SLFO-pool/flatpak
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main flatpak revision b65129bfd5f7950d61edb3611ba21888

Browse Source
This commit is contained in:
Adrian Schröter 2025-02-07 18:06:23 +01:00
parent 6285cda0dd
commit dae0769596
6 changed files with 562 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
flatpak-1.14.10.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

BIN
flatpak-1.16.0.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

459
flatpak.changes
View File

@ -1,7 +1,115 @@
-------------------------------------------------------------------
Wed Oct 30 17:07:27 UTC 2024 - Michael Gorse <mgorse@suse.com>
Thu Jan 9 17:41:58 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
- Add gtk-doc to BuildRequires.
- Update to version 1.16.0:
+ Bug fixes:
- Update libglnx to 2024-12-06:
. Fix an assertion failure if creating a parent directory
encounters a dangling symlink.
. Fix a Meson warning.
. Don't emit terminal progress indicator escape sequences by
default. They are interpreted as notifications by some
terminal emulators.
- Fix introspection annotations in libflatpak.
+ Enhancements:
- Add the FLATPAK_TTY_PROGRESS environment variable, which
re-enables the terminal progress indicator escape sequences
added in 1.15.91.
- Document the FLATPAK_FANCY_OUTPUT environment variable, which
allows disabling the fancy formatting when outputting to a
terminal.
-------------------------------------------------------------------
Fri Dec 20 17:52:37 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.91 (unstable):
+ Enhancements:
- Add the FLATPAK_DATA_DIR environment variable, which allows
overriding at runtime the data directory location that
Flatpak uses to search for configuration files such as
remotes. This is useful for running tests, and for when
installing using Flatpak in a chroot.
- Add a FLATPAK_DOWNLOAD_TMPDIR variable. This allows using
download directories other than /var/tmp.
- Emit progress escape sequence. This can be used by terminal
emulators to detect and display progress of Flatpak
operations on their graphical user interfaces.
+ Bug fixes:
- Install missing test data. This should fix "as-installed"
tests via ginsttest-runner, used for example in Debian's
autopkgtest framework.
- Unify and improve how the Wayland socket is passed to the
sandboxed app. This should fix a regression that is triggered
by compositors that both implement the security-context-v1
protocol, and sets the WAYLAND_DISPLAY environment variable
when launching Flatpak apps.
- Fix the plural form of a translatable string.
-------------------------------------------------------------------
Thu Nov 28 21:57:18 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.12:
+ Return to using the process ID of the Flatpak app in the cgroup
name. Using the instance ID in 1.15.11 caused crashes when
installing apps, extensions or runtimes that use the "extra
data" mechanism, which does not set up an instance ID.
- Changes from version 1.15.11:
+ Dependencies:
- In distributions that compile Flatpak to use a separate
xdg-dbus-proxy executable, version 0.1.6 is recommended (but
not required).
- The minimum xdg-dbus-proxy continues to be 0.1.0.
+ Enhancements:
- Allow applications like WebKit to connect the AT-SPI
accessibility tree of processes in a sub-sandbox with the
tree in the main process.
. New sandboxing parameter flatpak run --a11y-own-name, which
is like --own-name but for the accessibility bus.
. flatpak-portal API v7: add new sandbox-a11y-own-names
option, which accepts names matching ${FLATPAK_ID}.*
. Apps may call the org.a11y.atspi.Socket.Embedded method on
names matching ${FLATPAK_ID}.Sandboxed.* by default
. flatpak run -vv $app_id shows all applicable sandboxing
parameters and their source, including overrides, as debug
messages
- Introduce USB device listing
. Apps can list which USB devices they want to access ahead
of time by using the --usb parameter. Check the manpages
for the more information about the accepted syntax.
. Denying access to USB devices is also possible with the
--no-usb parameter. The syntax is equal to --usb.
. Both options merely store metadata, and aren't used by
Flatpak itself. This metadata is intended to be used by the
(as of now, still in progress) USB portal to decide which
devices the app can enumerate and request access.
- Add support for KDE search completion
- Use the instance id of the Flatpak app as part of the cgroup
name. This better matches the naming conventions for cgroup.
+ Bug fixes:
- Update libglnx to 2024-08-23
- fix build in environments that use -Werror=return-type, such
as openSUSE Tumbleweed
- add a fallback definition for G_PID_FORMAT with older GLib
- avoid warnings for g_steal_fd() with newer GLib
- improve compatibility of g_closefrom() backport with newer
GLib
- Update meson wrap file for xdg-dbus-proxy to version 0.1.6:
- compatibility with D-Bus implementations that pipeline the
authentication handshake, such as sd-bus and zbus
- compatibility with D-Bus implementations that use
non-consecutive serial numbers, such as godbus and zbus
- broadcast signals can be allowed without having to add TALK
permission
- fix memory leaks
+ Internal changes:
- Better const-correctness
- Fix a shellcheck warning in the tests
- Drop libglnx.patch: Fixed upstream.
-------------------------------------------------------------------
Tue Oct 15 11:54:41 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop rcFOO symlinks (PED-266).
-------------------------------------------------------------------
Wed Oct 2 15:16:49 UTC 2024 - Robert Frohl <rfrohl@suse.com>
@ -10,21 +118,340 @@ Wed Oct 2 15:16:49 UTC 2024 - Robert Frohl <rfrohl@suse.com>
selinux_relabel_* in scriptlets to work on other codestreams
-------------------------------------------------------------------
Wed Aug 16 21:07:12 UTC 2024 - Cliff Zhao <qzhao@suse.com>
Wed Aug 14 16:07:15 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.10
* Dependencies: In distributions that compile Flatpak to use a
separate bubblewrap (bwrap) executable, either version 0.10.0,
version 0.6.x ≥ 0.6.3, or a version with a backport of the
--bind-fd option is required. These versions add a new feature
which is required by the security fix in this release.
* Security fixes: Don't follow symbolic links when mounting
persistent directories (--persist option). This prevents a
sandbox escape where a malicious or compromised app could edit
the symlink to point to a directory that the app should not have
been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
* Documentation: Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)
(bsc#1229157, CVE-2024-42472)
- Update to version 1.15.10:
+ Dependencies: In distributions that compile Flatpak to use a
separate bubblewrap (bwrap) executable, version 0.10.0 is
required. This version adds a new feature which is required by
the security fix in this release.
+ Security fixes: Don't follow symbolic links when mounting
persistent directories (--persist option). This prevents a
sandbox escape where a malicious or compromised app could edit
the symlink to point to a directory that the app should not
have been allowed to read or write. (CVE-2024-42472,
GHSA-7hgv-f2j8-xw87, bsc#1229157)
+ Documentation: Mark the 1.12.x and 1.10.x branches as
end-of-life
+ Other bug fixes: Fix several memory leaks
+ Internal changes:
- Record a log file when running build-time tests with
AddressSanitizer
- Add initial suppressions file for AddressSanitizer
-------------------------------------------------------------------
Thu Aug 8 12:33:34 UTC 2024 - Imo Hester <vortex@z-ray.de>
- As per documentation from flatpak 1.0: add weak dep on
p11-kit-server for certificate transfer (boo#1188902)
-------------------------------------------------------------------
Fri Jun 14 13:51:38 UTC 2024 - pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
-------------------------------------------------------------------
Tue Apr 23 13:23:52 UTC 2024 - Robert Frohl <rfrohl@suse.com>
- disable parental controls for now by using '-Dmalcontent=disabled', to work around
issues with xdg-desktop-portal
-------------------------------------------------------------------
Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl <rfrohl@suse.com>
- Update to version 1.15.8:
+ Security fixes:
- Don't allow an executable name to be misinterpreted as a
command-line option for bwrap(1). This prevents a sandbox
escape where a malicious or compromised app could ask
xdg-desktop-portal to generate a .desktop file with access to
files outside the sandbox. (CVE-2024-32462, boo#1223110).
+ Other bug fixes:
- Pass the -export-dynamic linker option as
-Wl,-export-dynamic, fixing build failures with clang 18 and
lld 18.
