aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVincent Batts <vbatts@hashbangbash.com>2017-01-23 18:33:31 +0000
committerDavid Spencer <idlemoor@slackbuilds.org>2017-01-24 00:21:55 +0000
commitf27ee67502e103c979c779a327e6b34b5bff4164 (patch)
tree514b687c2a68f7c39c9c159af0b0c9c833fd4463
parentf42700b6d61be01b02e54bc348e639ec946e68c4 (diff)
desktop/flatpak: Added (sandboxing desktop applications).
Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
-rw-r--r--desktop/flatpak/0bea92b.diff67
-rw-r--r--desktop/flatpak/260f3df.diff17
-rw-r--r--desktop/flatpak/README31
-rw-r--r--desktop/flatpak/doinst.sh1
-rw-r--r--desktop/flatpak/flatpak.SlackBuild110
-rw-r--r--desktop/flatpak/flatpak.info10
-rw-r--r--desktop/flatpak/slack-desc19
7 files changed, 255 insertions, 0 deletions
diff --git a/desktop/flatpak/0bea92b.diff b/desktop/flatpak/0bea92b.diff
new file mode 100644
index 0000000000000..05fd011cb2c3b
--- /dev/null
+++ b/desktop/flatpak/0bea92b.diff
@@ -0,0 +1,67 @@
+commit 0bea92bd73c680b47482218c09f7987069d23ad8
+Author: Alexander Larsson <alexl@redhat.com>
+Date: Mon Jan 23 18:24:21 2017 +0100
+
+ dbus-proxy: Make it work if XDG_RUNTIME_DIR not set
+
+ The socket directory then ended up in $HOME which was read-only, so
+ we couldn't create the socket. We solve this by putting the sockets
+ in a subdirectory and always making this directory writable in the
+ proxy.
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index 4fbb033..1774b0c 100644
+--- a/common/flatpak-run.c
++++ b/common/flatpak-run.c
+@@ -2021,9 +2021,13 @@ flatpak_run_add_journal_args (GPtrArray *argv_array)
+ static char *
+ create_proxy_socket (char *template)
+ {
+- g_autofree char *proxy_socket = g_build_filename (g_get_user_runtime_dir (), template, NULL);
++ g_autofree char *proxy_socket_dir = g_build_filename (g_get_user_runtime_dir (), ".dbus-proxy", NULL);
++ g_autofree char *proxy_socket = g_build_filename (proxy_socket_dir, template, NULL);
+ int fd;
+
++ if (!glnx_shutil_mkdir_p_at (AT_FDCWD, proxy_socket_dir, 0755, NULL, NULL))
++ return NULL;
++
+ fd = g_mkstemp (proxy_socket);
+ if (fd == -1)
+ return NULL;
+@@ -2061,7 +2065,7 @@ flatpak_run_add_system_dbus_args (FlatpakContext *context,
+ else if (dbus_proxy_argv &&
+ g_hash_table_size (context->system_bus_policy) > 0)
+ {
+- g_autofree char *proxy_socket = create_proxy_socket (".system-bus-proxy-XXXXXX");
++ g_autofree char *proxy_socket = create_proxy_socket ("system-bus-proxy-XXXXXX");
+
+ if (proxy_socket == NULL)
+ return FALSE;
+@@ -2112,7 +2116,7 @@ flatpak_run_add_session_dbus_args (GPtrArray *argv_array,
+ }
+ else if (dbus_proxy_argv && dbus_address != NULL)
+ {
+- g_autofree char *proxy_socket = create_proxy_socket (".session-bus-proxy-XXXXXX");
++ g_autofree char *proxy_socket = create_proxy_socket ("session-bus-proxy-XXXXXX");
+
+ if (proxy_socket == NULL)
+ return FALSE;
+@@ -3393,6 +3397,7 @@ prepend_bwrap_argv_wrapper (GPtrArray *argv,
+ gsize bwrap_args_len;
+ glnx_fd_close int bwrap_args_fd = -1;
+ g_autofree char *bwrap_args_data = NULL;
++ g_autofree char *proxy_socket_dir = g_build_filename (g_get_user_runtime_dir (), ".dbus-proxy/", NULL);
+
+ if (!glnx_dirfd_iterator_init_at (AT_FDCWD, "/", FALSE, &dir_iter, error))
+ return FALSE;
+@@ -3438,6 +3443,10 @@ prepend_bwrap_argv_wrapper (GPtrArray *argv,
+ }
+ }
+
++ g_ptr_array_add (bwrap_args, g_strdup ("--bind"));
++ g_ptr_array_add (bwrap_args, g_strdup (proxy_socket_dir));
++ g_ptr_array_add (bwrap_args, g_strdup (proxy_socket_dir));
++
+ g_ptr_array_add (bwrap_args, g_strdup ("--ro-bind-data"));
+ g_ptr_array_add (bwrap_args, g_strdup_printf ("%d", app_info_fd));
+ g_ptr_array_add (bwrap_args, g_strdup ("/.flatpak-info"));
diff --git a/desktop/flatpak/260f3df.diff b/desktop/flatpak/260f3df.diff
new file mode 100644
index 0000000000000..d0231eda679a8
--- /dev/null
+++ b/desktop/flatpak/260f3df.diff
@@ -0,0 +1,17 @@
+commit 260f3df91cf3f4c271d3a66f0a3c8db1086e63c2
+Author: Alexander Larsson <alexl@redhat.com>
+Date: Mon Jan 23 16:28:48 2017 +0100
+
+ system-helper: Add User=root to service file
+
+ This is needed for systemd-less activation on the system bus.
