diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..67f5e91 --- /dev/null +++ b/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1627649712, + "narHash": "sha256-AJBasvMKpsyJmCLdjroBElCHY5AlalbVy+XY5vjbgXc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b39647e52ed3c0b989e9d5c965e598ae4c38d7ef", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1628186972, + "narHash": "sha256-wWXlIQdZq/EtlBAGFJ62YHYEnJclxCuUOUGnrQqJ3zg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "733682c32929293341f113f297b64ea6319e9089", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.05", + "type": "indirect" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index b668799..7810e63 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,9 @@ { description = "Fudo Host Configuration"; - inputs = let target-version = "21.05"; - in { - nixpkgs.url = "nixpkgs/nixos-${target-version}"; - home-manager.url = - "github:nix-community/home-manager/release-${target-version}"; + inputs = { + nixpkgs.url = "nixpkgs/nixos-21.05"; + home-manager.url = "github:nix-community/home-manager/release-21.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/home-manager/niten.nix b/home-manager/niten.nix index 4d39a92..a6cad1b 100644 --- a/home-manager/niten.nix +++ b/home-manager/niten.nix @@ -49,11 +49,11 @@ let redshift signal-desktop spotify - # steam-with-pipewire - # steam-with-pipewire.run - # steamPackages.steamcmd - # steamPackages.steam-fonts - # steamPackages.steam-runtime + steam-with-pipewire + steam-with-pipewire.run + steamPackages.steamcmd + steamPackages.steam-fonts + steamPackages.steam-runtime xclip ]; diff --git a/nixops/informis.nix b/nixops/informis.nix index b63f7bf..c737e44 100644 --- a/nixops/informis.nix +++ b/nixops/informis.nix @@ -1,5 +1,5 @@ let - nixos-version = "20.09"; + nixos-version = "21.05"; hosts = import ./lib/hosts.nix { inherit nixos-version; }; diff --git a/nixops/networks/sea.fudo.org.nix b/nixops/networks/sea.fudo.org.nix new file mode 100644 index 0000000..fafb537 --- /dev/null +++ b/nixops/networks/sea.fudo.org.nix @@ -0,0 +1,19 @@ +{ + description = "sea.fudo.org nixops flake"; + + inputs = { nixpgks = "nixpkgs:nixos-21.05"; }; + + outputs = { nixpkgs, ... }: + let + domain = "sea.fudo.org"; + system-pkgs = system: import nixpkgs { inherit system; }; + in { + nixopsConfigurations.${domain} = { + inherit nixpkgs; + network.description = "${domain} network"; + defaults.nixpkgs.pkgs = system-pkgs "x86_64-linux"; + defaults._module.args = { inherit domain; }; + + }; + }; +} diff --git a/packages/default.nix b/packages/default.nix index d6870fc..00291c3 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -183,5 +183,7 @@ in { rev = "e6d09dd8c5cda68eb0534bd8501f2d5dcd7b2e95"; sha256 = "0v0q6iglr0lx13j1snzd8mjxids1af1p2h7bkvmsyk2bfp36naqx"; }) { }; + + flatpak = pkgs.callPackage ./flatpak { }; }; } diff --git a/packages/flatpak/bubblewrap-paths.patch b/packages/flatpak/bubblewrap-paths.patch new file mode 100644 index 0000000..4078117 --- /dev/null +++ b/packages/flatpak/bubblewrap-paths.patch @@ -0,0 +1,15 @@ +diff --git a/icon-validator/validate-icon.c b/icon-validator/validate-icon.c +index 9e885070..d02eeb8c 100644 +--- a/icon-validator/validate-icon.c ++++ b/icon-validator/validate-icon.c +@@ -156,8 +156,8 @@ rerun_in_sandbox (const char *arg_width, + "--unshare-ipc", + "--unshare-net", + "--unshare-pid", +- "--ro-bind", "/usr", "/usr", +- "--ro-bind", "/etc/ld.so.cache", "/etc/ld.so.cache", ++ "--ro-bind", "@storeDir@", "@storeDir@", ++ "--ro-bind", "/run/current-system", "/run/current-system", + "--ro-bind", validate_icon, validate_icon, + NULL); + diff --git a/packages/flatpak/default.nix b/packages/flatpak/default.nix new file mode 100644 index 0000000..4db5180 --- /dev/null +++ b/packages/flatpak/default.nix @@ -0,0 +1,162 @@ +{ lib, stdenv, fetchurl, fetchpatch, autoreconfHook, docbook_xml_dtd_45 +, docbook-xsl-nons, which, libxml2, gobject-introspection, gtk-doc, intltool +, libxslt, pkg-config, xmlto, appstream-glib, substituteAll, bison +, xdg-dbus-proxy, p11-kit, bubblewrap, bzip2, dbus, glib, gpgme, json-glib +, libarchive, libcap, libseccomp, coreutils, socat, gettext, hicolor-icon-theme +, shared-mime-info, desktop-file-utils, gtk3, fuse, nixosTests, libsoup, xz +, zstd, ostree, polkit, python3, systemd, xorg, valgrind, glib-networking +, wrapGAppsNoGuiHook, dconf, gsettings-desktop-schemas, librsvg }: + +stdenv.mkDerivation rec { + pname = "flatpak"; + version = "1.11.2"; + + # TODO: split out lib once we figure out what to do with triggerdir + outputs = [ "out" "dev" "man" "doc" "devdoc" "installedTests" ]; + + src = fetchurl { + url = + "https://github.com/flatpak/flatpak/releases/download/${version}/${pname}-${version}.tar.xz"; + sha256 = "1136kg3pqb2ab6ykyj642wj8i395xx61macmakpxw4cbbn1wz6c7"; + }; + + patches = [ + # Hardcode paths used by tests and change test runtime generation to use files from Nix store. + # https://github.com/flatpak/flatpak/issues/1460 + (substituteAll { + src = ./fix-test-paths.patch; + inherit coreutils gettext socat gtk3; + smi = shared-mime-info; + dfu = desktop-file-utils; + hicolorIconTheme = hicolor-icon-theme; + }) + + # Hardcode paths used by Flatpak itself. + (substituteAll { + src = ./fix-paths.patch; + p11kit = "${p11-kit.dev}/bin/p11-kit"; + }) + + # Adapt paths exposed to sandbox for NixOS. + (substituteAll { + src = ./bubblewrap-paths.patch; + inherit (builtins) storeDir; + }) + + # Allow gtk-doc to find schemas using XML_CATALOG_FILES environment variable. + # Patch taken from gtk-doc expression. + ./respect-xml-catalog-files-var.patch + + # Don’t hardcode flatpak binary path in launchers stored under user’s profile otherwise they will break after Flatpak update. + # https://github.com/NixOS/nixpkgs/issues/43581 + ./use-flatpak-from-path.patch + + # Hardcode flatpak binary path for flatpak-spawn. + # When calling the portal’s Spawn command with FLATPAK_SPAWN_FLAGS_CLEAR_ENV flag, + # it will clear environment, including PATH, making the flatpak run fail. + # https://github.com/flatpak/flatpak/pull/4174 + # (fetchpatch { + # url = + # "https://github.com/flatpak/flatpak/commit/495449daf6d3c072519a36c9e4bc6cc1da4d31db.patch"; + # sha256 = "gOX/sGupAE7Yg3MVrMhFXzWHpFn+izVyjtkuPzIckuY="; + # }) + + # Nix