From 59757be81f4af793f1d9ed2931c268b02d78ec8300ec9f5ca8c85eb502fc4261 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 2 Oct 2024 15:58:13 +0000 Subject: [PATCH] explicitly require a selinux policy to make sure scriptlets can run relabel OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=208 --- .gitattributes | 23 + .gitignore | 1 + flathub.flatpakrepo | 8 + flatpak-1.15.10.tar.xz | 3 + flatpak.changes | 3937 ++++++++++++++++++++++++++++++++ flatpak.spec | 410 ++++ libglnx.patch | 13 + polkit_rules_usability.patch | 16 + update-system-flatpaks.service | 12 + update-system-flatpaks.timer | 10 + update-user-flatpaks.service | 12 + update-user-flatpaks.timer | 10 + 12 files changed, 4455 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 flathub.flatpakrepo create mode 100644 flatpak-1.15.10.tar.xz create mode 100644 flatpak.changes create mode 100644 flatpak.spec create mode 100644 libglnx.patch create mode 100644 polkit_rules_usability.patch create mode 100644 update-system-flatpaks.service create mode 100644 update-system-flatpaks.timer create mode 100644 update-user-flatpaks.service create mode 100644 update-user-flatpaks.timer diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/flathub.flatpakrepo b/flathub.flatpakrepo new file mode 100644 index 0000000..7cb0ca8 --- /dev/null +++ b/flathub.flatpakrepo @@ -0,0 +1,8 @@ +[Flatpak Repo] +Title=Flathub +Url=https://dl.flathub.org/repo/ +Homepage=https://flathub.org/ +Comment=Central repository of Flatpak applications +Description=Central repository of Flatpak applications +Icon=https://dl.flathub.org/repo/logo.svg +GPGKey=mQINBFlD2sABEADsiUZUOYBg1UdDaWkEdJYkTSZD68214m8Q1fbrP5AptaUfCl8KYKFMNoAJRBXn9FbE6q6VBzghHXj/rSnA8WPnkbaEWR7xltOqzB1yHpCQ1l8xSfH5N02DMUBSRtD/rOYsBKbaJcOgW0K21sX+BecMY/AI2yADvCJEjhVKrjR9yfRX+NQEhDcbXUFRGt9ZT+TI5yT4xcwbvvTu7aFUR/dH7+wjrQ7lzoGlZGFFrQXSs2WI0WaYHWDeCwymtohXryF8lcWQkhH8UhfNJVBJFgCY8Q6UHkZG0FxMu8xnIDBMjBmSZKwKQn0nwzwM2afskZEnmNPYDI8nuNsSZBZSAw+ThhkdCZHZZRwzmjzyRuLLVFpOj3XryXwZcSefNMPDkZAuWWzPYjxS80cm2hG1WfqrG0Gl8+iX69cbQchb7gbEb0RtqNskTo9DDmO0bNKNnMbzmIJ3/rTbSahKSwtewklqSP/01o0WKZiy+n/RAkUKOFBprjJtWOZkc8SPXV/rnoS2dWsJWQZhuPPtv3tefdDiEyp7ePrfgfKxuHpZES0IZRiFI4J/nAUP5bix+srcIxOVqAam68CbAlPvWTivRUMRVbKjJiGXIOJ78wAMjqPg3QIC0GQ0EPAWwAOzzpdgbnG7TCQetaVV8rSYCuirlPYN+bJIwBtkOC9SWLoPMVZTwQARAQABtC5GbGF0aHViIFJlcG8gU2lnbmluZyBLZXkgPGZsYXRodWJAZmxhdGh1Yi5vcmc+iQJUBBMBCAA+FiEEblwF2XnHba+TwIE1QYTdTZB6fK4FAllD2sACGwMFCRLMAwAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQQYTdTZB6fK5RJQ/+Ptd4sWxaiAW91FFk7+wmYOkEe1NY2UDNJjEEz34PNP/1RoxveHDt43kYJQ23OWaPJuZAbu+fWtjRYcMBzOsMCaFcRSHFiDIC9aTp4ux/mo+IEeyarYt/oyKb5t5lta6xaAqg7rwt65jW5/aQjnS4h7eFZ+dAKta7Y/fljNrOznUp81/SMcx4QA5G2Pw0hs4Xrxg59oONOTFGBgA6FF8WQghrpR7SnEe0FSEOVsAjwQ13Cfkfa7b70omXSWp7GWfUzgBKyoWxKTqzMN3RQHjjhPJcsQnrqH5enUu4Pcb2LcMFpzimHnUgb9ft72DP5wxfzHGAWOUiUXHbAekfq5iFks8cha/RST6wkxG3Rf44Zn09aOxh1btMcGL+5xb1G0BuCQnA0fP/kDYIPwh9z22EqwRQOspIcvGeLVkFeIfubxpcMdOfQqQnZtHMCabV5Q/Rk9K1ZGc8M2hlg8gHbXMFch2xJ0Wu72eXbA/UY5MskEeBgawTQnQOK/vNm7t0AJMpWK26Qg6178UmRghmeZDj9uNRc3EI1nSbgvmGlpDmCxaAGqaGL1zW4KPW5yN25/qeqXcgCvUjZLI9PNq3Kvizp1lUrbx7heRiSoazCucvHQ1VHUzcPVLUKKTkoTP8okThnRRRsBcZ1+jI4yMWIDLOCT7IW3FePr+3xyuy5eEo9a25Ag0EWUPa7AEQALT/CmSyZ8LWlRYQZKYw417p7Z2hxqd6TjwkwM3IQ1irumkWcTZBZIbBgrSOg6CcXD2oWydCQHWi9qaxhuhEl2bJL5LskmBcMxVdQeD0LLHd8QUnbnnIby8ocvWN1alPfvJFjCUTrmD22U1ycOzRw2lIe4kiQONbOZtdWrVImQQSndjFlisitbmlWHvHm2lOOYy8+GJB7YffVV193hmnBSJffCy4bvkuLxsI+n1DhOzc7MPV3z6HGk4HiEcF0yyt9tCYhpsxHFdBoq2h771HfAcS0s98EVAqYMFnf9em+4cnYpdI6mhIfS1FQiKl6DBAYA8tT3ggla00DurPo0JwX/zN+PaO5h/6O9aCZwV7G6rbkgMuqMergXaf8oP38gr0z+MqWnkfM63Bodq68GP4l4hd02BoFBbDf38TMuGQB14+twJMdfbAxo2MbgluvQgfwHfZ2ca6gyEY+9s/YD1gugLjV+S6CB51WkFNe1z4tAPgJZNxUcKCbeaHNbthl8Hks/pY9RCEseX/EdfzF18epbSjJMPh4DPQXbUoFwmyuYcoBOPmvZHNl9hK7B/1RP8w1ZrXk8qdupC0SNbafX7270B7lMMVImzZetGsM9ypXJ6llhp3FwW09iseNyGJGPsr/dvTMGDXqOPfU/9SAS1LSTY4K9PbRtdrBE318YX8mIk5ABEBAAGJBHIEGAEIACYWIQRuXAXZecdtr5PAgTVBhN1NkHp8rgUCWUPa7AIbAgUJEswDAAJACRBBhN1NkHp8rsF0IAQZAQgAHRYhBFSmzd2JGfsgQgDYrFYnAunj7X7oBQJZQ9rsAAoJEFYnAunj7X7oR6AP/0KYmiAFeqx14Z43/6s2gt3VhxlSd8bmcVV7oJFbMhdHBIeWBp2BvsUf00I0Zl14ZkwCKfLwbbORC2eIxvzJ+QWjGfPhDmS4XUSmhlXxWnYEveSek5Tde+fmu6lqKM8CHg5BNx4GWIX/vdLi1wWJZyhrUwwICAxkuhKxuP2Z1An48930eslTD2GGcjByc27+9cIZjHKa07I/aLffo04V+oMT9/tgzoquzgpVV4jwekADo2MJjhkkPveSNI420bgT+Q7Fi1l0X1aFUniBvQMsaBa27PngWm6xE2ZYvh7nWCdd5g0c0eLIHxWwzV1lZ4Ryx4ITO/VL25ItECcjhTRdYa64sA62MYSaB0x3eR+SihpgP3wSNPFu3MJo6FKTFdi4CBAEmpWHFW7FcRmd+cQXeFrHLN3iNVWryy0HK/CUEJmiZEmpNiXecl4vPIIuyF0zgSCztQtKoMr+injpmQGC/rF/ELBVZTUSLNB350S0Ztvw0FKWDAJSxFmoxt3xycqvvt47rxTrhi78nkk6jATKGyvP55sO+K7Q7Wh0DXA69hvPrYW2eu8jGCdVGxi6HX7L1qcfEd0378S71dZ3g9o6KKl1OsDWWQ6MJ6FGBZedl/ibRfs8p5+sbCX3lQSjEFy3rx6n0rUrXx8U2qb+RCLzJlmC5MNBOTDJwHPcX6gKsUcXZrEQALmRHoo3SrewO41RCr+5nUlqiqV3AohBMhnQbGzyHf2+drutIaoh7Rj80XRh2bkkuPLwlNPf+bTXwNVGse4bej7B3oV6Ae1N7lTNVF4Qh+1OowtGjmfJPWo0z1s6HFJVxoIof9z58Msvgao0zrKGqaMWaNQ6LUeC9g9Aj/9Uqjbo8X54aLiYs8Z1WNc06jKP+gv8AWLtv6CR+l2kLez1YMDucjm7v6iuCMVAmZdmxhg5I/X2+OM3vBsqPDdQpr2TPDLX3rCrSBiS0gOQ6DwN5N5QeTkxmY/7QO8bgLo/Wzu1iilH4vMKW6LBKCaRx5UEJxKpL4wkgITsYKneIt3NTHo5EOuaYk+y2+Dvt6EQFiuMsdbfUjs3seIHsghX/cbPJa4YUqZAL8C4OtVHaijwGo0ymt9MWvS9yNKMyT0JhN2/BdeOVWrHk7wXXJn/ZjpXilicXKPx4udCF76meE+6N2u/T+RYZ7fP1QMEtNZNmYDOfA6sViuPDfQSHLNbauJBo/n1sRYAsL5mcG22UDchJrlKvmK3EOADCQg+myrm8006LltubNB4wWNzHDJ0Ls2JGzQZCd/xGyVmUiidCBUrD537WdknOYE4FD7P0cHaM9brKJ/M8LkEH0zUlo73bY4XagbnCqve6PvQb5G2Z55qhWphd6f4B6DGed86zJEa/RhS diff --git a/flatpak-1.15.10.tar.xz b/flatpak-1.15.10.tar.xz new file mode 100644 index 0000000..ac6cb1a --- /dev/null +++ b/flatpak-1.15.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6aa67ca29b4f4da74654888446710b16c9fcfe640c324a51c5025087eecbf42f +size 1169908 diff --git a/flatpak.changes b/flatpak.changes new file mode 100644 index 0000000..1db2e4e --- /dev/null +++ b/flatpak.changes @@ -0,0 +1,3937 @@ +------------------------------------------------------------------- +Wed Oct 2 15:16:49 UTC 2024 - Robert Frohl + +- Explicitly BuildRequire selinux-policy-targeted to allow + selinux_relabel_* in scriptlets to work on other codestreams + +------------------------------------------------------------------- +Wed Aug 14 16:07:15 UTC 2024 - Bjørn Lie + +- Update to version 1.15.10: + + Dependencies: In distributions that compile Flatpak to use a + separate bubblewrap (bwrap) executable, version 0.10.0 is + required. This version adds a new feature which is required by + the security fix in this release. + + Security fixes: Don't follow symbolic links when mounting + persistent directories (--persist option). This prevents a + sandbox escape where a malicious or compromised app could edit + the symlink to point to a directory that the app should not + have been allowed to read or write. (CVE-2024-42472, + GHSA-7hgv-f2j8-xw87, bsc#1229157) + + Documentation: Mark the 1.12.x and 1.10.x branches as + end-of-life + + Other bug fixes: Fix several memory leaks + + Internal changes: + - Record a log file when running build-time tests with + AddressSanitizer + - Add initial suppressions file for AddressSanitizer + +------------------------------------------------------------------- +Thu Aug 8 12:33:34 UTC 2024 - Imo Hester + +- As per documentation from flatpak 1.0: add weak dep on + p11-kit-server for certificate transfer (boo#1188902) + +------------------------------------------------------------------- +Fri Jun 14 13:51:38 UTC 2024 - pgajdos@suse.com + +- remove dependency on /usr/bin/python3 using + %python3_fix_shebang macro, [bsc#1212476] + +------------------------------------------------------------------- +Tue Apr 23 13:23:52 UTC 2024 - Robert Frohl + +- disable parental controls for now by using '-Dmalcontent=disabled', to work around + issues with xdg-desktop-portal + +------------------------------------------------------------------- +Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl + +- Update to version 1.15.8: + + Security fixes: + - Don't allow an executable name to be misinterpreted as a + command-line option for bwrap(1). This prevents a sandbox + escape where a malicious or compromised app could ask + xdg-desktop-portal to generate a .desktop file with access to + files outside the sandbox. (CVE-2024-32462, boo#1223110). + + Other bug fixes: + - Pass the -export-dynamic linker option as + -Wl,-export-dynamic, fixing build failures with clang 18 and + lld 18. + - Fix a double-free when installation is cancelled. + - Fix installed-tests failure with "FUSERMOUNT: unbound + variable". +- Changes from version 1.15.7: + + New features: + - Automatically remove obsolete driver versions and other + autopruned refs. + - --socket=inherit-wayland-socket. + - Automatically reload D-Bus session bus configuration after + installing or upgrading apps, to pick up any exported D-Bus + services. + + Bug fixes: + - Don't parse as the application + name. + - Don't refuse to start apps when there is no D-Bus system bus + available. + - Don't try to repeat migration of apps whose data was migrated + to a new name and then deleted. + - Improve handling of mixed locales on systems with + systemd-localed. + - Improve display of ellipsized columns in wide terminals. + - Make flatpak info -e look for extensions in all + installations. + - Fix warnings from newer GLib versions. + - Always set the container environment variable. + - Always let the app inherit redirected file descriptors. + - In flatpak ps, add xdg-desktop-portal-gnome to the list of + backends we'll use to learn which apps are running in the + background. + - Don't use WAYLAND_SOCKET unless given + --socket=inherit-wayland-socket. + - Use fusermount3 if compiled with FUSE 3, overridable with + -Dsystem_fusermount compile-time option. + - Avoid leaking a temporary variable from + /etc/profile.d/flatpak.sh into the shell environment. + - Improve async-signal safety. + - Fix various memory leaks. + - Avoid undefined behaviour of signed left-shift when storing + object IDs in a hash table. + - Detect the correct gtk-doc when cross-compiling. + - Detect the correct wayland-scanner when cross-compiling. + - Documentation improvements. + - Skip more tests when FUSE isn't available. + - Updated translations. +- Add libglnx.patch: fix meson function detection. +- Switch build system to meson: + + Add meson BuildRequires. + + Switch configure/make_build/make_install macros to + meson/meson_build/meson_install, preserving the configure + parameters as close as possible: + --disable-silent-rules => obsoleted + --with-system-bubblewrap => -Dsystem_bubblewrap=bwrap + --with-curl => -Dhttp_backend=curl +- Add pkgconfig(malcontent-0) BuildRequires: enable malcontent + support. + +------------------------------------------------------------------- +Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa + +- Make flatpak-remote-flathub only supplement flatpak in TW + (bsc#1221662). + +------------------------------------------------------------------- +Thu Mar 7 11:21:12 UTC 2024 - Antonio Larrosa + +- Add a flatpak-selinux subpackage that provides a SELinux policy + module (boo#1220591). + +------------------------------------------------------------------- +Tue Nov 14 19:34:15 UTC 2023 - Bjørn Lie + +- Update to version 1.15.6: + + In distributions that compile Flatpak to use a separate + bubblewrap (bwrap) executable, version 0.8.0 is now required. + + Enabling the optional Wayland security context feature requires + libwayland-client, wayland-scanner >= 1.15 and + wayland-protocols >= 1.32. + + Add --device=input, for access to evdev devices in /dev/input + + Update bundled copy of bubblewrap to version 0.8.0, and rely on + its features: + + Improve error message if seccomp is disabled in kernel config + + Security hardening: set user namespace limit to 0, to prevent + creation of nested user namespaces in a more robust way + + For subsandboxes started by flatpak-portal, inherit + environment variables from the flatpak run that started the + original instance rather than from flatpak-portal, fixing + behaviour of FLATPAK_GL_DRIVERS and similar features + + Stop http transfers if a download in progress becomes very slow + + Make it easier to configure extra languages, by picking them up + from AccountsService if configured there + + Add new flatpak_transaction_add_rebase_and_uninstall() API, + allowing end-of-life apps to be replaced by their intended + replacement more reliably + + Create a private Wayland socket with the "security context" + extension if available, allowing the compositor to identify + connections from sandboxed apps as belonging to the sandbox + + Update libglnx to 2023-08-29 + + Use features of newer GLib versions if available + + Turn off system-level crash reporting infrastructure during + some unit tests that involve intentional assertion failures + + Add anchors to link to sections of flatpak-metadata + documentation + + Bug fixes: + - Avoid warnings processing symbolic links with GLib >= 2.77.0, + and with GLib 2.76.0 (GLib 2.76.1 or later silences these + warnings) + - Bypass page cache for backend requests in revokefs, fixing + installation errors with libostree 2023.4 + - Show AppStream metadata in flatpak remote-info as intended + - Don't let Flatpak apps inherit VK_DRIVER_FILES or + VK_ICD_FILENAMES from the host system, which would be wrong + for the sandbox + - Fix build failure with prereleases of libappstream 0.17.x + - Forward-compatibility with libappstream 1.0 + - Fix installation with Meson if configured with + -Dauto_sideloading=true + - Fix a memory leak + - Fix compiler warnings + - Make the tests fail more comprehensibly if a required tool is + missing + - Clean up /var/tmp/flatpak-cache-* directories on boot + - Don't force GIO_USE_VFS=local for programs launched via + flatpak-spawn + - Clarify documentation for D-Bus name ownership + + Internal changes: + - Split up large source files into smaller modules, reducing + internal circular dependencies + - Re-synchronize code backported from GLib with the version in + GLib + - Clarify documentation for D-Bus name ownership + - Make the flags used to apply "extra data" clearer + - Use glnx_opendirat() where possible + + Updated translations. +- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and + pkgconfig(wayland-protocols) BuildRequires and pass + with-wayland-security-context=yes to configure: Enable the + optional Wayland security context. + +------------------------------------------------------------------- +Wed Aug 2 20:23:29 UTC 2023 - Luciano Santos + +- Add update-user-flatpaks service and timer Systemd units - based + on update-system-flatpaks.{service,timer} - to help users keep + their user installed flatpaks up to date. +- Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config + macro to mark it as a configuration file. + +------------------------------------------------------------------- +Fri Mar 17 16:20:57 UTC 2023 - Bjørn Lie + +- Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100): + + Escape special characters when displaying permissions and + metadata, preventing malicious apps from manipulating the + appearance of the permissions list using crafted metadata + (CVE-2023-28101, bsc#1209410). + + If a Flatpak app is run on a Linux virtual console (tty1, tty2, + etc.), don't allow copy/paste via the TIOCLINUX ioctl + (CVE-2023-28100, bsc#1209411). Note that this is specific to virtual + consoles: Flatpak is not vulnerable to this if run from a + graphical terminal emulator such as xterm, gnome-terminal or + Konsole. + + Document the path used for flatpak override. + + Updated translations. + +------------------------------------------------------------------- +Fri Mar 17 10:06:34 UTC 2023 - Bjørn Lie + +- Update to version 1.15.3: + + Build system: Building this version of Flatpak with Meson is + recommended. The source release flatpak-1.15.3.tar.xz no longer + contains Autotools-generated files, although this version can + still be built using Autotools after running ./autogen.sh. + Future versions are likely to remove the Autotools buildsystem. + + Bug fixes: + - When splitting an upgrade into two steps (download without + installing, and then upgrade without allowing further + downloads) like GNOME Software does, if an app is marked EOL + and superseded by a replacement, don't remove the superseded + app in the first step, which would result in the replacement + incorrectly not being installed. + - Fix a crash when --socket=gpg-agent is used. + - Fix a crash when listing apps if one of them is broken or + misconfigured. + - If an app has invalid syntax in its overrides or metadata, + mention the filename in the error message. + - Unset $GDK_BACKEND for apps, ensuring GTK apps with + --socket=fallback-x11 can work. + - Fix a deprecation warning when compiled with curl >= 7.85. + + Updated translations. + + Internal changes: Better diagnostic messages for why runtimes + are or are not considered unused. +- Changes from version 1.15.2: + + Bug fixes: + - Never try to export a parent of reserved directories as a + --filesystem, for example /run, which would prevent the app + from starting. + - Never try to export a --filesystem below /run/flatpak or + /run/host, which could similarly prevent the app from + starting. + - The above change also fixes apps not starting if a + --filesystem is a symlink to the root directory. + - Show a warning when the --filesystem exists but cannot be + shared with the sandbox. + - Display the intended messages for flatpak repair. + - Exporting an app to an existing repository on a CIFS + filesystem now works as intended. + - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in + some GLib apps when set to a path on the host. + - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and + Qt apps under Wayland when this variable is set to a path not + available in the sandbox. + - When using the fish shell, avoid duplicate XDG_DATA_DIRS + entries if the profile script is sourced more than once. + - Update included copy of bubblewrap to 0.7.0 for better error + messages. + - Install SELinux files correctly when building with Meson + + Internal changes: + - Update included copy of libglnx + - flatpak -v now uses the INFO log level, and flatpak -vv uses + the DEBUG log level in the flatpak log domain. Previously, + the extra messages that were logged by flatpak -vv were in a + separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak + previously had an effect similar to flatpak -v, and is now + more similar to flatpak -vv. +- Changes from version 1.15.1: + + Dependencies: When building with Meson, gpgme 1.8.0 is now + required. Older versions can still be used by building with + Autotools. + + Features: If an old temporary deploy directory was leaked by + versions before #5146, clean it up the next time the same app + is updated. + + Bug fixes: + - If an app update is blocked by parental controls policies, + clean up the temporary deploy directory. + - Fix Autotools build with versions of gpgme that no longer + provide gpgme-config(1). + - Fix a possible parallel build failure with Meson. + - Fix a compiler warning on 32-bit architectures. + - When building with Autotools, be more consistent about + applying compiler warning flags. + - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR. + - Treat /efi the same as /boot/efi. +- Changes from version 1.15.0: + + Build system: + - Flatpak can now be compiled using Meson instead of Autotools. + This requires Meson 0.53.0 or later, and Python 3.5 or later. + - The Autotools build system is likely to be removed during + either the 1.15.x or 1.17.x cycle. + + New features: + - Allow the modify_ldt system call as part of + --allow=multiarch. This increases attack surface, but is + required when running 16-bit executables in some versions of + Wine. + - Share gssproxy socket, which acts like a portal for Kerberos + authentication. This lets apps use Kerberos authentication + without needing a sandbox hole. + - Add a httpbackend variable to flatpak.pc, allowing dependent + projects like GNOME Software to detect whether they are + compatible with libflatpak. + + Bug fixes: + - Terminate the flatpak-session-helper and flatpak-portal + services when the session ends, so that applications will not + inherit outdated Wayland and X11 socket addresses. + - When using fish shell, don't overwrite a previously-set + XDG_DATA_DIRS. + - Don't try to enable HTTP 2 if linked to a libcurl version + that doesn't support it. + - Stop systemd reporting the session-helper as failed when + terminated by a signal. + - Fix a warning when listing a document with no permissions. + - Fix compilation with GLib 2.66.x (as used in Debian 11). + - Fix compilation with GLib 2.58.x (as used in Debian 10). + - Make generated files more reproducible. + + Internal changes: + - Update project logo in README. + - Update libglnx subproject. + + Updated translations. +- Add libtool BuildRequires and pass autogen.sh, bootstrapping + build is now