+
+diff --git a/system-helper/org.freedesktop.Flatpak.SystemHelper.service.in b/system-helper/org.freedesktop.Flatpak.SystemHelper.service.in
+index ed166ee..a6c7715 100644
+--- a/system-helper/org.freedesktop.Flatpak.SystemHelper.service.in
++++ b/system-helper/org.freedesktop.Flatpak.SystemHelper.service.in
+@@ -2,3 +2,4 @@
+ Name=org.freedesktop.Flatpak.SystemHelper
+ Exec=@libexecdir@/flatpak-system-helper@extraargs@
+ SystemdService=flatpak-system-helper.service
++User=root
diff --git a/desktop/flatpak/README b/desktop/flatpak/README
new file mode 100644
index 0000000000000..38ed8cb413df6
--- /dev/null
+++ b/desktop/flatpak/README
@@ -0,0 +1,31 @@
+Flatpak
+
+Flatpak is the new framework for desktop applications on Linux
+
+Distributing applications on Linux is a pain: different distributions in
+multiple versions, each with their own versions of libraries and packaging
+formats. Flatpak is here to change all that. It allows the same app to be
+installed on different Linux distributions, including different versions. And
+it has been designed from the ground up with security in mind, so that apps
+are isolated from each other and from the host system.
+
+Some of the examples from http://flatpak.org/#users are relying on polkit
+helpers, that expect a user in the 'wheel' group to have privileges for, but
+default polkit admin rule for slackware is just the root user.
+So, if you run a command like:
+```
+flatpak remote-add --from gnome https://sdk.gnome.org/gnome.flatpakrepo
+flatpak remote-add --from gnome-apps https://sdk.gnome.org/gnome-apps.flatpakrepo
+```
+as a limited user, you will get a polkit prompt for root's password. This is
+because the default location for establishing these repos is in
+`/var/lib/flatpak` and requires admin privileges.
+
+You can optionally add the flag `--user` to flatpak commands, and it will
+instead manage the repos in `~/.local/share/flatpak`.
+
+There are examples of flatpak runtimes and applications on their wiki:
+https://github.com/flatpak/flatpak/wiki/Examples
+
+The to have desktop launchers search by desktops like KDE and XFCE, it will
+require a logout, as /etc/profile.d/flatpak.sh will need to be sourced.
diff --git a/desktop/flatpak/doinst.sh b/desktop/flatpak/doinst.sh
new file mode 100644
index 0000000000000..58b1450fef75f
--- /dev/null
+++ b/desktop/flatpak/doinst.sh
@@ -0,0 +1 @@
+flatpak remote-list --system &> /dev/null || :
diff --git a/desktop/flatpak/flatpak.SlackBuild b/desktop/flatpak/flatpak.SlackBuild
new file mode 100644
index 0000000000000..05d0f7749e5a4
--- /dev/null
+++ b/desktop/flatpak/flatpak.SlackBuild
@@ -0,0 +1,110 @@
+#!/bin/sh
+
+# Slackware build script for flatpak
+
+# Copyright 2017 Vincent Batts <vbatts@hashbangbash.com>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=flatpak
+VERSION=${VERSION:-0.8.1}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i586 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.xz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+ -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+patch -p1 -b < $CWD/260f3df.diff # fixes the polkit hand-off (will be included in 0.8.2 or 0.9.x)
+patch -p1 -b < $CWD/0bea92b.diff # fixes permissions in ~/.cache sandbox (will be included in 0.8.2 or 0.9.x)
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/$PRGNAM-$VERSION \
+ --build=$ARCH-slackware-linux \
+ --with-system-bubblewrap
+
+make
+make install DESTDIR=$PKG
+
+chmod +x $PKG/etc/profile.d/flatpak.sh
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a \
+ README.md COPYING INSTALL NEWS ABOUT-NLS \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.SBo
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/desktop/flatpak/flatpak.info b/desktop/flatpak/flatpak.info
new file mode 100644
index 0000000000000..62568c174e4ad
--- /dev/null
+++ b/desktop/flatpak/flatpak.info
@@ -0,0 +1,10 @@
+PRGNAM="flatpak"
+VERSION="0.8.1"
+HOMEPAGE="http://flatpak.org/"
+DOWNLOAD="https://github.com/flatpak/flatpak/releases/download/0.8.1/flatpak-0.8.1.tar.xz"
+MD5SUM="36d756a3cfc0d93fe5804d3cea5eab3b"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES="bubblewrap ostree json-glib libseccomp"
+MAINTAINER="Vincent Batts"
+EMAIL="vbatts@hashbangbash.com"
diff --git a/desktop/flatpak/slack-desc b/desktop/flatpak/slack-desc
new file mode 100644
index 0000000000000..f247a3b33d870
--- /dev/null
+++ b/desktop/flatpak/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+flatpak: flatpak (sandboxing desktop applications)
+flatpak:
+flatpak: flatpak is tools and an API for building, distributing and running
+flatpak: desktop applications in unprivileged sandboxes.
+flatpak:
+flatpak:
+flatpak:
+flatpak:
+flatpak:
+flatpak:
+flatpak: