Bug#984578: unblock: flatpak/1.10.1-4
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package flatpak
[ Reason ]
* Apply proposed patch fixing a security vulnerability
* Improve compatibility with C++
* Fixes to automated tests
[ Impact ]
* If the security fix is not applied:
- a malicious Flatpak app can escape the sandbox even if its permissions
should not allow that
* If the header file fixes are not applied:
- C++ code cannot use libflatpak without using a problematic workaround
that is broken by future (Debian 12) versions of GLib
* If test fixes are not applied:
- test failure on non-x86 in non-schroot, non-lxc environments
- some minor memory leaks when running the automated tests
(I wouldn't have fixed this one if I had known I would have to do
a security update so soon, but the patch is trivial and low-risk)
[ Tests ]
The upstream test suite is run at build time and under autopkgtest.
A lot of it has to be skipped in schroot and lxc, but I run it under
qemu before upload for better coverage.
Also manually tested by installing an app modified to exploit the security
vulnerability.
Most of the changes were only 2 days from migration, but the need to upload
the security fix resets the migration clock.
[ Risks ]
These are targeted fixes that seem unlikely to cause regressions. They're
easy to revert if it somehow becomes necessary.
The patch adding G_BEGIN_DECLS/G_END_DECLS (macros around
'extern "C" {}' guards) is fairly long, but is just making one
straightforward change in multiple places. The other patches are all
closely-targeted and easy to review.
The security fix might not be the final version: it has not been reviewed
by an upstream maintainer yet, and I made some suggestions for improvement
on the upstream PR. However, it seems correct, and applying something
is better than nothing. I'll update the package with an upstream-reviewed
patch when one becomes available.
The fix for test failure on non-x86 is unreviewed, but is also quite obvious.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
In previous Debian stable releases I have followed the upstream
stable-branch in Debian for as long as it continued to be maintained, to
pick up targeted bug fixes and interop fixes recommended by upstream,
and I hope to do the same for Flatpak 1.10.x in Debian 11. The SRMs and
security team seem happy with this approach so far.
unblock flatpak/1.10.1-4
diffstat for flatpak-1.10.1 flatpak-1.10.1
changelog | 23 +
patches/Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch | 208 ++++++++++
patches/Disallow-and-u-usage-in-desktop-files.patch | 23 +
patches/series | 4
patches/testlibrary-Fix-memory-leaks.patch | 28 +
patches/tests-Disable-revokefs-if-FUSE-doesn-t-work.patch | 3
patches/tests-Remove-hard-coded-references-to-x86_64.patch | 40 +
7 files changed, 328 insertions(+), 1 deletion(-)
diff -Nru flatpak-1.10.1/debian/changelog flatpak-1.10.1/debian/changelog
--- flatpak-1.10.1/debian/changelog 2021-01-28 22:24:20.000000000 +0000
+++ flatpak-1.10.1/debian/changelog 2021-03-05 10:21:35.000000000 +0000
@@ -1,3 +1,26 @@
+flatpak (1.10.1-4) unstable; urgency=high
+
+ * d/p/Disallow-and-u-usage-in-desktop-files.patch:
+ Add proposed patch to fix a sandbox escape via crafted .desktop
+ files (flatpak#4146). Thanks, Ryan Gonzalez
+ * d/p/tests-Remove-hard-coded-references-to-x86_64.patch:
+ Add proposed patch to fix some tests on non-x86_64 machines.
+ The affected tests were already skipped in schroot/lxc for other
+ reasons, but would be run (and fail) on autopkgtest testbeds with
+ isolation-machine and working FUSE.
+
+ -- Simon McVittie <smcv@debian.org> Fri, 05 Mar 2021 10:21:35 +0000
+
+flatpak (1.10.1-3) unstable; urgency=medium
+
+ * Mark patch as applied upstream
+ * Add bugfixes from upstream flatpak-1.10.x branch
+ - Add extern "C" guards to header files, fixing compilation of C++ code
+ such as plasma-discover against GLib 2.67.x
+ - Fix memory leaks in the unit tests
+
+ -- Simon McVittie <smcv@debian.org> Wed, 24 Feb 2021 13:59:56 +0000
+
flatpak (1.10.1-2) unstable; urgency=medium
* d/patches: Disable FUSE-based revokefs if any of several factors fail.
diff -Nru flatpak-1.10.1/debian/patches/Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch flatpak-1.10.1/debian/patches/Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch
--- flatpak-1.10.1/debian/patches/Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch 1970-01-01 01:00:00.000000000 +0100
+++ flatpak-1.10.1/debian/patches/Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch 2021-03-05 10:21:35.000000000 +0000
@@ -0,0 +1,208 @@
+From: Kalev Lember <klember@redhat.com>
+Date: Fri, 12 Feb 2021 15:55:28 +0100
+Subject: Add G_BEGIN_DECLS/G_END_DECLS to public headers
+
+This ensures that we correctly specify C linkage when including flatpak
+headers from C++ code.
+
+This should fix fallout from glib's change to include C++ code in its
+headers, see https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1935
+for discussion.
+
+Fixes https://github.com/flatpak/flatpak/issues/4117
+
+(cherry picked from commit 426284759c58df81bdbc80167f01058a2c197c0d)
+
+Origin: upstream, 1.10.2, commit:93fb812b44ccccf7415cd2ee21dc49807df302a2
+---
+ common/flatpak-bundle-ref.h | 4 ++++
+ common/flatpak-installation.h | 3 +++
+ common/flatpak-installed-ref.h | 4 ++++
+ common/flatpak-instance.h | 4 ++++
+ common/flatpak-ref.h | 4 ++++
+ common/flatpak-related-ref.h | 4 ++++
+ common/flatpak-remote-ref.h | 4 ++++
+ common/flatpak-remote.h | 3 +++
+ common/flatpak-transaction.h | 4 ++++
+ 9 files changed, 34 insertions(+)
+
+diff --git a/common/flatpak-bundle-ref.h b/common/flatpak-bundle-ref.h
+index 20484db..0b3638b 100644
+--- a/common/flatpak-bundle-ref.h
++++ b/common/flatpak-bundle-ref.h
+@@ -30,6 +30,8 @@ typedef struct _FlatpakBundleRef FlatpakBundleRef;
+ #include <gio/gio.h>
+ #include <flatpak-ref.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_BUNDLE_REF flatpak_bundle_ref_get_type ()
+ #define FLATPAK_BUNDLE_REF(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_BUNDLE_REF, FlatpakBundleRef))
+ #define FLATPAK_IS_BUNDLE_REF(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_BUNDLE_REF))
+@@ -62,4 +64,6 @@ FLATPAK_EXTERN char *flatpak_bundle_ref_get_runtime_repo_url (Flatpak
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC (FlatpakBundleRef, g_object_unref)
+ #endif
+
++G_END_DECLS
++
+ #endif /* __FLATPAK_BUNDLE_REF_H__ */
+diff --git a/common/flatpak-installation.h b/common/flatpak-installation.h
+index 8a6f784..2119a74 100644
+--- a/common/flatpak-installation.h
++++ b/common/flatpak-installation.h
+@@ -32,6 +32,8 @@ typedef struct _FlatpakInstallation FlatpakInstallation;
+ #include <flatpak-instance.h>
+ #include <flatpak-remote.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_INSTALLATION flatpak_installation_get_type ()
+ #define FLATPAK_INSTALLATION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_INSTALLATION, FlatpakInstallation))
+ #define FLATPAK_IS_INSTALLATION(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_INSTALLATION))
+@@ -477,5 +479,6 @@ FLATPAK_EXTERN gboolean flatpak_installation_run_triggers (FlatpakInsta
+ GCancellable *cancellable,
+ GError **error);
+
++G_END_DECLS
+
+ #endif /* __FLATPAK_INSTALLATION_H__ */
+diff --git a/common/flatpak-installed-ref.h b/common/flatpak-installed-ref.h
+index 9de0451..0bb90ef 100644
+--- a/common/flatpak-installed-ref.h
++++ b/common/flatpak-installed-ref.h
+@@ -30,6 +30,8 @@ typedef struct _FlatpakInstalledRef FlatpakInstalledRef;
+ #include <gio/gio.h>
+ #include <flatpak-ref.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_INSTALLED_REF flatpak_installed_ref_get_type ()
+ #define FLATPAK_INSTALLED_REF(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_INSTALLED_REF, FlatpakInstalledRef))
+ #define FLATPAK_IS_INSTALLED_REF(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_INSTALLED_REF))
+@@ -71,4 +73,6 @@ FLATPAK_EXTERN GBytes *flatpak_installed_ref_load_appdata (FlatpakInstalled
+ FLATPAK_EXTERN const char * flatpak_installed_ref_get_eol (FlatpakInstalledRef *self);
+ FLATPAK_EXTERN const char * flatpak_installed_ref_get_eol_rebase (FlatpakInstalledRef *self);
+
++G_END_DECLS
++
+ #endif /* __FLATPAK_INSTALLED_REF_H__ */
+diff --git a/common/flatpak-instance.h b/common/flatpak-instance.h
+index 772551f..7b064cf 100644
+--- a/common/flatpak-instance.h
++++ b/common/flatpak-instance.h
+@@ -29,6 +29,8 @@ typedef struct _FlatpakInstance FlatpakInstance;
+
+ #include <glib-object.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_INSTANCE flatpak_instance_get_type ()
+ #define FLATPAK_INSTANCE(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_INSTANCE, FlatpakInstance))
+ #define FLATPAK_IS_INSTANCE(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_INSTANCE))
+@@ -65,4 +67,6 @@ FLATPAK_EXTERN GKeyFile * flatpak_instance_get_info (FlatpakInstance *self);
+
+ FLATPAK_EXTERN gboolean flatpak_instance_is_running (FlatpakInstance *self);
+
++G_END_DECLS
++
+ #endif /* __FLATPAK_INSTANCE_H__ */
+diff --git a/common/flatpak-ref.h b/common/flatpak-ref.h
+index 285379b..f6d3620 100644
+--- a/common/flatpak-ref.h
++++ b/common/flatpak-ref.h
+@@ -29,6 +29,8 @@ typedef struct _FlatpakRef FlatpakRef;
+
+ #include <glib-object.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_REF flatpak_ref_get_type ()
+ #define FLATPAK_REF(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_REF, FlatpakRef))
+ #define FLATPAK_IS_REF(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_REF))
+@@ -73,4 +75,6 @@ FLATPAK_EXTERN FlatpakRef * flatpak_ref_parse (const char *ref,
+ GError **error);
+ FLATPAK_EXTERN const char * flatpak_ref_get_collection_id (FlatpakRef *self);
+
++G_END_DECLS
++
+ #endif /* __FLATPAK_REF_H__ */
+diff --git a/common/flatpak-related-ref.h b/common/flatpak-related-ref.h
+index f33dae8..10d32a1 100644
+--- a/common/flatpak-related-ref.h
++++ b/common/flatpak-related-ref.h
+@@ -30,6 +30,8 @@ typedef struct _FlatpakRelatedRef FlatpakRelatedRef;
+ #include <gio/gio.h>
+ #include <flatpak-ref.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_RELATED_REF flatpak_related_ref_get_type ()
