx libglnx/master git commit --amend -s The commit merged here is the same one that was previously a submodule. A subsequent commit will update it to the latest version of libglnx, demonstrating how to review such updates. git-subtree-dir: subprojects/libglnx git-subtree-mainline: 7df25d6 git-subtree-split: 202b294 Signed-off-by: Simon McVittie <[email protected]>
Same reasoning as for libglnx. Signed-off-by: Simon McVittie <[email protected]>
…f73c8ac240d215479b950f91b1f' The workflow is the same as for libglnx. git-subtree-dir: subprojects/variant-schema-compiler git-subtree-mainline: 96a8e55 git-subtree-split: cfc356c Signed-off-by: Simon McVittie <[email protected]>
When combined with using `git subtree` for our mandatory vendored dependencies, this avoids differences between what we ship in our git repository (available to users via `git clone` or by unpacking the result of `git archive`), and what's in our official source code releases (which are the result of `meson dist`). Differences between those artifacts would provide an attractive place for attackers to hide malware, for example in CVE-2024-3094, so avoiding differences is a good "nothing up my sleeve" mechanism to make it less appealing for attackers to target Flatpak. With default Meson settings, the wrap files will be used automatically to download our suggested versions of these dependencies, unless the `-Dsystem_bubblewrap=...`, `-Dsystem_dbus_proxy=...` Meson options are used. In environments where automatic downloads are disabled via `-Dwrap_mode=nodownload`, for example many Linux distributions, specifying a system copy becomes mandatory. Signed-off-by: Simon McVittie <[email protected]>
For what it's worth, git-cola 3.12.0-2 (Debian stable) seems OK when browsing steam-runtime-tools. I'd suggest reporting a git-cola bug if an apparently valid repo can crash newer versions. |
I've updated the branch with those changes. What do maintainers think? I'd particularly appreciate opinions from @alexlarsson, @GeorgesStavracas, @mwleeds or anyone else who might make me less of a single point of failure for our release procedure. |
Signed-off-by: Simon McVittie <[email protected]>
If we're happy with bubblewrap and xdg-dbus-proxy being somewhat mature, we could also consider making the defaults for (It's not trivial to use Meson wraps as a fallback here, like it would be if they were libraries, because bubblewrap and xdg-dbus-proxy don't have |
👍 wrap files are fine for this.
I would expect every mainstream distro to already use a system version honestly. I think its a reasonable default. I might nitpick the option's name at that point since its unclear to use an empty value. |
For the distro itself, yes, I would expect this: if you're regularly updating Flatpak in a rolling release (Debian unstable, Fedora rawhide, Arch, ...) then you can also update bubblewrap and xdg-dbus-proxy when required, and if you're holding back bubblewrap updates for a slow-moving release (Debian stable, Ubuntu LTS, RHEL, ...) then you also shouldn't be updating Flatpak, beyond taking stable/security releases which don't normally bump the dependency. The reason why we want to give the option to use a vendored copy is for people who are running a slow-moving platform, but want to build a newer Flatpak on that platform - Flatpak developers themselves, or users who want to run newer Flatpak apps on their older OS (via https://launchpad.net/~flatpak/+archive/ubuntu/stable or a similar backport). I would personally be OK with that requiring a couple of extra options to opt-in to using a vendored copy.
I'm having a hard time thinking of a better representation for the three things we want to allow (system bubblewrap with its normal name |
Remove libglnx submodule
This will allow it to be re-added as a
git subtree
, which storescommit history inline in the flatpak git repository.
Add 'subprojects/libglnx/' from commit '202b294e6079e23242e65e0426f8639841d1210b'
This makes the flatpak project more self-contained, and would have
avoided the problems we encountered with unintended changes in the
1.14.7 release. See https://diziet.dreamwidth.org/14666.html for an
opinionated description of some of the problems with submodules.
If we can eliminate submodules altogether, then it will become possible
to build Flatpak from a simple
git clone
orgit archive
, or from thesource tarballs auto-generated by Github (which are equivalent to a
git archive
), without needing an extra step to populate the submodules. Aswell as reducing the support burden from users periodically complaining
that our source releases are incomplete, this is a useful "nothing up
my sleeve" mechanism to make it easy to verify that our source releases
do not contain malicious changes hidden in vendored or generated files,
like the one that made CVE-2024-3094 possible.
Added with:
To compare with upstream:
After checking the diff, updates can be merged into this project with:
The commit merged here is the same one that was previously a submodule.
A subsequent commit will update it to the latest version of libglnx,
demonstrating how to review such updates.
git-subtree-dir: subprojects/libglnx
git-subtree-mainline: 7df25d6
git-subtree-split: 202b294
Remove variant-schema-compiler submodule
Same reasoning as for libglnx.
Add 'subprojects/variant-schema-compiler/' from commit 'cfc356c38edfcf73c8ac240d215479b950f91b1f'
The workflow is the same as for libglnx.
git-subtree-dir: subprojects/variant-schema-compiler
git-subtree-mainline: 96a8e55
git-subtree-split: cfc356c
Use Meson wrap files for bubblewrap and xdg-dbus-proxy
When combined with using
git subtree
for our mandatory vendoreddependencies, this avoids differences between what we ship in our git
repository (available to users via
git clone
or by unpacking theresult of
git archive
), and what's in our official source codereleases (which are the result of
meson dist
).Differences between those artifacts would provide an attractive place
for attackers to hide malware, for example in CVE-2024-3094, so
avoiding differences is a good "nothing up my sleeve" mechanism to
make it less appealing for attackers to target Flatpak.
With default Meson settings, the wrap files will be used automatically
to download our suggested versions of these dependencies, unless
the
-Dsystem_bubblewrap=...
,-Dsystem_dbus_proxy=...
Meson optionsare used. In environments where automatic downloads are disabled via
-Dwrap_mode=nodownload
, for example many Linux distributions,specifying a system copy becomes mandatory.
subprojects: Add a README explaining how to manage subprojects