Using FILE_GENERIC_READ | FILE_GENERIC_WRITE access rights for directory monitoring
might cause problems, as noted in https://gitlab.gnome.org/GNOME/gimp/-/issues/4594.

ReadDirectoryChanges only needs FILE_LIST_DIRECTORY, so use that.

Fixes: https://gitlab.gnome.org/GNOME/gimp/-/issues/4594

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

It’s unlikely that the machine ID will be invalid (it’s system
configuration), but it would be helpful to not propagate invalid IDs
further, since a lot of things rely on it.

It’s not easy to test this (it requires factoring out the code so it can
be used from a test program, or allowing it to load a machine ID from a
custom path), so I haven’t added unit tests. I’ve tested manually by
overriding the loaded machine ID.

Coverity CID: #1430944

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

This will require distributions to ensure they pass
`--localstatedir=/var` correctly to Meson, but they should be doing that
already.

See https://mesonbuild.com/Builtin-options.html#directories

 for details
about how Meson treats `localstatedir` differently from most other `dir`
variables.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

So the tests can access `/var/lib/dbus/machine-id`. This is not a
behaviour change relative to older behaviour on CI.

In future, it might make more sense to revert this commit and change the
CI scripts so they symlink
`/home/user/glib-installed/var/lib/dbus/machine-id` to the system
machine ID; or ensure that `/etc/machine-id` exists on all the CI
machines. That’s too complicated to do right now though.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Include the size of the `machine-id` file, but not the value itself as
that is sensitive for non-throwaway machines. What’s most useful for
debugging CI problems is knowing whether, and where, the `machine-id` is
set.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Run `systemd-machine-id-setup` when creating the image, so that
`/etc/machine-id` is created with a valid ID. Since systemd isn’t
started when running the CI image with podman/Docker, it’s not created
otherwise. This causes some tests to fail.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Close output file to ensure all buffered output actually gets written.

Otherwise, glib-genmarshal output is sometimes empty (for example, when trying
to build gdk-pixbuf on Windows, with Meson installed from .msi package).

argparse.FileType doesn't get closed automagically when the script exits:
https://bugs.python.org/issue13824

Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2341

Commit 2330f7e6 changed 'asm' to '__asm__' in
g_bit_lock and g_bit_trylock.

Replace 'asm' with '__asm__' in the remaining functions.

Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2344

This mirrors the existing `calloc()` suppression for that code path.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

gbitlock.c: replace remaining 'asm' with '__asm__'

Closes #2344

See merge request GNOME/glib!1979

Use the right permissions for directory watching on Win32

Closes gimp#4594

See merge request GNOME/glib!1976

glib-genmarshal: close output file

Closes #2341

See merge request GNOME/glib!1978

Validate D-Bus machine ID after loading

See merge request GNOME/glib!1962

glib.supp: Add another system thread suppression

See merge request GNOME/glib!1980

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Since a following commit is going to add a new test which references
Gitlab, so it’s best to move the URI bases inside the test cases.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

This clarifies the code a little. It introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking
the destination file and re-creating it from scratch. That did
previously work, but in the process the code would call `open(O_CREAT)`
on the file. If the file was a dangling symlink, this would create the
destination file (empty). That’s not an intended side-effect, and has
security implications if the symlink is controlled by a lower-privileged
process.

Fix that by not opening the destination file if it’s a symlink, and
adjusting the rest of the code to cope with
 - the fact that `fd == -1` is not an error iff `is_symlink` is true,
 - and that `original_stat` will contain the `lstat()` results for the
   symlink now, rather than the `stat()` results for its target (again,
   iff `is_symlink` is true).

This means that the target of the dangling symlink is no longer created,
which was the bug. The symlink itself continues to be replaced (as
before) with the new file — this is the intended behaviour of
`g_file_replace()`.

The behaviour for non-symlink cases, or cases where the symlink was not
dangling, should be unchanged.

Includes a unit test.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2325

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

These test all the functionality and combinations of flags I can think
of. They do not cover dynamic behaviour (for example, what would happen
if the source file is deleted by another process part-way through a call
to `g_file_replace()`).

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

`ENXIO` can be returned from `open(2)` for special files (FIFOs, device
files and domain sockets) which are not backed by anything.

This fixes the error returned by `g_file_replace()` when trying to
replace such a file, so that it now matches the documentation.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

These changes were missing from commit 62cc3158

 and broke CI on
FreeBSD.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Calling `dlopen()` with `libutil.so` makes the installed tests depend on
having glibc's development files installed. To avoid this, we can work
out the runtime library name at build time and `dlopen` that instead.

This approach is [taken from libfprint][1], thanks to Marco Trevisan.

[1]: https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7

Resolve "file-roller symlink attack"

Closes #2325

See merge request GNOME/glib!1981

Rather than returning a URI, which definitely won’t be a valid basename.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2328

`""` is not a valid path (`stat()` on it returns `ENOENT`). Previously,
a full `GLocalFile` was being created, which ended up resolving to
`$CWD`, through path canonicalisation. That isn’t right.

Fix it by creating a `GDummyFile` instead, and adding a unit test.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2328

gio/tests/{meson.build,pollable.c}: Determine libutil SONAME at build time

See merge request GNOME/glib!1977

glocalvfs: Create a dummy file for g_file_new_for_path("")

Closes #2328

See merge request GNOME/glib!1983

Teach `glib-mkenums` how to parse and ignore:
 - `GLIB_AVAILABLE_ENUMERATOR_IN_x_xx`
 - `GLIB_DEPRECATED_ENUMERATOR_IN_x_xx`
 - `GLIB_DEPRECATED_ENUMERATOR_IN_x_xx_FOR(x)`

Future work could expose the deprecation/availability information as
substitutions in the template file, but this commit does not do that.

It does, however, add some unit tests for the annotations.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2327

In the 2.68 cycle we’d added 3 new enumerator elements. Due to the
preceding commit, they can now be annotated with
`GLIB_AVAILABLE_ENUMERATOR_IN_2_68`, which will make it a bit easier for
third party projects to notice when they’re using these symbols without
having bumped their GLib dependency.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2327

glib-mkenums: Parse and skip deprecation/availability annotations

Closes #2327

See merge request GNOME/glib!1984

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>