From 3f5235e925ba6555cd9c639684660356867c952f Mon Sep 17 00:00:00 2001 From: "Owen W. Taylor" Date: Fri, 30 Nov 2018 16:11:06 -0500 Subject: [PATCH 1/3] flatpak_cache_http_uri: save downloaded files with permission 0644 Previously, downloaded files were being saved with 0600 permissions, which prevented OCI icons downloaded by the system helper at appstream creation time from being read by users. Closes: #2362 Approved by: matthiasclasen --- common/flatpak-utils-http.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/flatpak-utils-http.c b/common/flatpak-utils-http.c index 53074162..997c9db8 100644 --- a/common/flatpak-utils-http.c +++ b/common/flatpak-utils-http.c @@ -645,6 +645,9 @@ sync_and_rename_tmpfile (GLnxTmpfile *tmpfile, if (fdatasync (tmpfile->fd) != 0) return glnx_throw_errno_prefix (error, "fdatasync"); + if (fchmod (tmpfile->fd, 0644) != 0) + return glnx_throw_errno_prefix (error, "fchmod"); + if (!glnx_link_tmpfile_at (tmpfile, GLNX_LINK_TMPFILE_REPLACE, tmpfile->src_dfd, dest_name, error)) -- 2.19.2 From 3263827dbbd4d84919899e91ca066d2d3cf338bc Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Fri, 30 Nov 2018 10:30:20 +0100 Subject: [PATCH 2/3] OCI: Use system helper to generate summary for OCI remotes The OCI support relies on downloading a json index and converting it to a ostree-style summary, which we the use in all sorts of operations in the client code. Currently this happens in the user code, which means that it will fail (due to permissions) in the system installation case. We could do the conversion as the user, but when eventually installing something the system-helper will anyway do this download and conversion, so that would only double the work and risk things going out of sync. Also, the OCI index is not gpg signed, so we can't realy on downloads done as the user. So, the solution done here is to add a GenerateOciSummary system-helper call which we use instead of directly generating the oci summary. This fixes https://github.com/flatpak/flatpak/issues/2350 Closes: #2363 Approved by: matthiasclasen --- common/flatpak-dir-private.h | 5 ++ common/flatpak-dir.c | 94 +++++++++++++++++++-------- data/org.freedesktop.Flatpak.xml | 5 ++ system-helper/flatpak-system-helper.c | 52 ++++++++++++++- 4 files changed, 129 insertions(+), 27 deletions(-) diff --git a/common/flatpak-dir-private.h b/common/flatpak-dir-private.h index 64a72758..f6126056 100644 --- a/common/flatpak-dir-private.h +++ b/common/flatpak-dir-private.h @@ -718,6 +718,11 @@ FlatpakRemoteState * flatpak_dir_get_remote_state_for_summary (FlatpakDir *sel GBytes *opt_summary_sig, GCancellable *cancellable, GError **error); +gboolean flatpak_dir_remote_make_oci_summary (FlatpakDir *self, + const char *remote, + GBytes **out_summary, + GCancellable *cancellable, + GError **error); FlatpakRemoteState * flatpak_dir_get_remote_state_optional (FlatpakDir *self, const char *remote, GCancellable *cancellable, diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 828945ca..7853b74a 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -1385,6 +1385,22 @@ flatpak_dir_system_helper_call_update_summary (FlatpakDir *self, return ret != NULL; } +static gboolean +flatpak_dir_system_helper_call_generate_oci_summary (FlatpakDir *self, + const gchar *arg_origin, + const gchar *arg_installation, + GCancellable *cancellable, + GError **error) +{ + g_autoptr(GVariant) ret = + flatpak_dir_system_helper_call (self, "GenerateOciSummary", + g_variant_new ("(ss)", + arg_origin, + arg_installation), + cancellable, error); + return ret != NULL; +} + static OstreeRepo * system_ostree_repo_new (GFile *repodir) { @@ -9088,7 +9104,7 @@ flatpak_dir_cache_summary (FlatpakDir *self, G_UNLOCK (cache); } -static gboolean +gboolean flatpak_dir_remote_make_oci_summary (FlatpakDir *self, const char *remote, GBytes **out_summary, @@ -9103,42 +9119,68 @@ flatpak_dir_remote_make_oci_summary (FlatpakDir *self, g_autoptr(GError) local_error = NULL; g_autoptr(GMappedFile) mfile = NULL; g_autoptr(GBytes) cache_bytes = NULL; + g_autoptr(GBytes) summary_bytes = NULL; - self_name = flatpak_dir_get_name (self); - - index_cache = flatpak_dir_update_oci_index (self, remote, &index_uri, cancellable, error); - if (index_cache == NULL) - return FALSE; + if (flatpak_dir_use_system_helper (self, NULL)) + { + const char *installation = flatpak_dir_get_id (self); - summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error); - if (summary_cache == NULL) - return FALSE; + if (!flatpak_dir_system_helper_call_generate_oci_summary (self, remote, + installation ? installation : "", + cancellable, error)) + return FALSE; - if (check_destination_mtime (index_cache, summary_cache, cancellable)) + summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error); + if (summary_cache == NULL) + return FALSE; + } + else { - mfile = g_mapped_file_new (flatpak_file_get_path_cached (summary_cache), FALSE, NULL); - if (mfile) + self_name = flatpak_dir_get_name (self); + + index_cache = flatpak_dir_update_oci_index (self, remote, &index_uri, cancellable, error); + if (index_cache == NULL) + return FALSE; + + summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error); + if (summary_cache == NULL) + return FALSE; + + if (!check_destination_mtime (index_cache, summary_cache, cancellable)) { - cache_bytes = g_mapped_file_get_bytes (mfile); - *out_summary = g_steal_pointer (&cache_bytes); + summary = flatpak_oci_index_make_summary (index_cache, index_uri, cancellable, &local_error); + if (summary == NULL) + { + g_propagate_error (error, g_steal_pointer (&local_error)); + return FALSE; + } + + summary_bytes = g_variant_get_data_as_bytes (summary); + + if (!g_file_replace_contents (summary_cache, + g_bytes_get_data (summary_bytes, NULL), + g_bytes_get_size (summary_bytes), + NULL, FALSE, 0, NULL, cancellable, error)) + { + g_prefix_error (error, _("Failed to write summary cache: ")); + return FALSE; + } + + if (out_summary) + *out_summary = g_steal_pointer (&summary_bytes); return TRUE; } } - summary = flatpak_oci_index_make_summary (index_cache, index_uri, cancellable, &local_error); - if (summary == NULL) + if (out_summary) { - g_propagate_error (error, g_steal_pointer (&local_error)); - return FALSE; - } - - *out_summary = g_variant_get_data_as_bytes (summary); + mfile = g_mapped_file_new (flatpak_file_get_path_cached (summary_cache), FALSE, error); + if (mfile == NULL) + return FALSE; - if (!g_file_replace_contents (summary_cache, - g_bytes_get_data (*out_summary, NULL), - g_bytes_get_size (*out_summary), - NULL, FALSE, 0, NULL, cancellable, NULL)) - g_warning ("Failed to write summary cache"); + cache_bytes = g_mapped_file_get_bytes (mfile); + *out_summary = g_steal_pointer (&cache_bytes); + } return TRUE; } diff --git a/data/org.freedesktop.Flatpak.xml b/data/org.freedesktop.Flatpak.xml index 25dc8a02..8b1606c6 100644 --- a/data/org.freedesktop.Flatpak.xml +++ b/data/org.freedesktop.Flatpak.xml @@ -144,6 +144,11 @@ + + + + + diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c index ce647b6e..29a2d3e1 100644 --- a/system-helper/flatpak-system-helper.c +++ b/system-helper/flatpak-system-helper.c @@ -1122,6 +1122,54 @@ handle_update_summary (FlatpakSystemHelper *object, return TRUE; } +static gboolean +handle_generate_oci_summary (FlatpakSystemHelper *object, + GDBusMethodInvocation *invocation, + const gchar *arg_origin, + const gchar *arg_installation) +{ + g_autoptr(FlatpakDir) system = NULL; + g_autoptr(GError) error = NULL; + gboolean is_oci; + + g_debug ("GenerateOciSummary %s %s", arg_origin, arg_installation); + + system = dir_get_system (arg_installation, &error); + if (system == NULL) + { + g_dbus_method_invocation_return_gerror (invocation, error); + return TRUE; + } + + if (!flatpak_dir_ensure_repo (system, NULL, &error)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, + "Can't open system repo %s", error->message); + return TRUE; + } + + is_oci = flatpak_dir_get_remote_oci (system, arg_origin); + if (!is_oci) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, + "%s is not a OCI remote", arg_origin); + return TRUE; + } + + if (!flatpak_dir_remote_make_oci_summary (system, arg_origin, NULL, NULL, &error)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, + "Failed to update OCI summary: %s", error->message); + return TRUE; + } + + + flatpak_system_helper_complete_generate_oci_summary (object, invocation); + + return TRUE; +} + + static gboolean flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface, GDBusMethodInvocation *invocation, @@ -1250,7 +1298,8 @@ flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface, g_strcmp0 (method_name, "PruneLocalRepo") == 0 || g_strcmp0 (method_name, "EnsureRepo") == 0 || g_strcmp0 (method_name, "RunTriggers") == 0 || - g_strcmp0 (method_name, "UpdateSummary") == 0) + g_strcmp0 (method_name, "UpdateSummary") == 0 || + g_strcmp0 (method_name, "GenerateOciSummary") == 0) { const char *remote; @@ -1321,6 +1370,7 @@ on_bus_acquired (GDBusConnection *connection, g_signal_connect (helper, "handle-ensure-repo", G_CALLBACK (handle_ensure_repo), NULL); g_signal_connect (helper, "handle-run-triggers", G_CALLBACK (handle_run_triggers), NULL); g_signal_connect (helper, "handle-update-summary", G_CALLBACK (handle_update_summary), NULL); + g_signal_connect (helper, "handle-generate-oci-summary", G_CALLBACK (handle_generate_oci_summary), NULL); g_signal_connect (helper, "g-authorize-method", G_CALLBACK (flatpak_authorize_method_handler), -- 2.19.2 From b7f1d5118fc4e1df472f7108472f122e279fe2b9 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 7 Dec 2018 14:39:06 -0500 Subject: [PATCH 3/3] Fix oci pull progress reporting Comparing the code in flatpak-utils.c:progress_cb, we need to set bytes-transferred for the total amount of data that has been transferred so far. The value we were setting so far, fetched-delta-part-size, refers to the size of the objects we already have locally, and is subtracted from the total, which explains oci progress running backwards. Closes: #2392 Closes: #2400 Approved by: matthiasclasen --- common/flatpak-dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 7853b74a..51cd1e66 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -4154,7 +4154,7 @@ oci_pull_progress_cb (guint64 total_size, guint64 pulled_size, "total-delta-parts", "u", n_layers, "fetched-delta-fallbacks", "u", 0, "total-delta-fallbacks", "u", 0, - "fetched-delta-part-size", "t", pulled_size, + "bytes-transferred", "t", pulled_size, "total-delta-part-size", "t", total_size, "total-delta-part-usize", "t", total_size, "total-delta-superblocks", "u", 0, -- 2.19.2