[staging-next] xdg-desktop-portal: 1.18.4 -> 1.20.0

nixos/tests/installed-tests/xdg-desktop-portal.nix

@@ -1,22 +1,32 @@
-{ pkgs, makeInstalledTest, ... }:
+{
+  lib,
+  pkgs,
+  makeInstalledTest,
+  ...
+}:
 
 makeInstalledTest {
   tested = pkgs.xdg-desktop-portal;
 
-  # Red herring
-  # Failed to load RealtimeKit property: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.RealtimeKit1 was not provided by any .service files
-  # Maybe a red herring, enabling PipeWire doesn't fix the location test.
-  # Failed connect to PipeWire: Couldn't connect to PipeWire
   testConfig = {
     environment.variables = {
-      TEST_IN_CI = 1;
-      XDG_DATA_DIRS = "${pkgs.xdg-desktop-portal.installedTests}/share/installed-tests/xdg-desktop-portal/share";
+      GI_TYPELIB_PATH = lib.makeSearchPath "lib/girepository-1.0" [
+        pkgs.glib.out
+        pkgs.umockdev.out
+      ];
+      # need to set this ourselves, because the tests will set LD_PRELOAD=libumockdev-preload.so,
+      # which can't be found because it's not in default rpath
+      LD_PRELOAD = "${pkgs.umockdev.out}/lib/libumockdev-preload.so";
+      XDP_TEST_IN_CI = 1;
     };
-    # Broken, see comment in the package file.
-    #services.geoclue2 = {
-    #  enable = true;
-    #  enableDemoAgent = true;
-    #};
-    #location.provider = "geoclue2";
+    environment.systemPackages = with pkgs; [
+      umockdev
+      wireless-regdb
+    ];
+    services.geoclue2 = {
+      enable = true;
+      enableDemoAgent = true;
+    };
+    location.provider = "geoclue2";
   };
 }

pkgs/development/libraries/xdg-desktop-portal/default.nix

@@ -4,17 +4,12 @@
   flatpak,
   fuse3,
   bubblewrap,
-  docbook_xml_dtd_412,
-  docbook_xml_dtd_43,
-  docbook_xsl,
   docutils,
   systemdMinimal,
   geoclue2,
   glib,
   gsettings-desktop-schemas,
   json-glib,
-  libportal,
-  libxml2,
   meson,
   ninja,
   nixosTests,
@@ -26,16 +21,20 @@
   pkg-config,
   stdenv,
   runCommand,
-  wrapGAppsHook3,
-  xmlto,
+  wrapGAppsNoGuiHook,
   bash,
+  dbus,
+  gst_all_1,
+  libgudev,
+  umockdev,
+  substituteAll,
   enableGeoLocation ? true,
   enableSystemd ? true,
 }:
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "xdg-desktop-portal";
-  version = "1.18.4";
+  version = "1.20.0";
 
   outputs = [
     "out"
@@ -45,18 +44,23 @@ stdenv.mkDerivation (finalAttrs: {
   src = fetchFromGitHub {
     owner = "flatpak";
     repo = "xdg-desktop-portal";
-    rev = finalAttrs.version;
-    hash = "sha256-o+aO7uGewDPrtgOgmp/CE2uiqiBLyo07pVCFrtlORFQ=";
+    tag = finalAttrs.version;
+    hash = "sha256-FHMa8fTr8qNEM5WptuMjMs/XOsvmFxi8pDaCrwJ3/ww=";
   };
 
   patches = [
     # The icon validator copied from Flatpak needs to access the gdk-pixbuf loaders
     # in the Nix store and cannot bind FHS paths since those are not available on NixOS.
-    (runCommand "icon-validator.patch" { } ''
-      # Flatpak uses a different path
-      substitute "${flatpak.icon-validator-patch}" "$out" \
-        --replace "/icon-validator/validate-icon.c" "/src/validate-icon.c"
-    '')
+    (substituteAll {
+      src = ./fix-icon-validation.patch;
+      inherit (builtins) storeDir;
+    })
+
+    # Same for the sound validator, except the gdk-pixbuf part.
+    (substituteAll {
+      src = ./fix-sound-validation.patch;
+      inherit (builtins) storeDir;
+    })
 