- Fix a double-free when installation is cancelled.
- Fix installed-tests failure with "FUSERMOUNT: unbound
variable".
- Changes from version 1.15.7:
+ New features:
- Automatically remove obsolete driver versions and other
autopruned refs.
- --socket=inherit-wayland-socket.
- Automatically reload D-Bus session bus configuration after
installing or upgrading apps, to pick up any exported D-Bus
services.
+ Bug fixes:
- Don't parse <developer><name/></developer> as the application
name.
- Don't refuse to start apps when there is no D-Bus system bus
available.
- Don't try to repeat migration of apps whose data was migrated
to a new name and then deleted.
- Improve handling of mixed locales on systems with
systemd-localed.
- Improve display of ellipsized columns in wide terminals.
- Make flatpak info -e look for extensions in all
installations.
- Fix warnings from newer GLib versions.
- Always set the container environment variable.
- Always let the app inherit redirected file descriptors.
- In flatpak ps, add xdg-desktop-portal-gnome to the list of
backends we'll use to learn which apps are running in the
background.
- Don't use WAYLAND_SOCKET unless given
--socket=inherit-wayland-socket.
- Use fusermount3 if compiled with FUSE 3, overridable with
-Dsystem_fusermount compile-time option.
- Avoid leaking a temporary variable from
/etc/profile.d/flatpak.sh into the shell environment.
- Improve async-signal safety.
- Fix various memory leaks.
- Avoid undefined behaviour of signed left-shift when storing
object IDs in a hash table.
- Detect the correct gtk-doc when cross-compiling.
- Detect the correct wayland-scanner when cross-compiling.
- Documentation improvements.
- Skip more tests when FUSE isn't available.
- Updated translations.
- Add libglnx.patch: fix meson function detection.
- Switch build system to meson:
+ Add meson BuildRequires.
+ Switch configure/make_build/make_install macros to
meson/meson_build/meson_install, preserving the configure
parameters as close as possible:
--disable-silent-rules => obsoleted
--with-system-bubblewrap => -Dsystem_bubblewrap=bwrap
--with-curl => -Dhttp_backend=curl
- Add pkgconfig(malcontent-0) BuildRequires: enable malcontent
support.
-------------------------------------------------------------------
Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
- Make flatpak-remote-flathub only supplement flatpak in TW
(bsc#1221662).
-------------------------------------------------------------------
Thu Mar 7 11:21:12 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
- Add a flatpak-selinux subpackage that provides a SELinux policy
module (boo#1220591).
-------------------------------------------------------------------
Tue Nov 14 19:34:15 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.6:
+ In distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, version 0.8.0 is now required.
+ Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and
wayland-protocols >= 1.32.
+ Add --device=input, for access to evdev devices in /dev/input
+ Update bundled copy of bubblewrap to version 0.8.0, and rely on
its features:
+ Improve error message if seccomp is disabled in kernel config
+ Security hardening: set user namespace limit to 0, to prevent
creation of nested user namespaces in a more robust way
+ For subsandboxes started by flatpak-portal, inherit
environment variables from the flatpak run that started the
original instance rather than from flatpak-portal, fixing
behaviour of FLATPAK_GL_DRIVERS and similar features
+ Stop http transfers if a download in progress becomes very slow
+ Make it easier to configure extra languages, by picking them up
from AccountsService if configured there
+ Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended
replacement more reliably
+ Create a private Wayland socket with the "security context"
extension if available, allowing the compositor to identify
connections from sandboxed apps as belonging to the sandbox
+ Update libglnx to 2023-08-29
+ Use features of newer GLib versions if available
+ Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
+ Add anchors to link to sections of flatpak-metadata
documentation
+ Bug fixes:
- Avoid warnings processing symbolic links with GLib >= 2.77.0,
and with GLib 2.76.0 (GLib 2.76.1 or later silences these
warnings)
- Bypass page cache for backend requests in revokefs, fixing
installation errors with libostree 2023.4
- Show AppStream metadata in flatpak remote-info as intended
- Don't let Flatpak apps inherit VK_DRIVER_FILES or
VK_ICD_FILENAMES from the host system, which would be wrong
for the sandbox
- Fix build failure with prereleases of libappstream 0.17.x
- Forward-compatibility with libappstream 1.0
- Fix installation with Meson if configured with
-Dauto_sideloading=true
- Fix a memory leak
- Fix compiler warnings
- Make the tests fail more comprehensibly if a required tool is
missing
- Clean up /var/tmp/flatpak-cache-* directories on boot
- Don't force GIO_USE_VFS=local for programs launched via
flatpak-spawn
- Clarify documentation for D-Bus name ownership
+ Internal changes:
- Split up large source files into smaller modules, reducing
internal circular dependencies
- Re-synchronize code backported from GLib with the version in
GLib
- Clarify documentation for D-Bus name ownership
- Make the flags used to apply "extra data" clearer
- Use glnx_opendirat() where possible
+ Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
pkgconfig(wayland-protocols) BuildRequires and pass
with-wayland-security-context=yes to configure: Enable the
optional Wayland security context.
-------------------------------------------------------------------
Wed Aug 2 20:23:29 UTC 2023 - Luciano Santos <luc14n0@opensuse.org>
- Add update-user-flatpaks service and timer Systemd units - based
on update-system-flatpaks.{service,timer} - to help users keep
their user installed flatpaks up to date.
- Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config
macro to mark it as a configuration file.
-------------------------------------------------------------------
Fri Mar 17 16:20:57 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100):
+ Escape special characters when displaying permissions and
metadata, preventing malicious apps from manipulating the
appearance of the permissions list using crafted metadata
(CVE-2023-28101, bsc#1209410).
+ If a Flatpak app is run on a Linux virtual console (tty1, tty2,
etc.), don't allow copy/paste via the TIOCLINUX ioctl
(CVE-2023-28100, bsc#1209411). Note that this is specific to virtual
consoles: Flatpak is not vulnerable to this if run from a
graphical terminal emulator such as xterm, gnome-terminal or
Konsole.
+ Document the path used for flatpak override.
+ Updated translations.
-------------------------------------------------------------------
Fri Mar 17 10:06:34 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.3:
+ Build system: Building this version of Flatpak with Meson is
recommended. The source release flatpak-1.15.3.tar.xz no longer
contains Autotools-generated files, although this version can
still be built using Autotools after running ./autogen.sh.
Future versions are likely to remove the Autotools buildsystem.
+ Bug fixes:
- When splitting an upgrade into two steps (download without
installing, and then upgrade without allowing further
downloads) like GNOME Software does, if an app is marked EOL
and superseded by a replacement, don't remove the superseded
app in the first step, which would result in the replacement
incorrectly not being installed.
- Fix a crash when --socket=gpg-agent is used.
- Fix a crash when listing apps if one of them is broken or
misconfigured.
- If an app has invalid syntax in its overrides or metadata,
mention the filename in the error message.
- Unset $GDK_BACKEND for apps, ensuring GTK apps with
--socket=fallback-x11 can work.
- Fix a deprecation warning when compiled with curl >= 7.85.
+ Updated translations.
+ Internal changes: Better diagnostic messages for why runtimes
are or are not considered unused.
- Changes from version 1.15.2:
+ Bug fixes:
- Never try to export a parent of reserved directories as a
--filesystem, for example /run, which would prevent the app
from starting.
- Never try to export a --filesystem below /run/flatpak or
/run/host, which could similarly prevent the app from
starting.
- The above change also fixes apps not starting if a
--filesystem is a symlink to the root directory.
- Show a warning when the --filesystem exists but cannot be
shared with the sandbox.
- Display the intended messages for flatpak repair.
- Exporting an app to an existing repository on a CIFS
filesystem now works as intended.
- Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
some GLib apps when set to a path on the host.
- Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
Qt apps under Wayland when this variable is set to a path not
available in the sandbox.
- When using the fish shell, avoid duplicate XDG_DATA_DIRS
entries if the profile script is sourced more than once.
- Update included copy of bubblewrap to 0.7.0 for better error
messages.
- Install SELinux files correctly when building with Meson
+ Internal changes:
- Update included copy of libglnx
- flatpak -v now uses the INFO log level, and flatpak -vv uses
the DEBUG log level in the flatpak log domain. Previously,
the extra messages that were logged by flatpak -vv were in a
separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak
previously had an effect similar to flatpak -v, and is now
more similar to flatpak -vv.
- Changes from version 1.15.1:
+ Dependencies: When building with Meson, gpgme 1.8.0 is now
required. Older versions can still be used by building with
Autotools.
+ Features: If an old temporary deploy directory was leaked by
versions before #5146, clean it up the next time the same app
is updated.
+ Bug fixes:
- If an app update is blocked by parental controls policies,
clean up the temporary deploy directory.
- Fix Autotools build with versions of gpgme that no longer
provide gpgme-config(1).
- Fix a possible parallel build failure with Meson.
- Fix a compiler warning on 32-bit architectures.
- When building with Autotools, be more consistent about
applying compiler warning flags.
- Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
- Treat /efi the same as /boot/efi.
- Changes from version 1.15.0:
+ Build system:
- Flatpak can now be compiled using Meson instead of Autotools.
This requires Meson 0.53.0 or later, and Python 3.5 or later.
- The Autotools build system is likely to be removed during
either the 1.15.x or 1.17.x cycle.
+ New features:
- Allow the modify_ldt system call as part of
--allow=multiarch. This increases attack surface, but is
required when running 16-bit executables in some versions of
Wine.
- Share gssproxy socket, which acts like a portal for Kerberos
authentication. This lets apps use Kerberos authentication
without needing a sandbox hole.
- Add a httpbackend variable to flatpak.pc, allowing dependent
projects like GNOME Software to detect whether they are
compatible with libflatpak.
+ Bug fixes:
- Terminate the flatpak-session-helper and flatpak-portal
services when the session ends, so that applications will not
inherit outdated Wayland and X11 socket addresses.
- When using fish shell, don't overwrite a previously-set
XDG_DATA_DIRS.
- Don't try to enable HTTP 2 if linked to a libcurl version
that doesn't support it.
- Stop systemd reporting the session-helper as failed when
terminated by a signal.
- Fix a warning when listing a document with no permissions.
- Fix compilation with GLib 2.66.x (as used in Debian 11).
- Fix compilation with GLib 2.58.x (as used in Debian 10).
- Make generated files more reproducible.
+ Internal changes:
- Update project logo in README.
- Update libglnx subproject.
+ Updated translations.
- Add libtool BuildRequires and pass autogen.sh, bootstrapping
build is now needed.
- Add gtk-doc and xmlto BuildRequires and pass enable-documentation
and enable-gtk-doc to configure, building documentation manually.
-------------------------------------------------------------------
Thu Mar 16 16:15:42 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

124
flatpak.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package flatpak
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -15,9 +15,10 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global selinuxtype targeted
%define libname libflatpak0
%define bubblewrap_version 0.5.0
%define bubblewrap_version 0.10.0
%define ostree_version 2020.8
%define xdg_dbus_proxy_version 0.1.0
@ -34,7 +35,7 @@
%define support_environment_generators 1
%endif
Name: flatpak
Version: 1.14.10
Version: 1.16.0
Release: 0
Summary: OSTree based application bundles management
License: LGPL-2.1-or-later
@ -43,9 +44,12 @@ URL: https://flatpak.github.io/
Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
Source1: update-system-flatpaks.service
Source2: update-system-flatpaks.timer
Source3: https://flathub.org/repo/flathub.flatpakrepo
Source3: update-user-flatpaks.service
Source4: update-user-flatpaks.timer
Source5: https://flathub.org/repo/flathub.flatpakrepo
# PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations
Patch0: polkit_rules_usability.patch
BuildRequires: bison
BuildRequires: bubblewrap >= %{bubblewrap_version}
BuildRequires: docbook-xsl-stylesheets
@ -54,12 +58,16 @@ BuildRequires: intltool >= 0.35.0
BuildRequires: libcap-devel
BuildRequires: libgpg-error-devel
BuildRequires: libgpgme-devel >= 1.1.8
BuildRequires: libtool
BuildRequires: meson
BuildRequires: pkgconfig
BuildRequires: python3-pyparsing
BuildRequires: selinux-policy-%{selinuxtype}
BuildRequires: selinux-policy-devel
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
BuildRequires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version}
BuildRequires: xmlto
BuildRequires: xsltproc
BuildRequires: pkgconfig(appstream) >= 0.12.0
BuildRequires: pkgconfig(dconf) >= 0.26
@ -81,13 +89,19 @@ BuildRequires: pkgconfig(libzstd) >= 0.8.1
BuildRequires: pkgconfig(ostree-1) >= %{ostree_version}
BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(wayland-client) >= 1.15
BuildRequires: pkgconfig(wayland-protocols) >= 1.32
BuildRequires: pkgconfig(wayland-scanner) >= 1.15
BuildRequires: pkgconfig(xau)
Requires: %{libname} = %{version}
Requires: bubblewrap >= %{bubblewrap_version}
Requires: ostree >= %{ostree_version}
Requires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version}
Requires: xdg-desktop-portal >= 0.10
Requires: (flatpak-selinux = %{version} if selinux-policy-%{selinuxtype})
Requires: user(flatpak)
# as per documentation from flatpak 1.0: add weak dep on p11-kit-server for certificate transfer
Recommends: p11-kit-server
# Remove after openSUSE Leap 42 is out of scope
Provides: xdg-app = %{version}
Obsoletes: xdg-app < %{version}
@ -153,15 +167,31 @@ more information.
Summary: Add Flathub repository to system flatpak
Group: System/Packages
Requires: flatpak
Requires(postun):flatpak
Requires(postun):sed
Requires(postun): flatpak
Requires(postun): sed
%if 0%{?suse_version} > 1600
Supplements: flatpak
%endif
BuildArch: noarch
%description remote-flathub
Flathub is a widely used repository for Flatpak applications. This package
adds the Flathub repository to the list of system flatpak remotes.
%package selinux
Summary: SELinux policy module for flatpak
Group: System Environment/Base
Requires: flatpak
BuildArch: noarch
%{?selinux_requires}
%description selinux
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
This package provides the SELinux policy module for flatpak.
%postun remote-flathub
# upon uninstall
if [ $1 == 0 ]; then
@ -173,31 +203,33 @@ fi
%lang_package
%python3_fix_shebang
%prep
%autosetup -p1
sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
%build
%configure \
--disable-silent-rules \
--with-system-bubblewrap \
--with-curl \
--with-priv-mode=none \
--with-dbus-config-dir=%{_dbusconfigdir} \
--with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \
%meson \
-Dsystem_bubblewrap=%{_bindir}/bwrap \
-Dhttp_backend=curl \
-Ddbus_config_dir=%{_dbusconfigdir} \
-Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \
%if !%{support_environment_generators}
--enable-gdm-env-file \
-Dgdm_env_file=enabled \
%endif
--docdir=%{_docdir}/%{name} \
%{nil}
%make_build
-Dgtkdoc=enabled \
-Dwayland_security_context=enabled \
-Dselinux_module=enabled \
-Dtests=false \
-Dmalcontent=disabled \
%{nil}
%meson_build
%sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf
%install
%make_install
%meson_install
find %{buildroot} -type f -name "*.la" -delete -print
mkdir -p %{buildroot}%{_sbindir}
ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
# add a 60- prefix to the rules file, otherwise it is not effective, because
# /etc/polkit-1/rules.d/90-default-privs.rules is executed first and if no
# polkit-default-privs rule grants access then an explicit reject is the
@ -210,12 +242,16 @@ rm -Rf %{buildroot}%{_systemd_user_env_generator_dir}
rm -Rf %{buildroot}%{_systemd_system_env_generator_dir}
%endif
install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/update-system-flatpaks.service
install -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/update-system-flatpaks.timer
# System update Systemd service and timer units
install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE1}
install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE2}
mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d
# Flathub
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/flatpak/remotes.d
# User update Systemd service and timer units
install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE3}
install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE4}
# Flathub remote repository
install -D -m 644 -t %{buildroot}%{_sysconfdir}/flatpak/remotes.d %{SOURCE5}
%find_lang %{name}
@ -242,16 +278,34 @@ if [ -e "%{_localstatedir}/lib/flatpak/repo" ] && [ -z "$(ls -A %{_localstatedir
rm -r %{_localstatedir}/lib/flatpak/repo
fi
%{_bindir}/flatpak remotes 1> /dev/null
%tmpfiles_create %{_tmpfilesdir}/flatpak.conf
%postun
%service_del_postun flatpak-system-helper.service
%service_del_postun update-system-flatpaks.service
%service_del_postun update-system-flatpaks.timer
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/flatpak.pp.bz2
%preun selinux
%selinux_relabel_pre -s %{selinuxtype}
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} flatpak
%selinux_relabel_post -s %{selinuxtype}
fi;
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
%files -f %{name}.lang
%license COPYING
%{_bindir}/flatpak
%{_exec_prefix}/lib/tmpfiles.d/flatpak.conf
%{_libexecdir}/flatpak-portal
%{_libexecdir}/flatpak-session-helper
%{_libexecdir}/flatpak-system-helper
@ -279,17 +333,19 @@ fi
%{_mandir}/man1/%{name}*.1%{?ext_man}
%{_mandir}/man5/flatpak-metadata.5%{?ext_man}
%{_mandir}/man5/flatpak-flatpakref.5%{?ext_man}
%{_mandir}/man5/flatpakref.5%{?ext_man}
%{_mandir}/man5/flatpak-flatpakrepo.5%{?ext_man}
%{_mandir}/man5/flatpakrepo.5%{?ext_man}
%{_mandir}/man5/flatpak-installation.5%{?ext_man}
%{_mandir}/man5/flatpak-remote.5%{?ext_man}
%{_datadir}/%{name}/
%config %{_sysconfdir}/profile.d/flatpak.sh
%config %{_sysconfdir}/profile.d/flatpak.csh
%dir %{_sysconfdir}/flatpak
%dir %{_sysconfdir}/flatpak/remotes.d
%{_unitdir}/flatpak-system-helper.service
%{_unitdir}/update-system-flatpaks.service
%{_unitdir}/update-system-flatpaks.timer
%{_sbindir}/rcflatpak-system-helper
%{_unitdir}/update-system-flatpaks.{service,timer}
%{_userunitdir}/update-user-flatpaks.{service,timer}
%{_userunitdir}/flatpak-session-helper.service
%{_userunitdir}/flatpak-portal.service
%ghost %dir %{_localstatedir}/lib/flatpak
@ -307,6 +363,7 @@ fi
%{_userunitdir}/flatpak-oci-authenticator.service
%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml
%{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service
%{_tmpfilesdir}/flatpak.conf
%files -n system-user-flatpak
%license COPYING
@ -328,6 +385,9 @@ fi
%files devel
%license COPYING
%doc %{_datadir}/gtk-doc/html/flatpak
%dir %{_datadir}/doc/flatpak
%doc %{_datadir}/doc/flatpak/docbook.css
%doc %{_datadir}/doc/flatpak/flatpak-docs.html
%{_bindir}/flatpak-bisect
%{_bindir}/flatpak-coredumpctl
%{_libdir}/pkgconfig/flatpak.pc
@ -336,6 +396,10 @@ fi
%{_datadir}/gir-1.0/Flatpak-1.0.gir
%files remote-flathub
%{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo
%config %{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo
%files selinux
%{_datadir}/selinux/devel/include/contrib/flatpak.if
%{_datadir}/selinux/packages/flatpak.pp.bz2
%changelog

12
update-user-flatpaks.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Update user Flatpaks
Documentation=man:flatpak-update(1)
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/flatpak --user update -y --noninteractive
[Install]
WantedBy=default.target

10
update-user-flatpaks.timer Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Update user Flatpaks daily
Documentation=man:flatpak-update(1)
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target