diff --git a/flatpak-1.14.4.tar.xz b/flatpak-1.14.4.tar.xz deleted file mode 100644 index bfc970e..0000000 --- a/flatpak-1.14.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8a34dbd0b67c434e7598b98ec690953d046f0db26e480aeafb46d72aec716799 -size 1637484 diff --git a/flatpak-1.15.10.tar.xz b/flatpak-1.15.10.tar.xz new file mode 100644 index 0000000..ac6cb1a --- /dev/null +++ b/flatpak-1.15.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6aa67ca29b4f4da74654888446710b16c9fcfe640c324a51c5025087eecbf42f +size 1169908 diff --git a/flatpak.changes b/flatpak.changes index 4cc42b3..6e09c7c 100644 --- a/flatpak.changes +++ b/flatpak.changes @@ -1,3 +1,339 @@ +------------------------------------------------------------------- +Wed Aug 14 16:07:15 UTC 2024 - Bjørn Lie + +- Update to version 1.15.10: + + Dependencies: In distributions that compile Flatpak to use a + separate bubblewrap (bwrap) executable, version 0.10.0 is + required. This version adds a new feature which is required by + the security fix in this release. + + Security fixes: Don't follow symbolic links when mounting + persistent directories (--persist option). This prevents a + sandbox escape where a malicious or compromised app could edit + the symlink to point to a directory that the app should not + have been allowed to read or write. (CVE-2024-42472, + GHSA-7hgv-f2j8-xw87, bsc#1229157) + + Documentation: Mark the 1.12.x and 1.10.x branches as + end-of-life + + Other bug fixes: Fix several memory leaks + + Internal changes: + - Record a log file when running build-time tests with + AddressSanitizer + - Add initial suppressions file for AddressSanitizer + +------------------------------------------------------------------- +Thu Aug 8 12:33:34 UTC 2024 - Imo Hester + +- As per documentation from flatpak 1.0: add weak dep on + p11-kit-server for certificate transfer (boo#1188902) + +------------------------------------------------------------------- +Fri Jun 14 13:51:38 UTC 2024 - pgajdos@suse.com + +- remove dependency on /usr/bin/python3 using + %python3_fix_shebang macro, [bsc#1212476] + +------------------------------------------------------------------- +Tue Apr 23 13:23:52 UTC 2024 - Robert Frohl + +- disable parental controls for now by using '-Dmalcontent=disabled', to work around + issues with xdg-desktop-portal + +------------------------------------------------------------------- +Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl + +- Update to version 1.15.8: + + Security fixes: + - Don't allow an executable name to be misinterpreted as a + command-line option for bwrap(1). This prevents a sandbox + escape where a malicious or compromised app could ask + xdg-desktop-portal to generate a .desktop file with access to + files outside the sandbox. (CVE-2024-32462, boo#1223110). + + Other bug fixes: + - Pass the -export-dynamic linker option as + -Wl,-export-dynamic, fixing build failures with clang 18 and + lld 18. + - Fix a double-free when installation is cancelled. + - Fix installed-tests failure with "FUSERMOUNT: unbound + variable". +- Changes from version 1.15.7: + + New features: + - Automatically remove obsolete driver versions and other + autopruned refs. + - --socket=inherit-wayland-socket. + - Automatically reload D-Bus session bus configuration after + installing or upgrading apps, to pick up any exported D-Bus + services. + + Bug fixes: + - Don't parse as the application + name. + - Don't refuse to start apps when there is no D-Bus system bus + available. + - Don't try to repeat migration of apps whose data was migrated + to a new name and then deleted. + - Improve handling of mixed locales on systems with + systemd-localed. + - Improve display of ellipsized columns in wide terminals. + - Make flatpak info -e look for extensions in all + installations. + - Fix warnings from newer GLib versions. + - Always set the container environment variable. + - Always let the app inherit redirected file descriptors. + - In flatpak ps, add xdg-desktop-portal-gnome to the list of + backends we'll use to learn which apps are running in the + background. + - Don't use WAYLAND_SOCKET unless given + --socket=inherit-wayland-socket. + - Use fusermount3 if