diff options
author | Alexander Larsson <alexl@redhat.com> | 2016-05-11 10:35:24 +0200 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2016-05-11 10:35:24 +0200 |
commit | 1877f0be8dbf82825f8911bd3da6c706cfa61df8 (patch) | |
tree | 87fbb5f2cd560ebea0d93433a71883f612edaab2 /system-helper | |
parent | f68b21754a00248d3cca97e1143c86800de7f79a (diff) | |
download | xdg-app-1877f0be8dbf82825f8911bd3da6c706cfa61df8.tar.gz |
system-helper: Add support for updating appstream branch
Diffstat (limited to 'system-helper')
-rw-r--r-- | system-helper/flatpak-system-helper.c | 92 | ||||
-rw-r--r-- | system-helper/org.freedesktop.Flatpak.policy.in | 18 |
2 files changed, 110 insertions, 0 deletions
diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c index 918d6b2..20a9e0e 100644 --- a/system-helper/flatpak-system-helper.c +++ b/system-helper/flatpak-system-helper.c @@ -158,6 +158,71 @@ handle_deploy (FlatpakSystemHelper *object, return TRUE; } +static gboolean +handle_deploy_appstream (FlatpakSystemHelper *object, + GDBusMethodInvocation *invocation, + const gchar *arg_repo_path, + const gchar *arg_origin, + const gchar *arg_arch) +{ + g_autoptr(FlatpakDir) system = flatpak_dir_get_system (); + g_autoptr(GFile) path = g_file_new_for_path (arg_repo_path); + g_autoptr(GError) error = NULL; + g_autoptr(GMainContext) main_context = NULL; + g_autofree char *branch = NULL; + + if (!g_file_query_exists (path, NULL)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, "Path does not exist"); + return TRUE; + } + + if (!flatpak_dir_ensure_repo (system, NULL, &error)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, + "Can't open system repo %s", error->message); + return TRUE; + } + + /* Work around ostree-pull spinning the default main context for the sync calls */ + main_context = g_main_context_new (); + g_main_context_push_thread_default (main_context); + + branch = g_strdup_printf ("appstream/%s", arg_arch); + + g_print ("pulling branch %s\n", branch); + + if (!flatpak_dir_pull_untrusted_local (system, arg_repo_path, + arg_origin, + branch, + NULL, + NULL, + NULL, &error)) + { + g_main_context_pop_thread_default (main_context); + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, + "Error pulling from repo: %s", error->message); + return TRUE; + } + + g_main_context_pop_thread_default (main_context); + + if (!flatpak_dir_deploy_appstream (system, + arg_origin, + arg_arch, + NULL, + NULL, + &error)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, + "Error deploying appstream: %s", error->message); + return TRUE; + } + + flatpak_system_helper_complete_deploy_appstream (object, invocation); + + return TRUE; +} static gboolean flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface, @@ -229,6 +294,32 @@ flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface, authorized = polkit_authorization_result_get_is_authorized (result); } + else if (g_strcmp0 (method_name, "DeployAppstream") == 0) + { + const char *arch, *origin; + + g_variant_get_child (parameters, 1, "&s", &origin); + g_variant_get_child (parameters, 2, "&s", &arch); + + action = "org.freedesktop.Flatpak.appstream-update"; + + details = polkit_details_new (); + polkit_details_insert (details, "origin", origin); + polkit_details_insert (details, "arch", arch); + + result = polkit_authority_check_authorization_sync (authority, subject, + action, details, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + NULL, &error); + if (result == NULL) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, + "Authorization error: %s", error->message); + return FALSE; + } + + authorized = polkit_authorization_result_get_is_authorized (result); + } if (!authorized) { @@ -256,6 +347,7 @@ on_bus_acquired (GDBusConnection *connection, G_DBUS_INTERFACE_SKELETON_FLAGS_HANDLE_METHOD_INVOCATIONS_IN_THREAD); g_signal_connect (helper, "handle-deploy", G_CALLBACK (handle_deploy), NULL); + g_signal_connect (helper, "handle-deploy-appstream", G_CALLBACK (handle_deploy_appstream), NULL); g_signal_connect (helper, "g-authorize-method", G_CALLBACK (flatpak_authorize_method_handler), diff --git a/system-helper/org.freedesktop.Flatpak.policy.in b/system-helper/org.freedesktop.Flatpak.policy.in index a420339..a0a1bcc 100644 --- a/system-helper/org.freedesktop.Flatpak.policy.in +++ b/system-helper/org.freedesktop.Flatpak.policy.in @@ -83,4 +83,22 @@ </defaults> </action> + <action id="org.freedesktop.Flatpak.appstream-update"> + <!-- SECURITY: + - Normal users do not require admin authentication to update + appstream data as it will be signed, and the action is required + to update the system when unattended. + - Changing this to anything other than 'yes' will break unattended + updates. + --> + <_description>Update appstream</_description> + <_message>Authentication is required to update software</_message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + </action> + </policyconfig> |