     # Allow installing installed tests to a separate output.
     ./installed-tests-path.patch
@@ -68,23 +72,14 @@ stdenv.mkDerivation (finalAttrs: {
 
     # test tries to read /proc/cmdline, which is not intended to be accessible in the sandbox
     ./trash-test.patch
-
-    # Install files required to be in XDG_DATA_DIR of the installed tests
-    # Merged PR https://github.com/flatpak/xdg-desktop-portal/pull/1444
-    ./installed-tests-share.patch
   ];
 
   nativeBuildInputs = [
-    docbook_xml_dtd_412
-    docbook_xml_dtd_43
-    docbook_xsl
     docutils # for rst2man
-    libxml2
     meson
     ninja
     pkg-config
-    wrapGAppsHook3
-    xmlto
+    wrapGAppsNoGuiHook
   ];
 
   buildInputs =
@@ -95,19 +90,14 @@ stdenv.mkDerivation (finalAttrs: {
       glib
       gsettings-desktop-schemas
       json-glib
-      libportal
       pipewire
+      gst_all_1.gst-plugins-base
+      libgudev
+      umockdev
 
       # For icon validator
       gdk-pixbuf
       librsvg
-
-      # For document-fuse installed test.
-      (python3.withPackages (
-        pp: with pp; [
-          pygobject3
-        ]
-      ))
       bash
     ]
     ++ lib.optionals enableGeoLocation [
@@ -118,25 +108,37 @@ stdenv.mkDerivation (finalAttrs: {
     ];
 
   nativeCheckInputs = [
+    dbus
+    gdk-pixbuf
+    gst_all_1.gstreamer
+    gst_all_1.gst-plugins-good
     gobject-introspection
-    python3.pkgs.pytest
-    python3.pkgs.python-dbusmock
-    python3.pkgs.pygobject3
-    python3.pkgs.dbus-python
+
+    # NB: this Python is used both for build-time tests
+    # and for installed (VM) tests, so it includes dependencies
+    # for both
+    (python3.withPackages (ps: [
+      ps.pytest
+      ps.python-dbusmock
+      ps.pygobject3
+      ps.dbus-python
+    ]))
+    umockdev
   ];
 
   mesonFlags =
     [
       "--sysconfdir=/etc"
       "-Dinstalled-tests=true"
       "-Dinstalled_test_prefix=${placeholder "installedTests"}"
+      "-Ddocumentation=disabled" # pulls in a whole lot of extra stuff
       (lib.mesonEnable "systemd" enableSystemd)
     ]
     ++ lib.optionals (!enableGeoLocation) [
       "-Dgeoclue=disabled"
     ]
     ++ lib.optionals (!finalAttrs.finalPackage.doCheck) [
-      "-Dpytest=disabled"
+      "-Dtests=disabled"
     ];
 
   strictDeps = true;
@@ -148,13 +150,8 @@ stdenv.mkDerivation (finalAttrs: {
     substituteInPlace meson.build \
       --replace-fail "find_program('bwrap'"  "find_program('${lib.getExe bubblewrap}'"
 
-    # Disable test failing with libportal 0.9.0
-    ${
-      assert (lib.versionOlder finalAttrs.version "1.20.0");
-      "# TODO: Remove when updating to x-d-p 1.20.0"
-    }
-    substituteInPlace tests/test-portals.c \
-      --replace-fail 'g_test_add_func ("/portal/notification/bad-arg", test_notification_bad_arg);' ""
+    patchShebangs src/generate-method-info.py
+    patchShebangs tests/run-test.sh
   '';
 
   preCheck = ''
@@ -165,42 +162,29 @@ stdenv.mkDerivation (finalAttrs: {
     # be flaky. Let's disable those downstream as hydra exhibits similar
     # flakes:
     #   https://github.com/NixOS/nixpkgs/pull/270085#issuecomment-1840053951
-    export TEST_IN_CI=1
-  '';
+    export XDP_TEST_IN_CI=1
 
