GNU bug report logs - #70417
[PATCH] Gnu: update flatpak to 1.45.5.

Previous Next

To reply to this bug, email your comments to 70417 AT debbugs.gnu.org.
There is no need to reopen the bug first.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: dziltener <at> lyrion.ch
To: guix-patches <at> gnu.org
Cc: dziltener <at> lyrion.ch
Subject: [PATCH] Gnu: update flatpak to 1.45.5.
Date: Tue, 16 Apr 2024 15:38:29 +0200

From: Daniel Ziltener <dziltener <at> lyrion.ch>

---
 gnu/packages/package-management.scm           | 56 ++++++++++++-------
 ...flatpak-unset-gdk-pixbuf-for-sandbox.patch |  4 +-
 2 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 247807c394..8f8cbbdf3e 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -2022,55 +2022,64 @@ (define-public libostree
 (define-public flatpak
   (package
     (name "flatpak")
-    (version "1.14.4")
+    (version "1.14.5")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
-                           version "/flatpak-" version ".tar.xz"))
+       (uri
+        (string-append "https://github.com/flatpak/flatpak/releases/download/"
+                       version "/flatpak-" version ".tar.xz"))
        (sha256
-        (base32 "16b7f7n2mms6zgm0lj3fn86ny11xjn8cd3mrk1slwhvwnv8dnd4a"))
+        (base32
+         "1b7z4wzh2zgphcal95vj4x7wbr9s89p2a4c0l0g4w4xcwx6ccw2v"))
        (patches
         (search-patches "flatpak-fix-path.patch"
                         "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
-
     ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
     ;; find the TLS backend in glib-networking.
     (build-system glib-or-gtk-build-system)
-
     (arguments
      (list
       #:configure-flags
       #~(list
+         "--with-curl"
          "--enable-documentation=no" ;; FIXME
          "--enable-system-helper=no"
-         "--localstatedir=/var"
          (string-append "--with-system-bubblewrap="
                         (assoc-ref %build-inputs "bubblewrap")
                         "/bin/bwrap")
          (string-append "--with-system-dbus-proxy="
                         (assoc-ref %build-inputs "xdg-dbus-proxy")
-                        "/bin/xdg-dbus-proxy"))
+                        "/bin/xdg-dbus-proxy")
+         "--localstatedir=/var")
       #:phases
       #~(modify-phases %standard-phases
           (add-after 'unpack 'fix-tests
-            (lambda* (#:key inputs #:allow-other-keys)
+            (lambda*
+                (#:key inputs #:allow-other-keys)
               (copy-recursively
                (search-input-directory inputs "lib/locale")
                "/tmp/locale")
-              (for-each make-file-writable (find-files "/tmp"))
+              (for-each make-file-writable
+                        (find-files "/tmp"))
               (substitute* "tests/make-test-runtime.sh"
-                (("cp `which.*") "echo guix\n")
+                (("cp `which.*")
+                 "echo guix\n")
                 (("cp -r /usr/lib/locale/C\\.\\*")
                  (string-append "mkdir ${DIR}/usr/lib/locale/en_US; \
 cp -r /tmp/locale/*/en_US.*")))
               (substitute* "tests/libtest.sh"
-                (("/bin/kill") (which "kill"))
-                (("/usr/bin/python3") (which "python3")))
+                (("/bin/kill")
+                 (which "kill"))
+                (("/usr/bin/python3")
+                 (which "python3")))
               #t))
           (add-after 'unpack 'p11-kit-fix
-            (lambda* (#:key inputs #:allow-other-keys)
-              (let ((p11-path (search-input-file inputs "/bin/p11-kit")))
+            (lambda*
+                (#:key inputs #:allow-other-keys)
+              (let
+                  ((p11-path
+                    (search-input-file inputs "/bin/p11-kit")))
                 (substitute* "session-helper/flatpak-session-helper.c"
                   (("\"p11-kit\",")
                    (string-append "\"" p11-path "\","))
@@ -2080,7 +2089,8 @@ (define-public flatpak
           ;; Many tests fail for unknown reasons, so we just run a few basic
           ;; tests.
           (replace 'check
-            (lambda* (#:key tests? #:allow-other-keys)
+            (lambda*
+                (#:key tests? #:allow-other-keys)
               (when tests?
                 (setenv "HOME" "/tmp")
                 (invoke "make" "check"
@@ -2088,9 +2098,9 @@ (define-public flatpak
                         testcommon")))))))
     (native-inputs
      (list bison
-           dbus ; for dbus-daemon
+           dbus                         ; for dbus-daemon
            gettext-minimal
-           `(,glib "bin") ; for glib-mkenums + gdbus-codegen
+           `(,glib "bin")               ; for glib-mkenums + gdbus-codegen
            (libc-utf8-locales-for-target)
            gobject-introspection
            libcap
@@ -2105,20 +2115,24 @@ (define-public flatpak
            bubblewrap
            curl
            dconf
-           fuse-2
+           fuse
            gdk-pixbuf
            gpgme
            json-glib
            libarchive
+           libcap
            libostree
            libseccomp
            libsoup-minimal-2
            libxau
            libxml2
            p11-kit
+           polkit
            util-linux
-           xdg-dbus-proxy))
-    (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
+           xdg-dbus-proxy
+           zstd))
+    (propagated-inputs
+     (list glib-networking gnupg gsettings-desktop-schemas))
     (home-page "https://flatpak.org")
     (synopsis "System for building, distributing, and running sandboxed desktop
 applications")
diff --git a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
index bf9c487ba8..7773b11f7e 100644
--- a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
+++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
@@ -9,11 +9,13 @@ of host system.
 