compiled with FUSE 3, overridable with + -Dsystem_fusermount compile-time option. + - Avoid leaking a temporary variable from + /etc/profile.d/flatpak.sh into the shell environment. + - Improve async-signal safety. + - Fix various memory leaks. + - Avoid undefined behaviour of signed left-shift when storing + object IDs in a hash table. + - Detect the correct gtk-doc when cross-compiling. + - Detect the correct wayland-scanner when cross-compiling. + - Documentation improvements. + - Skip more tests when FUSE isn't available. + - Updated translations. +- Add libglnx.patch: fix meson function detection. +- Switch build system to meson: + + Add meson BuildRequires. + + Switch configure/make_build/make_install macros to + meson/meson_build/meson_install, preserving the configure + parameters as close as possible: + --disable-silent-rules => obsoleted + --with-system-bubblewrap => -Dsystem_bubblewrap=bwrap + --with-curl => -Dhttp_backend=curl +- Add pkgconfig(malcontent-0) BuildRequires: enable malcontent + support. + +------------------------------------------------------------------- +Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa + +- Make flatpak-remote-flathub only supplement flatpak in TW + (bsc#1221662). + +------------------------------------------------------------------- +Thu Mar 7 11:21:12 UTC 2024 - Antonio Larrosa + +- Add a flatpak-selinux subpackage that provides a SELinux policy + module (boo#1220591). + +------------------------------------------------------------------- +Tue Nov 14 19:34:15 UTC 2023 - Bjørn Lie + +- Update to version 1.15.6: + + In distributions that compile Flatpak to use a separate + bubblewrap (bwrap) executable, version 0.8.0 is now required. + + Enabling the optional Wayland security context feature requires + libwayland-client, wayland-scanner >= 1.15 and + wayland-protocols >= 1.32. + + Add --device=input, for access to evdev devices in /dev/input + + Update bundled copy of bubblewrap to version 0.8.0, and rely on + its features: + + Improve error message if seccomp is disabled in kernel config + + Security hardening: set user namespace limit to 0, to prevent + creation of nested user namespaces in a more robust way + + For subsandboxes started by flatpak-portal, inherit + environment variables from the flatpak run that started the + original instance rather than from flatpak-portal, fixing + behaviour of FLATPAK_GL_DRIVERS and similar features + + Stop http transfers if a download in progress becomes very slow + + Make it easier to configure extra languages, by picking them up + from AccountsService if configured there + + Add new flatpak_transaction_add_rebase_and_uninstall() API, + allowing end-of-life apps to be replaced by their intended + replacement more reliably + + Create a private Wayland socket with the "security context" + extension if available, allowing the compositor to identify + connections from sandboxed apps as belonging to the sandbox + + Update libglnx to 2023-08-29 + + Use features of newer GLib versions if available + + Turn off system-level crash reporting infrastructure during + some unit tests that involve intentional assertion failures + + Add anchors to link to sections of flatpak-metadata + documentation + + Bug fixes: + - Avoid warnings processing symbolic links with GLib >= 2.77.0, + and with GLib 2.76.0 (GLib 2.76.1 or later silences these + warnings) + - Bypass page cache for backend requests in revokefs, fixing + installation errors with libostree 2023.4 + - Show AppStream metadata in flatpak remote-info as intended + - Don't let Flatpak apps inherit VK_DRIVER_FILES or + VK_ICD_FILENAMES from the host system, which would be wrong + for the sandbox + - Fix build failure with prereleases of libappstream 0.17.x + - Forward-compatibility with libappstream 1.0 + - Fix installation with Meson if configured with + -Dauto_sideloading=true + - Fix a memory leak + - Fix compiler warnings + - Make the tests fail more comprehensibly if a required tool is + missing + - Clean up /var/tmp/flatpak-cache-* directories on boot + - Don't force GIO_USE_VFS=local for programs launched via + flatpak-spawn + - Clarify documentation for D-Bus name ownership + + Internal