needed. +- Add gtk-doc and xmlto BuildRequires and pass enable-documentation + and enable-gtk-doc to configure, building documentation manually. + +------------------------------------------------------------------- +Thu Mar 16 16:15:42 UTC 2023 - Bjørn Lie + +- Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100): + + Escape special characters when displaying permissions and + metadata, preventing malicious apps from manipulating the + appearance of the permissions list using crafted metadata + (CVE-2023-28101, boo#1209410). + + If a Flatpak app is run on a Linux virtual console (tty1, tty2, + etc.), don't allow copy/paste via the TIOCLINUX ioctl + (CVE-2023-28100). Note that this is specific to virtual + consoles: Flatpak is not vulnerable to this if run from a + graphical terminal emulator such as xterm, gnome-terminal or + Konsole. (boo#1209411) + + Updated translations. + +------------------------------------------------------------------- +Mon Feb 27 14:07:03 UTC 2023 - Bjørn Lie + +- Update to version 1.14.3: + + When splitting an upgrade into two steps (download without + installing, and then upgrade without allowing further + downloads) like GNOME Software does, if an app is marked EOL + and superseded by a replacement, don't remove the superseded + app in the first step, which would result in the replacement + incorrectly not being installed. + + Fix a crash when --socket=gpg-agent is used. + + Fix a crash when listing apps if one of them is broken or + misconfigured. + + If an app has invalid syntax in its overrides or metadata, + mention the filename in the error message. + + Unset $GDK_BACKEND for apps, ensuring GTK apps with + --socket=fallback-x11 can work. + + Never try to export a parent of reserved directories as a + --filesystem, for example /run, which would prevent the app + from starting. + + Never try to export a --filesystem below /run/flatpak or + /run/host, which could similarly prevent the app from starting. + + The above change also fixes apps not starting if a --filesystem + is a symlink to the root directory. + + Show a warning when the --filesystem exists but cannot be + shared with the sandbox. +- Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream. + +------------------------------------------------------------------- +Thu Feb 23 08:41:51 UTC 2023 - Alynx Zhou + +- Add flatpak-fix-gpg-agent-double-free.patch: stdout stream of a + subprocess is owned by the subprocess, not the caller, so don't + use g_autoptr for it to prevent double free (bsc#1207434). + +------------------------------------------------------------------- +Mon Feb 6 18:22:23 UTC 2023 - Bjørn Lie + +- Update to version 1.14.2: + + The INFO log level is now treated the same as the DEBUG log + level by flatpak -v, to make backports from 1.15.x simpler. + + Bug fixes: + - Display the intended messages for flatpak repair. + - Exporting an app to an existing repository on a CIFS + filesystem now works as intended. + - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in + some GLib apps when set to a path on the host. + - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and + Qt apps under Wayland when this variable is set to a path not + available in the sandbox. + - Unset $KRB5CCNAME for apps. + - When using the fish shell, avoid duplicate XDG_DATA_DIRS + entries if the profile script is sourced more than once. +- Package flatpak-remote-flathub sub-package as noarch. + +------------------------------------------------------------------- +Wed Jan 11 14:56:17 UTC 2023 - Antonio Larrosa + +- Fix the "Requires" version of bubblewrap to be the same as + "BuildRequires" (>= 0.5.0). +- Use a macro to define the versions required of bubblewrap, + ostree and xdg_dbus_proxy to avoid having the same issue in + the future again. + +------------------------------------------------------------------- +Fri Nov 18 17:38:02 UTC 2022 - Bjørn Lie + +- Update to version 1.14.1: + + New features: Add a httpbackend variable to flatpak.pc, + allowing dependent projects like GNOME Software to detect + whether they are compatible with libflatpak. + + Bugs fixed: + - Terminate the flatpak-session-helper and flatpak-portal + services when the session ends, so that applications will not + inherit outdated Wayland and X11 socket addresses. + - When using fish shell, don't overwrite a previously-set + XDG_DATA_DIRS. + - Don't try to enable HTTP 2 if linked to a libcurl version + that doesn't support it. + - Stop systemd reporting the session-helper as failed when + terminated by a signal. + - Fix a warning when listing a document with no permissions. + - Fix compilation with GLib 2.66.x (as used in Debian 11). + - Fix compilation with GLib 2.58.x (as used in Debian 10). + - Fix a compiler warning on 32-bit architectures. + - If an app update is blocked by parental controls policies, + clean up the temporary deploy directory. + - Fix Autotools build with versions of gpgme that no longer + provide gpgme-config(1). + - When building with Autotools, be more consistent about + applying compiler warning flags. + - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR. + - Treat /efi the same as /boot/efi. + - Make generated files more reproducible. + + Updated translations. + +------------------------------------------------------------------- +Sun Nov 13 20:49:05 UTC 2022 - Andreas Stieger + +- Add and recommend a package flatpak-remote-flathub which adds + the Flathub repository (boo#1186315) + +------------------------------------------------------------------- +Thu Sep 1 07:20:51 UTC 2022 - Bjørn Lie + +- Drop pkgconfig(libsoup-2.4) BuildRequires: rely on the curl + backend. Following this, pass --with-curl to configure. +- Add pkgconfig(libxml-2.0) BuildRequires, exsisting dependency, + previously pulled in by libsoup. + +------------------------------------------------------------------- +Tue Aug 30 19:50:38 UTC 2022 - Andreas Stieger + +- Update to version 1.14.0: + + Improved support for sideloading. + + Allow sub-sandboxes to own MPRIS names on the session bus. + + Commands that accept "--user" will now also take "-u" as an alias + for that. + + The CLI now properly informs the user of which apps are + (indirectly) using end-of-life runtime extensions in end-of-life + info messages. + + The CLI now takes into account operations in the pending + transaction when printing end-of-life messages. + + The uninstall command now asks for confirmation before removing + in-use runtimes or runtime extensions. + + A "--socket=gpg-agent" option is now recognized by "flatpak run" + and related commands. + + Curl supported as default HTTP backend. + + Uses Fuse 3. + + Implement support for rewriting dynamic launchers when an app + is renamed. + + Add --include-sdk/debug options to install command to install + SDK/debuginfo along with a ref. + + defense in depth against arbitrary file deletion by + flatpak-system-helper when using very old libostree + (boo#1202639). + + Updated translations. +- Replace pkgconfig(fuse) BuildRequires with pkgconfig(fuse3): + Follow upstreams port to fuse3. +- Add pkgconfig(libcurl) BuildRequires: enable the new HTTP + backend. +- Drop gtk-doc BuildRequires and no longer pass --enable-gtk-doc to + configure: no longer supported. +- Drop libtool BuildRequires: no need to bootstrap the tarball. +- Replace pkgconfig(appstream-glib) BuildRequires with + pkgconfig(appstream): match what configure checks for. +- Add pkgconfig(gdk-pixbuf-2.0): verified dependency that was + implicitly included by appstream-glib before. + +------------------------------------------------------------------- +Fri Jul 15 14:05:05 UTC 2022 - Benjamin Greiner + +- variant-schema-compiler requires the Python module pyparsing + +------------------------------------------------------------------- +Sun Jul 3 08:33:14 UTC 2022 - Andreas Stieger + +- Correct Supplements for flatpak-zsh-completion boo#1201113 +- package LICENSE file in every package +- make flatpak-zsh-completion and system-user-flatpak noarch +- add update-system-flatpaks timer that updates installed flatpaks + daily if enabled + +------------------------------------------------------------------- +Tue Mar 15 18:47:24 UTC 2022 - Andreas Stieger + +- Update to version 1.12.7: + + allow networked access to X11 and PulseAudio services if that + is configured, and the application has network access + + Absolute paths in WAYLAND_DISPLAY now work + + Allow apps that were built with Flatpak 1.13.x to export + AppStream metadata in share/metainfo + + Most commands now work if /var/lib/flatpak exists but + /var/lib/flatpak/repo does not, and will automatically populate + the repo directory if possible + + Consistently pass relative subpaths to libostree, working + around a bug in libostree < 2021.6 when used with GLib >= 2.71 + + Fix some memory leaks in GVariant data processing + +------------------------------------------------------------------- +Tue Feb 22 06:48:37 UTC 2022 - Andreas Stieger + +- Update to version 1.12.6: + + Fix a bug that sometimes caused repo corruption in case + downloads are interrupted or canceled, necessitating a + "flatpak repair" to recover + + More reliably detect the GTK theme + + Fix history command unit test in some edge cases + + Updated translations. + +------------------------------------------------------------------- +Sun Feb 13 21:10:28 UTC 2022 - Dirk Müller + +- drop apparently unused libdwarf buildrequires + +------------------------------------------------------------------- +Fri Feb 11 20:20:05 UTC 2022 - Andreas Stieger + +- Update to version 1.12.5: + + Detect and remove left-over data from + /var/lib/flatpak/appstream + + Fix display bugs in flatpak history + + Don't set up an unnecessary polkit agent for flatpak history + + Don't propagate GStreamer-related environment variables into + sandbox + + Updated translations. + +------------------------------------------------------------------- +Tue Jan 18 20:52:06 UTC 2022 - Andreas Stieger + +- Update to 1.12.4: + + reverting non-backwards-compatible behaviour changes in the + solution previously chosen for CVE-2022-21682 (boo#1194611) + Fix will be in flatpak-builder 1.2.2. + + Clarify documentation of --nofilesystem + + Improve unit test coverage around --filesystem and + --nofilesystem + + Restore compatibility with older appstream-glib versions, + fixing a regression in 1.12.3 + +------------------------------------------------------------------- +Wed Jan 12 20:40:35 UTC 2022 - Andreas Stieger + +- Update to 1.12.3: + + CVE-2021-43860: a malicious repository could have sent invalid + application metadata in a way that hides some of the app + permissions displayed during installation (boo#1194610) + + CVE-2022-21682: flatpak-builder could allow + --mirror-screenshots-url commands to create directories outside + of the build directory (boo#1194611) + + Extra-data downloading now properly handles compressed + content-encodings which fixes checksum verification + + Note: In some corner case server setups this may require the + extra-data checksum to be changed + + Avoid unnecessary policy-kit dialog due to auto-pinning when + installing runtimes + + Better handling of updates of extensions that exist in multiple + repositories + + Fixed (initial) installation apps with renamed ids + + Fixed regression in updates from no-enumerate remotes + + We now verify checksums of summary caches, to better handle + local file corruption + + Improved cli output for non-terminal targets + + Flatpak run --session-bus now works + + Fix build with PyParsing >= 3.0.4 + + Fixed "Since" annotations on FlatpakTransaction signals + + bash auto completion now doesn't complete on command name + aliases + + Minor improvements to the search command + + Minor improvements to the list command + + Minor improvements to the repair command + + Add more tests + + Updated translations. +- Drop support-new-pyparsing.patch: Fixed upstream. + +------------------------------------------------------------------- +Thu Dec 9 04:29:19 UTC 2021 - Steve Kowalik + +- Add patch support-new-pyparsing.patch: + * Support pyparsing >= 3.0.4. + +------------------------------------------------------------------- +Wed Oct 13 19:26:14 UTC 2021 - Andreas Stieger + +- Update to 1.12.2: + + Install translations referenced by LANG, LANGUAGE or LC_ALL + + Fix error handling for the syscalls that are blocked when not + using --devel + + Improve diagnostic messages when seccomp rules cannot be + applied + + Updated translations. + +------------------------------------------------------------------- +Sat Oct 9 12:12:12 UTC 2021 - Bjørn Lie + +- Update to version 1.12.1: + + The security fix in the 1.12.0 release failed when used with + some older versions of libseccomp (that don't know about the + new syscalls). + +------------------------------------------------------------------- +Fri Oct 8 14:39:24 UTC 2021 - Bjørn Lie + +- Update to version 1.12.0: + + This is the first stable release in the 1.12.x series. The + major changes in this series is the support for better control + of sub-sandboxes, as used by the steam flatpak. + + In addition, this release fixes a security vulnerability in the + portal support. Some recently added syscalls were not blocked + by the seccomp rules which allowed the application to create + sub-sandboxes which can confuse the sandboxing verification + mechanisms of the portal. This has been fixed by extending the + seccomp rules (boo#1191507, CVE-2021-41133) + + Some test fixes + + Support for specifying the flatpak binary to use during exports + + Install translations for all languages in the locale, not just + the ones in LC_MESSAGES. + + Fix progress reporting in flatpak fsck + + Handle cases where /var/tmp is a symlink + + Expose /etc/gai.conf to the sandbox + + Fix the parental control checks for root + + Handle missing /etc/ld.so.cache (musl) + + Updated translations + +------------------------------------------------------------------- +Wed Aug 25 20:54:23 UTC 2021 - andy great + +- Update to version 1.11.3. + * Bug fixes: + * Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox, + fixing a regression introduced when CVE-2021-21261 was fixed in + 1.8.5 and 1.10.0 + * Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0 + * Better diagnostics when a --bind or other bind-mount fails + * Create non-directories with safer permissions + * Allow mounting an non-directory over an existing non-directory + * Silence kernel messages for our bind-mounts + * Improve ability to bind-mount directories on case-insensitive + filesystems + * Don't ask user which remote to download from if there is only + one option + * Internal changes: + * Improve test coverage + * Spelling fixes + * Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian + +------------------------------------------------------------------- +Fri Jun 18 17:15:03 UTC 2021 - Callum Farmer + +- Add now working CONFIG parameter to sysusers generator + +------------------------------------------------------------------- +Fri Jun 18 08:22:03 UTC 2021 - Paolo Stivanin + +- Update to version 1.11.2: + + Bug fixes: + - Fix logic error when migrating AppStream XML + - Improve error-checking + - Fix various memory and file descriptor leaks, in particular + with flatpak-spawn --env=... + - Fix fd confusion in flatpak-spawn --env=... --forward-fd=..., + which caused "Steam Linux Runtime" containers to fail to start + - Avoid a crash when looking up summary for a ref without an arch + - Improve handling of refs belonging to more than one + architecture, e.g. for cross-compilation + - Don't abort uninstall if deploy metadata is missing + - Don't fail transaction if searching for dependencies fails + in one remote + - Fix test failure when running tests as root + - Improve error message for 'sudo flatpak run' + + Internal changes: + - Improve printf format string validation + - Improve test coverage + - Reduce risk of accidentally hard-coding x86 in the tests + +------------------------------------------------------------------- +Tue Apr 27 10:41:14 UTC 2021 - Antonio Larrosa + +- Update to version 1.11.1: + + New features: + - All instances of the same app-ID share their /tmp directory + - All instances of the same app-ID share their $XDG_RUNTIME_DIR + - Instances of the same app-ID can optionally share their + /dev/shm directory (enabled by a new --allow flag, + --allow=per-app-dev-shm) + - Allow a subsandbox to have a different /usr and/or /app. + - Steam will use this to launch games with its own container + runtime as /usr (the "Steam Linux Runtime" mechanism). + - enter: Improve support for TUI programs like gdb + - build-update-repo: Add a higher-performance reimplementation + of ostree prune specialized for archive-mode repositories + + Bug fixes: + - Fix deploys of local remotes in system-helper + - Fix test failures on non-x86_64 systems + - Fix two intermittent test failures + - Make polkit queries non-interactive when operating in + non-interactive mode + - Use a local main-context when using libsoup in a thread + - create-usb: Skip copying extra-data flatpaks + - OCI: Switch to pax-format tar archives + - history: Handle transaction log entries with empty REF field + - portal: Fix flatpak-spawn --clear-env on OSs where flatpak + is not on the fallback PATH, such as NixOS + - Fix various issues detected by scan-build + + Internal changes: + - Use GNU bison to build parse-datetime.y + - Add information about security support and security + vulnerability reporting (see SECURITY.md) + - Move all git submodules into subprojects/ directory + - Several sockets are now created in /run/flatpak in the + sandbox, with symbolic links in $XDG_RUNTIME_DIR + +------------------------------------------------------------------- +Wed Mar 10 14:27:26 UTC 2021 - Antonio Larrosa + +- Update to version 1.10.2: + + This is a security update which fixes a potential attack where + a flatpak application could use custom formated .desktop files + to gain access to files on the host system. + + Fix memory leaks + + Some test fixes + + Documentation updates + + G_BEGIN/END_DECLS added to library headders for c++ use + + Fix for X11 cookies on OpenSUSE + + Spawn portal better handles non-utf8 filenames + +------------------------------------------------------------------- +Thu Jan 28 08:00:53 UTC 2021 - Antonio Larrosa + +- Flatpak only requires glib 2.44, not 2.60 +- Update ostree version required to 2020.8 + +------------------------------------------------------------------- +Sun Jan 24 17:24:36 UTC 2021 - Andreas Stieger + +- Update to version 1.10.1: + + Fix flatpak build on systems with setuid bwrap + + Fix some compiler warnings + + Fix crash on updating apps with no deploy data + + Updated translations. +- Remove deprecated texinfo packaging macros. +- Switch to upstream release tarball. + +------------------------------------------------------------------- +Fri Jan 15 16:06:24 UTC 2021 - Bjørn Lie + +- Update to version 1.10.0: + + The major new feature in this series compared to 1.8 is the + support for the new repo format which should make updates + faster and download less data. + + The systemd generator snippets now call flatpak + --print-updated-env in place of a bunch of shell for better + login performance. + + The .profile snippets now disable GVfs when calling flatpak to + avoid spawning a gvfs daemon when logging in via ssh. + + Build fixes for GCC 11. + + Flatpak now finds the pulseaudio sockets better in uncommon + configurations. + + Sandboxes with network access it now also has access to the + systemd-resolved socket to do dns lookups. + + Flatpak supports unsetting env vars in the sandbox using + --unset-env, and --env=FOO= now sets FOO to the empty string + instead of unsetting it. + + Similarly the spawn portal has an option to unset an env var. + + The spawn portal now has an option to share the pid namespace + with the sub-sandbox. + +------------------------------------------------------------------- +Fri Jan 15 16:02:40 UTC 2021 - Bjørn Lie + +- Update to version 1.8.5 (CVE-2021-21261): + + This is a security update that fixes a sandbox escape where a + malicious application can execute code outside the sandbox by + controlling the environment of the "flatpak run" command when + spawning a sub-sandbox (boo#1180996) + +------------------------------------------------------------------- +Thu Jan 7 20:28:03 UTC 2021 - Bjørn Lie + +- Update to version 1.8.4: + + Fix support for ppc64. + +------------------------------------------------------------------- +Wed Dec 30 15:54:11 UTC 2020 - Frederic Crozat + +- Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, + allow to remove python3 dependency on main package. + +------------------------------------------------------------------- +Tue Dec 15 10:36:42 UTC 2020 - Martin Liška + +- Enable LTO (boo#1133124) as gobject-introspection works fine with