 --- a/common/flatpak-run.c
 +++ b/common/flatpak-run.c
-@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = {
+@@ -1900,8 +1900,9 @@ static const ExportData default_exports[] = {
    {"XKB_CONFIG_ROOT", NULL},
    {"GIO_EXTRA_MODULES", NULL},
    {"GDK_BACKEND", NULL},
 +  {"GDK_PIXBUF_MODULE_FILE", NULL},
+   {"VK_DRIVER_FILES", NULL},
+   {"VK_ICD_FILENAMES", NULL},
  };
  
  static const ExportData no_ld_so_cache_exports[] = {
-- 
2.41.0

Message #8 received at 70417 <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Graves <ngraves <at> ngraves.fr>
To: 70417 <at> debbugs.gnu.org
Subject: [PATCH] Gnu: update flatpak to 1.45.5.
Date: Tue, 16 Apr 2024 16:17:59 +0200

Hi!

I've noticed you sent two distinct issues for the same patch, could you
close the one that is not relevant? Thanks!

-- 
Best regards,
Nicolas Graves

Message #13 received at 70417-done <at> debbugs.gnu.org (full text, mbox):

From: Z572 <zhengjunjie <at> iscas.ac.cn>
To: dziltener--- via Guix-patches via <guix-patches <at> gnu.org>
Cc: 70417-done <at> debbugs.gnu.org, , dziltener <at> lyrion.ch
Subject: Re: [bug#70417] [PATCH] Gnu: update flatpak to 1.45.5.
Date: Wed, 24 Apr 2024 10:30:18 +0800

[Message part 1 (text/plain, inline)]

dziltener--- via Guix-patches via <guix-patches <at> gnu.org> writes:

> From: Daniel Ziltener <dziltener <at> lyrion.ch>
>
> ---
>  gnu/packages/package-management.scm           | 56 ++++++++++++-------
>  ...flatpak-unset-gdk-pixbuf-for-sandbox.patch |  4 +-
>  2 files changed, 38 insertions(+), 22 deletions(-)
>
> diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
> index 247807c394..8f8cbbdf3e 100644
> --- a/gnu/packages/package-management.scm
> +++ b/gnu/packages/package-management.scm
> @@ -2022,55 +2022,64 @@ (define-public libostree
>  (define-public flatpak
>    (package
>      (name "flatpak")
> -    (version "1.14.4")
> +    (version "1.14.5")
>      (source
>       (origin
>         (method url-fetch)
> -       (uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
> -                           version "/flatpak-" version ".tar.xz"))
> +       (uri
> +        (string-append "https://github.com/flatpak/flatpak/releases/download/"
> +                       version "/flatpak-" version ".tar.xz"))
>         (sha256
> -        (base32 "16b7f7n2mms6zgm0lj3fn86ny11xjn8cd3mrk1slwhvwnv8dnd4a"))
> +        (base32
> +         "1b7z4wzh2zgphcal95vj4x7wbr9s89p2a4c0l0g4w4xcwx6ccw2v"))
>         (patches
>          (search-patches "flatpak-fix-path.patch"
>                          "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
> -
>      ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
>      ;; find the TLS backend in glib-networking.
>      (build-system glib-or-gtk-build-system)
> -
>      (arguments
>       (list
>        #:configure-flags
>        #~(list
> +         "--with-curl"
>           "--enable-documentation=no" ;; FIXME
>           "--enable-system-helper=no"
> -         "--localstatedir=/var"
>           (string-append "--with-system-bubblewrap="
>                          (assoc-ref %build-inputs "bubblewrap")
>                          "/bin/bwrap")
>           (string-append "--with-system-dbus-proxy="
>                          (assoc-ref %build-inputs "xdg-dbus-proxy")
> -                        "/bin/xdg-dbus-proxy"))
> +                        "/bin/xdg-dbus-proxy")
> +         "--localstatedir=/var")
>        #:phases
>        #~(modify-phases %standard-phases
>            (add-after 'unpack 'fix-tests
> -            (lambda* (#:key inputs #:allow-other-keys)
> +            (lambda*
> +                (#:key inputs #:allow-other-keys)
>                (copy-recursively
>                 (search-input-directory inputs "lib/locale")
>                 "/tmp/locale")
> -              (for-each make-file-writable (find-files "/tmp"))
> +              (for-each make-file-writable
> +                        (find-files "/tmp"))
>                (substitute* "tests/make-test-runtime.sh"
> -                (("cp `which.*") "echo guix\n")
> +                (("cp `which.*")
> +                 "echo guix\n")
>                  (("cp -r /usr/lib/locale/C\\.\\*")
>                   (string-append "mkdir ${DIR}/usr/lib/locale/en_US; \
>  cp -r /tmp/locale/*/en_US.*")))
>                (substitute* "tests/libtest.sh"
> -                (("/bin/kill") (which "kill"))
> -                (("/usr/bin/python3") (which "python3")))
> +                (("/bin/kill")
> +                 (which "kill"))
> +                (("/usr/bin/python3")
> +                 (which "python3")))
>                #t))
>            (add-after 'unpack 'p11-kit-fix
> -            (lambda* (#:key inputs #:allow-other-keys)
> -              (let ((p11-path (search-input-file inputs "/bin/p11-kit")))
> +            (lambda*
> +                (#:key inputs #:allow-other-keys)
> +              (let
> +                  ((p11-path
> +                    (search-input-file inputs "/bin/p11-kit")))
>                  (substitute* "session-helper/flatpak-session-helper.c"
>                    (("\"p11-kit\",")
>                     (string-append "\"" p11-path "\","))
> @@ -2080,7 +2089,8 @@ (define-public flatpak
>            ;; Many tests fail for unknown reasons, so we just run a few basic
>            ;; tests.
>            (replace 'check
> -            (lambda* (#:key tests? #:allow-other-keys)
> +            (lambda*
> +                (#:key tests? #:allow-other-keys)
>                (when tests?
>                  (setenv "HOME" "/tmp")
>                  (invoke "make" "check"
> @@ -2088,9 +2098,9 @@ (define-public flatpak
>                          testcommon")))))))
>      (native-inputs
>       (list bison
> -           dbus ; for dbus-daemon
> +           dbus                         ; for dbus-daemon
>             gettext-minimal
> -           `(,glib "bin") ; for glib-mkenums + gdbus-codegen
> +           `(,glib "bin")               ; for glib-mkenums + gdbus-codegen
>             (libc-utf8-locales-for-target)
>             gobject-introspection
>             libcap
> @@ -2105,20 +2115,24 @@ (define-public flatpak
>             bubblewrap
>             curl
>             dconf
> -           fuse-2
> +           fuse
>             gdk-pixbuf
>             gpgme
>             json-glib
>             libarchive
> +           libcap
>             libostree
>             libseccomp
>             libsoup-minimal-2
>             libxau
>             libxml2
>             p11-kit
> +           polkit
>             util-linux
> -           xdg-dbus-proxy))
> -    (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
> +           xdg-dbus-proxy
> +           zstd))
> +    (propagated-inputs
> +     (list glib-networking gnupg gsettings-desktop-schemas))
>      (home-page "https://flatpak.org")
>      (synopsis "System for building, distributing, and running sandboxed desktop
>  applications")
> diff --git a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
> index bf9c487ba8..7773b11f7e 100644
> --- a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
> +++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
> @@ -9,11 +9,13 @@ of host system.
>  
>  --- a/common/flatpak-run.c
>  +++ b/common/flatpak-run.c
> -@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = {
> +@@ -1900,8 +1900,9 @@ static const ExportData default_exports[] = {
>     {"XKB_CONFIG_ROOT", NULL},
>     {"GIO_EXTRA_MODULES", NULL},
>     {"GDK_BACKEND", NULL},
>  +  {"GDK_PIXBUF_MODULE_FILE", NULL},
> +   {"VK_DRIVER_FILES", NULL},
> +   {"VK_ICD_FILENAMES", NULL},
>   };
>   
>   static const ExportData no_ld_so_cache_exports[] = {
hello!, i adjust you patch to remove unneed code style adjust, and update to 1.14.6.

fix CVE-2024-32462, see https://nvd.nist.gov/vuln/detail/CVE-2024-32462

push at https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d115af1bcc48f07a40dafd94d1d00926d446d068

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.