changes: + - Split up large source files into smaller modules, reducing + internal circular dependencies + - Re-synchronize code backported from GLib with the version in + GLib + - Clarify documentation for D-Bus name ownership + - Make the flags used to apply "extra data" clearer + - Use glnx_opendirat() where possible + + Updated translations. +- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and + pkgconfig(wayland-protocols) BuildRequires and pass + with-wayland-security-context=yes to configure: Enable the + optional Wayland security context. + +------------------------------------------------------------------- +Wed Aug 2 20:23:29 UTC 2023 - Luciano Santos + +- Add update-user-flatpaks service and timer Systemd units - based + on update-system-flatpaks.{service,timer} - to help users keep + their user installed flatpaks up to date. +- Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config + macro to mark it as a configuration file. + +------------------------------------------------------------------- +Fri Mar 17 16:20:57 UTC 2023 - Bjørn Lie + +- Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100): + + Escape special characters when displaying permissions and + metadata, preventing malicious apps from manipulating the + appearance of the permissions list using crafted metadata + (CVE-2023-28101, bsc#1209410). + + If a Flatpak app is run on a Linux virtual console (tty1, tty2, + etc.), don't allow copy/paste via the TIOCLINUX ioctl + (CVE-2023-28100, bsc#1209411). Note that this is specific to virtual + consoles: Flatpak is not vulnerable to this if run from a + graphical terminal emulator such as xterm, gnome-terminal or + Konsole. + + Document the path used for flatpak override. + + Updated translations. + +------------------------------------------------------------------- +Fri Mar 17 10:06:34 UTC 2023 - Bjørn Lie + +- Update to version 1.15.3: + + Build system: Building this version of Flatpak with Meson is + recommended. The source release flatpak-1.15.3.tar.xz no longer + contains Autotools-generated files, although this version can + still be built using Autotools after running ./autogen.sh. + Future versions are likely to remove the Autotools buildsystem. + + Bug fixes: + - When splitting an upgrade into two steps (download without + installing, and then upgrade without allowing further + downloads) like GNOME Software does, if an app is marked EOL + and superseded by a replacement, don't remove the superseded + app in the first step, which would result in the replacement + incorrectly not being installed. + - Fix a crash when --socket=gpg-agent is used. + - Fix a crash when listing apps if one of them is broken or + misconfigured. + - If an app has invalid syntax in its overrides or metadata, + mention the filename in the error message. + - Unset $GDK_BACKEND for apps, ensuring GTK apps with + --socket=fallback-x11 can work. + - Fix a deprecation warning when compiled with curl >= 7.85. + + Updated translations. + + Internal changes: Better diagnostic messages for why runtimes + are or are not considered unused. +- Changes from version 1.15.2: + + Bug fixes: + - Never try to export a parent of reserved directories as a + --filesystem, for example /run, which would prevent the app + from starting. + - Never try to export a --filesystem below /run/flatpak or + /run/host, which could similarly prevent the app from + starting. + - The above change also fixes apps not starting if a + --filesystem is a symlink to the root directory. + - Show a warning when the --filesystem exists but cannot be + shared with the sandbox. + - Display the intended messages for flatpak repair. + - Exporting an app to an existing repository on a CIFS + filesystem now works as intended. + - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in + some GLib apps when set to a path on the host. + - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and + Qt apps under Wayland when this variable is set to a path not + available in the sandbox. + - When using the fish shell, avoid duplicate XDG_DATA_DIRS + entries if the profile script is sourced more than once. + - Update included copy of bubblewrap to 0.7.0 for better error + messages. + - Install SELinux files correctly when building with Meson + + Internal changes: + - Update included copy of libglnx + - flatpak -v now uses the INFO log level, and flatpak -vv uses + the DEBUG log level in the flatpak log domain. Previously, + the extra messages that were logged by flatpak -vv were in a + separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak + previously had an effect similar to flatpak -v, and is now + more similar to flatpak -vv. +- Changes from version 1.15.1: + + Dependencies: When building with Meson, gpgme 1.8.0 is now + required. Older versions can still be used by building with + Autotools. + + Features: If an old temporary deploy directory was leaked by + versions before #5146, clean it up the next time the same app + is updated. + + Bug fixes: + - If an app update is blocked by parental controls policies, + clean up the temporary deploy directory. + - Fix Autotools build with versions of gpgme that no longer + provide gpgme-config(1). + - Fix a possible parallel build failure with Meson. + - Fix a compiler warning on 32-bit architectures. + - When building with Autotools, be more consistent about + applying compiler warning flags. + - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR. + - Treat /efi the same as /boot/efi. +- Changes from version 1.15.0: + + Build system: + - Flatpak can now be compiled using Meson instead of Autotools. + This requires Meson 0.53.0 or later, and Python 3.5 or later. + - The Autotools build system is likely to be removed during + either the 1.15.x or 1.17.x cycle. + + New features: + - Allow the modify_ldt system call as part of + --allow=multiarch. This increases attack surface, but is + required when running 16-bit executables in some versions of + Wine. + - Share gssproxy socket, which acts like a portal for Kerberos + authentication. This lets apps use Kerberos authentication + without needing a sandbox hole. + - Add a httpbackend variable to flatpak.pc, allowing dependent + projects like GNOME Software to detect whether they are + compatible with libflatpak. + + Bug fixes: + - Terminate the flatpak-session-helper and flatpak-portal + services when the session ends, so that applications will not + inherit outdated Wayland and X11 socket addresses. + - When using fish shell, don't overwrite a previously-set + XDG_DATA_DIRS. + - Don't try to enable HTTP 2 if linked to a libcurl version + that doesn't support it. + - Stop systemd reporting the session-helper as failed when + terminated by a signal. + - Fix a warning when listing a document with no permissions. + - Fix compilation with GLib 2.66.x (as used in Debian 11). + - Fix compilation with GLib 2.58.x (as used in Debian 10). + - Make generated files more reproducible. + + Internal changes: + - Update project logo in README. + - Update libglnx subproject. + + Updated translations. +- Add libtool BuildRequires and pass autogen.sh, bootstrapping + build is now needed. +- Add gtk-doc and xmlto BuildRequires and pass enable-documentation + and enable-gtk-doc to configure, building documentation manually. + ------------------------------------------------------------------- Thu Mar 16 16:15:42 UTC 2023 - Bjørn Lie diff --git a/flatpak.spec b/flatpak.spec index e527e67..8b420f3 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -1,7 +1,7 @@ # # spec file for package flatpak # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,8 +16,9 @@ # +%global selinuxtype targeted %define libname libflatpak0 -%define bubblewrap_version 0.5.0 +%define bubblewrap_version 0.10.0 %define ostree_version 2020.8 %define xdg_dbus_proxy_version 0.1.0 @@ -34,7 +35,7 @@ %define support_environment_generators 1 %endif Name: flatpak -Version: 1.14.4 +Version: 1.15.10 Release: 0 Summary: OSTree based application bundles management License: LGPL-2.1-or-later @@ -43,22 +44,31 @@ URL: https://flatpak.github.io/ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz Source1: update-system-flatpaks.service Source2: update-system-flatpaks.timer -Source3: https://flathub.org/repo/flathub.flatpakrepo +Source3: update-user-flatpaks.service +Source4: update-user-flatpaks.timer +Source5: https://flathub.org/repo/flathub.flatpakrepo # PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations Patch0: polkit_rules_usability.patch +# PATCH-FIX-UPSTREAM libglnx.patch https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/57 +Patch1: libglnx.patch BuildRequires: bison BuildRequires: bubblewrap >= %{bubblewrap_version} BuildRequires: docbook-xsl-stylesheets +BuildRequires: gtk-doc BuildRequires: intltool >= 0.35.0 BuildRequires: libcap-devel BuildRequires: libgpg-error-devel BuildRequires: libgpgme-devel >= 1.1.8 +BuildRequires: libtool +BuildRequires: meson BuildRequires: pkgconfig BuildRequires: python3-pyparsing +BuildRequires: selinux-policy-devel BuildRequires: systemd-rpm-macros BuildRequires: sysuser-tools BuildRequires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version} +BuildRequires: xmlto BuildRequires: xsltproc BuildRequires: pkgconfig(appstream) >= 0.12.0 BuildRequires: pkgconfig(dconf) >= 0.26 @@ -80,13 +90,19 @@ BuildRequires: pkgconfig(libzstd) >= 0.8.1 BuildRequires: pkgconfig(ostree-1) >= %{ostree_version} BuildRequires: pkgconfig(polkit-gobject-1) BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(wayland-client) >= 1.15 +BuildRequires: pkgconfig(wayland-protocols) >= 1.32 +BuildRequires: pkgconfig(wayland-scanner) >= 1.15 BuildRequires: pkgconfig(xau) Requires: %{libname} = %{version} Requires: bubblewrap >= %{bubblewrap_version} Requires: ostree >= %{ostree_version} Requires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version} Requires: xdg-desktop-portal >= 0.10 +Requires: (flatpak-selinux = %{version} if selinux-policy-%{selinuxtype}) Requires: user(flatpak) +# as per documentation from flatpak 1.0: add weak dep on p11-kit-server for certificate transfer +Recommends: p11-kit-server # Remove after openSUSE Leap 42 is out of scope Provides: xdg-app = %{version} Obsoletes: xdg-app < %{version} @@ -154,13 +170,29 @@ Group: System/Packages Requires: flatpak Requires(postun):flatpak Requires(postun):sed +%if 0%{?suse_version} > 1600 Supplements: flatpak +%endif BuildArch: noarch %description remote-flathub Flathub is a widely used repository for Flatpak applications. This package adds the Flathub repository to the list of system flatpak remotes. +%package selinux +Summary: SELinux policy module for flatpak +Group: System Environment/Base +Requires: flatpak +BuildArch: noarch +%{?selinux_requires} + +%description selinux +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +This package provides the SELinux policy module for flatpak. + %postun remote-flathub # upon uninstall if [ $1 == 0 ]; then @@ -172,27 +204,32 @@ fi %lang_package +%python3_fix_shebang + %prep %autosetup -p1 sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-* %build -%configure \ - --disable-silent-rules \ - --with-system-bubblewrap \ - --with-curl \ - --with-priv-mode=none \ - --with-dbus-config-dir=%{_dbusconfigdir} \ - --with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \ +%meson \ + -Dsystem_bubblewrap=%{_bindir}/bwrap \ + -Dhttp_backend=curl \ + -Ddbus_config_dir=%{_dbusconfigdir} \ + -Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \ %if !%{support_environment_generators} - --enable-gdm-env-file \ + -Dgdm_env_file=enabled \ %endif - %{nil} -%make_build + -Dgtkdoc=enabled \ + -Dwayland_security_context=enabled \ + -Dselinux_module=enabled \ + -Dtests=false \ + -Dmalcontent=disabled \ + %{nil} +%meson_build %sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf %install -%make_install +%meson_install find %{buildroot} -type f -name "*.la" -delete -print mkdir -p %{buildroot}%{_sbindir} ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper @@ -208,12 +245,16 @@ rm -Rf %{buildroot}%{_systemd_user_env_generator_dir} rm -Rf %{buildroot}%{_systemd_system_env_generator_dir} %endif -install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/update-system-flatpaks.service -install -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/update-system-flatpaks.timer +# System update Systemd service and timer units +install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE1} +install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE2} -mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d -# Flathub -install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/flatpak/remotes.d +# User update Systemd service and timer units +install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE3} +install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE4} + +# Flathub remote repository +install -D -m 644 -t %{buildroot}%{_sysconfdir}/flatpak/remotes.d %{SOURCE5} %find_lang %{name} @@ -240,12 +281,31 @@ if [ -e "%{_localstatedir}/lib/flatpak/repo" ] && [ -z "$(ls -A %{_localstatedir rm -r %{_localstatedir}/lib/flatpak/repo fi %{_bindir}/flatpak remotes 1> /dev/null +%tmpfiles_create %{_tmpfilesdir}/flatpak.conf %postun %service_del_postun flatpak-system-helper.service %service_del_postun update-system-flatpaks.service %service_del_postun update-system-flatpaks.timer +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/flatpak.pp.bz2 + +%preun selinux +%selinux_relabel_pre -s %{selinuxtype} + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} flatpak + %selinux_relabel_post -s %{selinuxtype} +fi; + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} + %files -f %{name}.lang %license COPYING %{_bindir}/flatpak @@ -276,16 +336,19 @@ fi %{_mandir}/man1/%{name}*.1%{?ext_man} %{_mandir}/man5/flatpak-metadata.5%{?ext_man} %{_mandir}/man5/flatpak-flatpakref.5%{?ext_man} +%{_mandir}/man5/flatpakref.5%{?ext_man} %{_mandir}/man5/flatpak-flatpakrepo.5%{?ext_man} +%{_mandir}/man5/flatpakrepo.5%{?ext_man} %{_mandir}/man5/flatpak-installation.5%{?ext_man} %{_mandir}/man5/flatpak-remote.5%{?ext_man} %{_datadir}/%{name}/ %config %{_sysconfdir}/profile.d/flatpak.sh +%config %{_sysconfdir}/profile.d/flatpak.csh %dir %{_sysconfdir}/flatpak %dir %{_sysconfdir}/flatpak/remotes.d %{_unitdir}/flatpak-system-helper.service -%{_unitdir}/update-system-flatpaks.service -%{_unitdir}/update-system-flatpaks.timer +%{_unitdir}/update-system-flatpaks.{service,timer} +%{_userunitdir}/update-user-flatpaks.{service,timer} %{_sbindir}/rcflatpak-system-helper %{_userunitdir}/flatpak-session-helper.service %{_userunitdir}/flatpak-portal.service @@ -304,6 +367,7 @@ fi %{_userunitdir}/flatpak-oci-authenticator.service %{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml %{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service +%{_tmpfilesdir}/flatpak.conf %files -n system-user-flatpak %license COPYING @@ -325,6 +389,9 @@ fi %files devel %license COPYING %doc %{_datadir}/gtk-doc/html/flatpak +%dir %{_datadir}/doc/flatpak +%doc %{_datadir}/doc/flatpak/docbook.css +%doc %{_datadir}/doc/flatpak/flatpak-docs.html %{_bindir}/flatpak-bisect %{_bindir}/flatpak-coredumpctl %{_libdir}/pkgconfig/flatpak.pc @@ -333,6 +400,10 @@ fi %{_datadir}/gir-1.0/Flatpak-1.0.gir %files remote-flathub -%{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo +%config %{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo + +%files selinux +%{_datadir}/selinux/devel/include/contrib/flatpak.if +%{_datadir}/selinux/packages/flatpak.pp.bz2 %changelog diff --git a/libglnx.patch b/libglnx.patch new file mode 100644 index 0000000..f8bff37 --- /dev/null +++ b/libglnx.patch @@ -0,0 +1,13 @@ +Index: flatpak-1.15.8/subprojects/libglnx/meson.build +=================================================================== +--- flatpak-1.15.8.orig/subprojects/libglnx/meson.build ++++ flatpak-1.15.8/subprojects/libglnx/meson.build +@@ -40,7 +40,7 @@ foreach check_function : check_functions + #include + #include + +- int func (void) { ++ void func (void) { + (void) ''' + check_function + '''; + } + ''', diff --git a/update-user-flatpaks.service b/update-user-flatpaks.service new file mode 100644 index 0000000..804b9ad --- /dev/null +++ b/update-user-flatpaks.service @@ -0,0 +1,12 @@ +[Unit] +Description=Update user Flatpaks +Documentation=man:flatpak-update(1) +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/flatpak --user update -y --noninteractive + +[Install] +WantedBy=default.target diff --git a/update-user-flatpaks.timer b/update-user-flatpaks.timer new file mode 100644 index 0000000..77f60c9 --- /dev/null +++ b/update-user-flatpaks.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Update user Flatpaks daily +Documentation=man:flatpak-update(1) + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=timers.target