diff --git a/nixos/tests/installed-tests/xdg-desktop-portal.nix b/nixos/tests/installed-tests/xdg-desktop-portal.nix index d40317faeb015..a85203fe3edaf 100644 --- a/nixos/tests/installed-tests/xdg-desktop-portal.nix +++ b/nixos/tests/installed-tests/xdg-desktop-portal.nix @@ -1,22 +1,32 @@ -{ pkgs, makeInstalledTest, ... }: +{ + lib, + pkgs, + makeInstalledTest, + ... +}: makeInstalledTest { tested = pkgs.xdg-desktop-portal; - # Red herring - # Failed to load RealtimeKit property: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.RealtimeKit1 was not provided by any .service files - # Maybe a red herring, enabling PipeWire doesn't fix the location test. - # Failed connect to PipeWire: Couldn't connect to PipeWire testConfig = { environment.variables = { - TEST_IN_CI = 1; - XDG_DATA_DIRS = "${pkgs.xdg-desktop-portal.installedTests}/share/installed-tests/xdg-desktop-portal/share"; + GI_TYPELIB_PATH = lib.makeSearchPath "lib/girepository-1.0" [ + pkgs.glib.out + pkgs.umockdev.out + ]; + # need to set this ourselves, because the tests will set LD_PRELOAD=libumockdev-preload.so, + # which can't be found because it's not in default rpath + LD_PRELOAD = "${pkgs.umockdev.out}/lib/libumockdev-preload.so"; + XDP_TEST_IN_CI = 1; }; - # Broken, see comment in the package file. - #services.geoclue2 = { - # enable = true; - # enableDemoAgent = true; - #}; - #location.provider = "geoclue2"; + environment.systemPackages = with pkgs; [ + umockdev + wireless-regdb + ]; + services.geoclue2 = { + enable = true; + enableDemoAgent = true; + }; + location.provider = "geoclue2"; }; } diff --git a/pkgs/development/libraries/xdg-desktop-portal/default.nix b/pkgs/development/libraries/xdg-desktop-portal/default.nix index 79c7633a5576b..1b4ec15a1b93c 100644 --- a/pkgs/development/libraries/xdg-desktop-portal/default.nix +++ b/pkgs/development/libraries/xdg-desktop-portal/default.nix @@ -4,17 +4,12 @@ flatpak, fuse3, bubblewrap, - docbook_xml_dtd_412, - docbook_xml_dtd_43, - docbook_xsl, docutils, systemdMinimal, geoclue2, glib, gsettings-desktop-schemas, json-glib, - libportal, - libxml2, meson, ninja, nixosTests, @@ -26,16 +21,20 @@ pkg-config, stdenv, runCommand, - wrapGAppsHook3, - xmlto, + wrapGAppsNoGuiHook, bash, + dbus, + gst_all_1, + libgudev, + umockdev, + substituteAll, enableGeoLocation ? true, enableSystemd ? true, }: stdenv.mkDerivation (finalAttrs: { pname = "xdg-desktop-portal"; - version = "1.18.4"; + version = "1.20.0"; outputs = [ "out" @@ -45,18 +44,23 @@ stdenv.mkDerivation (finalAttrs: { src = fetchFromGitHub { owner = "flatpak"; repo = "xdg-desktop-portal"; - rev = finalAttrs.version; - hash = "sha256-o+aO7uGewDPrtgOgmp/CE2uiqiBLyo07pVCFrtlORFQ="; + tag = finalAttrs.version; + hash = "sha256-FHMa8fTr8qNEM5WptuMjMs/XOsvmFxi8pDaCrwJ3/ww="; }; patches = [ # The icon validator copied from Flatpak needs to access the gdk-pixbuf loaders # in the Nix store and cannot bind FHS paths since those are not available on NixOS. - (runCommand "icon-validator.patch" { } '' - # Flatpak uses a different path - substitute "${flatpak.icon-validator-patch}" "$out" \ - --replace "/icon-validator/validate-icon.c" "/src/validate-icon.c" - '') + (substituteAll { + src = ./fix-icon-validation.patch; + inherit (builtins) storeDir; + }) + + # Same for the sound validator, except the gdk-pixbuf part. + (substituteAll { + src = ./fix-sound-validation.patch; + inherit (builtins) storeDir; + }) # Allow installing installed tests to a separate output. ./installed-tests-path.patch @@ -68,23 +72,14 @@ stdenv.mkDerivation (finalAttrs: { # test tries to read /proc/cmdline, which is not intended to be accessible in the sandbox ./trash-test.patch - - # Install files required to be in XDG_DATA_DIR of the installed tests - # Merged PR https://github.com/flatpak/xdg-desktop-portal/pull/1444 - ./installed-tests-share.patch ]; nativeBuildInputs = [ - docbook_xml_dtd_412 - docbook_xml_dtd_43 - docbook_xsl docutils # for rst2man - libxml2 meson ninja pkg-config - wrapGAppsHook3 - xmlto + wrapGAppsNoGuiHook ]; buildInputs = @@ -95,19 +90,14 @@ stdenv.mkDerivation (finalAttrs: { glib gsettings-desktop-schemas json-glib - libportal pipewire + gst_all_1.gst-plugins-base + libgudev + umockdev # For icon validator gdk-pixbuf librsvg - - # For document-fuse installed test. - (python3.withPackages ( - pp: with pp; [ - pygobject3 - ] - )) bash ] ++ lib.optionals enableGeoLocation [ @@ -118,11 +108,22 @@ stdenv.mkDerivation (finalAttrs: { ]; nativeCheckInputs = [ + dbus + gdk-pixbuf + gst_all_1.gstreamer + gst_all_1.gst-plugins-good gobject-introspection - python3.pkgs.pytest - python3.pkgs.python-dbusmock - python3.pkgs.pygobject3 - python3.pkgs.dbus-python + + # NB: this Python is used both for build-time tests + # and for installed (VM) tests, so it includes dependencies + # for both + (python3.withPackages (ps: [ + ps.pytest + ps.python-dbusmock + ps.pygobject3 + ps.dbus-python + ])) + umockdev ]; mesonFlags = @@ -130,13 +131,14 @@ stdenv.mkDerivation (finalAttrs: { "--sysconfdir=/etc" "-Dinstalled-tests=true" "-Dinstalled_test_prefix=${placeholder "installedTests"}" + "-Ddocumentation=disabled" # pulls in a whole lot of extra stuff (lib.mesonEnable "systemd" enableSystemd) ] ++ lib.optionals (!enableGeoLocation) [ "-Dgeoclue=disabled" ] ++ lib.optionals (!finalAttrs.finalPackage.doCheck) [ - "-Dpytest=disabled" + "-Dtests=disabled" ]; strictDeps = true; @@ -148,13 +150,8 @@ stdenv.mkDerivation (finalAttrs: { substituteInPlace meson.build \ --replace-fail "find_program('bwrap'" "find_program('${lib.getExe bubblewrap}'" - # Disable test failing with libportal 0.9.0 - ${ - assert (lib.versionOlder finalAttrs.version "1.20.0"); - "# TODO: Remove when updating to x-d-p 1.20.0" - } - substituteInPlace tests/test-portals.c \ - --replace-fail 'g_test_add_func ("/portal/notification/bad-arg", test_notification_bad_arg);' "" + patchShebangs src/generate-method-info.py + patchShebangs tests/run-test.sh ''; preCheck = '' @@ -165,42 +162,29 @@ stdenv.mkDerivation (finalAttrs: { # be flaky. Let's disable those downstream as hydra exhibits similar # flakes: # https://github.com/NixOS/nixpkgs/pull/270085#issuecomment-1840053951 - export TEST_IN_CI=1 - ''; + export XDP_TEST_IN_CI=1 - postFixup = - let - documentFuse = "${placeholder "installedTests"}/libexec/installed-tests/xdg-desktop-portal/test-document-fuse.py"; - testPortals = "${placeholder "installedTests"}/libexec/installed-tests/xdg-desktop-portal/test-portals"; - - in - '' - if [ -x '${documentFuse}' ] ; then - wrapGApp '${documentFuse}' - wrapGApp '${testPortals}' - # (xdg-desktop-portal:995): xdg-desktop-portal-WARNING **: 21:21:55.673: Failed to get GeoClue client: Timeout was reached - # xdg-desktop-portal:ERROR:../tests/location.c:22:location_cb: 'res' should be TRUE - # https://github.com/flatpak/xdg-desktop-portal/blob/1d6dfb57067dec182b546dfb60c87aa3452c77ed/tests/location.c#L21 - rm $installedTests/share/installed-tests/xdg-desktop-portal/test-portals-location.test - fi - ''; + # need to set this ourselves, because the tests will set LD_PRELOAD=libumockdev-preload.so, + # which can't be found because it's not in default rpath + export LD_PRELOAD=${lib.getLib umockdev}/lib/libumockdev-preload.so + ''; passthru = { tests = { installedTests = nixosTests.installed-tests.xdg-desktop-portal; validate-icon = runCommand "test-icon-validation" { } '' - ${finalAttrs.finalPackage}/libexec/xdg-desktop-portal-validate-icon --sandbox 512 512 ${../../../applications/audio/zynaddsubfx/ZynLogo.svg} > "$out" + ${finalAttrs.finalPackage}/libexec/xdg-desktop-portal-validate-icon --ruleset=desktop --sandbox --path=${../../../applications/audio/zynaddsubfx/ZynLogo.svg} > "$out" grep format=svg "$out" ''; }; }; - meta = with lib; { + meta = { description = "Desktop integration portals for sandboxed apps"; - homepage = "https://flatpak.github.io/xdg-desktop-portal/"; - license = licenses.lgpl2Plus; - maintainers = with maintainers; [ jtojnar ]; - platforms = platforms.linux; + homepage = "https://flatpak.github.io/xdg-desktop-portal"; + license = lib.licenses.lgpl2Plus; + maintainers = with lib.maintainers; [ jtojnar ]; + platforms = lib.platforms.linux; }; }) diff --git a/pkgs/development/libraries/xdg-desktop-portal/fix-icon-validation.patch b/pkgs/development/libraries/xdg-desktop-portal/fix-icon-validation.patch new file mode 100644 index 0000000000000..08b7a3c0b3b02 --- /dev/null +++ b/pkgs/development/libraries/xdg-desktop-portal/fix-icon-validation.patch @@ -0,0 +1,33 @@ +diff --git a/src/validate-icon.c b/src/validate-icon.c +index c42265b..320f028 100644 +--- a/src/validate-icon.c ++++ b/src/validate-icon.c +@@ -254,7 +254,7 @@ flatpak_get_bwrap (void) + static int + rerun_in_sandbox (int input_fd) + { +- const char * const usrmerged_dirs[] = { "bin", "lib32", "lib64", "lib", "sbin" }; ++ const char * const usrmerged_dirs[] = { }; + g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free); + g_autofree char* arg_input_fd = NULL; + char validate_icon[PATH_MAX + 1]; +@@ -276,8 +276,7 @@ rerun_in_sandbox (int input_fd) + "--unshare-ipc", + "--unshare-net", + "--unshare-pid", +- "--ro-bind", "/usr", "/usr", +- "--ro-bind-try", "/etc/ld.so.cache", "/etc/ld.so.cache", ++ "--ro-bind", "@storeDir@", "@storeDir@", + "--ro-bind", validate_icon, validate_icon, + NULL); + +@@ -320,6 +319,9 @@ rerun_in_sandbox (int input_fd) + if (g_getenv ("G_MESSAGES_PREFIXED")) + add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL); + ++ if (g_getenv ("GDK_PIXBUF_MODULE_FILE")) ++ add_args (args, "--setenv", "GDK_PIXBUF_MODULE_FILE", g_getenv ("GDK_PIXBUF_MODULE_FILE"), NULL); ++ + arg_input_fd = g_strdup_printf ("%d", input_fd); + add_args (args, + validate_icon, diff --git a/pkgs/development/libraries/xdg-desktop-portal/fix-sound-validation.patch b/pkgs/development/libraries/xdg-desktop-portal/fix-sound-validation.patch new file mode 100644 index 0000000000000..bfc6982d2dfdc --- /dev/null +++ b/pkgs/development/libraries/xdg-desktop-portal/fix-sound-validation.patch @@ -0,0 +1,32 @@ +diff --git a/src/validate-sound.c b/src/validate-sound.c +index 7348d46..8b87c78 100644 +--- a/src/validate-sound.c ++++ b/src/validate-sound.c +@@ -234,7 +234,7 @@ flatpak_get_bwrap (void) + static int + rerun_in_sandbox (int input_fd) + { +- const char * const usrmerged_dirs[] = { "bin", "lib32", "lib64", "lib", "sbin" }; ++ const char * const usrmerged_dirs[] = { }; + int i; + g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free); + char validate_sound[PATH_MAX + 1]; +@@ -255,8 +255,7 @@ rerun_in_sandbox (int input_fd) + "--unshare-ipc", + "--unshare-net", + "--unshare-pid", +- "--ro-bind", "/usr", "/usr", +- "--ro-bind-try", "/etc/ld.so.cache", "/etc/ld.so.cache", ++ "--ro-bind", "@storeDir@", "@storeDir@", + "--ro-bind", validate_sound, validate_sound, + NULL); + +@@ -299,6 +298,8 @@ rerun_in_sandbox (int input_fd) + if (g_getenv ("G_MESSAGES_PREFIXED")) + add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL); + ++ if (g_getenv ("GST_PLUGIN_SYSTEM_PATH_1_0")) ++ add_args (args, "--setenv", "GST_PLUGIN_SYSTEM_PATH_1_0", g_getenv ("GST_PLUGIN_SYSTEM_PATH_1_0"), NULL); + + arg_input_fd = g_strdup_printf ("%d", input_fd); + add_args (args, validate_sound, "--fd", arg_input_fd, NULL); diff --git a/pkgs/development/libraries/xdg-desktop-portal/installed-tests-path.patch b/pkgs/development/libraries/xdg-desktop-portal/installed-tests-path.patch index 0a9547ba3628e..9de427d86307b 100644 --- a/pkgs/development/libraries/xdg-desktop-portal/installed-tests-path.patch +++ b/pkgs/development/libraries/xdg-desktop-portal/installed-tests-path.patch @@ -1,8 +1,8 @@ diff --git a/meson.build b/meson.build -index b25f9ef..7975f85 100644 +index 4238adb..d3f89fd 100644 --- a/meson.build +++ b/meson.build -@@ -40,8 +40,8 @@ if dataroot_dir == '' +@@ -43,8 +43,8 @@ if dataroot_dir == '' dataroot_dir = datadir endif @@ -14,17 +14,14 @@ index b25f9ef..7975f85 100644 summary({ diff --git a/meson_options.txt b/meson_options.txt -index fccada3..ca87600 100644 +index ed8c311..0a2bf7e 100644 --- a/meson_options.txt +++ b/meson_options.txt -@@ -38,6 +38,10 @@ option('installed-tests', - type: 'boolean', - value: false, - description: 'Enable installation of some test cases') +@@ -54,3 +54,7 @@ option('sandboxed-sound-validation', + type: 'feature', + value: 'enabled', + description: 'Use Bubblewrap to sandbox sound validation. Disabling this option may lead to security vulnerabilities.') +option('installed_test_prefix', -+ type: 'string', -+ value: '', -+ description: 'Prefix for installed tests') - option('pytest', - type: 'feature', - value: 'auto', ++ type: 'string', ++ value: '', ++ description: 'Prefix for installed tests') diff --git a/pkgs/development/libraries/xdg-desktop-portal/installed-tests-share.patch b/pkgs/development/libraries/xdg-desktop-portal/installed-tests-share.patch deleted file mode 100644 index ba9a3822e59e3..0000000000000 --- a/pkgs/development/libraries/xdg-desktop-portal/installed-tests-share.