From 2d1cfb496e3abc56d72239958fef6bff8c575a27 Mon Sep 17 00:00:00 2001 From: 2-www <112013524+2-www@users.noreply.github.com> Date: Wed, 26 Apr 2023 19:40:00 +0000 Subject: [PATCH 1/3] flatpak-spawn: don't use locale conversion for env and sandbox-expose this should allow using non-ascii text in environment variables (and sandbox paths) even if the locale failed to load where the flatpak-spawn helper is run same as https://github.com/flatpak/flatpak/pull/4138 --- src/flatpak-spawn.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/flatpak-spawn.c b/src/flatpak-spawn.c index fca423f..4111486 100644 --- a/src/flatpak-spawn.c +++ b/src/flatpak-spawn.c @@ -796,14 +796,14 @@ main (int argc, { "watch-bus", 0, 0, G_OPTION_ARG_NONE, &opt_watch_bus, "Make the spawned command exit if we do", NULL }, { "expose-pids", 0, 0, G_OPTION_ARG_NONE, &opt_expose_pids, "Expose sandbox pid in calling sandbox", NULL }, { "share-pids", 0, 0, G_OPTION_ARG_NONE, &opt_share_pids, "Use same pid namespace as calling sandbox", NULL }, - { "env", 0, 0, G_OPTION_ARG_CALLBACK, &opt_env_cb, "Set environment variable", "VAR=VALUE" }, - { "unset-env", 0, 0, G_OPTION_ARG_CALLBACK, &opt_unset_env_cb, "Unset environment variable", "VAR=VALUE" }, + { "env", 0, G_OPTION_FLAG_FILENAME, G_OPTION_ARG_CALLBACK, &opt_env_cb, "Set environment variable", "VAR=VALUE" }, + { "unset-env", 0, G_OPTION_FLAG_FILENAME, G_OPTION_ARG_CALLBACK, &opt_unset_env_cb, "Unset environment variable", "VAR=VALUE" }, { "env-fd", 0, 0, G_OPTION_ARG_CALLBACK, &option_env_fd_cb, "Read environment variables in env -0 format from FD", "FD" }, { "latest-version", 0, 0, G_OPTION_ARG_NONE, &opt_latest_version, "Run latest version", NULL }, { "sandbox", 0, 0, G_OPTION_ARG_NONE, &opt_sandbox, "Run sandboxed", NULL }, { "no-network", 0, 0, G_OPTION_ARG_NONE, &opt_no_network, "Run without network access", NULL }, - { "sandbox-expose", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_sandbox_expose, "Expose access to named file", "NAME" }, - { "sandbox-expose-ro", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_sandbox_expose_ro, "Expose readonly access to named file", "NAME" }, + { "sandbox-expose", 0, G_OPTION_FLAG_FILENAME, G_OPTION_ARG_STRING_ARRAY, &opt_sandbox_expose, "Expose access to named file", "NAME" }, + { "sandbox-expose-ro", 0, G_OPTION_FLAG_FILENAME, G_OPTION_ARG_STRING_ARRAY, &opt_sandbox_expose_ro, "Expose readonly access to named file", "NAME" }, { "sandbox-expose-path", 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_sandbox_expose_path, "Expose access to path", "PATH" }, { "sandbox-expose-path-ro", 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_sandbox_expose_path_ro, "Expose readonly access to path", "PATH" }, { "sandbox-expose-path-try", 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_sandbox_expose_path_try, "Expose access to path if it exists", "PATH" }, From bf340a1f32e752eddd0ddeaf05810187af247660 Mon Sep 17 00:00:00 2001 From: 2-www <112013524+2-www@users.noreply.github.com> Date: Wed, 26 Apr 2023 20:13:10 +0000 Subject: [PATCH 2/3] flatpak-spawn: fix flags use G_OPTION_ARG_FILENAME_ARRAY instead of G_OPTION_ARG_STRING_ARRAY + G_OPTION_FLAG_FILENAME, which is not valid --- src/flatpak-spawn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/flatpak-spawn.c b/src/flatpak-spawn.c index 4111486..dbee140 100644 --- a/src/flatpak-spawn.c +++ b/src/flatpak-spawn.c @@ -802,8 +802,8 @@ main (int argc, { "latest-version", 0, 0, G_OPTION_ARG_NONE, &opt_latest_version, "Run latest version", NULL }, { "sandbox", 0, 0, G_OPTION_ARG_NONE, &opt_sandbox, "Run sandboxed", NULL }, { "no-network", 0, 0, G_OPTION_ARG_NONE, &opt_no_network, "Run without network access", NULL }, - { "sandbox-expose", 0, G_OPTION_FLAG_FILENAME, G_OPTION_ARG_STRING_ARRAY, &opt_sandbox_expose, "Expose access to named file", "NAME" }, - { "sandbox-expose-ro", 0, G_OPTION_FLAG_FILENAME, G_OPTION_ARG_STRING_ARRAY, &opt_sandbox_expose_ro, "Expose readonly access to named file", "NAME" }, + { "sandbox-expose", 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_sandbox_expose, "Expose access to named file", "NAME" }, + { "sandbox-expose-ro", 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_sandbox_expose_ro, "Expose readonly access to named file", "NAME" }, { "sandbox-expose-path", 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_sandbox_expose_path, "Expose access to path", "PATH" }, { "sandbox-expose-path-ro", 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_sandbox_expose_path_ro, "Expose readonly access to path", "PATH" }, { "sandbox-expose-path-try", 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &opt_sandbox_expose_path_try, "Expose access to path if it exists", "PATH" }, From 4935555186a1c4373a699957cedbc8ec8019372d Mon Sep 17 00:00:00 2001 From: 2-www <112013524+2-www@users.noreply.github.com> Date: Wed, 26 Apr 2023 20:18:28 +0000 Subject: [PATCH 3/3] flatpak-spawn: explain the FILENAME flag --- src/flatpak-spawn.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/flatpak-spawn.c b/src/flatpak-spawn.c index dbee140..439da70 100644 --- a/src/flatpak-spawn.c +++ b/src/flatpak-spawn.c @@ -796,6 +796,8 @@ main (int argc, { "watch-bus", 0, 0, G_OPTION_ARG_NONE, &opt_watch_bus, "Make the spawned command exit if we do", NULL }, { "expose-pids", 0, 0, G_OPTION_ARG_NONE, &opt_expose_pids, "Expose sandbox pid in calling sandbox", NULL }, { "share-pids", 0, 0, G_OPTION_ARG_NONE, &opt_share_pids, "Use same pid namespace as calling sandbox", NULL }, + // G_OPTION_FLAG_FILENAME is what we use to tell glib to treat the argument as an opaque string rather than try to convert it between locales + // see https://gitlab.gnome.org/GNOME/glib/-/blob/68ad8334b6c3ec51f9c3630123a54e9c79ed06a1/glib/goption.c#L1439 { "env", 0, G_OPTION_FLAG_FILENAME, G_OPTION_ARG_CALLBACK, &opt_env_cb, "Set environment variable", "VAR=VALUE" }, { "unset-env", 0, G_OPTION_FLAG_FILENAME, G_OPTION_ARG_CALLBACK, &opt_unset_env_cb, "Unset environment variable", "VAR=VALUE" }, { "env-fd", 0, 0, G_OPTION_ARG_CALLBACK, &option_env_fd_cb, "Read environment variables in env -0 format from FD", "FD" },