Refresh gssproxy patch to use new socket path

2022-09-15 09:05:41 -05:00 · 2022-09-15 09:05:41 -05:00 · 90828d355f
commit 90828d355f
parent cd6b3508dc
2 changed files with 19 additions and 12 deletions
--- a/flatpak-1.13.3-add-gssproxy-support.patch
+++ b/flatpak-1.13.3-add-gssproxy-support.patch
@ -1,4 +1,4 @@
-From 66dec57ed23421c153af4eae36d2c3ca8501e380 Mon Sep 17 00:00:00 2001
+From b9f4200b9674638ee2879db568e30219e81d5ed8 Mon Sep 17 00:00:00 2001
 From: Michael Catanzaro <mcatanzaro@redhat.com>
 Date: Thu, 12 May 2022 12:44:59 -0500
 Subject: [PATCH 1/2] Bind gssproxy socket into sandbox environment
@ -18,10 +18,10 @@ See also: https://github.com/gssapi/gssproxy/issues/45
 1 file changed, 17 insertions(+), 1 deletion(-)

 diff --git a/common/flatpak-run.c b/common/flatpak-run.c
-index e4391019a0..adf54ed474 100644
+index bf85f47c..3ec007cf 100644
 --- a/common/flatpak-run.c
 +++ b/common/flatpak-run.c
-@@ -923,6 +923,19 @@ flatpak_run_add_pulseaudio_args (FlatpakBwrap         *bwrap,
+@@ -955,6 +955,19 @@ flatpak_run_add_pulseaudio_args (FlatpakBwrap         *bwrap,
     flatpak_bwrap_add_args (bwrap, "--dev-bind", "/dev/snd", "/dev/snd", NULL);
 }
 
@ -32,16 +32,16 @@ index e4391019a0..adf54ed474 100644
 +   * not intended to be exposed to sandboxed environments.
 +   */
 +  g_autofree char *gssproxy_host_dir = g_build_filename (g_get_user_runtime_dir (), "gssproxy", NULL);
-+  const char *gssproxy_sandboxed_dir = "/var/lib/gssproxy/";
+  const char *gssproxy_sandboxed_dir = "/run/flatpak/gssproxy/";
 +
 +  if (g_file_test (gssproxy_host_dir, G_FILE_TEST_EXISTS))
-+    flatpak_bwrap_add_args (bwrap, "--bind", gssproxy_host_dir, gssproxy_sandboxed_dir, NULL);
+    flatpak_bwrap_add_args (bwrap, "--ro-bind", gssproxy_host_dir, gssproxy_sandboxed_dir, NULL);
 +}
 +
 static void
 flatpak_run_add_resolved_args (FlatpakBwrap *bwrap)
 {
-@@ -4560,7 +4573,10 @@ flatpak_run_app (FlatpakDecomposed *app_ref,
+@@ -4611,7 +4624,10 @@ flatpak_run_app (FlatpakDecomposed *app_ref,
     }
 
   if ((app_context->shares & FLATPAK_CONTEXT_SHARED_NETWORK) != 0)
@ -53,8 +53,10 @@ index e4391019a0..adf54ed474 100644
 
   flatpak_run_add_journal_args (bwrap);
   add_font_path_args (bwrap);
+-- 
+2.37.3

-From d9f214ed47fba50daa433ce6145acd93f56bc781 Mon Sep 17 00:00:00 2001
+From 9e32923a46ffd336dffc4fa7c7a1ee05ae2d39ae Mon Sep 17 00:00:00 2001
 From: Michael Catanzaro <mcatanzaro@redhat.com>
 Date: Mon, 23 May 2022 09:59:48 -0500
 Subject: [PATCH 2/2] Block KRB5CCNAME from inheriting into sandbox
@ -77,10 +79,10 @@ host.
 2 files changed, 4 insertions(+), 1 deletion(-)

 diff --git a/common/flatpak-run.c b/common/flatpak-run.c
-index adf54ed474..e689920a08 100644
+index 3ec007cf..b650be46 100644
 --- a/common/flatpak-run.c
 +++ b/common/flatpak-run.c
-@@ -1850,7 +1850,8 @@ static const ExportData default_exports[] = {
+@@ -1887,7 +1887,8 @@ static const ExportData default_exports[] = {
   {"XDG_RUNTIME_DIR", NULL},
 
   /* Some env vars are common enough and will affect the sandbox badly
@ -90,7 +92,7 @@ index adf54ed474..e689920a08 100644
   {"PYTHONPATH", NULL},
   {"PERLLIB", NULL},
   {"PERL5LIB", NULL},
-@@ -1867,6 +1868,7 @@ static const ExportData default_exports[] = {
+@@ -1904,6 +1905,7 @@ static const ExportData default_exports[] = {
   {"GST_PTP_HELPER", NULL},
   {"GST_PTP_HELPER_1_0", NULL},
   {"GST_INSTALL_PLUGINS_HELPER", NULL},
@ -99,7 +101,7 @@ index adf54ed474..e689920a08 100644
 
 static const ExportData no_ld_so_cache_exports[] = {
 diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml
-index f8d9e5eecd..4dc0b53149 100644
+index e1aa5e1c..77cd3ad0 100644
 --- a/doc/flatpak-run.xml
 +++ b/doc/flatpak-run.xml
@@ -97,6 +97,7 @@
@ -110,3 +112,5 @@ index f8d9e5eecd..4dc0b53149 100644
         </simplelist>
         <para>
             Also several environment variables with the prefix "GST_" that are used by gstreamer
+-- 
+2.37.3
--- a/flatpak.spec
+++ b/flatpak.spec
@ -6,7 +6,7 @@

 Name:           flatpak
 Version:        1.14.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Application deployment framework for desktop apps

 License:        LGPLv2+
@ -279,6 +279,9 @@ fi


 %changelog
+* Thu Sep 15 2022 Michael Catanzaro <mcatanzaro@redhat.com> - 1.14.0-2
+- Refresh gssproxy patch to use new socket path
+
 * Wed Sep 07 2022 Kalev Lember <klember@redhat.com> - 1.14.0-1
 - Update to 1.14.0