ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
pkgs/development/libraries/xdg-desktop-portal/default.nix Normal file
View File

@@ -0,0 +1,194 @@
{
lib,
fetchFromGitHub,
flatpak,
fuse3,
bubblewrap,
docutils,
systemdMinimal,
geoclue2,
glib,
gsettings-desktop-schemas,
json-glib,
meson,
ninja,
nixosTests,
pipewire,
gdk-pixbuf,
librsvg,
gobject-introspection,
python3,
pkg-config,
stdenv,
runCommand,
wrapGAppsNoGuiHook,
bash,
dbus,
gst_all_1,
libgudev,
umockdev,
replaceVars,
enableGeoLocation ? true,
enableSystemd ? true,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "xdg-desktop-portal";
version = "1.20.3";
outputs = [
"out"
"installedTests"
];
src = fetchFromGitHub {
owner = "flatpak";
repo = "xdg-desktop-portal";
tag = finalAttrs.version;
hash = "sha256-ntTGEsk8GlXkp3i9RtF+T7jqnNdL2GVbu05d68WVTYc=";
};
patches = [
# The icon validator copied from Flatpak needs to access the gdk-pixbuf loaders
# in the Nix store and cannot bind FHS paths since those are not available on NixOS.
(replaceVars ./fix-icon-validation.patch {
inherit (builtins) storeDir;
})
# Same for the sound validator, except the gdk-pixbuf part.
(replaceVars ./fix-sound-validation.patch {
inherit (builtins) storeDir;
})
# Allow installing installed tests to a separate output.
./installed-tests-path.patch
# Look for portal definitions under path from `NIX_XDG_DESKTOP_PORTAL_DIR` environment variable.
# While upstream has `XDG_DESKTOP_PORTAL_DIR`, it is meant for tests and actually blocks
# any configs from being loaded from anywhere else.
./nix-pkgdatadir-env.patch
# test tries to read /proc/cmdline, which is not intended to be accessible in the sandbox
./trash-test.patch
];
nativeBuildInputs = [
docutils # for rst2man
glib
meson
ninja
pkg-config
wrapGAppsNoGuiHook
];
buildInputs = [
flatpak
fuse3
bubblewrap
glib
gsettings-desktop-schemas
json-glib
pipewire
gst_all_1.gst-plugins-base
libgudev
# For icon validator
gdk-pixbuf
librsvg
bash
]
++ lib.optionals enableGeoLocation [
geoclue2
]
++ lib.optionals enableSystemd [
systemdMinimal # libsystemd
];
nativeCheckInputs = [
dbus
gdk-pixbuf
gst_all_1.gstreamer
gst_all_1.gst-plugins-good
gobject-introspection
# NB: this Python is used both for build-time tests
# and for installed (VM) tests, so it includes dependencies
# for both
(python3.withPackages (ps: [
ps.pytest
ps.python-dbusmock
ps.pygobject3
ps.dbus-python
]))
umockdev
];
checkInputs = [ umockdev ];
mesonFlags = [
"--sysconfdir=/etc"
"-Dinstalled-tests=true"
"-Dinstalled_test_prefix=${placeholder "installedTests"}"
"-Ddocumentation=disabled" # pulls in a whole lot of extra stuff
(lib.mesonEnable "systemd" enableSystemd)
]
++ lib.optionals (!enableGeoLocation) [
"-Dgeoclue=disabled"
]
++ lib.optionals (!finalAttrs.finalPackage.doCheck) [
"-Dtests=disabled"
];
strictDeps = true;
doCheck = true;
postPatch = ''
# until/unless bubblewrap ships a pkg-config file, meson has no way to find it when cross-compiling.
substituteInPlace meson.build \
--replace-fail "find_program('bwrap'" "find_program('${lib.getExe bubblewrap}'"
patchShebangs src/generate-method-info.py
patchShebangs tests/run-test.sh
'';
preCheck = lib.optionalString finalAttrs.finalPackage.doCheck ''
# For test_trash_file
export HOME=$(mktemp -d)
# Upstream disables a few tests in CI upstream as they are known to
# be flaky. Let's disable those downstream as hydra exhibits similar
# flakes:
# https://github.com/NixOS/nixpkgs/pull/270085#issuecomment-1840053951
export XDP_TEST_IN_CI=1
# need to set this ourselves, because the tests will set LD_PRELOAD=libumockdev-preload.so,
# which can't be found because it's not in default rpath
export LD_PRELOAD=${lib.getLib umockdev}/lib/libumockdev-preload.so
'';
# We can't disable the installedTests output when doCheck is disabled,
# because that produces an infinite recursion.
preFixup = lib.optionalString (!finalAttrs.finalPackage.doCheck) ''
mkdir $installedTests
'';
passthru = {
tests = {
installedTests = nixosTests.installed-tests.xdg-desktop-portal;
validate-icon = runCommand "test-icon-validation" { } ''
${finalAttrs.finalPackage}/libexec/xdg-desktop-portal-validate-icon --ruleset=desktop --sandbox --path=${../../../applications/audio/zynaddsubfx/ZynLogo.svg} > "$out"
grep format=svg "$out"
'';
};
};
meta = {
description = "Desktop integration portals for sandboxed apps";
homepage = "https://flatpak.github.io/xdg-desktop-portal";
license = lib.licenses.lgpl2Plus;
maintainers = with lib.maintainers; [ jtojnar ];
platforms = lib.platforms.linux;
};
})

31
pkgs/development/libraries/xdg-desktop-portal/fix-icon-validation.patch Normal file
View File

