Package: guix;
Reported by: Jacob Hrbek <kreyren <at> rixotstudio.cz>
Date: Fri, 18 Nov 2022 15:57:02 UTC
Severity: normal
Tags: notabug
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Message #8 received at 59363 <at> debbugs.gnu.org (full text, mbox):
From: Jacob Hrbek <kreyren <at> rixotstudio.cz> To: 59363 <at> debbugs.gnu.org Cc: Jacob Hrbek <kreyren <at> rixotstudio.cz> Subject: [PATCH] flatpak: Adjustments to make --with-commit work Date: Fri, 18 Nov 2022 17:54:32 +0000
---
gnu/packages/package-management.scm | 208 +++++++++++++++-------------
1 file changed, 108 insertions(+), 100 deletions(-)
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 891b504a46..be5e581c49 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -1915,110 +1915,118 @@ (define-public libostree
the boot loader configuration.")
(license license:lgpl2.0+)))
-(define-public flatpak
- (package
- (name "flatpak")
- (version "1.14.0")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
- version "/flatpak-" version ".tar.xz"))
- (sha256
- (base32 "05bqy9kwmaj32y7f94fydcz3k63bsgn4mbcp4pglv8hffxrnj9wf"))
- (patches
- (search-patches "flatpak-fix-path.patch"
- "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
+;; FIXME: Does not respect #:tests? according to guix lint
+;; FIXME: Accodring to guix-lint it's probably vulnerable to CVE-2022-21682, CVE-2021-21261, CVE-2021-21381, CVE-2021-41133, CVE-2021-43860, CVE-2019-10063, CVE-2019-8308
+(define-public flatpak-0.14.0
+ (let ((commit "f9a768721e881debe3a0effa3a47748033d20045"))
+ (package
+ (name "flatpak")
+ (version (git-version "0.14.0" "0" commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/flatpak/flatpak.git")
+ (commit commit)))
+ (sha256
+ (base32
+ "05bqy9kwmaj32y7f94fydcz3k63bsgn4mbcp4pglv8hffxrnj9wf"))
+ (file-name (git-file-name name version))
+ (patches (search-patches "flatpak-fix-path.patch"
+ "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
- ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
- ;; find the TLS backend in glib-networking.
- (build-system glib-or-gtk-build-system)
+ ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
+ ;; find the TLS backend in glib-networking.
+ (build-system glib-or-gtk-build-system)
- (arguments
- (list
- #:configure-flags
- #~(list
- "--enable-documentation=no" ;; FIXME
- "--enable-system-helper=no"
- "--localstatedir=/var"
- (string-append "--with-system-bubblewrap="
- (assoc-ref %build-inputs "bubblewrap")
- "/bin/bwrap")
- (string-append "--with-system-dbus-proxy="
- (assoc-ref %build-inputs "xdg-dbus-proxy")
- "/bin/xdg-dbus-proxy"))
- #:phases
- #~(modify-phases %standard-phases
- (add-after 'unpack 'fix-tests
- (lambda* (#:key inputs #:allow-other-keys)
- (copy-recursively
- (search-input-directory inputs "lib/locale")
- "/tmp/locale")
- (for-each make-file-writable (find-files "/tmp"))
- (substitute* "tests/make-test-runtime.sh"
- (("cp `which.*") "echo guix\n")
- (("cp -r /usr/lib/locale/C\\.\\*")
- (string-append "mkdir ${DIR}/usr/lib/locale/en_US; \
-cp -r /tmp/locale/*/en_US.*")))
- (substitute* "tests/libtest.sh"
- (("/bin/kill") (which "kill"))
- (("/usr/bin/python3") (which "python3")))
- #t))
- (add-after 'unpack 'p11-kit-fix
- (lambda* (#:key inputs #:allow-other-keys)
- (let ((p11-path (search-input-file inputs "/bin/p11-kit")))
- (substitute* "session-helper/flatpak-session-helper.c"
- (("\"p11-kit\",")
- (string-append "\"" p11-path "\","))
- (("if \\(g_find_program_in_path \\(\"p11-kit\"\\)\\)")
- (string-append "if (g_find_program_in_path (\""
- p11-path "\"))"))))))
- ;; Many tests fail for unknown reasons, so we just run a few basic
- ;; tests.