environment hacks should not leak into the apps. + # https://github.com/NixOS/nixpkgs/issues/53441 + ./unset-env-vars.patch + + # But we want the GDK_PIXBUF_MODULE_FILE from the wrapper affect the icon validator. + ./validate-icon-pixbuf.patch + ]; + + nativeBuildInputs = [ + autoreconfHook + libxml2 + docbook_xml_dtd_45 + docbook-xsl-nons + which + gobject-introspection + gtk-doc + intltool + libxslt + pkg-config + xmlto + appstream-glib + bison + wrapGAppsNoGuiHook + ]; + + buildInputs = [ + bubblewrap + bzip2 + dbus + dconf + gpgme + json-glib + libarchive + libcap + libseccomp + libsoup + xz + zstd + polkit + python3 + systemd + xorg.libXau + fuse + gsettings-desktop-schemas + glib-networking + librsvg # for flatpak-validate-icon + ]; + + # Required by flatpak.pc + propagatedBuildInputs = [ glib ostree ]; + + checkInputs = [ valgrind ]; + + # TODO: some issues with temporary files + doCheck = false; + + NIX_LDFLAGS = "-lpthread"; + + enableParallelBuilding = true; + + configureFlags = [ + "--with-system-bubblewrap=${bubblewrap}/bin/bwrap" + "--with-system-dbus-proxy=${xdg-dbus-proxy}/bin/xdg-dbus-proxy" + "--with-dbus-config-dir=${placeholder "out"}/share/dbus-1/system.d" + "--localstatedir=/var" + "--enable-gtk-doc" + "--enable-installed-tests" + ]; + + makeFlags = [ + "installed_testdir=${ + placeholder "installedTests" + }/libexec/installed-tests/flatpak" + "installed_test_metadir=${ + placeholder "installedTests" + }/share/installed-tests/flatpak" + ]; + + postPatch = let vsc-py = python3.withPackages (pp: [ pp.pyparsing ]); + in '' + patchShebangs buildutil + patchShebangs tests + PATH=${ + lib.makeBinPath [ vsc-py ] + }:$PATH patchShebangs --build subprojects/variant-schema-compiler/variant-schema-compiler + ''; + + passthru = { + tests = { installedTests = nixosTests.installed-tests.flatpak; }; + }; + + meta = with lib; { + description = "Linux application sandboxing and distribution framework"; + homepage = "https://flatpak.org/"; + license = licenses.lgpl21Plus; + maintainers = with maintainers; [ jtojnar ]; + platforms = platforms.linux; + }; +} diff --git a/packages/flatpak/fix-paths.patch b/packages/flatpak/fix-paths.patch new file mode 100644 index 0000000..67f0d4e --- /dev/null +++ b/packages/flatpak/fix-paths.patch @@ -0,0 +1,22 @@ +diff --git a/session-helper/flatpak-session-helper.c b/session-helper/flatpak-session-helper.c +index 5dd7629e..ddc71a4c 100644 +--- a/session-helper/flatpak-session-helper.c ++++ b/session-helper/flatpak-session-helper.c +@@ -693,7 +693,7 @@ start_p11_kit_server (const char *flatpak_dir) + g_auto(GStrv) stdout_lines = NULL; + int i; + char *p11_argv[] = { +- "p11-kit", "server", ++ "@p11kit@", "server", + /* We explicitly request --sh here, because we then fail on earlier versions that doesn't support + * this flag. This is good, because those earlier versions did not properly daemonize and caused + * the spawn_sync to hang forever, waiting for the pipe to close. +@@ -836,7 +836,7 @@ main (int argc, + exit (1); + } + +- if (g_find_program_in_path ("p11-kit")) ++ if (TRUE) + start_p11_kit_server (flatpak_dir); + else + g_debug ("p11-kit not found"); diff --git a/packages/flatpak/fix-test-paths.patch b/packages/flatpak/fix-test-paths.patch new file mode 100644 index 0000000..dcba666 --- /dev/null +++ b/packages/flatpak/fix-test-paths.patch @@ -0,0 +1,205 @@ +diff --git a/app/flatpak-builtins-build-export.c b/app/flatpak-builtins-build-export.c +index 43fd0563..4067bd36 100644 +--- a/app/flatpak-builtins-build-export.c ++++ b/app/flatpak-builtins-build-export.c +@@ -458,7 +458,7 @@ validate_desktop_file (GFile *desktop_file, + subprocess = g_subprocess_new (G_SUBPROCESS_FLAGS_STDOUT_PIPE | + G_SUBPROCESS_FLAGS_STDERR_PIPE | + G_SUBPROCESS_FLAGS_STDERR_MERGE, +- &local_error, "desktop-file-validate", path, NULL); ++ &local_error, "@dfu@/bin/desktop-file-validate", path, NULL); + if (!subprocess) + { + if (!g_error_matches (local_error, G_SPAWN_ERROR, G_SPAWN_ERROR_NOENT)) +diff --git a/tests/libtest.sh b/tests/libtest.sh +index acb2095b..b361da16 100644 +--- a/tests/libtest.sh ++++ b/tests/libtest.sh +@@ -431,7 +431,7 @@ if [ -z "${FLATPAK_BWRAP:-}" ]; then + # running installed-tests: assume we know what we're doing + _flatpak_bwrap_works=true + elif ! "$FLATPAK_BWRAP" --unshare-ipc --unshare-net --unshare-pid \ +- --ro-bind / / /bin/true > bwrap-result 2>&1; then ++ --ro-bind / / @coreutils@/bin/true > bwrap-result 2>&1; then + _flatpak_bwrap_works=false + else + _flatpak_bwrap_works=true +@@ -504,7 +504,7 @@ dbus-daemon --fork --config-file=session.conf --print-address=3 --print-pid=4 \ + export DBUS_SESSION_BUS_ADDRESS="$(cat dbus-session-bus-address)" + DBUS_SESSION_BUS_PID="$(cat dbus-session-bus-pid)" + +-if ! /bin/kill -0 "$DBUS_SESSION_BUS_PID"; then ++if ! @coreutils@/bin/kill -0 "$DBUS_SESSION_BUS_PID"; then + assert_not_reached "Failed to start dbus-daemon" + fi + +@@ -519,7 +519,7 @@ commit_to_path () { + } + + cleanup () { +- /bin/kill -9 $DBUS_SESSION_BUS_PID ++ @coreutils@/bin/kill -9 $DBUS_SESSION_BUS_PID + gpg-connect-agent --homedir "${FL_GPG_HOMEDIR}" killagent /bye || true + fusermount -u $XDG_RUNTIME_DIR/doc || : + kill $(jobs -p) &> /dev/null || true +diff --git a/tests/make-test-app.sh b/tests/make-test-app.sh +index 612f914f..4b890da2 100755 +--- a/tests/make-test-app.sh ++++ b/tests/make-test-app.sh +@@ -151,13 +151,13 @@ msgid "Hello world" + msgstr "Hallo Welt" + EOF + mkdir -p ${DIR}/files/de/share/de/LC_MESSAGES +-msgfmt --output-file ${DIR}/files/de/share/de/LC_MESSAGES/helloworld.mo de.po ++@gettext@/bin/msgfmt --output-file ${DIR}/files/de/share/de/LC_MESSAGES/helloworld.mo de.po + cat > fr.po <> $BINS +- +- # Add library dependencies +- (ldd "${f}" | sed "s/.* => //" | awk '{ print $1}' | grep ^/ | sort -u -o $LIBS $LIBS -) || true +- +- local shebang=$(sed -n '1s/^#!\([^ ]*\).