@@ -0,0 +1,31 @@
--- a/src/validate-icon.c
+++ b/src/validate-icon.c
@@ -254,7 +254,7 @@ flatpak_get_bwrap (void)
static int
rerun_in_sandbox (int input_fd)
{
- const char * const usrmerged_dirs[] = { "bin", "lib32", "lib64", "lib", "sbin" };
+ const char * const usrmerged_dirs[] = { };
g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free);
g_autofree char* arg_input_fd = NULL;
char validate_icon[PATH_MAX + 1];
@@ -276,8 +276,7 @@ rerun_in_sandbox (int input_fd)
"--tmpfs", "/tmp",
"--proc", "/proc",
"--dev", "/dev",
- "--ro-bind", "/usr", "/usr",
- "--ro-bind-try", "/etc/ld.so.cache", "/etc/ld.so.cache",
+ "--ro-bind", "@storeDir@", "@storeDir@",
"--ro-bind", validate_icon, validate_icon,
NULL);
@@ -320,6 +319,9 @@ rerun_in_sandbox (int input_fd)
if (g_getenv ("G_MESSAGES_PREFIXED"))
add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL);
+ if (g_getenv ("GDK_PIXBUF_MODULE_FILE"))
+ add_args (args, "--setenv", "GDK_PIXBUF_MODULE_FILE", g_getenv ("GDK_PIXBUF_MODULE_FILE"), NULL);
+
arg_input_fd = g_strdup_printf ("%d", input_fd);
add_args (args,
validate_icon,

30
pkgs/development/libraries/xdg-desktop-portal/fix-sound-validation.patch Normal file
View File

@@ -0,0 +1,30 @@
--- a/src/validate-sound.c
+++ b/src/validate-sound.c
@@ -234,7 +234,7 @@ flatpak_get_bwrap (void)
static int
rerun_in_sandbox (int input_fd)
{
- const char * const usrmerged_dirs[] = { "bin", "lib32", "lib64", "lib", "sbin" };
+ const char * const usrmerged_dirs[] = { };
int i;
g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free);
char validate_sound[PATH_MAX + 1];
@@ -255,8 +255,7 @@ rerun_in_sandbox (int input_fd)
"--tmpfs", "/tmp",
"--proc", "/proc",
"--dev", "/dev",
- "--ro-bind", "/usr", "/usr",
- "--ro-bind-try", "/etc/ld.so.cache", "/etc/ld.so.cache",
+ "--ro-bind", "@storeDir@", "@storeDir@",
"--ro-bind", validate_sound, validate_sound,
NULL);
@@ -299,6 +298,8 @@ rerun_in_sandbox (int input_fd)
if (g_getenv ("G_MESSAGES_PREFIXED"))
add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL);
+ if (g_getenv ("GST_PLUGIN_SYSTEM_PATH_1_0"))
+ add_args (args, "--setenv", "GST_PLUGIN_SYSTEM_PATH_1_0", g_getenv ("GST_PLUGIN_SYSTEM_PATH_1_0"), NULL);
arg_input_fd = g_strdup_printf ("%d", input_fd);
add_args (args, validate_sound, "--fd", arg_input_fd, NULL);

27
pkgs/development/libraries/xdg-desktop-portal/installed-tests-path.patch Normal file
View File

@@ -0,0 +1,27 @@
diff --git a/meson.build b/meson.build
index 4238adb..d3f89fd 100644
--- a/meson.build
+++ b/meson.build
@@ -43,8 +43,8 @@ if dataroot_dir == ''
dataroot_dir = datadir
endif
-installed_tests_dir = prefix / libexecdir / 'installed-tests' / meson.project_name()
-installed_tests_data_dir = prefix / datadir / 'installed-tests' / meson.project_name()
+installed_tests_dir = get_option('installed_test_prefix') / 'libexec' / 'installed-tests' / meson.project_name()
+installed_tests_data_dir = get_option('installed_test_prefix') / 'share' / 'installed-tests' / meson.project_name()
docs_dir = datadir / 'doc' / meson.project_name()
summary({
diff --git a/meson_options.txt b/meson_options.txt
index ed8c311..0a2bf7e 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -54,3 +54,7 @@ option('sandboxed-sound-validation',
type: 'feature',
value: 'enabled',
description: 'Use Bubblewrap to sandbox sound validation. Disabling this option may lead to security vulnerabilities.')
+option('installed_test_prefix',
+ type: 'string',
+ value: '',
+ description: 'Prefix for installed tests')

11
pkgs/development/libraries/xdg-desktop-portal/nix-pkgdatadir-env.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/src/xdp-portal-impl.c
+++ b/src/xdp-portal-impl.c
@@ -277,6 +277,8 @@ load_installed_portals (gboolean opt_verbose)
/* We need to override this in the tests */
portal_dir = g_getenv ("XDG_DESKTOP_PORTAL_DIR");
+ if (portal_dir == NULL)
+ portal_dir = g_getenv ("NIX_XDG_DESKTOP_PORTAL_DIR");
if (portal_dir != NULL)
{

18
pkgs/development/libraries/xdg-desktop-portal/trash-test.patch Normal file
View File

@@ -0,0 +1,18 @@
diff --git a/tests/test_trash.py b/tests/test_trash.py
index 2637256..e89d45c 100644
--- a/tests/test_trash.py
+++ b/tests/test_trash.py
@@ -13,13 +13,6 @@ class TestTrash:
def test_version(self, portals, dbus_con):
xdp.check_version(dbus_con, "Trash", 1)
- def test_trash_file_fails(self, portals, dbus_con):
- trash_intf = xdp.get_portal_iface(dbus_con, "Trash")
- with open("/proc/cmdline") as fd:
- result = trash_intf.TrashFile(fd.fileno())
-
- assert result == 0
-
def test_trash_file(self, portals, dbus_con):
trash_intf = xdp.get_portal_iface(dbus_con, "Trash")