LTO. + +------------------------------------------------------------------- +Mon Nov 23 17:30:01 UTC 2020 - Dominique Leuenberger + +- Update to version 1.8.3: + + Fixed progress reporting for OCI and extra-data. + + The in-memory summary cache is more efficient. + + Fixed authentication getting stuck in a loop in some cases. + + Fixed authentication error reporting. + + We now extract OCI info for runtimes as well as apps. + + Fixed crash if anonymous authentication fails and -y is + specified. + + flatpak info now only looks at the specified installation if + one is specified. + + Better error reporting for server HTTP errors during download. + + Uninstall now removes applications before the runtime it + depends on. + + Fixed test-suite to pass with the latest OSTree version. + + Fixed dbus environment variables in flatpak enter. + + Avoid updating metadata from the remote when uninstalling. + + Fixed error message handling in various places. + + FlatpakTransaction now verifies all passed in refs to avoid. + + potential issues with invalid names. + + Updated translations. + +------------------------------------------------------------------- +Sat Aug 22 13:10:16 UTC 2020 - Bjørn Lie + +- Update to version 1.8.2: + + Added validation of collection id settings for remotes. + + Fix seccomp filters on s390. + + Robustness fixes to the spawn portal. + + Fix support for masking update in the system installation. + + Better support for distros with uncommon models of merged /usr. + + Cache responses from localed/AccountService. + + Fix hangs in cases where xdg-dbus-proxy fails to start. + + Fix double-free in cups socket detection. + + OCI authenticator now doesn't ask for auth in case of http + errors. + +------------------------------------------------------------------- +Wed Aug 19 07:44:25 UTC 2020 - Dominique Leuenberger + +- Fix invalid usage of %{_libexecdir} to reference systemd + directories. + +------------------------------------------------------------------- +Fri Jul 10 08:55:59 UTC 2020 - Antonio Larrosa + +- Update to version 1.8.1: + * Avoid calling authenticator in update if ref didn't change + * Don't fail transaction if ref is already installed (after + transaction start) + * Fix flatpak run handling of userns in the --device=all case + * Fix handling of extensions from different remotes + * Fix flatpak run --no-session-bus + * Updated translations + +- Update to version 1.8.0: + * FlatpakTransaction has a new signal "install-authenticator" + which clients can handle to install authenticators needed for + the transaction. This is done in the CLI commands. + * We now always expose the host timezone data, allowing us the + expose the host /etc/localtime in a way that works better, + fixing several apps that had timezone issues. + * Fix flatpak enter which didn't work in some cases. + * We now ship a systemd unit (not installed by default) to + automatically detect plugged in usb sticks with sideload repos. + * By default we no longer install the gdm env.d file, as the + systemd generators work better. + * create-usb now exports partial commits by default + * Fix handling of docker media types in oci remotes + * Fix subjects in remote-info --log output + +- Remove source file used to generate a flatpak user on the system + since it's now included by upstream: + * system-user-flatpak.conf + +------------------------------------------------------------------- +Tue Jul 7 10:26:44 UTC 2020 - Callum Farmer + +- Fixes for %_libexecdir changing to /usr/libexec + +------------------------------------------------------------------- +Thu Jun 25 21:10:14 UTC 2020 - Bjørn Lie + +- Update to version 1.6.4: + + This release backports some of the OCI authenticator fixes from + the 1.7 series, and should now be able to host flatpak images + on e.g. docker hub. + + Other changes: + - Fix a use-after free in libflatpak. + - Don't list p2p downgrades in list of available updates. + +------------------------------------------------------------------- +Tue Jun 16 02:21:39 UTC 2020 - Yifan Jiang + +- Create a skeleton flatpak repo using "flatpak remotes" instead + of a manually created directory (bsc#1172316, bsc#1169619, + bsc#1170416). + +------------------------------------------------------------------- +Mon May 18 08:53:10 UTC 2020 - Yifan Jiang + +- When SLE uses GNOME desktop environment, GNOME Software is + automatically started to provide key update features. During the + startup, it setups flatpak repository so that related features + can function properly. In a system environment of no flatpak + repository has ever been setup before, this triggers + "org.freedesktop.Flatpak.modify-repo" polkit action. + + Therefore in systems which use a restrictive security policy + (eg. SLES) for the aforementioned policy action, a polkit + authentication dialog will pop up without any user interaction + for the first time login. This is not user friendly. + + This submission creates /var/lib/flatpak/repo at package + installation to avoid such a confusing authentication pop-up, at + nearly 0 cost of security compromise (bsc#1169619, bsc#1170416). + +------------------------------------------------------------------- +Mon Apr 6 14:31:20 UTC 2020 - Antonio Larrosa + +- Require bubblewrap 0.4.1 + +------------------------------------------------------------------- +Mon Apr 6 09:32:31 UTC 2020 - Antonio Larrosa + +- Update to version 1.6.3: + + The main change in this version is a fix for a regression in + the progress calculation for applications using extra-data. + Additionally the bundled version of bubblewrap is updated to + 0.4.1 which fixes a security issue in some cases. See + GHSA-j2qp-rvxj-43vj for details. + + Don't break if users primary gid is not in the nsswitch + database + + Fix crash in flatpak repair if no remotes are configured + + Some updates to the oci authenticator + + Retry downloads of extra data + + Updated translations. + +------------------------------------------------------------------- +Sun Feb 16 17:22:44 UTC 2020 - Bjørn Lie + +- Drop obsolete _servicedata file. + +------------------------------------------------------------------- +Thu Feb 13 15:57:51 UTC 2020 - Antonio Larrosa + +- Update to version 1.6.2: + + Due to a combination of some behaviour in flatpak and recent + versions of ostree we at some point lost the use of deltas for + the initial install case, instead always falling back to a full + ostree operation which is a lot less efficient for pulls with + many small files like a runtime. This caused some very slow + installs from e.g. flathub, so it's recommended to update to + this version to get better install performance. + + We now correctly handle TMPDIR env var overrides when bwrap is + setuid + + Disallow running "flatpak run" under sudo (as it doesn't work + and causes issues) + + Fix build with older versions of glib + + Minor documentation updates + + Updated translations. + +------------------------------------------------------------------- +Thu Jan 30 16:56:01 UTC 2020 - Antonio Larrosa + +- Update to version 1.6.1: + + This is a (mild) security update. Flatpak 1.6.0 added the + ability for an application to request it to be updated, as long + as the new version doesn't require new permissions. + Unfortunately in some special cases, if an app had access to + the home directory, but not the rest of the filesystem it would + still allow a self-update where the new version could access + some files outside the home directory. + + New permission --device=shm giving access to host /dev/shm, as + needed for jack. + + Generated correct download size in build-commit-from + + sub-sandbox now allows the child to share the gpu of the caller + has full device access + + Fix crash with disabled remotes + + Fix builds with older versions of glib + + Updated translations. + +------------------------------------------------------------------- +Sat Jan 25 14:07:31 UTC 2020 - Dominique Leuenberger + +- No longer recommend -lang: supplements are in use + +------------------------------------------------------------------- +Tue Jan 14 11:23:06 UTC 2020 - Antonio Larrosa + +- Update dependencies required by flatpak 1.6.0 . +- Require xdg-dbus-proxy instead of building the (outdated) + builtin version. + +------------------------------------------------------------------- +Mon Dec 30 10:00:24 UTC 2019 - Dominique Leuenberger + +- Change %_prefix/lib to %_libexecdir: Makefile installs the file + explicitly into libexecdir. Let's be ready in case this path is + going to change. + +------------------------------------------------------------------- +Fri Dec 27 10:23:14 UTC 2019 - Dominique Leuenberger + +- Co-own /usr/lib/systemd/user-environment-generators. We don't + want to forcibly pull in systemd into the buildroot just to own + this directory. + +------------------------------------------------------------------- +Fri Dec 20 22:44:39 UTC 2019 - Bjørn Lie + +- Update to version 1.6.0: + + This is the first stable release in the 1.6 series, main + changes since 1.4 is the support for protected content and + improvements in the self-sandboxing support. + + There is one change in the support for OCI remotes, we now only + support the use of labels, not annotations, as labels work with + more registries. This means pre-existing OCI flatpak registries + (like fedora) may need some changes. + + New permissions --socket=cups for direct cups access. + + Fix some leaks. + + Fix reporting of progress with latest version of ostree. + + New no-interaction flag for authenticators. + + Support for auto-installing authenticators from a flatpak + remote. + + Warn less about unset XDG_DATA_DIRS. + + Don't poll for updates in the portal when on a metered + connection. +- Modernize spec with current macros. + +------------------------------------------------------------------- +Mon Nov 25 16:59:29 UTC 2019 - Frederic Crozat + +- Package empty /etc/flatpak/remotes.d. + +------------------------------------------------------------------- +Wed Nov 20 12:53:08 UTC 2019 - Dominique Leuenberger + +- Add pkgconfig(libsystemd) BuildRequires (boo#1157126). +- Drop systemd_requires: strictly speaking, we do not require + systemd. + +------------------------------------------------------------------- +Mon Oct 21 19:10:42 UTC 2019 - Bjørn Lie + +- Update to version 1.4.3: + + Fix crash in revokefs. + + Handle 'versions' extension key (in addition to 'version') when + checking for local extensions, which was causing us to + uninstall some actually used extensions with uninstall + --unused. + + The 'required-flatpak' metadata key now supports listing + multiple versions to support backported features. + + Fix crash with older versions of polkit. + + Fix installation of bundles. + + Fix crash on deploy error. + + Support building bundles of apps installed from a remote. + + OCI: Fix handling of locally cached icons. + + Fix crash when listing unconfigured remotes. + + Ignore differences in trailing slashes for repo uris. + +------------------------------------------------------------------- +Mon Jul 8 12:53:30 UTC 2019 - Dominique Leuenberger + +- Add system-user-flatpak.conf: generate a flatpak user for the + system helper (boo#1137537). + +------------------------------------------------------------------- +Wed Jul 3 08:27:20 UTC 2019 - Antonio Larrosa + +- Update to version 1.4.2: + * Support extra_data in extensions. + * Handle double slashes ("//") in XDG_DATA_DIRS. + * Fix detection of local related refs. +- jsc#SLE-7171 + +------------------------------------------------------------------- +Thu Jun 14 09:33:16 UTC 2019 - Antonio Larrosa + +- Add a _dbusconfigdir variable in the spec file so we install the + flatpak-system-helper config file in a location actually read by + dbus, which didn't support having config files in /usr/share + until 1.9.18 (first introduced in SLE15). +- Remove the systemd environment generator if building with + systemd < 233 which doesn't support environment generators. +- Rename the libflapak-doc.xml file which has a typo in the name + upstream. +- BuildRequire libgpgme-devel, not libqgpgme-devel which is not + really needed. + +------------------------------------------------------------------- +Thu Jun 13 23:13:29 UTC 2019 - Bjørn Lie + +- Update to version 1.4.1: + + There was an accidental ABI break in libflatpak in 1.4.0 + compared to the 1.2.x ABI which caused crashes in apps like + gnome-software. + + This has been fixed in this release so it is now ABI compatible + with 1.2.x, but NOT compatible with 1.4.0. It is recommended + that all distributions that shipped 1.4.0 update to 1.4.1 and + rebuild all dependencies of libflatpak. + + Make ABI compatible with 1.2.x. + + Fix some potential crashes. + + Fix some corner case where it was impossible to remove a + remote. + + Restore support for file: uris in the RuntimeRepo key in + flatpakref files. + + Updated translations. + +------------------------------------------------------------------- +Wed May 29 07:14:13 UTC 2019 - Bjørn Lie + +- Update to version 1.4.0: + + This is the new stable series, ending the 1.3.x series. The + major changes since the 1.2.x is the improved I/O use for + system-installed applications, and the new format for + pre-configured remotes. + +------------------------------------------------------------------- +Mon May 13 07:45:05 UTC 2019 - Dominique Leuenberger + +- Replace systemd-gtk BuildRequires with pkgconfig(systemd): make + the build cheaper by not having to wait for the 'real' systemd + package to have built, but allow to use systemd-mini. The change + in the stack causing this was polkit dropping its hard dep on + systemd. + +------------------------------------------------------------------- +Sat May 11 20:53:45 UTC 2019 - Bjørn Lie + +- Add systemd-gtk BuildRequires: Needed now after changes elsewhere + in the stack. + +------------------------------------------------------------------- +Wed Apr 24 09:45:40 UTC 2019 - Martin Liška + +- Disable LTO (boo#1133124). + +------------------------------------------------------------------- +Thu Mar 28 13:05:50 UTC 2019 - Andrei Dziahel + +- Update to verson 1.2.4 (CVE-2019-10063): + + It has been discovered that the previous fix for CVE-2017-5226, + which uses seccomp to prevent sandboxed apps from using the + (dangerous) TIOCSTI ioctl was only incomplete on 64bit arches. + This is now fixed (boo#1130637, gh#flatpak/flatpak#2782). + + seccomp: Only compare the low 32bit of the TIOCSTI ioctl args. + + Support multiple nvidia cards on the machine + + Fix support for systems where XDG_RUNTIME_DIR is /var/run which + is a symlink like gentoo. + + Fix potential crash when updating apps. + + flatpak list --arch now works correctly again. + + Updated translations. + +------------------------------------------------------------------- +Wed Feb 13 08:06:06 UTC 2019 - alarrosa@suse.com + +- Update to version 1.2.3: + + Don't expose /proc in apply_extra script sandbox. The CVE-2019-5736 + runc vulnerability is about using /proc/self/exe to modify the host + side binary from the sandbox. This mostly does not affect flatpak + since the flatpak sandbox is not run with root permissions. + However, there is one case (running the apply_extra script for + system installs) where this happens, so this release contains a fix + for that. +- Update to version 1.2.2: + + Reverted green checkbox as they caused table alignment issues + + Fix a division by zero if the terminal reports a zero terminal + width (which happens in the flathub build environment). +- Update to version 1.2.1: + + Ensure flatpak builds with older versions of glib and + appstream-glib. + + build-commit-from: Fix the new --extra-id option. + + build-export: Allow disabling the sandboxing of the icon validator + and do so during the tests. + + profile: Don't break if debug logging is enabled. + + Better handling of the appdata release attribute. + + Don't install polkit agent when not needed, avoiding some + unnecessary log lines in some cases. + + Fix the output of the sandboxed icon validator not being visible. + + builld-init: Allow specifying a full ref for the sdk, which is + used to select the branch name when checking sdk extensions. + + Make the ok checks in the output green + +------------------------------------------------------------------- +Mon Jan 28 20:58:56 UTC 2019 - bjorn.lie@gmail.com + +- Update to version 1.2.0: + + Ensure DeployCollectionID works in flatpakrepo files in all + cases. + + Don't error out with empty installations in uninstall. + + Add helper that validates icon files during export. + + Don't allow root to modify the (non-root) per-user flatpak + installation, as this risks causing problems later. + + Remove some incorrect warnings from flatpak repair. + + Allow multiple name segments after prefix when exporting files. + + Allow specification of ellipsization in --colums options. + + Handle dates as well as timestamps in appdata + + Fixed a bug where flatpak remote-delete removed too many refs. + + Now we use raw terminal mode during a transaction to a avoid + problems with input during the operation causing problems with + escape sequences. + + Generate a fontconfig directory remapping snippet as will be + needed for newer versions of fontconfig. + + Support --extra-collection-id in build-commit-from to bind the + commit to multiple collection ids. This is work in progress in + ostree. +- Add pkgconfig(dconf) BuildRequires: New dependency. + +------------------------------------------------------------------- +Thu Dec 13 12:54:42 UTC 2018 - alarrosa@suse.com + +- Update to version 1.0.6: + + This release fixes an issue that lets system-wide installed + applications create setuid root files inside their app dir + (somewhere in /var/lib/flatpak/app). Setuid support is disabled + inside flatpaks, so such files are only a risk if the user runs + them manually outside flatpak. Installing a flatpak system-wide + needs root access, so this isn't a privilege elevation for + non-root users. + + The permissions of the files created by the apply_extra script + is canonicalized and the script itself is run without any + capabilities. + + Better matching of existing remotes when the local and remote + configuration differs wrt collection ids. + + New flatpakrepo DeployCollectionID replaces CollectionID, doing + the same thing. It is recommended to use this instead because + older versions of flatpak has bugs in the support of collection + ids, and this key will only be respected in versions where it + works. + + The X11 socket is now mounted read-only. + +------------------------------------------------------------------- +Thu Dec 13 12:29:18 UTC 2018 - alarrosa@suse.com + +- Mark flatpak.sh as %config and move the systemhelper dbus config + file under /usr +- Remove the flatpak-rpmlintrc file that is no longer needed. + +------------------------------------------------------------------- +Fri Nov 16 10:09:01 UTC 2018 - matthias.gerstner@suse.com + +- Make polkit_rules_usability.patch effective by adding a 60- prefix + to the rules file. This will cause it to be executed before the + polkit-default-privs are executed (bsc#984817). + +------------------------------------------------------------------- +Tue Nov 13 08:55:03 UTC 2018 - alarrosa@suse.com + +- Update to version 1.0.5: + + Make the /etc -> /usr/etc bind-mounts read-only. + + Make various app-specific configuration files read-only. + + flatpak is more picky about remote names to avoid problems with + storing weird names in the ostree config. + + A segfault in libflatpak handling of bundles was fixed. + + Updated translations + + Fixed a regression in flatpak run that caused problems running + user-installed apps when the system installation was broken. + + Implicity grant MPRIS2 permissions +- Changes from version 1.0.4: + + Flatpak 0.99.1 removed the inheritance of permissions from the + runtime due to concerns with dynamic app permissions. Due to + popular requests, this version re-introduces such inheritance, + but does it instead at build time. This solved the issues with + dynamic permissions while still allowing runtimes to have + default permissions. Apps can disable this by passing + --no-inherit-permissions to build-finish. + + The sandbox now always includes a /etc/timezone file, following + the (old) debian standard for this. This is needed, because the + more modern way of exposing the timezone name by having + /etc/localtime be a symlink into /usr/share/zoneinfo doesn't + work when exposing the host timezone. + + All apps now have automatic permissions to own their own app id + as a subname of org.mpris.MediaPlayer2. + + We now properly re-load remote state in FlatpakTransaction if + the metadata was updated for the remote. + + The signature of the FlatpakTransaction::operation-done signal + was wrong in the header and has now been corrected to the + signature that is actually emitted. + + A crash was fixed when reading invalid .flatpakref files. + + A crash during updates when a local ref was unexpectedly + missing was fixed. + + An error case on uninstalling was incorrectly returning success + even thought there was an error. + + flatpak_installation_modify_remote did not correctly save the + nodeps state. + + flatpak_installation_load_app_overrides() was improperly + returning freed memory. + + The tarball now ships with an icon (flatpak.png). + +------------------------------------------------------------------- +Fri Oct 19 12:05:14 UTC 2018 - alarrosa@suse.com + +- Add rpmlintrc to ignore files being installed under /etc not + marked as %config (since they're not). + +------------------------------------------------------------------- +Tue Oct 16 10:14:52 UTC 2018 - alarrosa@suse.com + +- Don't run "flatpak remote-list --system" on %post anymore since + it's not needed nowadays. Also let /var/lib/flatpak be created on + demand since writing to /var should be avoided for transactional + updates (boo#1111385, fate#325524). + +------------------------------------------------------------------- +Thu Oct 11 16:30:24 UTC 2018 - alarrosa@suse.com + +- Update to version 1.0.3: + + run: You can now use --system to run an app that otherwise + would run the user version. + + New permission --allow=canbus that filters out access to AF_CAN + sockets. + + lib: New install flags FLATPAK_INSTALL_FLAGS_NO_TRIGGERS and + new function flatpak_installation_run_triggers() + + lib: Better error reporting, including some new error values + that replace the generic FAILED. + + uninstall --unused: Improve handling of which .Locale + extensions are used + + run: Make flatpak run on systems where $XDG_RUNTIME_DIR + contains a symlink beneath /var (commonly /var/run -> /run). + + Don't export any desktop/dbus/mimetype files in subdirectories. + + build-init: We now record the base ref (if used) in the + metadata. Nothing uses this atm, but it can be used by tools. + + We now respect the upstream ostree.deploy-collection-id instead + of the flatpak-specific xa.collection-id metadata key to decide + whether to switch to collection ids for a remote. This is + useful, because if you use the new one, only new clients (that + support it better) will use it. + + create-usb: Fix assertion failure in some error cases + + create-usb: Always create archive-z2 repos + + create-usb: Don't create unnecessary summary in repo + + permissions: Avoid errors if there is no permissions table + + repo: Fix flatpak repo sometimes using the wrong + ostree-metadata ref. + + Avoid fsync when updating $installation/.changed. + + Add the missing appstream2 ref to the xa.cache metadata + + The test-suite got some modifications to make it easier to + maintain. + + Documentation updates + + Translation updates +- Changges from version 1.0.2: + + The dbus proxy is now available in a separate git module, + xdg-dbus-portal, which is imported into flatpak as a submodule. + It is possible to build flatpak against the system + xdg-dbus-portal instead, but this is not currently very useful + as no other applications yet depend on xdg-dbus-portal. + + Build regressions with older versions of glib have been fixed. + + Flatpak ps now also tracks the pid the main process inside the + sandbox. + + Added flatpak override --reset to reset overrides for an app. + + Added flatpak override --show to show overrides for an app. + + flatpak install now automatically pick user or system based on + the remote name given (unless the remote exists in both). + + flatpak uninstall --unused now does not remove SDKs if some + installed app refers to them. + + Fixed bug where flatpak uninstall --unused prompted for + uninstall twice. + + Set IO class on the system helper to "idle", which should + cause background updates to affect the system less. + + Fixed regression in flatpak uninstall --no-related. + + Better handling of empty collection ids in flatpak bundles. + + Cleaned up some error messages. + + Various documentation fixes and cleanups. + + Updated translations. +- Changes from version 1.0.1: + + This fixes various build and test failures that were detected + when packaging 1.0, as well as translations and doc udpates. + It also has some minor features, including a new subcommand + "flatpak ps" to list the running flatpak instances for your + user. + + Print application tags in the prompt when installing/updating. + + Make sure we don't accidentally leak the host /proc into + the sandbox. + + Translation updates. + + Added a "flatpak ps" command that lists running flatpak + instances. + + Improve error reporting when exporting documents. + + Improve detection of dynamic p2p remotes. + + Build fixes for older versions of glib. + + Fix threading issue in the OCI support that was causing the + installed tests to sometimes fail. + + Fix OCI AppStream support on 32bit architectures. + + Fix utf8 issue in the dbus API description. + + Some install fixes to make installed tests work + + Make the tests work with python3 (as well as python2) + + Improve introspection annotations in libflatpak + + Improve libflatpak API docs + +------------------------------------------------------------------- +Mon Aug 27 09:00:17 UTC 2018 - opensuse-packaging@opensuse.org + +- Update to version 1.0.0: + + Flatpak 1.0 marks a significant improvement in performance and + reliability, and includes a big collection of bug fixes. 1.0 + also includes a collection of new features. + +------------------------------------------------------------------- +Mon Aug 13 21:31:09 UTC 2018 - opensuse-packaging@opensuse.org + +- Update to version 0.99.3: + + Fixed case where system install would sometimes fail due to the + system-helper idle exiting. + + Support installing flatpakref files in FlatpakTransaction, + including a new signal add-new-remote for when remotes might be + added. + + Added some new FlatpakError codes. + + We now support .flatpakrepo files with no gpg signatures. + + Fix crash in system-helper when updating appstream. + + New command create-usb which can be used to prepare an repo for + offline updates. + + Fix some non-handled cases of the CLI not working when + /var/lib/flatpak doesn't exist. + + Fix crash when running with a gid that is not in /etc/groups. + + Add new permission-* commands to interact with the permissions + store from the portals. + + Include appdata in OCI bundle. + +------------------------------------------------------------------- +Mon Jul 23 15:13:44 UTC 2018 - matthias.gerstner@suse.com + +- polkit_rules_usability.patch: Improve usability by allowing + members of the group 'wheel' to bypass polkit authentication + checks when locally logged in (bnc#984817). This adds a few + polkit actions to the rules that are not covered by upstream, + because they are set to 'yes' for active users by default. On + SUSE we require 'auth_admin' for regular users, however. + +------------------------------------------------------------------- +Thu Jun 28 02:54:24 UTC 2018 - luc14n0@linuxmail.org + +- Update to version 0.99.2: + + Updated translations. +- Changes from version 0.99.1: + + This is the first pre-release before flatpak 1.0. This is + considered feature-complete and no features or major changes + before 1.0 are expected, only bugfixes. + + Flatpak install/update/uninstall now lists all the operations + that it will do and asks for confirmation before starting. + + In the above confirmation the permissions (new permissions for + updates) are shown for all applications. + + P2P updates are more efficient. + + system-wide installation uses less fsync calls so installation + should be faster. + + New ssh agent permissions allows granting an app ssh access. + +------------------------------------------------------------------- +Fri Jun 15 03:24:22 UTC 2018 - luc14n0@linuxmail.org + +- Update to version 0.11.8.3: + + Fix a 25 second timeout on startup if using p11-kit < 0.23.10. + + Minor change in dbus proxy default filter, now broadcasts are + not accepted from portals. +- Changes from version 0.11.8.2: + + Fix crash when building some apps. + + Allow multiple appstream components per app. + + Fix handling of gl drivers in uninstall --unused. + + Don't prompt if nothing changed in uninstall --unused. + + Updated translations. +- Changes from version 0.11.8.1: + + Fixed regression running apps with --own=* permissions. +- Changes from version 0.11.8: + + Flatpak uninstall now accepts --all to remove everything and + --unused to remove unused runtimes. + + New command "flatpak repair" allows checking and repairing a + flatpak installation. + + New permission --allow=bluetooth allows use of AF_BLUETOOTH + sockets. + + If p11-kit-server is installed on the host, this is now used to + forward the host certificate trust store to the sandboxed app. + + Flatpak uninstall now does not allow you to remove a runtime if + some installed app requires it. + + Now tab-completion for zsh is offered. + + New installations of flatpak now defaults to bare-user-only + repos, which means that it works with filesystems that don't + support xattrs. + + New flatpak info options: --show-location, --show-runtime, + --show-sdk. + + New flatpak remote-info options: --show-runtime, --show-sdk + + p2p operations now work when offline. + + Work around hanging on app startup on blocking autofs mounts. + + Various optimizations make installation and updates faster. + + Multiple extension versions matches when auto-downloading + extensions are respected now. + + Commands like "flatpak info/list/remotes/seach" now work + properly if /var/lib/flatpak doesn't exist. +- Add subpackage flatpak-zsh-completion to follow upstream zsh + tab-completion addition. + +------------------------------------------------------------------- +Thu May 17 08:59:17 UTC 2018 - duyizhaozj321@yahoo.com + +- Update to version 0.11.7: + * Fix regression in installing .flatpak bundles +- Changes in version 0.11.6: + * Further work on the export filename regression, now also fixes the + same issue as in 0.11.5 but in flatpak build-finish. + * Fix segfault when installing from .flatpakref in gnome-software + * Build yacc parser from source. + * Don't tab-complete Sources/Locale/Debug extension by default. + * Fix tests on debian. +- Changes in version 0.11.5: + * Fix a regression which caused installation of epiphany and + other apps that export multiple .service files to fail. + * Fix appstream updates in p2p mode. + * Don't distribute generated gdbus code with tarball. + * Add documentation for the flatpak portal +- Changes in version 0.11.4: + * flatpak remove is now an alias for flatpak uninstall. + * flatpak uninstall now picks system or user automatically if not specified + * New appstream branch format which is more efficient to distribute, the + old is still generated for backwards compat. + * Appstream data now contains compatible arches (for applications + that doesn't exist for the primary arch). For example, an + i386-only app is now listed in the x86-64 appstream. + * The flatpak version is included in the user agent when downloading. + * The Flatpak-Ref http header is set to the currently installing ref when + downloading. + * New argument --timestamp in build-commit-from. + * When updating many apps we now only prune the local repo when all + updates are done, making multi-app updates faster. + * flatpak build now always allows multiarch use. + * flatpak build now mounts app extensions during build. + * flatpak build-init now supports --extension to add extension points earlier + than build-finish. Also build-finish now supports --remove-extension. + * New flatpak portal allows applications to sandbox themselves and restart a + newer version of themselves. + * New flatpak run options: --no-a11y-bus, --no-documents-portal. + * Initial support for end-of-life:ing applications. + * New option X-Flatpak-RunOptions in exported desktop/files allow you to specify + no-a11y-bus and no-documents-portal. + * Support for tagged extension points, which is useful if you want to use + the same extension id (but maybe different versions) multiple times in an app. + * We now export .service files for names that the app is allowed to own on + the session bus. + * libflatpak got new methods for listing remotes by type. + * libflatpak now has support in FlatpakRemoteRef for getting remote metadata + such as end-of-life, download size, metadata etc. + * There was some internal restructuring on how installs/updates are done + which should improve performance and maintainability. +- Changes in version 0.11.3: + * Fix "open with" and flatpak run --file-forwarding crash + * Fix build with glibc 2.27 +- Changes in version 0.11.2: + * Remove fuse dependency, since we don't ship document portal anymore + * Fix various issues with /home being a symlink to /var/home (atomic) + * Allow downgrades when using collection ids + * Search on all supported architectures +- Changes in version 0.11.1: + * Remove document portal and permission store + * Add --socket=fallback-x11 permission + * Fix dbus proxy vulnerability in authentication phase + * Allow personality syscall in devel mode + * commit-from: Migrate static deltas with commit + * Add "network" storage type for installations + * Add flatpak info --show-permissions + * Add flatpak info --file-access + * search: Update appstream (if stale) before searching + * Make libflatpak work when /var/lib/flatpak is empty + * build-bundle: Add --from-commit option + * Allow appstream ids that don't end in .desktop + * Make permission handling ignore unknown permissions for forwards + compatibility + * Removed incorrect error message in update --appdata when there + was no updates + * Fix handling of abort in the duplicate remote prompt + * Fix division by zero in progress calculation + * Fix flatpak remote-info --show-metadata + * Fixed crash when installing some flatpak bundle files + * Fix installation of telegram + * remote-ls -u only considers app from the origin remote + * Fix assertion error in extra-data progress reporting + * Report nicer errors when trying to downgrade as non-root + * pulseaudio: Try to find pulseaudio socket better + * Fixed some warnings reported by coverity + * Cleaned up code by splitting up some large source files + +------------------------------------------------------------------- +Mon Mar 5 14:55:20 UTC 2018 - fcrozat@suse.com + +- Do not build document portal anymore, rely on + xdg-desktop-portal/-gtk instead. Add corresponding dependency. +- Build with --with-system-bubblewrap and Add corresponding + build and runtime dependency. +- Remove --with-dwarf-header configure flag, it no longer exists. + +------------------------------------------------------------------- +Wed Feb 28 16:25:27 UTC 2018 - dimstar@opensuse.org + +- Modernize spec-file by calling spec-cleaner + +------------------------------------------------------------------- +Wed Feb 14 23:23:20 UTC 2018 - dimstar@opensuse.org + +- Update to version 0.10.4: + * allow personality syscall in devel mode + * configure: Fix copy_file_range detection + * Add --disable-document-portal configure option + * lib: Make gnome-software work with an empty /var/lib/flatpak + * dir: Emit an error on non-root downgrade attempts + * common/dir: Skip progress reporting while setting up extra-data + * doc: Fix docs for --update-appstream + * flatpak remote-ls -u: only consider apps from the current remote + * extract_appstream: allow component IDs not to end in .desktop + * common/dir: Fix a memory leak + +------------------------------------------------------------------- +Mon Feb 05 14:23:03 UTC 2018 - dimstar@opensuse.org + +- Update to version 0.10.3: + + Fix vulnerability in dbus proxy. + + Fix incorrect error message in update --appstream. + + Ignore unknown permission requests. + + remote-info: Fix --show-metadata behavior. + + common: Fix division by zero when calculate progress. + + common/dir: Add a missing OstreeAsyncProgress default key. + + lib/installation: Fix install/update_full() subpaths + annotation. + + app: Fix "multiple installations" prompt. + + common/dir: Use an actual function for autoptr support without + P2P. + + Update Polish translation. + +------------------------------------------------------------------- +Fri Dec 22 10:58:05 UTC 2017 - alarrosa@suse.com + +- Update to version 0.10.2.1: + + Fixed crash when installing some flatpak bundle files + + Fix installation of telegram + + Fixed some warnings reported by coverity + + Some leaks fixed + + Fixed typo in error message + +------------------------------------------------------------------- +Wed Dec 20 10:57:05 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.10.2: + + flatpak update now updates from both system and user + installations by default. + + flatpak update is less noisy when updating appstream info. + + All the remote-* commands now by default automatically decide + to use --user or --system based on the given remote name. + + flatpak remote-ls with no remote lists the content of all + remotes. + + Fixed regression that made xdg-user-dirs and theme selection + for kde apps break. + + flatpak override with no argument now overrides globally, i.e. + for all apps. + + flatpak override now supports --nofilesystem properly. For + example flatpak override --nofilesystem=~/.ssh hides the ssh + dir for all apps, even those who have homedir access. + + flatpak install now takes a --reinstall argument which + uninstalls a previously installed version if necessary. This is + very useful when you want to install a new version from a + different source. + + flatpak install now allows you to pass an absolute pathname as + remote name, which will create a temporary remote and install + from that. The remote will be removed when the app is + uninstalled. This is very useful during development and + testing. + + Flatpak now creates CLI wrappers for all installed apps, so if + you add /var/lib/flatpak/exports/bin or + ~/.local/share/flatpak/exports/bin to your PATH you can easily + start flatpak apps by their application id. + +------------------------------------------------------------------- +Mon Nov 27 08:40:56 UTC 2017 - aplazas@suse.com + +- Update to version 0.10.1: + + New command "flatpak remote-info" shows information about + applications in a remote. In particular the --log operation + shows the history and can be used in combination with flatpak + update --commit=XYZ to roll back to a previous version. + + New command "flatpak search" which allows you to search the + appstream data from the commandline. + + flatpak update now updates appstream data for all configured + remotes, which is important for search to work. + + Allow automatic installation of gtk themes matching the active + theme. + + Handle the case when /etc/resolv.conf is a symlink. + + /usr an /etc are now expose in /run/host in the app if the app + has full filesystem access. + + flatpak remote-add now works as a user when /var/lib/flatpak is + empty, allowing flatpak to work on stateless systems. + + Add support for flatpak build --log-session/system-bus, similar + to what flatpak run already does. + + flatpak build --readonly runs with the target directory + (normally /app) mounted read-only. + + Fall back to LD_LIBRARY_PATH if a runtime doesn't have + /usr/bin/ldconfig. + + Updated the support for OCI remotes. This is work in progress + and still disabled by default though. + + Updated translations. +- Add pkgconfig(appstream-glib) BuildRequires: New dependency. + +------------------------------------------------------------------- +Thu Oct 26 11:08:27 UTC 2017 - aplazas@suse.com + +- Update to version 0.10.0: + + Added the flatpak config option which can set the language + settings. + + Fix issue where sometimes ld.so.conf were not generated. + + /dev/mali0 is added to --device=dri. + + Work around ostree static delta issues in some cases. +- Changes from version 0.9.99: + + Requires ostree 2017.12 for important pull stability fix. + + New libflatpak API: flatpak_dir_cleanup_undeployed_refs, + flatpak_installation_prune_local_repo, + flatpak_installation_remove_local_ref_sync, + flatpak_installation_cleanup_local_refs_sync. + + build: FLATPAK_ID and FLATPAK_ARCH are now set in the + environment when building. + + update: Don't fail the entire update if some remote fails to + update its metadata. + + run: /.flatpak-info now lists exact commits and extensions in + use. + + run: We now use a per-app ld.so.cache file whenn running. This + should speed things up, and allows ldconfig to report the + correct results. + + The verbose mode was changed into two levels, use -vv to show + the more detailed info, which currently only contains the full + bubblewrap argument lists. + + run: Some common problematic host environment variables are now + unset in the sandbox (PYTHONPATH, PERLLIB, PERL5LIB and + XCURSOR_PATH). + + run: Fixed failure when a higher prio extensions depended on a + lower prio one. + + run: The extension ld path order is now: app extensions, app, + runtime extension, runtime. This was previously incorrect in + that the app could override app extensions. + + Extensions are now not downloaded if a matching unmaintained + extension is already installed. + + Preemptive changes to handle new bubblewrap change which + doesn't user /newroot. + + document portal: Disable debug spew that was accidentally + enabled. + + build-finish: New --extension-priority option. + + run: Fix regression in --persist in 0.9.98. + + run: Use sealed memfds (instead of just temporary files) when + passing data to bubblewrap. + + Updated translations. +- Changes from version 0.9.98.2: + + Fix permission denied when using the system-helper. +- Changes from version 0.9.98.1: + + run: Fix homedir access if the app has --filesystem=host + access. + + build-update: Fix appstream update in case one arch didn't + change. + + Updated translations. +- Changes from version 0.9.98: + + libflatpak now correctly finds metadata for subset + installations (like locale data). + + flatpak build now supports --appdir which exposes the per-app + directory in the user homedir. This is useful when testing + builds. + + The host fontconfig caches are exposed to the sandbox, next to + the fonts in /run/host. This will (pending fontconfig work) + allow sharing host fontconfig caches, allowing much faster + initial startup for flatpak apps. + + flatpak install now supports --no-pull. + + Added new extension property "locale-subset", which makes the + extension point act like a locale extension (i.e. only install + the subset configured by the locale). + + flatpak remote-add --oci is disabled for now, as this is not up + to date with the latest OCI work, and we don't want to break + existing deployments if this has to change when this lands. + + Parallel installation/updates are now safe because we take a + filesystem lock whenever we prune the local ostree repo. + + Flatpak run now works when important paths like $HOME, etc, are + symlinks. + + The ostree min-free-space property is is set to zero by default + for the flatpak repos. This was causing a lot of problems for + people, but the feature is still there if you manually enable + it. + + Updated translations. + + Require ostree 2017.12. + +------------------------------------------------------------------- +Thu Sep 14 12:44:06 UTC 2017 - fezhang@suse.com + +- Drop the SLE12 / Leap42 conditional definition for _userunitdir. + +------------------------------------------------------------------- +Thu Sep 14 08:23:56 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.9.12: + + Fixed a regression in extra-data installation. + + Don't expose the a11y bus in flatpak build. + +------------------------------------------------------------------- +Wed Sep 13 16:11:17 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.9.11: + + You can now show all outstanding updates with: flatpak + remote-ls --updates. + + The dbus filter "org.name.