*/\1/p' "${f}") +- if [ x$shebang != x ]; then +- add_bin "$shebang" +- fi +-} +- + for i in $@ bash ls cat echo readlink socat; do +- I=`which $i` +- add_bin $I +-done +-for i in `cat $BINS`; do +- #echo Adding binary $i 1>&2 +- cp "$i" ${DIR}/usr/bin/ +-done +-for i in `cat $LIBS`; do +- #echo Adding library $i 1>&2 +- cp "$i" ${DIR}/usr/lib/ ++ I=$(readlink -f $(which $i)) ++ [ -e ${DIR}/usr/bin/$i ] && continue ++ requisites=$(nix-store --query --requisites "$I") ++ for r in $requisites; do ++ # a single store item can be needed by multiple paths, no need to copy it again ++ if [ ! -e ${DIR}/$r ]; then ++ cp -r $r ${DIR}/$r ++ fi ++ done ++ ln -s $I ${DIR}/usr/bin/$i + done + ln -s bash ${DIR}/usr/bin/sh + +@@ -84,11 +62,13 @@ echo "Hello world, from a runtime$EXTRA" + EOF + chmod a+x ${DIR}/usr/bin/runtime_hello.sh + +-# We copy the C.UTF8 locale and call it en_US. Its a bit of a lie, but +-# the real en_US locale is often not available, because its in the +-# local archive. +-mkdir -p ${DIR}/usr/lib/locale/ +-cp -r /usr/lib/locale/C.* ${DIR}/usr/lib/locale/en_US ++# We do not copy C.UTF8 locale because it is in locale archive and ++# that is already copied with glibc. ++ ++mv ${DIR}/nix/store ${DIR}/usr/store # files outside /usr are not permitted, we will have to replace /nix/store with /usr/store ++chmod -R u+w ${DIR} # nix store has read-only directories which would cause problems during clean-up, files need to be writable for sed ++find ${DIR} -type f -print0 | xargs -0 sed -i 's~/nix/store/~/usr/store/~g' # replace hardcoded paths ++find ${DIR} -type l | xargs -I '{}' sh -c 'tg="$(readlink "$1")"; newtg="${tg#/nix/store/}"; if [ "$tg" != "$newtg" ]; then ln -fs "/usr/store/$newtg" "$1"; fi' -- '{}' # replace symlink targets + + if [ x$COLLECTION_ID != x ]; then + collection_args=--collection-id=${COLLECTION_ID} +diff --git a/tests/testlibrary.c b/tests/testlibrary.c +index 509ce6cc..6a333c9c 100644 +--- a/tests/testlibrary.c ++++ b/tests/testlibrary.c +@@ -1399,7 +1399,7 @@ check_bwrap_support (void) + { + gint exit_code = 0; + char *argv[] = { (char *) bwrap, "--unshare-ipc", "--unshare-net", +- "--unshare-pid", "--ro-bind", "/", "/", "/bin/true", NULL }; ++ "--unshare-pid", "--ro-bind", "/", "/", "@coreutils@/bin/true", NULL }; + g_autofree char *argv_str = g_strjoinv (" ", argv); + g_test_message ("Spawning %s", argv_str); + g_spawn_sync (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL, &exit_code, &error); +diff --git a/triggers/desktop-database.trigger b/triggers/desktop-database.trigger +index 2188f535..d8283061 100755 +--- a/triggers/desktop-database.trigger ++++ b/triggers/desktop-database.trigger +@@ -1,5 +1,5 @@ + #!/bin/sh + +-if test \( -x "$(which update-desktop-database 2>/dev/null)" \) -a \( -d $1/exports/share/applications \); then +- exec update-desktop-database -q $1/exports/share/applications ++if test \( -d $1/exports/share/applications \); then ++ exec @dfu@/bin/update-desktop-database -q $1/exports/share/applications + fi +diff --git a/triggers/gtk-icon-cache.trigger b/triggers/gtk-icon-cache.trigger +index 711cfab2..07baa2ac 100755 +--- a/triggers/gtk-icon-cache.trigger ++++ b/triggers/gtk-icon-cache.trigger +@@ -1,10 +1,10 @@ + #!