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff --git a/tests/share/applications/meson.build b/tests/share/applications/meson.build -index d56b633..3ad3371 100644 ---- a/tests/share/applications/meson.build -+++ b/tests/share/applications/meson.build -@@ -1,2 +1,2 @@ --configure_file(input: 'furrfix.desktop', output: '@PLAINNAME@', copy: true) --configure_file(input: 'mimeinfo.cache', output: '@PLAINNAME@', copy: true) -+configure_file(input: 'furrfix.desktop', output: '@PLAINNAME@', copy: true, install: enable_installed_tests, install_dir: installed_tests_data_dir / 'share' / 'applications') -+configure_file(input: 'mimeinfo.cache', output: '@PLAINNAME@', copy: true, install: enable_installed_tests, install_dir: installed_tests_data_dir / 'share' / 'applications') diff --git a/pkgs/development/libraries/xdg-desktop-portal/nix-pkgdatadir-env.patch b/pkgs/development/libraries/xdg-desktop-portal/nix-pkgdatadir-env.patch index b099c4ad56f5b..b7ca73e5afedf 100644 --- a/pkgs/development/libraries/xdg-desktop-portal/nix-pkgdatadir-env.patch +++ b/pkgs/development/libraries/xdg-desktop-portal/nix-pkgdatadir-env.patch @@ -1,8 +1,8 @@ -diff --git a/src/portal-impl.c b/src/portal-impl.c -index 85b3a23..6d43636 100644 ---- a/src/portal-impl.c -+++ b/src/portal-impl.c -@@ -275,6 +275,8 @@ load_installed_portals (gboolean opt_verbose) +diff --git a/src/xdp-portal-impl.c b/src/xdp-portal-impl.c +index 770c265..a34ca8e 100644 +--- a/src/xdp-portal-impl.c ++++ b/src/xdp-portal-impl.c +@@ -277,6 +277,8 @@ load_installed_portals (gboolean opt_verbose) /* We need to override this in the tests */ portal_dir = g_getenv ("XDG_DESKTOP_PORTAL_DIR"); diff --git a/pkgs/development/libraries/xdg-desktop-portal/trash-test.patch b/pkgs/development/libraries/xdg-desktop-portal/trash-test.patch index 3bfa885972813..23991fd87020b 100644 --- a/pkgs/development/libraries/xdg-desktop-portal/trash-test.patch +++ b/pkgs/development/libraries/xdg-desktop-portal/trash-test.patch @@ -1,18 +1,18 @@ diff --git a/tests/test_trash.py b/tests/test_trash.py -index d745cd2..173e3e5 100644 +index 2637256..e89d45c 100644 --- a/tests/test_trash.py +++ b/tests/test_trash.py -@@ -24,13 +24,6 @@ class TestTrash: - def test_version(self, portal_mock): - portal_mock.check_version(1) +@@ -13,13 +13,6 @@ class TestTrash: + def test_version(self, portals, dbus_con): + xdp.check_version(dbus_con, "Trash", 1) -- def test_trash_file_fails(self, portal_mock): -- trash_intf = portal_mock.get_dbus_interface() +- def test_trash_file_fails(self, portals, dbus_con): +- trash_intf = xdp.get_portal_iface(dbus_con, "Trash") - with open("/proc/cmdline") as fd: - result = trash_intf.TrashFile(fd.fileno()) - - assert result == 0 - - def test_trash_file(self, portal_mock): - trash_intf = portal_mock.get_dbus_interface() + def test_trash_file(self, portals, dbus_con): + trash_intf = xdp.get_portal_iface(dbus_con, "Trash")