*" now means all subnames of + org.name, not just the first level. This matches how dbus + arg0namespace works, and how the comming dbus container support + will work. + + Fixed segfault on update. + + Better commandline tab completion. + + Flatpak now exposes host icons readonly as + /run/host/share/icons to the sandbox. + + Updated translations. + +------------------------------------------------------------------- +Wed Sep 13 12:01:40 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.9.10: + + Fix regression in dbus proxy that causes some apps to not work + in 0.9.9. +- Changes from version 0.9.9: + + flatpak-builder was split out into its own module: + https://github.com/flatpak/flatpak-builder + + When downloading to a temporary directory for later install to + the system repo we now write to /var/tmp instead of $HOME. This + is more likely to be the same filesystem as /var/lib/flatpak, + and thus will not run into issues with e.g. filesystem full. + + We now get the default language list from AccountService if + possible. + + A regression that made --devel crash was fixed. + + New feature for flatpakrefs, SuggestRemoteName=remotename will + cause flatpak to ask if you want to create a generic (not app + specific) remote for the repo url. + + flatpak build now does not die with the parent by default, you + have to pass --die-with-parent. This was done because + die-with-parent uses PR_SET_PDEATHSIG which does not work well + if the parent is threaded, like e.g. gnome-software is. + + We now always re-set the personality in the sandboxed process + in order to avoid inheriting weird settings. + + We now share a single dbus proxy instance for all proxies for a + sandbox. dbus-proxy now properly disallows old-style + eavesdropping. + + We now support accessibility by starting a customized dbus + proxy for the a11y bus. +- Drop flatpak-builder sub-package, it is now it's own project. + +------------------------------------------------------------------- +Fri Sep 8 15:56:57 UTC 2017 - jengelh@inai.de + +- Update summaries. + +------------------------------------------------------------------- +Thu Aug 24 09:55:39 UTC 2017 - dimstar@opensuse.org + +- Drop flatpak-rpmlintrc: no longer needed. + +------------------------------------------------------------------- +Thu Aug 24 09:01:20 UTC 2017 - dimstar@opensuse.org + +- Update to version 0.9.8: + + Core: + - Experimental support for peer2peer installation, enable with + --enable-p2p. + - Add default language setting to flatpak config. Defaults to + all locales for system installs and the users locale for + per-user installs. + - build-update-repo: Now always keeps the two latest deltas + around to avoid race conditions with outstanding downloads at + the time or running the update. + - Support loading extra data from local lookaside cache. + + Flatpak-builder: + - Set terminal title to the currently building module + - Added ability to specify http url for sources mirror with + --extra-sources-url. + - --install-deps-from=REMOTE installs the dependencies needed + for the manifest. + - New option --delete-build-dirs to always delete build + directories, even on a failed build. + - New property "add-extension" makes it nicer to create + extension points. + +------------------------------------------------------------------- +Fri Jul 21 00:09:07 UTC 2017 - aplazas@suse.com + +- Update to version 0.9.7: + + app/repo: Factor out common GVariant operation. + + build: + - Include config.h using CPPFLAGS. + - Check for system extensions before any other C compiling. + - Only run each instance of gdbus-codegen once. + - Re-run gdbus-codegen if the Makefile changes. + + builder: + - Allow building modules with no sources if buildsystem=simple. + - Use build-args during cleanup. + - Rearrange args to do_export() to make mandatory ones obvious. + - When bundling git sources, reuse cache. + + common: + - Use bulk OstreeAsyncProgress API for setting keys. + - Split out self and repo arguments for a static function. + + common/dir: + - Factor out common code for getting repo metadata. + - Factor out common code to get and load the summary file. + - Factor out body of update_remote_configuration_for_summary(). + + dbus-proxy: + - Make miscellaneous globals static. + - Don't clear dbus_address twice. + + docs: Remove --version from flatpak-build docs. + + flatpak_dir_read_latest: Return NULL, not FALSE on error. + + tests: + - Add TEST_SKIP_CLEANUP env var for skipping test cleanup. + - Add base-64 GPG keys to libtest declarations. + + .gitignore: Ignore all generated man pages. + + One more try at not distributing gdbus-codegen-generated + sources. + + Update Ukrainian translation. + + Fix example. + + Add nullable annotations for progress callbacks. + + Update pofiles. +- Changes from version 0.9.6: + + builder: + - Allow .pyc files without .py. + - Add inherit-extensions features. + - Better handling of default-branch. + - Add ExtensionOf group to created extensions (Debug/Locale). + + builder: Inherit parent version for inherited extension. + + build-export: Canonicalize file permissions. + + builder-options: Fix setting CPPFLAGS. + + ci: + - mv .redhat-ci.yml → .papr.yml. + - Rework to be based on FAH + priv container. + - Build ostree from git master. + + dir: + - Fix a minor memory leak. + - Ensure we return on pull error to avoid error-overwrites. + - Ensure ~/.local/share/flatpak is 0700. + + doc: Remove duplicate list entry from flatpak-remote.xml. + + export: Record flatpak version in default commit version. + + info: Make --show-metadata machine parseable. + + install: Manually save summary[.sig] in cache repo. + + ls-remote: Drop unused variable. + + run: Fix use-after-free in case you were exporting the same + path twice. + + testlibrary: Call g_assert_no_error first. + + tests: + - Add tests for no world writable dirs & no setuid files. + - Increase timeouts waiting for file notification. + + utils: Fix minor formatting issue in gtk-doc comment. + + xdp-fuse: Add parentheses to clarify precedence in a + conditional. + + xdp-main: Fix a typo in a comparison. + + Don't distribute gdbus-codegen-generated source in tarballs. + + Update Czech translation. + + Use new libostree APIs to reject world-writable/suid content. + + Default to bare-user-only repo. + + Unless forced via FLATPAK_OSTREE_REPO_MODE user bare-user for + cache repo. + + Force the cache repo to use the bare-user mode. + + Re-create the cache repo if it is not bare-user. + + Manually copy summary for update and appdata too. + + Update pofiles. + +------------------------------------------------------------------- +Fri Jul 21 00:09:06 UTC 2017 - zaitor@opensuse.org + +- Add flatpak-rpmlintrc as source while we wait for boo#1012961 to + be resolved. Once this happens, feel free to nuke all traces of + this change. + +------------------------------------------------------------------- +Fri Jul 21 00:09:05 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.9.5: + + Fix installation of test-keyring2 + + Don't error out when updating metadata for disabled remotes + + export: Store the app id in the X-Flatpak key + + run: Handle file paths when forwarding uris + + Automatically use a separate builddir with Meson + + documents: paths in the apps dir ar always accessible + + builder: Don't warn for unknown properties starting with x- + + document portal: Fix race condition when unmounting old version + + document store: Document as-needed functionality of AddFull + + extra-data: Print exit status if apply_extra_data script fails + + run: Add debug sprew for all bwrap arguments + + build-update-repo: Remove unwanted deltas before updating + summary + + list: Don't list .Locale and .Debug by default (override with + -a) + + remote-ls: Don't show Locale/Debug and secondary arches by + default. + + list/remote-ls: Also ignore .Sources by default + + Handle app ids with dashes when ignoring locale/debug. + + dbus-portal: Fix return value type of filtered NameHasOwner + + builder: Add --export-only feature + + run: Allow regular files for --filesystem=xdg-config/path + + run: Allow --filesystem=xdg-*/subdir:ro + + build-commit-from: Don't copy old xa.ref in metadata +- Changes from version 0.9.4: + + Improve display of partial extension sizes + + flatpak-run.c: valid locations, not types + + Ensure commits are available when checking for extra-data + + libglnx: Bump to latest master, use new file copy API + + Document some environment variables (#754) + + Revise the flatpak repo command slightly + + repo command: use FlatpakTablePrinter + + table printer: Introduce a cell struct + + table printer: Support column alignment + + repo: Improve formatting of size columns + + table printer: Support column titles + + table printer: Only show titles on ttys + + repo: Set column titles + + table printer: move to its own source files + + Add an API to get the summary of a remote + + Make flatpak remote-ls show more details + + scripts: Fix flatpak-bisect log + + Add the possibility of installing/updating without static + deltas + + Add a helper for formatted output + + Use the new output helper + + Add table printer api for number columns + + table printer: Use localeconv for decimal point + + repo: Use the new number column support + + remote-ls: Improve the output + + list: Improve output formatting + + remotes: Improve output formatting + + Improve info output + + Fix compiler warnings + + Don't use escape sequences unless on a tty + + info: Preserve the previous output format + + Update the man page a bit + + info: Use flatpak_fancy_output + + Add macros for common ANSI tty escape codes + + info/list: Move subpath list to info + + Fix man page typo + + Don't crash if there's more titles than columns + + Unset TMPDIR in the sandbox + + Generate fd-passing arguments for document portal + + Include the generated document portal code in common + + Implement file forwarding for flatpak_run_app + + Enable file forwarding in flatpak run + + Document the --file-forwarding option + + Handle %f when exporting desktop files + + Handle %u as well for file forwarding + + Enable file forwarding for %u as well + + Handle document portal absence + + Don't get the doc mount path twice + + run: Handle forwarding uris better + + run: Use flatpak_has_path_prefix instead of hand rolling + + run: Properly handle canonicalization in file exports + + run: Clean up the exports handling code + + run: Only forward as document if the target app can't see the + file + + builder: Fix ldflags support + + build: Fix fallout from the TMPDIR unset + + remote-ls: Fix up the column titles + + run: Handle the case where /tmp on the host is a symlink + + Update to bubblewrap 0.1.8 for die-with-parent + + build: Kill sandbox when flatpak build dies + + Expose host /etc/hosts and /etc/host.conf + + install: Make already-installed a warning, not an error + + Move caches to ~/.cache + + tests: Fix race condition in tmp webserver + + Use clearer terminology in docs about extensions + + info: Print some more information + + Fix tests by setting XDG_CACHE_HOME + + install: Handle no-static-delta in --user installs too + + common: Remove unused flatpak_dir_install_or_update + + remote-modify: Never update explicitly set values + + common: Add flatpak_dir_update_remote_configuration_for_summary + + common: Store the summary signature in the cache too + + common: Drop verbose log of using cached summary + + remote-modify: Don't modify if no arguments are specified + + remote-modify: Implement --update-metadata as a system-helper + method + + transaction: Always update metadata for remotes on + update/install + + update: Split update into check_for_update and update + + Optimize flatpak_variant_bsearch_str + + Use flatpak_variant_bsearch_str to lookup in summary cache + + Optimize flatpak_summary_match_subrefs + + remote-add/modify: Break out gpg loading code to helper + + update_remote_configuration_for_summary: Never use + system-helper + + Add support for adding new gpg keys via signed summary + + install: Fix automatic metadata update + + Support build-update-repo --redirect-url= + + Add a missing return + + Drop an unused variable + + repo: Print out redirect url too + + Make it possible to unset values in update-repo + + Update docs for build-update-repo + + Document is-set keys in repo config + + Add a marker to rewritten desktop files + + tests: Make it possible to create multiple test repos + + tests: Allow overriding GPG args + + tests: Add a second gpg keyring + + tests: Add new test-repo.sh with initial GPG tests + + tests: Add tests for --redirect-url and new GPG key + + tests: run test-repo.sh with system repo too + + repo: Print out gpg key hash too + + Don't use gdbus-codegen autoptr generation + + common: Break out the flatpak progress calculator to a helper + method. + + Improve error wording + + Remove unused variables + + Remove an unused autoptr definition + + Add workaround to flatpak_repo_collect_sizes for uncommited + objects + + export: Add install/download size and metadata to commit + + build-update-repo: Use the size/metadata info in the commit + object + + builder: Use mkdtemp for initial git/bzr checkout + + builder: Allow specifying the git commit if the branch is a tag + + fix clang warning + + update-metadata: silently ignore for non-signed system-helper + case + + remote-add: Use the new system-helper for initial metadata + update + + remote-ls: Don't rely on active symlink value, use deploy data + + deploy: Uncouple active link from checksum + + deploy: Append the subdirs to the checkout dir + + update: flatpak update --subpath= means all subpaths + + update: If resused ostree repo fails, blow it away and create + new + + update: Fix update for partial commits with system-helper + + deploy: Verify that xa.metadata in the commit matches the + deployed file + + install: Limit the exported file to a whitelist + + Disable exported search providers by default + + exports: Fix up exporting of dbus service files + + Rewrite exported mimetype files + + Document flatpakrepo format extensions + + Document flatpakref format extensions + + dir: Report progress more frequently + + Require latest flatpak (2017.5) + + builder: Take "buildsystem" into consideration for cache + freshness + + builder: Add a install-rule to allow customized install + + run: Fix race condition in app identification + + Improve progress report calculation + + Use the nicer progress reporting for the CLI too + + Require ostree 2017.6 for the new progress APIs + + progress: Use the new atomic progress API + + progress: Simplify the progress calculations + + progress: Tweak metadata part of download + + progress: Don't report ??? in the bar while estimating + + Remove unused variable + + Bump libglnx, port to new tmpfile API + + Update to latest libglnx with tmpfile error fix + + Update to a libglnx that has GLnxTmpfiles fixed + + builder: Better debug output from the rofiles-fuse code + + builder: More GLnxTmpfile fixes + + OCI: Properly initialize all used progress fields + + builder: Fix segfault if appstream-compose fails + + complete: Don't read outside string + + Add version property to all dbus interfaces + + document-portal: Add AddFull() operation + + document-portal: Bump version to 2 due to new AddFull method + + builder: Make c/cxx/ldflags not override env + + builder: Update doc for latest cflags vs env var change + + builder: Add CPPFLAGS similar to the existing flags + + Update to latest libglnx and use the new GLnxTmpFile API + + Remove unused variable + + Add some hints when icons are not found + + Correct mountpoint handling + + Small documentation improvements + + common: Expose FlatpakExports + + common: Add flatpak_find_current_ref helper + + run: Use new flatpak_find_current_ref helper. + + common: Add flatpak_context_load_for_app helper + + document-portal: Lock just once in AddFull for many paths + + document-portal: Add XDP_ADD_FLAGS_AS_NEEDED_BY_APP to AddFull + + lib: Add flatpak_installation_update_appstream_full_sync with + progress + + Remove unused variables + + lib: Fix update checking + + builder: Add support for screenshot mirroring + + Use the CLI progress for update --appstream too + + export: Always set a xa.ref commit metadata + + progress: Update at 300msec on the CLI + + deploy: Ensure xa.ref, if set, is correct + + Dist test-keyring2 dir +- Changes from version 0.9.3: + + builder-manifest: Rename localized icon fields as well + + build-update-repo: g_warning doesn't need newlines in the + message + + docs: Add flatpak make-current to the list of commands + + doc: Align build commands with --help + + docs: Add a / to all mentions of installations.d + + doc: Add a manpage for the repo config format + + docs: Add a man page for installation files + + Fix --help output for --installation + + doc: Include all man pages in html + + appstream: Don't strip .desktop extension if thats the actual + id + + flatpak-builder: bundle module sources as runtime + + Bundle sources: add support for bzr + + Bundle sources: add support to bundle patches as well + + Bundle sources: add flag --bundle-sources to control the + bundling + + Bundle sources: the path is always sources + + Bundle sources: allow use case to mix local and online sources + + Bundle sources: rename option to --extra-sources=DIR + + Bundle sources: use git clone --shared for local sources + checkout + + Bundle sources: bundle the manifest + + Bundle source: use C-style comments + + Bundle sources: initialize app_dir_path later + + Bundle sources, git_get_mirror_dir: able to pass NULL for + is_local + + Bundle sources, bzr: set error when repo can not be found + + Bundle sources: bundling has to happen before the extracting + + Improve html generation + + Add some structure to the generated html + + Fix a typo in a comment + + run: Handle