-  postFixup =
-    let
-      documentFuse = "${placeholder "installedTests"}/libexec/installed-tests/xdg-desktop-portal/test-document-fuse.py";
-      testPortals = "${placeholder "installedTests"}/libexec/installed-tests/xdg-desktop-portal/test-portals";
-
-    in
-    ''
-      if [ -x '${documentFuse}' ] ; then
-        wrapGApp '${documentFuse}'
-        wrapGApp '${testPortals}'
-        # (xdg-desktop-portal:995): xdg-desktop-portal-WARNING **: 21:21:55.673: Failed to get GeoClue client: Timeout was reached
-        # xdg-desktop-portal:ERROR:../tests/location.c:22:location_cb: 'res' should be TRUE
-        # https://github.com/flatpak/xdg-desktop-portal/blob/1d6dfb57067dec182b546dfb60c87aa3452c77ed/tests/location.c#L21
-        rm $installedTests/share/installed-tests/xdg-desktop-portal/test-portals-location.test
-      fi
-    '';
+    # need to set this ourselves, because the tests will set LD_PRELOAD=libumockdev-preload.so,
+    # which can't be found because it's not in default rpath
+    export LD_PRELOAD=${lib.getLib umockdev}/lib/libumockdev-preload.so
+  '';
 
   passthru = {
     tests = {
       installedTests = nixosTests.installed-tests.xdg-desktop-portal;
 
       validate-icon = runCommand "test-icon-validation" { } ''
-        ${finalAttrs.finalPackage}/libexec/xdg-desktop-portal-validate-icon --sandbox 512 512 ${../../../applications/audio/zynaddsubfx/ZynLogo.svg} > "$out"
+        ${finalAttrs.finalPackage}/libexec/xdg-desktop-portal-validate-icon --ruleset=desktop --sandbox --path=${../../../applications/audio/zynaddsubfx/ZynLogo.svg} > "$out"
         grep format=svg "$out"
       '';
     };
   };
 
-  meta = with lib; {
+  meta = {
     description = "Desktop integration portals for sandboxed apps";
-    homepage = "https://flatpak.github.io/xdg-desktop-portal/";
-    license = licenses.lgpl2Plus;
-    maintainers = with maintainers; [ jtojnar ];
-    platforms = platforms.linux;
+    homepage = "https://flatpak.github.io/xdg-desktop-portal";
+    license = lib.licenses.lgpl2Plus;
+    maintainers = with lib.maintainers; [ jtojnar ];
+    platforms = lib.platforms.linux;
   };
 })

pkgs/development/libraries/xdg-desktop-portal/fix-icon-validation.patch

@@ -0,0 +1,33 @@
+diff --git a/src/validate-icon.c b/src/validate-icon.c
+index c42265b..320f028 100644
+--- a/src/validate-icon.c
++++ b/src/validate-icon.c
+@@ -254,7 +254,7 @@ flatpak_get_bwrap (void)
+ static int
+ rerun_in_sandbox (int input_fd)
+ {
+-  const char * const usrmerged_dirs[] = { "bin", "lib32", "lib64", "lib", "sbin" };
++  const char * const usrmerged_dirs[] = { };
+   g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free);
+   g_autofree char* arg_input_fd = NULL;
+   char validate_icon[PATH_MAX + 1];
+@@ -276,8 +276,7 @@ rerun_in_sandbox (int input_fd)
+             "--unshare-ipc",
+             "--unshare-net",
+             "--unshare-pid",
+-            "--ro-bind", "/usr", "/usr",
+-            "--ro-bind-try", "/etc/ld.so.cache", "/etc/ld.so.cache",
++            "--ro-bind", "@storeDir@", "@storeDir@",
+             "--ro-bind", validate_icon, validate_icon,
+             NULL);
+
+@@ -320,6 +319,9 @@ rerun_in_sandbox (int input_fd)
+   if (g_getenv ("G_MESSAGES_PREFIXED"))
+     add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL);
+
++  if (g_getenv ("GDK_PIXBUF_MODULE_FILE"))
++    add_args (args, "--setenv", "GDK_PIXBUF_MODULE_FILE", g_getenv ("GDK_PIXBUF_MODULE_FILE"), NULL);
++
+   arg_input_fd = g_strdup_printf ("%d", input_fd);
+   add_args (args,
+             validate_icon,