+ #define FLATPAK_RELATED_REF(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_RELATED_REF, FlatpakRelatedRef))
+ #define FLATPAK_IS_RELATED_REF(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_RELATED_REF))
+@@ -55,4 +57,6 @@ FLATPAK_EXTERN gboolean flatpak_related_ref_should_download (FlatpakRelatedR
+ FLATPAK_EXTERN gboolean flatpak_related_ref_should_delete (FlatpakRelatedRef *self);
+ FLATPAK_EXTERN gboolean flatpak_related_ref_should_autoprune (FlatpakRelatedRef *self);
+
++G_END_DECLS
++
+ #endif /* __FLATPAK_RELATED_REF_H__ */
+diff --git a/common/flatpak-remote-ref.h b/common/flatpak-remote-ref.h
+index 0c9a4e8..b6478a0 100644
+--- a/common/flatpak-remote-ref.h
++++ b/common/flatpak-remote-ref.h
+@@ -30,6 +30,8 @@ typedef struct _FlatpakRemoteRef FlatpakRemoteRef;
+ #include <gio/gio.h>
+ #include <flatpak-ref.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_REMOTE_REF flatpak_remote_ref_get_type ()
+ #define FLATPAK_REMOTE_REF(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_REMOTE_REF, FlatpakRemoteRef))
+ #define FLATPAK_IS_REMOTE_REF(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_REMOTE_REF))
+@@ -57,4 +59,6 @@ FLATPAK_EXTERN const char * flatpak_remote_ref_get_eol_rebase (FlatpakRemoteRef
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC (FlatpakRemoteRef, g_object_unref)
+ #endif
+
++G_END_DECLS
++
+ #endif /* __FLATPAK_REMOTE_REF_H__ */
+diff --git a/common/flatpak-remote.h b/common/flatpak-remote.h
+index fa223d3..6495413 100644
+--- a/common/flatpak-remote.h
++++ b/common/flatpak-remote.h
+@@ -44,6 +44,8 @@ typedef struct _FlatpakRemote FlatpakRemote;
+ #include <gio/gio.h>
+ #include <flatpak-remote-ref.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_REMOTE flatpak_remote_get_type ()
+ #define FLATPAK_REMOTE(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_REMOTE, FlatpakRemote))
+ #define FLATPAK_IS_REMOTE(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_REMOTE))
+@@ -124,5 +126,6 @@ FLATPAK_EXTERN void flatpak_remote_set_filter (FlatpakRemote *self,
+
+ FLATPAK_EXTERN FlatpakRemoteType flatpak_remote_get_remote_type (FlatpakRemote *self);
+
++G_END_DECLS
+
+ #endif /* __FLATPAK_REMOTE_H__ */
+diff --git a/common/flatpak-transaction.h b/common/flatpak-transaction.h
+index 37c4144..870bfbc 100644
+--- a/common/flatpak-transaction.h
++++ b/common/flatpak-transaction.h
+@@ -28,6 +28,8 @@
+ #include <gio/gio.h>
+ #include <flatpak-installation.h>
+
++G_BEGIN_DECLS
++
+ #define FLATPAK_TYPE_TRANSACTION flatpak_transaction_get_type ()
+ #define FLATPAK_TYPE_TRANSACTION_PROGRESS flatpak_transaction_progress_get_type ()
+ #define FLATPAK_TYPE_TRANSACTION_OPERATION flatpak_transaction_operation_get_type ()
+@@ -315,4 +317,6 @@ gboolean flatpak_transaction_add_uninstall (FlatpakTransaction *self,
+ FLATPAK_EXTERN
+ gboolean flatpak_transaction_is_empty (FlatpakTransaction *self);
+
++G_END_DECLS
++
+ #endif /* __FLATPAK_TRANSACTION_H__ */
diff -Nru flatpak-1.10.1/debian/patches/Disallow-and-u-usage-in-desktop-files.patch flatpak-1.10.1/debian/patches/Disallow-and-u-usage-in-desktop-files.patch
--- flatpak-1.10.1/debian/patches/Disallow-and-u-usage-in-desktop-files.patch 1970-01-01 01:00:00.000000000 +0100