/bin/sh + +-if test \( -x "$(which gtk-update-icon-cache 2>/dev/null)" \) -a \( -d $1/exports/share/icons/hicolor \); then +- cp /usr/share/icons/hicolor/index.theme $1/exports/share/icons/hicolor/ ++if test \( -d $1/exports/share/icons/hicolor \); then ++ cp @hicolorIconTheme@/share/icons/hicolor/index.theme $1/exports/share/icons/hicolor/ + for dir in $1/exports/share/icons/*; do + if test -f $dir/index.theme; then +- if ! gtk-update-icon-cache --quiet $dir; then ++ if ! @gtk3@/bin/gtk-update-icon-cache --quiet $dir; then + echo "Failed to run gtk-update-icon-cache for $dir" + exit 1 + fi +diff --git a/triggers/mime-database.trigger b/triggers/mime-database.trigger +index 2067d8ec..a49a8777 100755 +--- a/triggers/mime-database.trigger ++++ b/triggers/mime-database.trigger +@@ -1,5 +1,5 @@ + #!/bin/sh + +-if test \( -x "$(which update-mime-database 2>/dev/null)" \) -a \( -d $1/exports/share/mime/packages \); then +- exec update-mime-database $1/exports/share/mime ++if test \( -d $1/exports/share/mime/packages \); then ++ exec @smi@/bin/update-mime-database $1/exports/share/mime + fi diff --git a/packages/flatpak/respect-xml-catalog-files-var.patch b/packages/flatpak/respect-xml-catalog-files-var.patch new file mode 100644 index 0000000..4cee60b --- /dev/null +++ b/packages/flatpak/respect-xml-catalog-files-var.patch @@ -0,0 +1,15 @@ +diff --git a/acinclude.m4 b/acinclude.m4 +index 92ec3985..b3fccf1d 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -40,8 +40,8 @@ AC_DEFUN([JH_CHECK_XML_CATALOG], + [ + AC_REQUIRE([JH_PATH_XML_CATALOG],[JH_PATH_XML_CATALOG(,[:])])dnl + AC_MSG_CHECKING([for ifelse([$2],,[$1],[$2]) in XML catalog]) +- if $jh_found_xmlcatalog && \ +- AC_RUN_LOG([$XMLCATALOG --noout "$XML_CATALOG_FILE" "$1" >&2]); then ++ # empty argument forces libxml to use XML_CATALOG_FILES variable ++ if AC_RUN_LOG([$XMLCATALOG --noout "" "$1" >&2]); then + AC_MSG_RESULT([found]) + ifelse([$3],,,[$3 + ])dnl diff --git a/packages/flatpak/unset-env-vars.patch b/packages/flatpak/unset-env-vars.patch new file mode 100644 index 0000000..63ce0d1 --- /dev/null +++ b/packages/flatpak/unset-env-vars.patch @@ -0,0 +1,12 @@ +diff --git a/common/flatpak-run.c b/common/flatpak-run.c +index 8d52d3a5..81700183 100644 +--- a/common/flatpak-run.c ++++ b/common/flatpak-run.c +@@ -1232,6 +1232,7 @@ static const ExportData default_exports[] = { + {"PERLLIB", NULL}, + {"PERL5LIB", NULL}, + {"XCURSOR_PATH", NULL}, ++ {"GDK_PIXBUF_MODULE_FILE", NULL}, + }; + + static const ExportData no_ld_so_cache_exports[] = { diff --git a/packages/flatpak/use-flatpak-from-path.patch b/packages/flatpak/use-flatpak-from-path.patch new file mode 100644 index 0000000..84534b7 --- /dev/null +++ b/packages/flatpak/use-flatpak-from-path.patch @@ -0,0 +1,50 @@ +diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c +index 52b222ea..9489441f 100644 +--- a/common/flatpak-dir.c ++++ b/common/flatpak-dir.c +@@ -6956,7 +6956,7 @@ export_desktop_file (const char *app, + + new_exec = g_string_new (""); + g_string_append_printf (new_exec, +- FLATPAK_BINDIR "/flatpak run --branch=%s --arch=%s", ++ "flatpak run --branch=%s --arch=%s", + escaped_branch, + escaped_arch); + +@@ -8290,8 +8290,8 @@ flatpak_dir_deploy (FlatpakDir *self, + error)) + return FALSE; + +- bin_data = g_strdup_printf ("#!/bin/sh\nexec %s/flatpak run --branch=%s --arch=%s %s \"$@\"\n", +- FLATPAK_BINDIR, escaped_branch, escaped_arch, escaped_app); ++ bin_data = g_strdup_printf ("#!