pkgs/development/libraries/xdg-desktop-portal/fix-sound-validation.patch

@@ -0,0 +1,32 @@
+diff --git a/src/validate-sound.c b/src/validate-sound.c
+index 7348d46..8b87c78 100644
+--- a/src/validate-sound.c
++++ b/src/validate-sound.c
+@@ -234,7 +234,7 @@ flatpak_get_bwrap (void)
+ static int
+ rerun_in_sandbox (int input_fd)
+ {
+-  const char * const usrmerged_dirs[] = { "bin", "lib32", "lib64", "lib", "sbin" };
++  const char * const usrmerged_dirs[] = { };
+   int i;
+   g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free);
+   char validate_sound[PATH_MAX + 1];
+@@ -255,8 +255,7 @@ rerun_in_sandbox (int input_fd)
+             "--unshare-ipc",
+             "--unshare-net",
+             "--unshare-pid",
+-            "--ro-bind", "/usr", "/usr",
+-            "--ro-bind-try", "/etc/ld.so.cache", "/etc/ld.so.cache",
++            "--ro-bind", "@storeDir@", "@storeDir@",
+             "--ro-bind", validate_sound, validate_sound,
+             NULL);
+
+@@ -299,6 +298,8 @@ rerun_in_sandbox (int input_fd)
+   if (g_getenv ("G_MESSAGES_PREFIXED"))
+     add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL);
+
++  if (g_getenv ("GST_PLUGIN_SYSTEM_PATH_1_0"))
++    add_args (args, "--setenv", "GST_PLUGIN_SYSTEM_PATH_1_0", g_getenv ("GST_PLUGIN_SYSTEM_PATH_1_0"), NULL);
+
+   arg_input_fd = g_strdup_printf ("%d", input_fd);
+   add_args (args, validate_sound, "--fd", arg_input_fd, NULL);

pkgs/development/libraries/xdg-desktop-portal/installed-tests-path.patch

@@ -1,8 +1,8 @@
 diff --git a/meson.build b/meson.build
-index b25f9ef..7975f85 100644
+index 4238adb..d3f89fd 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -40,8 +40,8 @@ if dataroot_dir == ''
+@@ -43,8 +43,8 @@ if dataroot_dir == ''
      dataroot_dir = datadir
  endif
 
@@ -14,17 +14,14 @@ index b25f9ef..7975f85 100644
 
  summary({
 diff --git a/meson_options.txt b/meson_options.txt
-index fccada3..ca87600 100644
+index ed8c311..0a2bf7e 100644
 --- a/meson_options.txt
 +++ b/meson_options.txt
-@@ -38,6 +38,10 @@ option('installed-tests',
-         type: 'boolean',
-         value: false,
-         description: 'Enable installation of some test cases')
+@@ -54,3 +54,7 @@ option('sandboxed-sound-validation',
+        type: 'feature',
+        value: 'enabled',
+        description: 'Use Bubblewrap to sandbox sound validation. Disabling this option may lead to security vulnerabilities.')
 +option('installed_test_prefix',
-+        type: 'string',
-+        value: '',
-+        description: 'Prefix for installed tests')
- option('pytest',
-         type: 'feature',
-         value: 'auto',
++       type: 'string',
++       value: '',
++       description: 'Prefix for installed tests')