+++ flatpak-1.10.1/debian/patches/Disallow-and-u-usage-in-desktop-files.patch 2021-03-05 10:21:35.000000000 +0000
@@ -0,0 +1,23 @@
+From: Ryan Gonzalez <rymg19@gmail.com>
+Date: Tue, 2 Mar 2021 13:20:07 -0600
+Subject: Disallow @@ and @@u usage in desktop files
+
+Bug: https://github.com/flatpak/flatpak/issues/4146
+Forwarded: https://github.com/flatpak/flatpak/pull/4148
+---
+ common/flatpak-dir.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
+index 507a71b..82f2ce6 100644
+--- a/common/flatpak-dir.c
++++ b/common/flatpak-dir.c
+@@ -7139,6 +7139,8 @@ export_desktop_file (const char *app,
+ g_string_append_printf (new_exec, " @@ %s @@", arg);
+ else if (strcasecmp (arg, "%u") == 0)
+ g_string_append_printf (new_exec, " @@u %s @@", arg);
++ else if (strcmp (arg, "@@") == 0 || strcmp (arg, "@@u") == 0)
++ g_print (_("Skipping invalid Exec argument %s\n"), arg);
+ else
+ g_string_append_printf (new_exec, " %s", arg);
+ }
diff -Nru flatpak-1.10.1/debian/patches/series flatpak-1.10.1/debian/patches/series
--- flatpak-1.10.1/debian/patches/series 2021-01-28 22:24:20.000000000 +0000
+++ flatpak-1.10.1/debian/patches/series 2021-03-05 10:21:35.000000000 +0000
@@ -1 +1,5 @@
+testlibrary-Fix-memory-leaks.patch
+Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch
tests-Disable-revokefs-if-FUSE-doesn-t-work.patch
+Disallow-and-u-usage-in-desktop-files.patch
+tests-Remove-hard-coded-references-to-x86_64.patch
diff -Nru flatpak-1.10.1/debian/patches/testlibrary-Fix-memory-leaks.patch flatpak-1.10.1/debian/patches/testlibrary-Fix-memory-leaks.patch
--- flatpak-1.10.1/debian/patches/testlibrary-Fix-memory-leaks.patch 1970-01-01 01:00:00.000000000 +0100
+++ flatpak-1.10.1/debian/patches/testlibrary-Fix-memory-leaks.patch 2021-03-05 10:21:35.000000000 +0000
@@ -0,0 +1,28 @@
+From: Phaedrus Leeds <mwleeds@endlessos.org>
+Date: Thu, 4 Feb 2021 19:04:15 -0800
+Subject: testlibrary: Fix memory leaks
+
+(cherry picked from commit 7224809bc1e2584708b29ec1389cbcf1eeba1d3f)
+
+Origin: upstream, 1.10.2, commit:a1a6b7f208676885c770ab5ee97f71dacbc4baa1
+---
+ tests/testlibrary.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/testlibrary.c b/tests/testlibrary.c
+index 718f37c..b5ad853 100644
+--- a/tests/testlibrary.c
++++ b/tests/testlibrary.c
+@@ -1338,10 +1338,10 @@ test_list_remote_related_refs (void)
+ // Make the test with extra-languages, instead of languages
+ clean_languages();
+ configure_extra_languages();
+-
+- inst = flatpak_installation_new_user (NULL, &error);
++ flatpak_installation_drop_caches (inst, NULL, &error);
+ g_assert_no_error (error);
+
++ g_clear_pointer (&refs, g_ptr_array_unref);
+ refs = flatpak_installation_list_remote_related_refs_sync (inst, repo_name, app, NULL, &error);
+ g_assert_nonnull (refs);
+ g_assert_no_error (error);
diff -Nru flatpak-1.10.1/debian/patches/tests-Disable-revokefs-if-FUSE-doesn-t-work.patch flatpak-1.10.1/debian/patches/tests-Disable-revokefs-if-FUSE-doesn-t-work.patch
--- flatpak-1.10.1/debian/patches/tests-Disable-revokefs-if-FUSE-doesn-t-work.patch 2021-01-28 22:24:20.000000000 +0000
+++ flatpak-1.10.1/debian/patches/tests-Disable-revokefs-if-FUSE-doesn-t-work.patch 2021-03-05 10:21:35.000000000 +0000
@@ -15,6 +15,7 @@
that needs it, is based on the patches applied in @alexlarsson's PPA.