/bin/sh\nexec flatpak run --branch=%s --arch=%s %s \"$@\"\n", ++ escaped_branch, escaped_arch, escaped_app); + if (!g_file_replace_contents (wrapper, bin_data, strlen (bin_data), NULL, FALSE, + G_FILE_CREATE_REPLACE_DESTINATION, NULL, cancellable, error)) + return FALSE; +diff --git a/tests/test-bundle.sh b/tests/test-bundle.sh +index d1682344..5e2b9a97 100755 +--- a/tests/test-bundle.sh ++++ b/tests/test-bundle.sh +@@ -67,7 +67,7 @@ assert_has_dir $FL_DIR/app/org.test.Hello/$ARCH/master/active/files + assert_has_dir $FL_DIR/app/org.test.Hello/$ARCH/master/active/export + assert_has_file $FL_DIR/exports/share/applications/org.test.Hello.desktop + # Ensure Exec key is rewritten +-assert_file_has_content $FL_DIR/exports/share/applications/org.test.Hello.desktop "^Exec=.*/flatpak run --branch=master --arch=$ARCH --command=hello\.sh org\.test\.Hello$" ++assert_file_has_content $FL_DIR/exports/share/applications/org.test.Hello.desktop "^Exec=flatpak run --branch=master --arch=$ARCH --command=hello\.sh org\.test\.Hello$" + assert_has_file $FL_DIR/exports/share/icons/hicolor/64x64/apps/org.test.Hello.png + assert_has_file $FL_DIR/exports/share/icons/HighContrast/64x64/apps/org.test.Hello.png + +diff --git a/tests/test-run.sh b/tests/test-run.sh +index fecb756e..64043281 100644 +--- a/tests/test-run.sh ++++ b/tests/test-run.sh +@@ -45,7 +45,7 @@ assert_has_dir $FL_DIR/app/org.test.Hello/$ARCH/stable/active/files + assert_has_dir $FL_DIR/app/org.test.Hello/$ARCH/stable/active/export + assert_has_file $FL_DIR/exports/share/applications/org.test.Hello.desktop + # Ensure Exec key is rewritten +-assert_file_has_content $FL_DIR/exports/share/applications/org.test.Hello.desktop "^Exec=.*/flatpak run --branch=stable --arch=$ARCH --command=hello\.sh org\.test\.Hello$" ++assert_file_has_content $FL_DIR/exports/share/applications/org.test.Hello.desktop "^Exec=flatpak run --branch=stable --arch=$ARCH --command=hello\.sh org\.test\.Hello$" + assert_has_file $FL_DIR/exports/share/gnome-shell/search-providers/org.test.Hello.search-provider.ini + assert_file_has_content $FL_DIR/exports/share/gnome-shell/search-providers/org.test.Hello.search-provider.ini "^DefaultDisabled=true$" + assert_has_file $FL_DIR/exports/share/icons/hicolor/64x64/apps/org.test.Hello.png diff --git a/packages/flatpak/validate-icon-pixbuf.patch b/packages/flatpak/validate-icon-pixbuf.patch new file mode 100644 index 0000000..086114e --- /dev/null +++ b/packages/flatpak/validate-icon-pixbuf.patch @@ -0,0 +1,13 @@ +diff --git a/icon-validator/validate-icon.c b/icon-validator/validate-icon.c +index 9e885070..44fea035 100644 +--- a/icon-validator/validate-icon.c ++++ b/icon-validator/validate-icon.c +@@ -200,6 +200,8 @@ rerun_in_sandbox (const char *arg_width, + add_args (args, "--setenv", "G_MESSAGES_DEBUG", g_getenv ("G_MESSAGES_DEBUG"), NULL); + if (g_getenv ("G_MESSAGES_PREFIXED")) + add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL); ++ if (g_getenv ("GDK_PIXBUF_MODULE_FILE")) ++ add_args (args, "--setenv", "GDK_PIXBUF_MODULE_FILE", g_getenv ("GDK_PIXBUF_MODULE_FILE"), NULL); + + add_args (args, validate_icon, arg_width, arg_height, filename, NULL); + g_ptr_array_add (args, NULL);