mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-29 00:46:16 +01:00
407 lines
20 KiB
Markdown
407 lines
20 KiB
Markdown
|
Title: Overview
|
|||
|
SPDX-License-Identifier: LGPL-2.1-or-later
|
|||
|
SPDX-FileCopyrightText: 2007, 2008, 2010, 2011, 2012, 2013 Matthias Clasen
|
|||
|
SPDX-FileCopyrightText: 2007, 2009 Alexander Larsson
|
|||
|
SPDX-FileCopyrightText: 2008 A. Walton
|
|||
|
SPDX-FileCopyrightText: 2010 David Zeuthen
|
|||
|
SPDX-FileCopyrightText: 2013 Stef Walter
|
|||
|
SPDX-FileCopyrightText: 2015 Collabora, Ltd.
|
|||
|
SPDX-FileCopyrightText: 2016 Colin Walters
|
|||
|
SPDX-FileCopyrightText: 2020 Wouter Bolsterlee
|
|||
|
SPDX-FileCopyrightText: 2022 Endless OS Foundation, LLC
|
|||
|
|
|||
|
# Overview
|
|||
|
|
|||
|
GIO is striving to provide a modern, easy-to-use VFS API that sits at the
|
|||
|
right level in the library stack, as well as other generally useful APIs
|
|||
|
for desktop applications (such as networking and D-Bus support). The goal
|
|||
|
is to overcome the shortcomings of GnomeVFS and provide an API that is so
|
|||
|
good that developers prefer it over raw POSIX calls. Among other things
|
|||
|
that means using GObject. It also means not cloning the POSIX API, but
|
|||
|
providing higher-level, document-centric interfaces.
|
|||
|
|
|||
|
The abstract file system model of GIO consists of a number of interfaces and
|
|||
|
base classes for I/O and files:
|
|||
|
|
|||
|
[iface@Gio.File]
|
|||
|
: reference to a file
|
|||
|
|
|||
|
[class@Gio.FileInfo]
|
|||
|
: information about a file or filesystem
|
|||
|
|
|||
|
[class@Gio.FileEnumerator]
|
|||
|
: list files in directories
|
|||
|
|
|||
|
[iface@Gio.Drive]
|
|||
|
: represents a drive
|
|||
|
|
|||
|
[iface@Gio.Volume]
|
|||
|
: represents a file system in an abstract way
|
|||
|
|
|||
|
[iface@Gio.Mount]
|
|||
|
: represents a mounted file system
|
|||
|
|
|||
|
Then there is a number of stream classes, similar to the input and output
|
|||
|
stream hierarchies that can be found in frameworks like Java:
|
|||
|
|
|||
|
[class@Gio.InputStream]
|
|||
|
: read data
|
|||
|
|
|||
|
[class@Gio.OutputStream]
|
|||
|
: write data
|
|||
|
|
|||
|
[class@Gio.IOStream]
|
|||
|
: read and write data
|
|||
|
|
|||
|
[iface@Gio.Seekable]
|
|||
|
: interface optionally implemented by streams to support seeking
|
|||
|
|
|||
|
There are interfaces related to applications and the types of files they
|
|||
|
handle:
|
|||
|
|
|||
|
[iface@Gio.AppInfo]
|
|||
|
: information about an installed application
|
|||
|
|
|||
|
[iface@Gio.Icon]
|
|||
|
: abstract type for file and application icons
|
|||
|
|
|||
|
There is a framework for storing and retrieving application settings:
|
|||
|
|
|||
|
[class@Gio.Settings]
|
|||
|
: stores and retrieves application settings
|
|||
|
|
|||
|
There is support for network programming, including connectivity monitoring,
|
|||
|
name resolution, lowlevel socket APIs and highlevel client and server helper
|
|||
|
classes:
|
|||
|
|
|||
|
[class@Gio.Socket]
|
|||
|
: lowlevel platform independent socket object
|
|||
|
|
|||
|
[class@Gio.Resolver]
|
|||
|
: asynchronous and cancellable DNS resolver
|
|||
|
|
|||
|
[class@Gio.SocketClient]
|
|||
|
: high-level network client helper
|
|||
|
|
|||
|
[class@Gio.SocketService]
|
|||
|
: high-level network server helper
|
|||
|
|
|||
|
[class@Gio.SocketConnection]
|
|||
|
: network connection stream
|
|||
|
|
|||
|
[iface@Gio.NetworkMonitor]
|
|||
|
: network connectivity monitoring
|
|||
|
|
|||
|
There is support for connecting to
|
|||
|
[D-Bus](https://www.freedesktop.org/wiki/Software/dbus/), sending and receiving
|
|||
|
messages, owning and watching bus names, and making objects available on the bus:
|
|||
|
|
|||
|
[class@Gio.DBusConnection]