Signed-off-by: Simon McVittie <smcv@collabora.com>
+Applied-upstream: 1.11.0, commit:a926776cf4fcacc2d096e10bf1578a0e7c626cc7
Forwarded: https://github.com/flatpak/flatpak/pull/4098
---
tests/Makefile.am.inc | 8 +++-
@@ -179,7 +180,7 @@
+gboolean check_fuse (void);
+gboolean check_fuse_or_skip_test (void);
diff --git a/tests/testlibrary.c b/tests/testlibrary.c
-index 718f37c..64dff19 100644
+index b5ad853..b8f04ef 100644
--- a/tests/testlibrary.c
+++ b/tests/testlibrary.c
@@ -10,6 +10,8 @@
diff -Nru flatpak-1.10.1/debian/patches/tests-Remove-hard-coded-references-to-x86_64.patch flatpak-1.10.1/debian/patches/tests-Remove-hard-coded-references-to-x86_64.patch
--- flatpak-1.10.1/debian/patches/tests-Remove-hard-coded-references-to-x86_64.patch 1970-01-01 01:00:00.000000000 +0100
+++ flatpak-1.10.1/debian/patches/tests-Remove-hard-coded-references-to-x86_64.patch 2021-03-05 10:21:35.000000000 +0000
@@ -0,0 +1,40 @@
+From: Simon McVittie <smcv@collabora.com>
+Date: Fri, 26 Feb 2021 19:48:10 +0000
+Subject: tests: Remove hard-coded references to x86_64
+
+Distributions run these tests on other architectures, but hard-coding
+x86_64 to look for in output dooms that to failure.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+Forwarded: https://github.com/flatpak/flatpak/pull/4142
+---
+ tests/test-oci.sh | 2 +-
+ tests/test-unused.sh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test-oci.sh b/tests/test-oci.sh
+index 50e4504..0e4726f 100755
+--- a/tests/test-oci.sh
++++ b/tests/test-oci.sh
+@@ -51,7 +51,7 @@ image=oci/image/blobs/sha256/$DIGEST
+ assert_has_file $image
+ assert_file_has_content $image "org\.freedesktop\.appstream\.appdata.*<summary>Print a greeting</summary>"
+ assert_file_has_content $image "org\.freedesktop\.appstream\.icon-64"
+-assert_file_has_content $image org.flatpak.ref.*app/org.test.Hello/x86_64/master
++assert_file_has_content $image org.flatpak.ref.*app/"org.test.Hello/$ARCH/master"
+
+ ok "export oci"
+
+diff --git a/tests/test-unused.sh b/tests/test-unused.sh
+index 5bd359a..20bbabe 100755
+--- a/tests/test-unused.sh
++++ b/tests/test-unused.sh
+@@ -391,7 +391,7 @@ ok "list unused regular"
+
+ mv unused.txt old-unused.txt
+
+-${test_builddir}/list-unused --exclude app/org.app.APP_A/x86_64/stable | sed s@^app/@@g | sed s@^runtime/@@g | sort > unused.txt
++${test_builddir}/list-unused --exclude "app/org.app.APP_A/$ARCH/stable" | sed s@^app/@@g | sed s@^runtime/@@g | sort > unused.txt
+
+ # We don't report the excluded ref itself as unused. It's as if it wasn't even installed
+ assert_not_file_has_content unused.txt "org.app.APP_A/"
Reply to: