What I did
Repository rules / “don’t edit” areas
From CONTRIBUTING.md and subprojects/README.md, subprojects/ contains vendored/submodule/copylib code (bubblewrap, libglnx, dbus-proxy, variant-schema-compiler). I treated subprojects/ as third-party and excluded it from typo fixing.
You already skip po/ (translations) and node_modules/, and I kept those exclusions.
Typos fixed (project-owned files only)
I ran codespell with write mode and exclusions, and fixed the reported typos across:
NEWS
app/…
common/…
doc/…
tests/…
session-helper/…
portal/…
data/…
Then I handled the remaining items individually:
NEWS: thse -> these
common/flatpak-utils-private.h: Thse -> These
app/flatpak-polkit-agent-text-listener.c: identies -> identities
tests/test-auth.sh: Propertly -> Properly
tests/testlibrary.c: remore -> remote
common/flatpak-transaction.c: improved wording to avoid the xwindows typo (X11 window ID)
Added .codespellrc
Created .codespellrc:
skip: node_modules,po,subprojects
ignore-regex: .*(ratatui|Affinitized|affinitized).*
ignore-words-list: nd,ot,THUR,IST,fo,hel,bu
(these were confirmed as legitimate tokens/abbreviations/namespace prefix/test strings in this repo, so they should not be “fixed”)
Verification:
codespell --config .codespellrc . now exits clean.
Signed-off-by: rezky_nightky <with.rezky@gmail.com>
While the arguments for --filesystem permissions either have to come
from a privileged source, or from the manifest which is supposed to be
checked by the remote, it was decided that paths are not allowed to move
up (..) a directory.
The check for this was both too complicated, and not sufficient, because
the special directories (e.g. xdg-download) might contain only a single
slash (xdg-download/..) and move one directory up.
If the command calling `flatpak build` has already specified a
font-dirs.xml to map, then mapping in again may break (as exemplified in
Builder and Foundry).
This checks to see if an argument has already been mapped in before doing
so and resolves the issue with Builder/Foundry.
Follow-up to !6138Fixes: GNOME/gnome-builder#2387
In the following usages, the "Install:" and "Download:" strings were used as a short form
of the "Download Size" and "Installed Size", which makes translation tricky.
Therefore, using the normal forms will be good from the translation side.
Since commit d10e1148 "Add initial support for preinstalling flatpaks",
the test suite sets FLATPAK_DATA_DIR to a temporary directory, both
while running uninstalled and as-installed.
While running uninstalled we already set FLATPAK_TRIGGERSDIR to the
trigger scripts in the source tree, but when running "as-installed",
we need to run the triggers that the OS installs as part of the flatpak
package (or equivalent).
Not having this caused autopkgtests (automated as-installed tests) in
Debian to regress with 1.17.x.
Fixes: d10e1148 "Add initial support for preinstalling flatpaks"
Signed-off-by: Simon McVittie <smcv@debian.org>
Github supports immutable releases. They can't be changed once
published. This is great, but the release action was broken and created
an immutable release, published it, and then tried to upload the dist
artifacts.
Upgrade to the latest version and explicitly create an immutable
release. In this version, the release action creates a draft release,
uploads the dist artifacts, and then publishes it.
This gives us conditionals for shares and features. So far we have no
use case for this, but the system already exists, it makes the code
simpler, and when we need this in the future, we don't have to wait for
it to roll out.
For device and socket the negated versions are nodevice and nosocket,
but for shares, the strings are allow and disallow. Take arguments for
both forms.
Allow specifying a lookside URL for downloading signatures for
an OCI remote. This can be specified:
In a .repofile with the SignatureLookaside key
As the --signature-lookaside option to remote-add/remote-modify
FlatpakOciSignature was a Flatpak-specific analog to
the containers/image "simple signatures" - but it wasn't used at
all, and Flatpaks on registry.redhat.io are signed by the
original simple signatures. So modify it correspond to
the original simple signatures.
There is some code for OCI signature verification that isn't currently
hooked up at all. In preparation for reworking it to usefully check
signatures that actually exist in OCI registries, move it to a
separate file.
Only G_FILE_ATTRIBUTE_STANDARD_NAME is necessary here for
g_file_info_get_name() and g_file_enumerator_get_child() purpose. This
avoids various thumbnailing house-keeping that GIO tries to do when any
thumbnailing file attribute is requested (fairly visible when run with
strace), in addition to just making more sense that way.
At the moment the --runtime-repo flags of flatpak build-bundle export is
ignored when building an OCI image. So an Flatpak OCI registry which
wants to supports a .flatpakref file has no information about the
runtime repo. With this PR the runtime repo gets added as the
org.flatpak.runtime-repo label to the OCI image.
This is currently only metadata to be used by repositories and not
used by flatpak during install.
journalctl also prints something when the message didn't make it to
whatever journalctl connects to. Check for the specific message showing
up instead to make sure it all works as expected.
We declare the autoptrs explicitly on those typedefs so it works on
older systems but this one accidentally uses the type provided by polkit
itself.
Fixes: 1372e16d ("dir: Check parental control authorization via system bus name")
When an xdg dir is not available, it is supposed to point at $HOME. We
do not want to mount $HOME though in that case, so we just skip the xdg
dir instead.
The check compares the strings of the the xdg dir path and the home dir
path. So far it relied on the functions internally canonicalizing the
paths in the same way, but there was a glib regression:
https://gitlab.gnome.org/GNOME/glib/-/issues/3811
("g_get_user_special_dir doesn't strip trailing slash from $HOME")
Which then was fixed in cb3e9fe74 ("gutils: Strip all trailing
slashes").
We can however just canonicalize on the paths on the caller side to make
this more robust, so let's just do that.
Closes: #6323
Instead of doing meson dist on the developers machine and uploading it,
and creating the release in github, we can let the CI take care of it.
Closes#6404