|
|||
|
: a D-Bus connection
|
|||
|
|
|||
|
[class@Gio.DBusMethodInvocation]
|
|||
|
: for handling remote calls
|
|||
|
|
|||
|
[class@Gio.DBusServer]
|
|||
|
: helper for accepting connections
|
|||
|
|
|||
|
[class@Gio.DBusProxy]
|
|||
|
: proxy to access D-Bus interfaces on a remote object
|
|||
|
|
|||
|
Beyond these, GIO provides facilities for file monitoring, asynchronous I/O
|
|||
|
and filename completion. In addition to the interfaces, GIO provides
|
|||
|
implementations for the local case. Implementations for various network file
|
|||
|
systems are provided by the GVFS package as loadable modules.
|
|||
|
|
|||
|
Other design choices which consciously break with the GnomeVFS design are to
|
|||
|
move backends out-of-process, which minimizes the dependency bloat and makes
|
|||
|
the whole system more robust. The backends are not included in GIO, but in
|
|||
|
the separate GVFS package. The GVFS package also contains the GVFS daemon,
|
|||
|
which spawn further mount daemons for each individual connection.
|
|||
|
|
|||
|
![GIO in the GTK library stack](./gvfs-overview.png)
|
|||
|
|
|||
|
The GIO model of I/O is stateful: if an application establishes e.g. a SFTP
|
|||
|
connection to a server, it becomes available to all applications in the
|
|||
|
session; the user does not have to enter his password over and over again.
|
|||
|
|
|||
|
One of the big advantages of putting the VFS in the GLib layer is that GTK
|
|||
|
can directly use it, e.g. in the filechooser.
|
|||
|
|
|||
|
## Writing GIO applications
|
|||
|
|
|||
|
The information in the GLib documentation about writing GLib applications is
|
|||
|
generally applicable when writing GIO applications.
|
|||
|
|
|||
|
### Threads
|
|||
|
|
|||
|
GDBus has its own private worker thread, so applications using GDBus have at
|
|||
|
least 3 threads. GIO makes heavy use of the concept of a thread-default main
|
|||
|
context to execute callbacks of asynchronous methods in the same context in
|
|||
|
which the operation was started.
|
|||
|
|
|||
|
### Asynchronous Programming
|
|||
|
|
|||
|
Many GIO functions come in two versions: synchronous and asynchronous,
|
|||
|
denoted by an `_async` suffix. It is important to use these appropriately:
|
|||
|
synchronous calls should not be used from within a main loop which is shared
|
|||
|
with other code, such as one in the application’s main thread. Synchronous
|
|||
|
calls block until they complete, and I/O operations can take noticeable
|
|||
|
amounts of time (even on ‘fast’ SSDs). Blocking a main loop iteration while
|
|||
|
waiting for I/O means that other sources in the main loop will not be
|
|||
|
dispatched, such as input and redraw handlers for the application’s UI. This
|
|||
|
can cause the application to ‘freeze’ until I/O completes.
|
|||
|
|
|||
|
A few self-contained groups of functions, such as code generated by
|
|||
|
gdbus-codegen, use a different convention: functions are asynchronous
|
|||
|
default, and it is the synchronous version which has a `_sync` suffix. Aside
|
|||
|
from naming differences, they should be treated the same way as functions
|
|||
|
following the normal convention above.
|
|||
|
|
|||
|
The asynchronous (`_async`) versions of functions return control to the
|
|||
|
caller immediately, after scheduling the I/O in the kernel and adding a
|
|||
|
callback for it to the main loop. This callback will be invoked when the
|
|||
|
operation has completed. From the callback, the paired `_finish` function
|
|||
|
should be called to retrieve the return value of the I/O operation, and any
|
|||
|
errors which occurred. For more information on using and implementing
|
|||
|
asynchronous functions, see [iface@Gio.AsyncResult] and [class@Gio.Task].
|
|||
|
|
|||
|
By starting multiple asynchronous operations in succession, they will be
|
|||
|
executed in parallel (up to an arbitrary limit imposed by GIO’s internal
|
|||
|
worker thread pool).
|
|||
|
|
|||
|
The synchronous versions of functions can be used early in application
|
|||
|
startup when there is no main loop to block, for example to load initial
|
|||
|
configuration files. They can also be used for I/O on files which are
|
|||
|
guaranteed to be small and on the local disk. Note that the user’s home
|
|||
|
directory is not guaranteed to be on the local disk. Security
|
|||
|
|
|||
|
When your program needs to carry out some privileged operation (say, create
|
|||
|
a new user account), there are various ways in which you can go about this:
|
|||
|
|
|||
|
- Implement a daemon that offers the privileged operation. A convenient way
|
|||
|
to do this is as a D-Bus system-bus service. The daemon will probably need
|
|||
|
ways to check the identity and authorization of the caller before
|
|||
|
executing the operation.
|
|||
|
[polkit](https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html)
|
|||
|
is a framework that allows this.
|
|||
|
- Use a small helper that is executed with elevated privileges via pkexec.
|
|||
|
[`pkexec`](https://www.freedesktop.org/software/polkit/docs/latest/pkexec.1.html)
|
|||
|
is a small program launcher that is part of polkit.
|
|||
|
- Use a small helper that is executed with elevated privileges by being suid
|
|||
|
root.
|
|||
|
|
|||
|
None of these approaches is the clear winner, they all have their advantages
|
|||
|
and disadvantages.
|
|||
|
|
|||
|
When writing code that runs with elevated privileges, it is important to
|
|||
|
follow some basic rules of secure programming. David Wheeler has an
|
|||
|
excellent book on this topic,
|
|||
|
[Secure Programming for Linux and Unix HOWTO](https://dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html).
|
|||
|
|
|||
|
When using GIO in code that runs with elevated privileges, you have to be
|
|||
|
careful. GIO has extension points whose implementations get loaded from
|
|||
|
modules (executable code in shared objects), which could allow an attacker
|
|||
|
to sneak his own code into your application by tricking it into loading the
|
|||
|
code as a module. However, GIO will never load modules from your home
|
|||
|
directory except when explicitly asked to do so via an environment variable.
|
|||
|
|
|||
|
In most cases, your helper program should be so small that you don't need
|
|||
|
GIO, whose APIs are largely designed to support full-blown desktop
|
|||
|
applications. If you can't resist the convenience of these APIs, here are
|
|||
|
some steps you should take:
|
|||
|
|
|||
|
- Clear the environment, e.g. using the `clearenv()` function. David Wheeler
|
|||
|
has a good
|
|||
|
[explanation](https://dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html)
|
|||
|
for why it is important to sanitize the environment. See the section on
|
|||
|
running GIO applications for a list of all environment variables affecting
|
|||
|
GIO. In particular, `PATH` (used to locate binaries), `GIO_EXTRA_MODULES`
|
|||
|
(used to locate loadable modules) and `DBUS_{SYSTEM,SESSION}_BUS_ADDRESS`
|
|||
|
(used to locate the D-Bus system and session bus) are important.
|
|||
|
- Don't use GVfs, by setting `GIO_USE_VFS=local` in the environment. The
|
|||
|
reason to avoid GVfs in security-sensitive programs is that it uses many
|
|||
|
libraries which have not necessarily been audited for security problems.
|
|||
|
Gvfs is also heavily distributed and relies on a session bus to be
|
|||
|
present.
|
|||
|
|
|||
|
## Compiling GIO applications
|
|||
|
|
|||
|
GIO comes with a `gio-2.0.pc` file that you should use together with
|
|||
|
pkg-config to obtain the necessary information about header files and
|
|||
|
libraries. See the pkg-config man page or the GLib documentation for more
|
|||
|
information on how to use pkg-config to compile your application.
|
|||
|
|
|||
|
If you are using GIO on UNIX-like systems, you may want to use UNIX-specific
|
|||
|
GIO interfaces such as `GUnixInputStream`, `GUnixOutputStream`, `GUnixMount`
|
|||
|
or `GDesktopAppInfo`. To do so, use the `gio-unix-2.0.pc` file instead of
|
|||
|
`gio-2.0.pc`.
|
|||
|
|
|||
|
## Running GIO applications
|
|||
|
|
|||
|
GIO inspects a few environment variables in addition to the ones used by GLib.
|
|||
|
|
|||
|
- `XDG_DATA_HOME`, `XDG_DATA_DIRS`. GIO uses these environment variables to
|
|||
|
locate MIME information. For more information, see the
|
|||
|
[Shared MIME-info Database](https://specifications.freedesktop.org/shared-mime-info-spec/latest/)
|
|||
|
and the [Base Directory Specification](https://specifications.freedesktop.org/basedir-spec/latest/).
|
|||
|
- `GVFS_DISABLE_FUSE`. This variable can be set to keep Gvfs from starting
|
|||
|
the fuse backend, which may be unwanted or unnecessary in certain
|
|||
|
situations.
|
|||
|
- `GIO_USE_VFS`. This environment variable can be set to the name of a GVfs
|
|||
|
implementation to override the default for debugging purposes. The GVfs
|
|||
|
implementation for local files that is included in GIO has the name
|
|||
|
"local", the implementation in the gvfs module has the name "gvfs". Most
|
|||
|
commonly, system software will set this to "local" to avoid having `GFile`
|
|||
|
APIs perform unnecessary D-Bus calls. The special value help can be used
|
|||
|
to print a list of available implementations to standard output.
|
|||
|
|
|||
|
The following environment variables are only useful for debugging GIO itself
|
|||
|
or modules that it loads. They should not be set in a production
|
|||
|
environment.
|
|||
|
|
|||
|
- `GIO_USE_FILE_MONITOR`. This variable can be set to the name of a
|
|||
|
GFileMonitor implementation to override the default for debugging
|
|||
|
purposes. The GFileMonitor implementation for local files that is included
|
|||
|
in GIO on Linux has the name "inotify", others that are built are built as
|
|||
|
modules (depending on the platform) are called "fam" and "fen". The
|
|||
|
special value help can be used to print a list of available
|
|||
|
implementations to standard output.
|
|||
|
- `GIO_USE_VOLUME_MONITOR`. This variable can be set to the name of a
|
|||
|
GVolumeMonitor implementation to override the default for debugging
|
|||
|
purposes. The GVolumeMonitor implementation for local files that is
|
|||
|
included in GIO has the name "unix", the udisks2-based implementation in
|
|||
|
the gvfs module has the name "udisks2". The special value help can be used
|
|||
|
to print a list of available implementations to standard output.
|
|||
|
- `GIO_USE_TLS`. This variable can be set to the name of a GTlsBackend
|
|||
|
implementation to override the default for debugging purposes. GIO does
|
|||
|
not include a GTlsBackend implementation, the gnutls-based implementation
|
|||
|
in the glib-networking module has the name "gnutls". The special value
|
|||
|
help can be used to print a list of available implementations to standard
|
|||
|
output.
|
|||
|
- `GIO_USE_PORTALS`. This variable can be set to override detection of portals
|
|||
|
and force them to be used to provide various bits of GIO functionality, for
|
|||
|
testing and debugging. This variable is not intended to be used in production.
|
|||
|
- `GIO_MODULE_DIR`. When this environment variable is set to a path, GIO
|
|||
|
will load modules from this alternate directory instead of the directory
|
|||
|
built into GIO. This is useful when running tests, for example. This
|
|||
|
environment variable is ignored when running in a setuid program.
|
|||
|
- `GIO_EXTRA_MODULES`. When this environment variable is set to a path, or
|
|||
|
a set of paths separated by a colon, GIO will attempt to load additional
|
|||
|
modules from within the path. This environment variable is ignored when
|
|||
|
running in a setuid program.
|
|||
|
- `GSETTINGS_BACKEND`. This variable can be set to the name of a
|
|||
|
GSettingsBackend implementation to override the default for debugging
|
|||
|
purposes. The memory-based implementation that is included in GIO has the
|
|||
|
name "memory", the one in dconf has the name "dconf". The special value
|
|||
|
help can be used to print a list of available implementations to standard
|
|||
|
output.
|
|||
|
- `GSETTINGS_SCHEMA_DIR`. This variable can be set to the names of
|
|||
|
directories to consider when looking for compiled schemas for GSettings,
|
|||
|
in addition to the `glib-2.0/schemas` subdirectories of the XDG system
|
|||
|
data dirs. To specify multiple directories, use `G_SEARCHPATH_SEPARATOR_S`
|
|||
|
as a separator.
|
|||
|
- `DBUS_SYSTEM_BUS_ADDRESS`. This variable is consulted to find the address
|
|||
|
of the D-Bus system bus. For the format of D-Bus addresses, see the
|
|||
|
[D-Bus specification](https://dbus.freedesktop.org/doc/dbus-specification.html#addresses).
|
|||
|
Setting this variable overrides platform-specific ways of determining the
|
|||
|
system bus address.
|
|||
|
- `DBUS_SESSION_BUS_ADDRESS`. This variable is consulted to find the
|
|||
|
address of the D-Bus session bus. Setting this variable overrides
|
|||
|
platform-specific ways of determining the session bus address.
|
|||
|
- `DBUS_STARTER_BUS_TYPE`. This variable is consulted to find out the
|
|||
|
'starter' bus for an application that has been started via D-Bus
|
|||
|
activation. The possible values are 'system' or 'session'.
|
|||
|
- `G_DBUS_DEBUG`. This variable can be set to a list of debug options,
|
|||
|
which cause GLib to print out different types of debugging information
|
|||
|
when using the D-Bus routines.
|
|||
|
- `transport`: Show IO activity (e.g. reads and writes)
|
|||
|
- `message`: Show all sent and received D-Bus messages
|
|||
|
- `payload`: Show payload for all sent and received D-Bus messages (implies
|
|||
|
message)
|
|||
|
- `call`: Trace `g_dbus_connection_call()` and
|
|||
|
`g_dbus_connection_call_sync()` API usage
|
|||
|
- `signal`: Show when a D-Bus signal is received
|
|||
|
- `incoming`: Show when an incoming D-Bus method call is received
|
|||
|
- `return`: Show when a reply is returned via the GDBusMethodInvocation API
|
|||
|
- `emission`: Trace `g_dbus_connection_emit_signal()` API usage
|
|||
|
- `authentication`: Show information about connection authentication
|
|||
|
- `address`: Show information about D-Bus address lookups and autolaunching
|
|||
|
- `all`: Turn on all debug options
|
|||
|
- `help`: Print a list of supported options to the standard output
|
|||
|
- `G_DBUS_COOKIE_SHA1_KEYRING_DIR`. Can be used to override the directory
|
|||
|
used to store the keyring used in the `DBUS_COOKIE_SHA1` authentication
|
|||
|
mechanism. Normally the directory used is `.dbus-keyrings` in the user's
|
|||
|
home directory.
|
|||
|
- `G_DBUS_COOKIE_SHA1_KEYRING_DIR_IGNORE_PERMISSION`. If set, the
|
|||
|
permissions of the directory used to store the keyring used in the
|
|||
|
`DBUS_COOKIE_SHA1` authentication mechanism won't be checked. Normally the
|
|||
|
directory must be readable only by the user.
|
|||
|
|
|||
|
## Extending GIO
|
|||
|
|
|||
|
A lot of the functionality that is accessible through GIO is implemented in
|
|||
|
loadable modules, and modules provide a convenient way to extend GIO. In
|
|||
|
addition to the [`class@Gio.IOModule`] API which supports writing such modules, GIO has a
|
|||
|
mechanism to define extension points, and register implementations thereof,
|
|||
|
see [`struct@Gio.IOExtensionPoint`].
|
|||
|
|
|||
|
The following extension points are currently defined by GIO:
|
|||
|
|
|||
|
- `G_VFS_EXTENSION_POINT_NAME`. Allows to override the functionality of the
|
|||
|
GVfs class. Implementations of this extension point must be derived from
|
|||
|
GVfs. GIO uses the implementation with the highest priority that is
|
|||
|
active, see `g_vfs_is_active()`. GIO implements this extension point for
|
|||
|
local files, gvfs contains an implementation that supports all the
|
|||
|
backends in gvfs.
|
|||
|
- `G_VOLUME_MONITOR_EXTENSION_POINT_NAME`. Allows to add more volume
|
|||
|
monitors. Implementations of this extension point must be derived from
|
|||
|
GVolumeMonitor. GIO uses all registered extensions. gvfs contains an
|
|||
|
implementation that works together with the GVfs implementation in gvfs.
|
|||
|
- `G_NATIVE_VOLUME_MONITOR_EXTENSION_POINT_NAME`. Allows to override the
|
|||
|
'native' volume monitor. Implementations of this extension point must be
|
|||
|
derived from GNativeVolumeMonitor. GIO uses the implementation with the
|
|||
|
highest priority that is supported, as determined by the `is_supported()`
|
|||
|
vfunc in GVolumeMonitorClass. GIO implements this extension point for
|
|||
|
local mounts, gvfs contains a udisks2-based implementation.
|
|||
|
- `G_LOCAL_FILE_MONITOR_EXTENSION_POINT_NAME`. Allows to override the file
|
|||
|
monitor implementation for local files. Implementations of this extension
|
|||
|
point must be derived from GLocalFileMonitor. GIO uses the implementation
|
|||
|
with the highest priority that is supported, as determined by the
|
|||
|
`is_supported()` vfunc in GLocalFileMonitorClass. GIO uses this extension
|
|||
|
point internally, to switch between its fam-based and inotify-based file
|
|||
|
monitoring implementations.
|
|||
|
- `G_LOCAL_DIRECTORY_MONITOR_EXTENSION_POINT_NAME`. Allows to override the
|
|||
|
directory monitor implementation for local files. Implementations of this
|
|||
|
extension point must be derived from GLocalDirectoryMonitor. GIO uses the
|
|||
|
implementation with the highest priority that is supported, as determined
|
|||
|
by the `is_supported()` vfunc in GLocalDirectoryMonitorClass. GIO uses
|
|||
|
this extension point internally, to switch between its fam-based and
|
|||
|
inotify-based directory monitoring implementations.
|
|||
|
- `G_DESKTOP_APP_INFO_LOOKUP_EXTENSION_POINT_NAME`. Unix-only. Allows to
|
|||
|
provide a way to associate default handlers with URI schemes.
|
|||
|
Implementations of this extension point must implement the
|
|||
|
GDesktopAppInfoLookup interface. GIO uses the implementation with the
|
|||
|
highest priority. This extension point has been discontinued in GLib 2.28.
|
|||
|
It is still available to keep API and ABI stability, but GIO is no longer
|
|||
|
using it for default handlers. Instead, the mime handler mechanism is
|
|||
|
used, together with x-scheme-handler pseudo-mimetypes.
|
|||
|
- `G_SETTINGS_BACKEND_EXTENSION_POINT_NAME`. Allows to provide an
|
|||
|
alternative storage for GSettings. Implementations of this extension point
|
|||
|
must derive from the GSettingsBackend type. GIO contains a keyfile-based
|
|||
|
implementation of this extension point, another one is provided by dconf.
|
|||
|
- `G_PROXY_EXTENSION_POINT_NAME`. Allows to provide implementations for
|
|||
|
network proxying. Implementations of this extension point must provide the
|
|||
|
GProxy interface, and must be named after the network protocol they are
|
|||
|
proxying. glib-networking contains an implementation of this extension
|
|||
|
point based on libproxy.
|
|||
|
- `G_TLS_BACKEND_EXTENSION_POINT_NAME`. Allows to provide implementations
|
|||
|
for TLS support. Implementations of this extension point must implement
|
|||
|
the GTlsBackend interface. glib-networking contains an implementation of
|
|||
|
this extension point.
|
|||
|
- `G_NETWORK_MONITOR_EXTENSION_POINT_NAME`. Allows to provide
|
|||
|
implementations for network connectivity monitoring. Implementations of
|
|||
|
this extension point must implement the GNetworkMonitorInterface
|
|||
|
interface. GIO contains an implementation of this extension point that is
|
|||
|
using the netlink interface of the Linux kernel.
|