-
Notifications
You must be signed in to change notification settings - Fork 140
/
finish_args.py
87 lines (65 loc) · 3.25 KB
/
finish_args.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
from collections import defaultdict
from . import Check
class FinishArgsCheck(Check):
type = "manifest"
def check(self, manifest: dict) -> None:
appid = manifest.get("id")
if isinstance(appid, str):
is_baseapp = appid.endswith(".BaseApp")
else:
is_baseapp = False
finish_args_list = manifest.get("finish-args")
build_extension = manifest.get("build-extension")
if not finish_args_list and not (build_extension or is_baseapp):
self.errors.add("finish-args-not-defined")
return
if build_extension:
return
fa = defaultdict(set)
if finish_args_list:
for arg in finish_args_list:
split = arg.split("=")
key = split[0].removeprefix("--")
value = "=".join(split[1:])
fa[key].add(value)
if "x11" in fa["socket"] and "fallback-x11" in fa["socket"]:
self.errors.add("finish-args-contains-both-x11-and-fallback")
if "x11" in fa["socket"] and "wayland" in fa["socket"]:
self.warnings.add("finish-args-contains-both-x11-and-wayland")
if "x11" in fa["socket"] or "fallback-x11" in fa["socket"]:
if "ipc" not in fa["share"]:
self.warnings.add("finish-args-x11-without-ipc")
for xdg_dir in ["xdg-data", "xdg-config", "xdg-cache"]:
if xdg_dir in fa["filesystem"]:
self.errors.add(f"finish-args-arbitrary-{xdg_dir}-access")
for fs in fa["filesystem"]:
if fs.startswith(f"{xdg_dir}/") and fs.endswith(":create"):
self.errors.add(f"finish-args-unnecessary-{xdg_dir}-access")
if "home" in fa["filesystem"] and "host" in fa["filesystem"]:
self.errors.add("finish-args-redundant-home-and-host")
for own_name in fa["own-name"]:
if own_name.startswith("org.kde.StatusNotifierItem"):
self.errors.add("finish-args-broken-kde-tray-permission")
if appid:
# Values not allowed: appid or appid.*
# See https://github.com/flathub/flatpak-builder-lint/issues/33
if own_name == appid or (
own_name.startswith(appid) and own_name[len(appid)] == "."
):
self.errors.add("finish-args-unnecessary-appid-own-name")
if (
"xdg-config/autostart" in fa["filesystem"]
or "xdg-config/autostart:create" in fa["filesystem"]
):
self.errors.add("finish-args-arbitrary-autostart-access")
if "system-bus" in fa["socket"] or "session-bus" in fa["socket"]:
self.errors.add("finish-args-arbitrary-dbus-access")
if "org.gtk.vfs" in fa["talk-name"]:
# https://github.com/flathub/flathub/issues/2180#issuecomment-811984901
self.errors.add("finish-args-incorrect-dbus-gvfs")
if "shm" in fa["device"]:
self.warnings.add("finish-args-deprecated-shm")
if "all" in fa["device"] and len(fa["device"]) > 1:
self.errors.add("finish-args-redundant-device-all")
if "org.freedesktop.Flatpak" in fa["talk-name"]:
self.errors.add("finish-args-flatpak-spawn-access")