- (replace 'check
- (lambda _
- (setenv "HOME" "/tmp")
- (invoke "make" "check"
- "TESTS=tests/test-basic.sh tests/test-config.sh testcommon"))))))
- (native-inputs
- (list bison
- dbus ; for dbus-daemon
- gettext-minimal
- `(,glib "bin") ; for glib-mkenums + gdbus-codegen
- glibc-utf8-locales
- gobject-introspection
- libcap
- pkg-config
- python
- python-pyparsing
- socat
- which))
- (inputs
- (list appstream
- appstream-glib
- bubblewrap
- curl
- dconf
- fuse
- gdk-pixbuf
- gpgme
- json-glib
- libarchive
- libostree
- libseccomp
- libsoup-minimal-2
- libxau
- libxml2
- p11-kit-next
- util-linux
- xdg-dbus-proxy))
- (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
- (home-page "https://flatpak.org")
- (synopsis "System for building, distributing, and running sandboxed desktop
+ (arguments
+ (list #:configure-flags #~(list "--enable-documentation=no"
+ "--enable-system-helper=no"
+ "--localstatedir=/var"
+ (string-append
+ "--with-system-bubblewrap="
+ (assoc-ref %build-inputs "bubblewrap")
+ "/bin/bwrap")
+ (string-append
+ "--with-system-dbus-proxy="
+ (assoc-ref %build-inputs
+ "xdg-dbus-proxy")
+ "/bin/xdg-dbus-proxy"))
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-tests
+ (lambda* (#:key inputs #:allow-other-keys)
+ (copy-recursively (search-input-directory inputs
+ "lib/locale") "/tmp/locale")
+ (for-each make-file-writable
+ (find-files "/tmp"))
+ (substitute* "tests/make-test-runtime.sh"
+ (("cp `which.*")
+ "echo guix\n")
+ (("cp -r /usr/lib/locale/C\\.\\*")
+ (string-append
+ "mkdir ${DIR}/usr/lib/locale/en_US; cp -r /tmp/locale/*/en_US.*")))
+ (substitute* "tests/libtest.sh"
+ (("/bin/kill")
+ (which "kill"))
+ (("/usr/bin/python3")
+ (which "python3"))) #t))
+ (add-after 'unpack 'p11-kit-fix
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((p11-path (search-input-file inputs
+ "/bin/p11-kit")))
+ (substitute* "session-helper/flatpak-session-helper.c"
+ (("\"p11-kit\",")
+ (string-append "\"" p11-path "\","))
+ (("if \\(g_find_program_in_path \\(\"p11-kit\"\\)\\)")
+ (string-append
+ "if (g_find_program_in_path (\"" p11-path
+ "\"))"))))))
+ (replace 'check
+ (lambda _
+ (setenv "HOME" "/tmp")
+ (invoke "make" "check"
+ "TESTS=tests/test-basic.sh tests/test-config.sh testcommon"))))))
+ (native-inputs (list autoconf
+ automake ;for alocal
+ bison
+ dbus ;for dbus-daemon
+ gettext-minimal
+ `(,glib "bin") ;for glib-mkenums + gdbus-codegen
+ glibc-utf8-locales
+ gobject-introspection
+ libcap
+ libtool
+ pkg-config
+ python
+ python-pyparsing
+ socat
+ which))
+ (inputs (list appstream
+ appstream-glib
+ bubblewrap
+ curl
+ dconf
+ fuse
+ gdk-pixbuf
+ gpgme
+ json-glib
+ libarchive
+ libostree
+ libseccomp
+ libsoup-minimal-2
+ libxau
+ libxml2
+ p11-kit-next
+ util-linux
+ xdg-dbus-proxy))
+ (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
+ (home-page "https://flatpak.org")
+ (synopsis
+ "System for building, distributing, and running sandboxed desktop
applications")
- (description "Flatpak is a system for building, distributing, and running
+ (description
+ "Flatpak is a system for building, distributing, and running
sandboxed desktop applications on GNU/Linux.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+))))
(define-public akku
(package
--
2.37.3
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.