non-default WAYLAND_DISPLAY + + Drop useless options from flatpak info + + Avoid confusing behavior of flatpak info + + Add more useful options to flatpak info + + Add a --show-extensions option to flatpak info + + Fix the testsuite + + flatpak info: Show more information for extensions + + flatpak info: Properly handle unmaintained extensions + + Fix a compiler warning + + builder-module: add "bootstrap.sh" to autogen_names + + Add a repo command + + Document flatpak repo command + + Quiet compiler warnings + + Don't fail the build if rofiles-fuse is not available + + Make it a warning + + docs: Fix a typo + + Document build-extension + + More metadata docs + + build: Ensure we add the default dbus permissions + + builder: handle module-relative paths for json includes + + builder: Load source files from the directory of the module + + build: Always set personality to linux32 when cross-building + + builder: Print warnings for unknown properties + + Report full version in http user agent + + builder: Ignore --extra-data in flatpak-builder --run + + docs: Mention that rename-icon should not have an extension + + build-update-repo: Add internal function to create a single + delta + + build-update-repo: Spawn subprocesses when generating deltas + + builder: Use module-relative paths for archive sources too + + builder: Take build-commands into consideration for rebuild + + docs: Typo fix: "flatpack-builder" -> "flatpak-builder" + + builder: Use flatpak_mkdir_p instead of query + mkdir + + common: Add flatpak_build_file[_va] helper + + builder: Add builder_context_find_in_sources_dirs + + builder: Use context_find_in_sources_dirs to simplify code + + Extend flatpak-builder test + + builder: Make git patch apply verbose by default + + Don't bundle inline (data:) URIs + + builder: Drop the storing of local files to data: uris + + fixup! common: Add flatpak_build_file[_va] helper + + builder: Convert bundle sources to cached stage + + builder: Change how we handle pre-existing git sources + + builder: Update bzr bundling + + export: Always make directories accessible + + builder: Strip trailing whitespace in git submodule urls + + builder: Add progress reporing while downloading + + builder: Fix up unused variable warnings from clang +- Changes from version 0.9.2: + + Fix typo + + Revert "Fix typo" + + builder: Remove all SDK extension from the platform + + Re-fix typo + + builder: Handle absolute paths in command + + builder: Add --default-branch=BRANCH + + build-export: Export all files with canonical permissions + + document more metadata keys + + Fix pofiles typo + + Bump libglnx, use new glnx_throw(), fix callers + + Import ostree's compiler warnings, fix up callers + + Fix build if libdwarf dir missing + + Correctly find system unmaintained extensions + + Stop using ostree trivial-httpd + + Drop -Werror for aggregate-returns + + Add forgotten file + + Removed a commented string + + builder: Add a hint about --force-clean + + test-webserver.sh: Remove accidental debug spew + + tests: Don't leak SimpleHTTPServers + + Add new API to the docs + + OCI: Verify that loaded OCI blobs have the correct checksum + + builder: Don't pass --require-version along to build + + Add flatpak_oci_registry_get_uri + + FlatpakDir: Break out helper + flatpak_dir_lookup_ref_from_summary + + oci: Break out get_digest_subpath helper function + + OCI: fstat in local_open_file helper + + OCI: Add flatpak_oci_registry_mirror_blob + + OCI: Add flatpak_archive_read_open_fd_with_checksum + + OCI: flatpak_pull_from_oci - verify manifest ref + + OCI: Verify layer checksum while applying + + OCI: Support OCI with system-helper by mirroring OCI repo + + update: Don't check for update short-circuit if we're not + pulling + + OCI: Add flatpak_oci_sign_data + + OCI: Add support for strict and mandatory json properties + + OCI: Add json format for atomic-based signatures + + OCI: Support signing build-bundld --oci output + + OCI: Verify signatures + + OCI: Fix signature checks on updates + + OCI: Use gpg signatures in tests-oci.sh + + utils: Prepare for libostree 2017.4 defining autocleanups + + Split the manifest file docs off + + CI: Add gpgme-devel to CI build environment + + Fix ostree autoptr checks for git master + + Fix unused variable errors reported by clang + + builder: make appstream-compose failure fatal + + dbus-proxy: Make Buffer refcounted + + dbus-proxy: Fix use-after free in header parsing + + dbus: proxy fix leak in get_arg0_string + + dbus-proxy: Fix leak of get_arg0_string return value + + dbus-proxy: Fix leak in setup phase + + system-helper: Fix check for downgrade + + update: Only allow downgrades if a commit is explicitly + specified + + Handle uris better when detecting .flatpak[repo,ref] suffix + + Use ostree's BARE_USER_ONLY flag (#674) + + Build with large file support + + Use correct format string for guint64 on 32-bit + + builder: Add disable-fsckobjects to git sources + + builder: Add commit property to git source + + builder: Support sdk-extensions also for apps + + Updated translations. +- Add libqgpgme-devel BuildRequires: New dependency. + +------------------------------------------------------------------- +Fri Jul 21 00:09:01 UTC 2017 - adrien.plazas@suse.com + +- Update to version 0.9.1: + + The flatpak-builder build cache now uses the rofiles-fuse + ostree feature. + + The cflags and cxxflags module properties now work by + appending, rather that replacing, when there are multiple + values specified. + + Do not invalidate build cache when the installed version of the + SDK changed by default. Use --rebuild-on-sdk-change to force + rebuild otherwise. + + The build cache is now per-arch. + + New buildsystem "cmake-ninja" which works like "cmake", but + builds using ninja. + + New buildsystem "simple" which just runs a set of shell + commands specified in the "build-commands" property. + + flatpak-builder now has build-runtime and build-extension + properties that makes it easier to build runtimes and + extensions. + + FLATPAK_DEST is set in the build environment to the + installation destination. + + flatpak-builder now supports --from-git=URL which pulls the + json manifest and related files directly from a git repo. + + modules have a new no-make-install property which skips the + make install step. + + Modules and sources have only-arches and skip-arches + properties, which lets you enable/disable them based on the + build architecture. + + build-options has a new property ldflags, which is similar to + cflags and cxxflags. + + flatpak build (and thus flatpak-builder --run) now supports + dbus proxies when needed. + + All git repos are cloned with fsckObjects=true, which means we + verify that the repos are valid. + + New flatpak-builder argument --build-shell=MODULE extracts and + prepares the sources for a specified module and then starts a + build sandbox inside it. + + build-export: Now supports --timestamp=ISO-8601-TIMESTAMP, + which allows you to create reproducible commits. + + The OCI support has been updated to the latest version of the + OCI image specification format. + + There is a new flatpak-bisect script that can be used to bisect + flatpak applications, looking for regressions. + + flatpak list got a revamp. It now shows more information, and + shows both apps and runtimes by default. + + flatpak remote-list was renamed flatpak remotes in order to + minimize confusion with flatpak remote-ls. The old name is + deprecated but still works. + +------------------------------------------------------------------- +Thu Jul 20 20:12:58 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.8.7: + + This is a minor security update, matching the behaviour on + master where we avoid ever creating setuid files or + world-writable directories. However, the fix is more localized + and does not require a new ostree. + + After pulling from a remote, always verify that the staged new + files and directories have safe permissions. + + Ensure ~/.local/share/flatpak is not readable to other users, + to avoid anyone ever seeing possibly world-writeable + directories therein. + + Fix double-setting a error in case of errors when pulling. + + Fix timeout in testcase. + +------------------------------------------------------------------- +Thu Jul 20 20:12:42 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.8.6: + + TMPDIR is now unset in the sandbox, if set on the host. Each + sandbox has a personal /tmp that is used. + + Flatpak run now works if /tmp is a symlink on the host. + + /etc/hosts and /etc/hosts.conf from the host are now exposed in + the sandbox in addition to /etc/resolv.conf. + + flatpak now stores the app id in the X-Flatpak key when + exporting a desktop file. + + Exports are now whitelisted, and the only thing you can + export are: desktop files, icons, dbus services. + This is somewhat different from the 0.9.x series, where als + mime definitions, and gnome-shell search providers are allowed. + + Fixed minor race condition in portal application + identification. + + Support WAYLAND_DISPLAY environment var. + + dbus-portal: Fix handling of NameHasOwner. + + run: Allow regular files for --filesystem=xdg-config/path. + + run: Allow --filesystem=xdg-config/subdir:ro (previously + it needed to be writable). + + Support for updating to new gpg keys and url when using + flatpak remote-modify --update-metadata. This is a manual + operation in 0.8.x but is automatic in the 0.9.x series. + +------------------------------------------------------------------- +Thu Jul 20 20:12:04 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.8.5: + + Fixed a use-after-free and some leaks in the dbus-proxy. This + is not currently believed to be exploitable, but the proxy is a + security boundary, so we still recommend to update. + + Regular updates now never allow updates to an older version + than what is currently installed (unless you explicitly specify + an old commit id). This closes a hole where a MITM attacker can + force clients to downgrade to an earlier (gpg-signed) version + of the application. + + The automatic detection of --from in flatpak install now + detects flatpakref extensions even in URIs that end in a query + string such as https://git.gnome.org/browse/gnome-apps-nightly/plain/gedit.flatpakref?h=stable + + The detection of "unmaintained" system extensions was broken, + and in some cases these extensions were not found. This now + always works. + + Flatpak now builds with latest OSTree. This required some + fixing for multiple definitions of the g_auto* macros as OSTree + now exports those. + + We no longer rely on ostree trivial-httpd for the tests, + because this is optional in later versions of ostree. Instead + we use the python SimpleHTTPServer. + + The minimum glib version has been corrected to 2.44. + + The minumum automake version has been increased to 1.13.4 + because some older version didn't work. + +------------------------------------------------------------------- +Fri Mar 10 20:58:11 UTC 2017 - dimstar@opensuse.org + +- Update to version 0.8.4: + + Fix no-systemd-user warning (it doesn't affect sandboxing + anymore). + + run: propagate wildcard xauth entries to app bundle. + + Don't remove origin remotes if some other ref uses it. + + Fix repeated download of locates on update. + + update: Don't update related refs from different remote. + + Initialize g_autofree string to NULL, not to crash when early + returning. + + document portal: Disable spice_read as it seems broken. + + Return the container from flatpak_get_system_installations(). + + Don't include newlines in error messages. + + utils: Fix list_unmtainained_refs. + + Avoid possible null dereference. + + utils: Fix flatpak_bundle_load typo. + + list: Don't check error twice. + + list-remotes: Handle remotes with no url specified. + + run: Handle error when enumerating /etc. + + zero-mtime: Handle error when enumerating directory. + + Fix error check when loading configuration. + + Support runtime-less extra-data. + + flatpak_list_extensions: Break out code into helper. + + extensions: Support multiple versions. + + Append flatpak data dirs if XDG_DATA_DIRS is already set + (gh#flatpak/flatpak#611). + + appstream: Don't add runtime to flatpak bundle tag for + runtimes. + + Split extra-data setup and fetch. + + Improve progress calculation. + + profile: Don't add flatpak to XDG_DATA_DIRS if its already + there. + + Updated translations. +- Drop flatpak-propagate-xauth-wildcard.patch: fixed upstream. + +------------------------------------------------------------------- +Tue Feb 21 16:42:32 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.8.3: + + In addition to the regular list of bugfixes this stable release + include backports of the updated OpenGL support from master. + This, in combination with the work in the runtime allows + flatpak to work out of the box with out-of-tree OpenGL drivers, + including the nvidia driver. + + Additionally, due to some complicated issues wrt ptrace and + user namespaces this version disables the use of user + namespaces if bubblewrap is setuid, as it cause problems for + the way flatpak portals identifies applications. + + Better handling of errors for extra-data. + + Handle extra-data properly for runtimes (as well as apps). + + Respect required version for runtimes (as well as apps). + + flatpak list: Don't break if some local ref is not deployed. + + builder: + - Look for appstream data in /app/share/metadata also. + - Fix buildsystem=cmake builds. + + Add progress reporting to extra-data download. + + Fix uid/gid for directories in document portal. + + Updated translations. + +------------------------------------------------------------------- +Wed Feb 15 15:28:07 UTC 2017 - adrien.plazas@suse.com + +- Add flatpak-propagate-xauth-wildcard.patch which ensures + applications have the right to communicate with the X server. + (gh#flatpak/flatpak#569). + +------------------------------------------------------------------- +Fri Feb 10 16:45:25 UTC 2017 - kamikazow@opensuse.org + +- Update to version 0.8.2: + + This is a bugfix and security update: + - Some of the bind-mounts that flatpak sets up were not + read-only as they should have. This includes: extensions, + system fonts, resolv.conf, localtime and machine-id. Many of + these are typically only writable by root, but some, like the + user-specific fonts and user-installed extensions could be + modified from the sandbox. + + Other fixes: + - There are new configure options for where to install dbus + configuration. + - Broken symlinks in the root directory no longer break flatpak + run. + - flatpak run with HOME in /var now works. + - dri access now also handles mali devices. + - install handles --arch when installing flatpakrefs. + - system-helper activation fixed on systemd-less setups. + - dbus-proxy now works without /run. + - During installation, failing to update a dependency is now + not fatal. + - /etc is now fully writable when building runtimes. + - --filesystem=xdg-config/foo now sets up the bind-mount from + the host dir even when not using :create. + +------------------------------------------------------------------- +Fri Feb 10 16:45:02 UTC 2017 - kamikazow@opensuse.org + +- Update to version 0.8.1: + + This is a bugfix and security update (CVE-2017-5226): + - Flatpak now uses seccomp to disallow the TIOCSTI ioctl in the + sandbox, which works around the possibility to inject text on + the controlling tty (CVE-2017-5226). + - This was previously fixed in bubblewrap in 0.1.6, but that + change has now been reverted as it introduced other problems + for flatpak. + + Update bundled bubblewrap to 0.1.7. + + Fix writing new file with O_EXCL in the document portal. + + Allow appstream data that doesn't have .desktop in the + component id, such as data for runtimes. + + Drop json-glib dependency from 1.2 to 1.0. + + Builder: Fail if unable to read included file. + + OCI: Ensure exported layers are readable by everyone. + + Fix extra-data download in gnome-software. + + Fix update-mime-database trigger when installing via the system + helper. + + Updating an app by installing a newer bundle now works again. + + Make /var/tmp not be on a tmpfs (it is now in + ~/.var/app/$appid/cache/tmp). + + Updated documentation. + + Updated translations. + +------------------------------------------------------------------- +Thu Dec 22 14:43:23 UTC 2016 - zaitor@opensuse.org + +- Update to version 0.8.0: + + This is the first release in a new series of stable releases + called 0.8.x. New features will be added to 0.9.x, and only + bugfixes will be backported to 0.8.x. The featureset of this + release is a good base to target if you're creating flatpaks + that should be widely usable. + + This release technically requires only OSTree 2016.14, and it + build fine with this, but we recommend using OSTree 2016.15, + because of the change in how it verifies the checksums of + commits in delta files. + + Flatpakrepo files now support a RuntimeRepo= key which points + to a flatpakrepo file. This means the user don't have to + manually configure a remote for the runtime, just reply to the + prompt to automatically do this when installing the app. + + We now support dependencies when installing bundles. This + includes required runtimes, related refs, and the equivalent of + RuntimeRepo. + + The support for OCI in flatpak has been updated to the latest + OCI spec version, and support has been added to directly + install flatpak applications from an OCI image. + + In flatpak install, the --from and --bundle options are now + optional if the argument has the correct suffix (.flatpakref + and .flatpak). + + Flatpak install now supports -y to let you avoid interactive + prompts. + + build-finish: + - We now export mime type files with the right name. + - New --require-version option let you specify a particular + version of flatpak, and older version of flatpak will not + install or update to the new version. + + build-sign: Allow signing all apps by omitting the id. + + Fix regression in the document portal when adding named files. + + build-import-bundle now signs the commit if you specify a gpg + key. + + Flatpak now reads configuration from + /etc/flatpak/installations.d which lets you support multiple + system-level installation paths. These can be accessed with + new --installation=... arguments to most of the commands. + + flatpak-builder: + - Support --jobs=N to limit parallel builds. + - Patch source got new options property that lets you pass + arguments to patch. + - New generic "buildsystem: type" option that replace the (now + deprecated) "cmake: true" option. This supports "autotools", + "cmake" and "meson". + +------------------------------------------------------------------- +Tue Nov 29 15:00:20 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.6.14: + + Update bundled bubblewrap to 0.1.4 which has some nice + bugfixes. + + Requires OSTree 2016.14, which allows us to drop some old + workarounds. + + When installing an application system-wide, don't consider + dependencies that are installed for the user only. + + Flatpak install --from now tries to re-use existing remotes to + avoid creating unnecessary origin remotes. + + Using --filesystem=$dir when $dir is a symlink-to-directory now + works. + + Using --filesystem=$file to expose unix sockets to the app is + now allowed. + + By default all the directories in ~/.var/app (except the app), + as well as ~/.local/share/flatpak are hidden in the sandbox. + + New option --filesystem=$dir:create which will create the + destination if it did not previously exist. + + --filesystem= now supports for xdg-[config|cache|data]. This + allows you access to the host versions of these xdg dirs. + Additionally if you use these with a subdirectory, like: + --filesystem=xdg-config/subdir then that subdirectory on the + host will be shared with the per-app instance of the xdg-dir. + + Builder now correctly handles app-ids that have dashes in them. + Previously this generated invalid ids for the debuginfo and + locale extensions. + + The experimental OCI file format support was changed from + creating an OCI container to creating an OCI image. + + Fix regression where "flatpak update --appstream remotename" + broke. + +------------------------------------------------------------------- +Thu Nov 3 17:10:34 UTC 2016 - dimstar@opensuse.org + +- Require flatpak by flatpak-devel: xdg-desktop-portal expects to + find org.freedesktop.portal.Documents.xml, which is part of + flatpak. It's fair to assume everything to be present when + pulling in the -devel package. + +------------------------------------------------------------------- +Wed Oct 26 09:23:14 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.6.13: + + The command line arguments for install/update/uninstall + changed. + + Application runtime depencenies are checked/downloaded. + + remote-add and install --from now supports uris. + + flatpak run can now launch a runtime directly. + + Updated bubblewrap to 0.1.3 (CVE-2016-8659). + + Support for defining the default branch per remote. + + remote-add/modify: --update-metadata pulls current title and + default branch from remote summary file. + + Applications can now list a set of URIs that will be downloaded + with the application. + + flatpak-builder: Support --finish-only and + --allow-missing-runtimes. + + flatpak-builder: Support app layering. + + dbus proxy: The filtering has been tightened up. + + build-finish: Now exports icons for themes other than hicolor + too. + + There is support in the app metadata for generic policies. + + Support for extensions directories. + +------------------------------------------------------------------- +Mon Oct 10 17:41:27 UTC 2016 - zaitor@opensuse.org + +- Update to version 0.6.12: + + Partial revert in application id rules. Application ids can now + only have dashes in the last element. This allows apps to + export files such as org.my.App-extra.desktop which was used by + the libreoffice builds. + + By default the kernel keyring is not accessable, as it is not + containable. + + Some robustness fixes for build-commit-from. + + Better error messages. + + flatpak update --appstream now updates for all remotes. + + Made flatpak enter work, and you can now use any pid in the + sandbox. However, it requires root permissions. + + Support for --device=kvm for /dev/kvm access. + + Support for --allow=multiarch to support non-primary arch + support. For example running i686 code in an x86_64 app. + + Add new default-branch setting for the remote configuration. +- Changes from version 0.6.11: + + Dashes are now allowed in application ids. However, to still + work with symbolic icon names, they may not end with + "-symbolic". + + HostCommand now handles ptys correctly. + + Various documentation updates. + + New FLATPAK_CHECK_VERSION macro in libflatpak. + + HostCommand now returns the real PID rather than a fake one. + + Fix regression in flatpak update --appstream. + + Fix regression installing bundles without origin urls. + + New flatpak-builder option --show-deps lists all the files the + manifest depends on. + +------------------------------------------------------------------- +Mon Sep 19 17:51:42 UTC 2016 - zaitor@opensuse.org + +- Update to version 0.6.10: + + Dropped requirement for systemd --user. The way we detect if an + process we're talking to is sandboxed, and what application id + it has doesn't use cgroups anymore, which means that the + dependency on systemd in the user session is now optional. This + also means the --no-desktop argument is not needed any more. + (It is still accepted but does nothing.) + + Initial support has been added for .flatpakref files. These are + simple key value files similar to .flatpakrepo files, however + they specify an application to install in addition to the repo + information. For example, gedit can be installed by downloading + https://sdk.gnome.org/gedit.flatpakref and running: flatpak + install --from gedit.flatpakref There is also library support + for this so it can be added to graphical installers (such as + gnome-software). + + Requires OSTree 2016.10. The change in how OSTree handles + mtimes in checkouts that was introduced in 2016.7 has been + reverted, and the required changes in Flatpak has been made. + This means that flatpak now depends on OSTree 2016.10. + + Requires Bubblewrap 0.1.2 for builds using the system + bubblewrap. Builds using the included copy need no changes. + + The $XDG_RUNTIME_DIR/flatpak-info file has added information + about the running application, and is now also securely + available for a running application from the host as + "/proc/$fd/root/.flatpak-info". This is what is used to + identify remote apps instead of the cgroup info. + + A new run permission --allow=devel has been added. An + application with this permission is allowed to use ptrace and + perf. This was previously only available during "flatpak build" + and "flatpak run -d". This is useful if you're packaging e.g. + an IDE. + + When an application is updated or removed a /app/.updated or + /app/.removed file is created for running instances. This can + be used by applications to trigger e.g. a restart for the new + version. + + A new dbus request "HostCommand" has been added to + org.freedesktop.Flatpak. This lets you run any command on the + host, and is therefore clearly not sandboxed, so access to this + should be limited. However, it is very useful if you're using + flatpak mainly as a distribution mechanism, for a non-sandboxed + application. + + flatpak-builder now supports running from inside a flatpak, by + auto-detecting this and using the HostCommand service to run + recursive flatpaks. + + Consecutive calls to flatpak build-update-repo has been speed + up. + + The document portal now allows sandboxed applications to create + references to files in /app and /usr (in the app/runtime). + + The update process now doesn't stop at the first failure. + +------------------------------------------------------------------- +Tue Sep 06 15:34:26 UTC 2016 - zaitor@opensuse.org + +- Update to version 0.6.9: + + Dropped dependency on libgsystem. + + Allow passing partial refs whenever a CLI command takes an app + or runtime name. + + New command build-commit-from creates a new commit based on the + contents of another commit (optionally from another local + repo). + + The sandbox now contains $XDG_RUNTIME_DIR/app/$APPID from the + host (and the directory is created if needed). + + update: Better output, and faster for the no updates case. + + build-export: Don't make most validation errors fail, instead + just print a warning. + + builder: + - Support local path references for git sources. + - Better handling of recursive git submodules. + - Fixed issues with the .pyc mtime rewriting. + - Handle symbolic icons for rename-icon. + - Add --stop-at=$module to do partial builds. + - Add --sandbox flag to disable the build from escaping from + the sandbox via build-args. + + Updated translations. +- Drop pkgconfig(libgsystem) BuildRequires following upstream. + +------------------------------------------------------------------- +Tue Aug 16 09:39:38 UTC 2016 - dmacvicar@suse.de + +- Update to version 0.6.8: + + Requires OSTree 2016.7, allowing to enable use of static delta + for system downloads again. + + Support --no-desktop which allows you to run a flatpak app + outside a desktop, with some loss of functionallity + (for example, there will be no systemd --user scope created for + the app).. + + More documentation. + + Memory leak fixes. + + Initial support for rpms as flatpak-builder archive sources. + + Start work on translating the CLI. + + Install systemd config snippet to set the right XDG_DATA_DIRS + path. + + Support --arch in flatpak list. + + Support access() in the document portal. + + Validate exported desktop files. + +------------------------------------------------------------------- +Tue Jul 19 17:58:13 UTC 2016 - dimstar@opensuse.org + +- Change /usr/bin/tar Requires to /bin/tar: this has never been + moved to /usr/bin. + +------------------------------------------------------------------- +Sat Jul 02 11:51:25 UTC 2016 - zaitor@opensuse.org + +- Update to version 0.6.7: + + Expand the flatpak run --devel docs. + + Add an option for journal sockets. + + Document new socket option. + + Fix builddir option type in flatpak-builder documentation. + + document portal: don't reply to GetMountPoint() until ready. + + Downgrade failure to get document portal from warning to + message. + + tests: don't treat helper scripts as though they were tests. + + Run tests with a private XDG_RUNTIME_DIR. + + Add BWRAP and --with-system-bubblewrap configure arguments. + + test-basic: do not fail in non-English locales. + + Update to latest libglnx with lock release fix. + + fix warning. + + Fix leak in flatpak-installed-ref. + + utils: Add flatpak_spawnv() helper. + + builder: Add "use-git" option for patch source type. + + Make journal always available in the sandbox. + + builder: Report errors to stderr, not stdout. + + tests: Add test for "use-git" patch application. + + tests/test-builder.sh: Re-silence flatpak-builder. + + tests: Test install/updates with static deltas. + + extensions: Minor cleanup. + + Add tests for extensions. + + extensions: Always create a tmpfs for subdirectory extensions. + + common: Remove unused functions. + + utils: Add flatpak_get_current_locale_subpaths(). + + utils: Add flatpak_summary_match_subrefs. + + builder: Strip "." from locale names too. + + FlatpakDir: Add flatpak_dir_find_remote/local_related. + + Add flatpak_dir_install_or_update. + + Install/update/uninstall related refs. + + builder: Set the new extension properties. + + Bump version number since last release. + + Document the metadata format. + + lib: Support listing related refs. + + Add some code I used to test the new related refs code. + + doc/flatpak-metadata: Add some extra clarifications. + + Update NEWS. + + Require ostree 2016.6. + + builder: Clear mtime to 1, not 0, to match what new ostree + does. + + Remove unused variables. + +------------------------------------------------------------------- +Tue Jun 28 08:33:41 UTC 2016 - fcrozat@suse.com + +- Update to version 0.6.6: + + lib: Add flatpak_get_supported_arches. + + Add flatpak --supported-arches. + + common: Make some internal functions static. + + update: Always look at all existing apps when updating. + + Disable static deltas for system-helper updates. + + Make finding refs handle multi-arch. + + make-current: Use find_installed_ref(). + + remote-ls: Better multiarch support. +- Changes from 0.6.5: + + Documentation improvements + + builder: Check that the specified command exists after build is + done. + + builder: Fix up mtime in headers for python precompiled files. + + builder: Allow submodules and including modules from other json + files. + + system-helper builds are optional (--disable-system-helper). + + system-helper: Support installing from local remotes and + bundles. + + Improved support for --subpath installs, including libflatpak + support. + + Improved command line completion. +- Create /var/lib/flatpak directory, own it and ensure system wide + repo exists when installing / updating flatpak package. +- Add pkgconfig(libarchive) >= 2.8.0 and gtk-doc to BuildRequires. +- Replace libelf-devel for pkgconfig(libelf) BuildRequires. +- Bump ostree minimal requirements to 2016.5. + +------------------------------------------------------------------- +Wed Jun 8 08:09:11 UTC 2016 - tchvatal@suse.com + +- Version update to 0.6.4: + + Rename to flatpack + + New homepage and download url + + Various fixes + +------------------------------------------------------------------- +Wed Apr 20 11:19:06 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.5.2: + + The way locale extensions work has changed. Now we build a + single extension for all locales, but we allow you to specify a + subset of it during installation and update time using the + --subpath commandline flag. The main reason for this is that + the many extensions didn't scale, both in technical terms + (large ostree summary file size), but also in terms of the UI + listing hundreds of uninteresting things. + + We no longer use sizes in the commit objects to get installed + and download size, instead we store some extra metadata in the + summary file. This allows us to get much faster access to + these, as with recent ostree versions we can cache the summary + file. + + New command xdg-app build-sign that lets you sign a commit at + any time. + + New argument xdg-app build --force-clean that removes + pre-existing build dirs. + + xdg-app run now uses the "current" version as the default if + you specify no branch or arch. It used to default to the + "master" branch. This will default to the last installed + version, but can be changed with xdg-app make-current. + + Added config-opts to the build-options in xdg-app-builder. This + allows you to extend the configure flags in an arch dependent + way. + + Documentation updates. + +------------------------------------------------------------------- +Fri Apr 08 14:33:59 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.5.1: + + xdg-app-builder: Don't export if --build-only specified. + + Prefer non-subdir extensions over subdir ones.. + + builder: Build single every-locale extension. + + Extract icons for all appstream components. + + Document xdg-app-build-bundle. + + Align contents of xdg-app.1 with xdg-app --help. + + Don't check that the name is a branch. + + Add xdg-app info to docs. + + builder: Use the right field for the platform cache checksum. + + builder: Checksum metadata-platform contents for cache too. + + builder: Actually respect the defined branch. + + Fix indentation. + + Support endianness markers in bundle files. + + seccomp: Always try to do the socket filtering, but don't fail + if not supported. + + seccomp: Allow running the target arch. + + doc: Minor reshuffling. + + XdgAppInstallation: Fix a doc typo. + + version information: Add documentaiton. + + XdgAppError: Add documentation. + + XdgAppInstallation: Add documentation. + + XdgAppRef: Add documentation. + + XdgAppInstalledRef: Add documentation. + + XdgAppRemoteRef: Add documentation. + + XdgAppRemote: Add documentation. + + docs: Pick up the version number automatically. + + docs: No need for a deprecated index. + + docs: Exclude more private headers. + + docs: Fix a typo. + + docs: Hide class structs. + + doc: Add xdg_app_installation_install_bundle. + + More class hiding. + + docs: Document XdgProgressCallback. + + helper: Use 64bit capset/capget versions. + + Release 0.5.1. + +------------------------------------------------------------------- +Thu Mar 17 10:31:33 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.5.0: + + Change xdg_app_bundle_ref_get_appdata to + xdg_app_bundle_ref_get_appstream. + + Update test-lib.c with the appstream api change. + + lib: Fix a tiny leak. + + lib: Add xdg_app_bundle_ref_get_origin(). + + Search for dwarf.h in configure. + + Post release version bump. + + Force /bin/sh as a shell. + + Ensure that the .ref file is always replaced. + + Get the new glnx_fd_close. + + Reimplement fuse backend. + + Now newlines needed in g_debug calls. + + Don't enumerate noenumerate remotes. + + document portal: Avoid some deadlock. + + fuse: Store basename in dir so we don't have to keep looking it + up. + + Flesh out document portal tests. + + xdg-app-buildeR: Remove unnecessary spew. + + No need for newlines in g_debug messages. + + Never use gvfs in the session helper. + + Avoid warning about refing null GVariant. + + Add change notification for the permissions store. + + Don't unnecessarily grow the buffer when loading files. + + Enabling gpg means require both signed commits and summaries. + + Update summary after generating deltas. + + Bump version to 0.5.0. + + Update NEWS. + + Add major_version to binary age. + +------------------------------------------------------------------- +Fri Mar 11 12:50:11 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.4.13: + + Fix xml printing of nodes with no children. + + Set xdg-app as the log domain. + + docs: Add docs for shell sources. + + Add a file header to bundles. + + builder: Add builder_get_debuginfo_file_references. + + builder: Build runtimes in /run/build-runtime. + + builder: Add sources referenced from debuginfo into Debug + runtime. + + Make /run/build and /run/build-runtime symlinks to the right + place. + + build-bundle: Add metadata file as metadata element. + + Fix typos in header. + + common: Break out bundle loader to helper utility. + + Remove unused variable. + + lib: Add XdgAppBundleRef. + + bundles: Verify that the header metadata matches the deployed + one at install. + + common: Move part of bundle install to helper functions. + + Remove origin repos on uninstall. + + Add test scripts that create trivial a runtime and app. + + Add make-test-bundles.sh. + + bundles: Don't lock during pull. + + lib: Add xdg_app_installation_install_bundle. + + Fix some compiler warning (unused vars). + + Allow specifying subdir of xdg dir, like: + --filesytem=xdg-download/subdir. + + Support --filesystem=xdg-run/foo. + + common: Break out xml appstream rewriting to helper functions. + + Add appdata to test apps. + + common: Add xdg_app_read_stream helper. + + common: Add and use xdg_app_appstream_xml_root_to_data. + + build-bundle: Extract appdata and icons into metadata. + + lib: Add XdgAppBundleRef api to get appdata and icons. + + build-update-repo: Add --generate-static-deltas option. + + lib: Add xdg_app_bundle_ref_get_installed_size(). + + Update version to 0.4.13. +- Add libdwarf-devel BuildRequires: new dependency. + +------------------------------------------------------------------- +Fri Mar 11 12:49:56 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.4.12: + + Update exports on uninstall too. + + Pass location of exports to triggers as arg1. + + Add option to disable sandbox triggers. + + Update exports on uninstall via library too. + + builder: Put all builds in a .xdg-app-builder/build subdir. + + helper: If stdout is a tty, mount tty as /dev/console. + + When rewriting Exec lines, don't use full bindir. + + Revert "When rewriting Exec lines, don't use full bindir". + + Allow overriding XDG_APP_BINDIR using make vars. + + Work around race when doing first initial appstream checkout. + + info: Fix support for system installed runtimes (typo). + + Make system repo bare-user too, to avoid any chance of creating + setuid bits. + + helper: drop caps in launcher. + + builder: Report errors if eu_strip fails. + + lib: Return GBytes from xdg_app_installed_ref_load_metadata(). + + lib: Add xdg_app_installation_get_path. + + builder: Always create unversioned symlinks while building + modules. + + builder: Add build_context_get_build_dir(). + + builder: Move CFLAGS/CXXFLAGS handling into BuilderOptions. + + builder: Add support for --run to start a command in the + build dir. + + builder: Support local archives with path property. + + build-init: Support --tag=FOO. + + builder: Support tags. + + deploy: Add metadata tags to exported desktop files. + + appstream: Add runtime, sdk and tags to appstream xml. + + Add xdg_app_installation_get_remote_by_name. + + Remove all appstream checkouts and mirrored refs when deleting + remote. + + common: Add XDG_APP_CP_FLAGS_MOVE support. + + Add docs for appstream-compose option. + + builder: Support separating out locale data. + + Move migrate_locales to builder-utils.c. + + Migrate locales after importing parent runtime. + + Add support for separated locales when creating platforms. + + Always create /etc/passwd,group,resolve.conf,machine-id when + deploying. + + Fix use after free. + + helper: Put monitor path in /run/host instead of + /run/user/$uid. + + When deploying, always make /etc/resolve.conf a symlink into + the monitor dir. + + Release 0.4.12. + +------------------------------------------------------------------- +Tue Feb 16 09:59:06 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.4.11: + + install: Fix assertion on runtime install + + Release 0.4.11 + +------------------------------------------------------------------- +Tue Feb 16 09:58:55 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.4.10: + + Fix some g_propagate_error typos + + builder: Avoid reusing set GError + + Make sure we export files during install + + Updated for release + +------------------------------------------------------------------- +Tue Feb 16 09:58:44 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.4.9: + + install: Only set current for apps, not for runtimes + + builder: Add shell source + + helper: Make ~/.local/share/xdg-app writable again (if you have + homedir access) + + builder: Use non-parallel-make option instead of looking at + .NONPARALLEL + + Add xdg-app info command + + builder: Store exact sdk commit id in the build cache and + manifest + + lib: Fix crash during uninstall + + install-app: Actually look for apps, not runtimes + + common: Always resolve active symlink when looking up deploy + dir + + Add app-path to the xdg-app-info in the sandbox + + app-utils: typo + + Don't export app-info files + + builder: Use predictable names for build dirs + + Make arches canonical + + Bump version to 0.4.9 + +------------------------------------------------------------------- +Tue Feb 16 09:58:34 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.4.8: + + update-repo: Escape text when writing xml + + docs: Fix gtk-doc documentation + + helper: Make user namespace support vs setuid a runtime, not + build-time option + + Require some way to set cgroup for apps (currently systemd + --user) + + Avoid gtk-doc warnings: multiple ID for constraint linkend + + Complete documentation for XdgAppInstallation + + Document the structs in libxdg-app + + Fix some misc. gtk-doc warnings + + lib: Add some missing docs + + lib: Fix up doc details + + Make xauth use optional + + Finish the optional xauth work + + Fix include order to build with older libsoup versions + + helper: Update the error messages to not refer to + --disable-userns + + utils: Fix nul termination of xdg_app_spawn output + + builder: Skip checking out disabled submodules + + builder: Style fixes + + Build top-level directory before building documentation + + Hide non-public symbols from libglnx and libxdgapp-common + + Rename xdg-app-session.service to the recommended name + + Add systemd user units corresponding to the D-Bus session + services + + .gitignore: ignore tests and their results + + test-doc-portal: split out global setup/teardown into functions + + test-doc-portal: skip all tests if no FUSE + + Consistently call g_assert_no_error before other assertions + + Move XDG_APP_SYSTEMDIR to /var/lib/xdg-app or similar + + Support a proxy on the system bus similar to the one on the + session bus + + Disable gtkdoc-check by default for now + + Distribute .service.in files in tarballs + + Remove unset variable from EXTRA_DIST + + Update tests' dependencies for commit 2f38ec65 + + Release 0.4.8 + +------------------------------------------------------------------- +Tue Feb 16 09:58:23 UTC 2016 - dimstar@opensuse.org + +- Update to version 0.4.7: + + libglnx: Update to get glib 2.44 build fix + + lib: Change how listing installed refs work + + lib: Return GPtrArray from xdg_app_remote_list_refs_sync + + lib: Always use "branch" not "version" in API + + apps: Use "branch", not "version" when talking about app + branches + + lib: get_current => get_is_current + + lib: Move fetch_metadata_sync from RemoteRef to Remote + + lib: Move app launching to XdgAppInstallation + + lib: Move all sync operations from XdgAppRemote to + XdgAppInstallation + + lib: Make list_remotes return a GPtrArray + + lib: Add xdg_app_ref_format_ref + + lib: Add xdg_app_installation_list_installed_refs_for_update + + common: Add xdg_app_strcmp0_ptr and use it in all + g_ptr_array_sort calls + + ls-remote: Support showing remote commit ids + + list-*: Show active commit ids + + app: Limit commit id output to 12 chars + + app: Use space, not tab to delimit columns + + app: Support --no-pull and --no-deploy in the install and + update commands + + common: Add xdg_app_dir_read_latest helper + + lib: Expose latest_commit on installed app and let you use it + + lib: Always initialize the repo on Installation creation + + lib: Add cancellable to Installation constructors + + apps: Make it more obvious that system repo is default + + list-remotes: Default to list only system remotes + + install-bundle: Make the repo title shorter + + lib/app: Add support for repo priorities + + builder: Add --disable-updates + + XdgAppDir: Touch .changes file each time something changes + + lib: Add xdg_app_installation_create_monitor + + XdgAppDir: Remove leftover spew + + build-finish: Add --no-exports + + build-export: Add --runtime commit support + + build-export: Look in the right keyfile group when exporting + runtimes + + add-remote: Fix typo in prio handling + + add-remote: Fix typo in no-enumerate handling + + build-export: FLAGS_GENERATE_SIZES when commiting + + builder: Print all files removed by cleanup + + builder: Use libelf to detect elf files + + builder: Add support for separating out debuginfo + + builder: Break out helpers for path matching + + builder: Pass down keep-build-dirs via BuildContext + + builder: Pass down global cleanups via BuildContext + + builder: Match debuginfo files against regular cleanup patterns + + builder: Clean up how the commit filters work + + common: Move path_match_prefix to common + + export: Support --exclude + + builder: Create metadata.debuginfo if debug info exists + + export: Allow custom source for "files" and "metadata" + + run: Fix support for app extensions + + builder: Add support for exporting with --repo=foo + + export: Add docs for the new command line arguments + + build-finish: Don't leave empty directories in the exports dir + + helper: Print nicer error messages when user namespaces don't + work. + + run: Be more flexible with --runtime option, and add + --runtime-version + + helper: Add missing arguments to usage output + + helper: Allow specifying initial cwd + + build: Add --bind-mount and --build-dir arguments + + builder: Run builds in /run/build/$modulename + + helper: Align help output + + builder: Add option to enable ccache use in build + + builder: Pass --body, --subject and --gpg-sign to build-export + + builder: Don't break if ccache not enabled. + + builder: Add some more spew when exporting + + builder: Fix handling of builddir + + install: Fix printing of NULL in already-installed error + message + + builder: Fix up cleanup matching + + builder: Add support for rename-appdata-file option + + build-finish: Export appdata files + + builder: Change the way the cache is indexed + + xdg-app: Deprecate install/update/uninstall-app/runtime + + xdg-app: Update the command names and make nicer usage output + + docs: Update for the new command names + + Merge list-apps and list-runtimes into single list command + + remote-ls: Regularize --runtime and --app user + + completion: Update to the new cli commands + + builder: Also apply cleanup to changes in usr + + XdgAppDir: Add helper to fetch the size info for a commit + + lib: xdg_app_installation_fetch_remote_size_sync + + builder: Add some spew when downloading files + + Better handling of the title in the summary + + common: Add XdgAppTempDir which cleans up temporary directories + + build-repo-update: Update appdata branch using appdata-builder + + xdg_app_installation_list_remote_refs_sync: Don't crash on + weird refs + + build-update-repo: Add --appdata update option + + XdgAppDir: Document some args to xdg_app_dir_fetch_sizes + + lib: Add xdg_app_installation_update_appdata_sync + + builder: Don't delete the APPDIR directory + + docs: Add missing full stops in xdg-app-builder manpage + + cache: Remove target directory before checking out cache + + build-export: Add --include option + + builder: Correctly handling non-existing app dir when applying + cache + + builder: Allow building runtime sdks (based on existing sdk) + + Builder: Support commiting a platform + + builder: Fix random crash due to uninitialized memory + + cache: Don't fail to create cache if parent dir is not created + + The plural of appdata is appstream + + Add support to gpg sign summaries and appstream + + builder: Handle modules with invalid refname characters in the + cache + + override: Fix error if override file doesn't already exist + + build-update-repo: Add --prune and --prune-depth options + + override: Fix warning + + Remove unused variables + + Fix possible read of uninitialized variable + + builder: Fix error with va_start use + + builder: Remove leftover debug spew + + lib: Add getter for installed size on InstalledRef + + lib: Add xdg_app_remote_get_appstream_dir + + build-finish: Fix exports + + lib: update_appstream - work around main context issue + + update-appstream: Don't fail badly if remote has not appstream + branch + + lib: Allow passing NULL for remote name in update_appstream + + appstream: Don't try to remove old appstream if it doesn't + exist + + Revert "lib: Allow passing NULL for remote name in + update_appstream" + + builder: Put debuginfo in the right place for runtimes + + common: Add xdg_app_list_extensions util + + run: Use the new xdg_app_list_extensions helper + + build-init: Add --sdk-extension + + builder: Support sdk-extensions + + builder: Add platform-extensions + + appstream: Add timestamp which is updated each time the + appstream is pulled + + lib: Add xdg_app_ref_parse + + build-finish: Export app-info, not appdata + + build-update-repo: Update the appstream using a GMarkup parser + on the app-info files + + utils: Extract the xml helpers + + build: When using a writable /usr, don't use runtime extensions + + xdg-app-utils: Add autocleanup for GZlib* + + common: Add xdg_app_cp_a + + build-init: Don't copy uid/gid when initializing a writable sdk + + common: fix handling of no_chown in xdg_app_cp_a + + build-init: Also use the new cp_a for sdk extensions + + build-export: Never export files you can't read + + builder: Add some spew before build-init + + builder: Add spew when commiting to cache + + XdgAppDir: Make sure we always constole end status lines that + we start + + dir: Properly finish OstreeAsyncProgress objects + + lib: Properly finishe OstreeAsyncProgress objects + + update: Make both branch and name optional + + Move the GZlib* autoptr backport to libglnx + + builder: support using appstream-compose to create appstream + files + + Always build libxmlapp + + update-appstream: Fix crash in case there are no 128x128 icons + + Update NEWS for release + + Bump version to 0.4.7 +- Add libelf-devel BuildRequires: new dependency. +- Split out new packages: libxdg-app0, typelib-1_0-XdgApp-1_0 and + a -devel package. + +------------------------------------------------------------------- +Thu Dec 24 01:03:35 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.4.6: + + utils: Add xdg_app_supports_bundles + + add build-bundle command + + Add install-bundle command + + Add completion for bundle ops + + Drop dump-runtime command for now + + Always make it possible to talk to the built in portals + + Add xdg-app.pc file with variable for interfaces_dir + + lib: Export xdg_app_context_set_session_bus_policy + + deploy: Explicitly pull from the origin + + Add autoptr cleanup backport for SoupUri + + Handle PWD env var correctly when spawning apps/builds + + build: Set fs access before applying args so you can + override it + + Add xdg-app-builder + + builder: Add --build-only argument + + xdg-app-builder: Update docs + + Correct license, we're LGPL 2+, not 3+ + + Remove unused helper function + + xdg-app run: Fix support for --filesystem=~/dir + + Support defining read-only filesystem access + + portals: Only give blanket access to session-*.scope systemd + cgroup + + Create xdg-app-info file in user runtime dir with effective + state + + Add standard errors needed for portal + + Rename lib/ to common/ in preparation for public xdg-app + library + + builder: Add support for cmake and forced builddir + + builder: Add more headers around the spew for each new module + + builder: builddir != srcdir was broken becasue we never created + the buildir + + builder: Fix typo in cmake support + + Remove leftover semicolon + + builder: Add submodule support for git sources + + builder: Add post-install script support + + builder: Add docs for post-install + + Add script source type + + builder: Support building from a subdirectory of the sources + + Remove stray semicolons + + xdg-app-utils: Correct SoupUri -> SoupURI typo. + + builder: Build with "make", not "make all" + + Update libglnx for new backports + + Fix some warnings + + builder: Fix build with g_autoptr backports + + builder: Consider the build_option when checksumming + + builder: Add support for copy-icon option + + builder: Error out if rename_error is set but not found + + builder: Don't use ":" in uri-as-filename + + Docs: Fix some tiny typos + + document portal: Add AddNamed method for host-side use + + builder: Merge spawn helpers to single base helper + + ls-remote: Remove unnecessary code + + Initial version of libxdg-app + + build: Fix include path for builddir != srcdir + + build: Switch to olddir after autoreconf + + builder: Be a bit more verbose when pulling VCS + + builder: Prune old branches when updating mirror + + Add introspection check + + XdgAppDir: Add some helpers for handling remotes + + list/ls-remotes: Use the new remote helpers + + lib: Use the new remote helpers + + Add introspection support to libxdg-app + + Add xdg_app_dir_fetch_remote_title and remote old custom + summary fetcher + + Annotate transfer rules for ambiguous return values + + Add no-enumerate flag to remote and set if for bundle origin + remotes + + lib: Make getters for XdgAppRemote return copies of strings for + options + + helper: Allow exec on the tmpfs. + + lib: Add XdgAppRemoteRef subclass + + Generate the API reference for libxdg-app + + Add XdgAppRemoteRef do docs + + XdgAppDeploy: Fix wrong types in finalizer + + common: Move typedef to separate header to avoid circular deps + + Remove unused variable + + Move most of builtins-run to xdg_app_run_app helper + + common: Clean up xdg_app_run_app() + + helper: Mount dconf run dir writable, as dconf needs this. + + xdg_app_run_app: Handle error == NULL + + lib: Add xdg_app_installed_ref_launch() + + lib: Add remote_name to XdgAppRemoteRef + + lib: Rename xdg_app_remote_list_refs to + xdg_app_remote_list_refs_sync + + lib: Add some more debug spew to test-lib + + lib: xdg_app_remote_fetch_ref_sync + + lib: Always load installed ref metadata each time + + lib: Add XdgAppDir to RemoteRef private + + lib: Fix declaration of xdg_app_installed_ref_load_metadata + + lib: Add xdg_app_remote_ref_fetch_metadata_sync helper + + lib: Minor indentation cleanups + + lib: Add xdg_app_installation_load_app_overrides() + + common: Make it explicit that XdgAppError are portal errors + + builder: Allow git uris to be relative to the base directory + + common: Make XdgAppDir soup session initilization threadsafe + + builder: Make the builder manifest objects serializable to json + + builder: Break out download_uri helper function in SourceFile + + builder: Allow optionally specifying remote file sources + + builder: Use SoupRequest to simplify download helpers + + builder: Support data: uri for files + + builder: Support specifying revision in bzr sources + + builder: Support specifying commit ids as git branches + + Builder: Add a resolved version of the manifest to the built + app + + builder: Add --keep-build-dirs option + + builder: Remove accidental leftover spew + + builder: After fetching the mirrored git repo, set back the + right origin + + completion: Fix completion of apps/runtimes in a remote + + completion: Fix completion for xdg-app run + + builder: Fix build with old glib + + lib: Fix build with older glib + + builder: Fix typo in patch applying + + lib: Better fix for old glib + + app: Fix warning if building with --disable-userns + + lib: Fix compiler warning in test app + + common: Fix compiler warning when built with --disable-userns + + XdgAppDir: Add set_origin helper function + + Bump libglnx to latest version + + lib: Add xdg_app_installation_install + + app: Clean up leftover removes after updates too + + lib: Add xdg_app_installation_update + + Fix unused variable warnings + + helper: Properly unescape strings + + lib: Add xdg_app_dir_undeploy_all and xdg_app_dir_remove_ref + helpers + + common: Add xdg_app_compose_ref helper + + Use xdg_app_compose_ref helper + + lib: Add xdg_app_installation_uninstall + + common: Add and use xdg_app_dir_deploy_update() + + lib: Add custom GError codes + + lib: Use the new installed/not-installed custom GErrors + + Add lock file for each xdg-app dir. + + builder: Allow specifying custom prefix + + build-init: Allow writable sdk + + builder: Support writable-sdk option + + builder: Don't fsync on cache checkouts + + builder: Store the cache in BARE_USER mode + + lib: Fix return value type warnings + + Bump version to 0.4.6 + + Add missing EXTRA_DIST to pass distcheck + + builder: Add cleanup-command property + + Add --enable-libxdgapp configure flag and disable lib by + default + + Update NEWS for 0.4.6 +- Add gobject-introspection-devel and pkgconfig(json-glib-1.0) + BuildRequires: new dependencies. + +------------------------------------------------------------------- +Thu Dec 24 01:03:09 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.4.5: + + build-export: Add support for signing build + + docs: Fix whitespace issues + + helper: Correctly zero terminate symlink targets + + helper: Also copy extra symlinks from / + + Always regenerate summary after export-build + + document-portal: Fix warning + + uninstall: Don't fail if there is no origin + + utils: Add xdg_app_decompose_ref() + + Always remove all leftover app/runtime traces on uninstall + + Correct capitalization on dbus interface filename + + Install dbus introspection files + + Move dbus invocation peer app detection to lib/ + + build-export: add human readable format to "Content Bytes + Written" + + helper: give xdg-app process access to /dev/ptmx + + helper: match whitespace to other options + + helper: unblock SIGCHILD before execvp() of child + + Create custom /etc/passwd and /etc/group with minimal content + + Update to 0.4.5 + +------------------------------------------------------------------- +Mon Oct 05 13:22:12 UTC 2015 - fcrozat@suse.com + +- Update to version 0.4.4: + + build: Fix srcdir != builddir from git + + build-export: Strip out uid/gid and xattrs + + fuse: Disable entry cache to work around race condition + + helper: Handle existing mounts with escaped characters + + Propagate Xauthority details to the sandbox if X11 is enabled +- Add pkgconfig(xau) to BuildRequires. + +------------------------------------------------------------------- +Mon Oct 05 13:21:25 UTC 2015 - fcrozat@suse.com + +- Update to version 0.4.3: + + Accept -d as --show-details in all commands that support it + + Fix regression is dbus proxy + + utils: Add xdg_app_fail + + Add --nofilesystem commandline arg + + Make usage_error return FALSE + + Add xdg-app dump-runtime command + + cleanup: Remove trivial use of goto out + + cleanup: Remove unused variables + + cleanup: Simplify code using xdg_app_fail + + Make sure we build against older ostree (without gpg import) + +------------------------------------------------------------------- +Mon Oct 05 13:20:48 UTC 2015 - fcrozat@suse.com + +- Update to version 0.4.2: + + run: When creating /etc symlinks, don't make symlinks to + symlinks + + xdg-app build: Support extensions + + run: Fix handling of which filesystems you can access + + remove some unused code + + run: Add /var/config and /var/data to sandbox + + add-remote: Allow specifying local pathname instead of uri + + Make seccomp optional + + Update to libglnx for new autocleanup backports + + Add xdg-app enter command + + Move table printer to xdg-app-utils.c + + list-remotes: Add support for listing both user and system + remotes + + list-apps/runtimes: User table printer + + bash_completion: Properly list apps when completing "run" + +------------------------------------------------------------------- +Wed Sep 30 09:26:04 UTC 2015 - zaitor@opensuse.org + +- Own %{_datadir}/dbus-1 and subfolder for openSUSE Tumbleweed. + +------------------------------------------------------------------- +Mon Sep 21 14:29:36 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.4.1: + + run: Allow perf and ptrace in debug and build mode. + + Mount nvidia device nodes in sandbox if dri allowed + + tests: Use check_PROGRAMS as the primary + + fuse: Supply mode when creating files + + Support version= in extension metadata + + Update NEWS and version to 0.4.1 + +------------------------------------------------------------------- +Mon Sep 21 14:29:17 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.4.0: + + Import xdg-document-portal from github repo + + Add GetMountPoint method for document portal + + Automatically start and mount document portal in sandbox + + document-portal: *always* use the by-app location + + Don't list empty names in opendir + + Change dbus name of session helper to org.freedesktop.XdgApp + + Rename dbus file to org.freedesktop.XdgApp + + Move gvdb to lib/ + + gvdb: Add gvdb_table_get_content + + Initial version of XdgAppDb + + Initial tests of the db + + Add XdgAppError + + Initial version of permission store + + Make document portal use the new permission store + + Switch document portal to use strings for document ids + + Document portal: Store paths, not uris + + Drop the xdp specific errors and use the xdg-app ones + + Remove ununsed variables reported by clang + + dbus-proxy: Fix flags arg passed to g_socket_receive_message + + dbus-proxy: Fix incorrect check of name policy + + dbus-proxy: Avoid clang warning + + Fix type of return + + Fix error check of policy parsing + + Fix const marking of string arrays. + + utils: Add AUTOLOCK macro + + autogen: Fix git submodules + + Update libglnx, use its copy of backports + + Use g_auto(GStrv) instead of glnx_strfreev + + helper: Add perf and ptrace to seccomp blacklist + + Markup AUTOLOCK with unused to avoid warnings + + fuse: Make filesystem multithreaded + + Add xdg_app_mkstempat + + Store and verify parent dir dev/ino and pass O_PATH fds + + Add xdg-app export-file to export files with the document + portal + + Add debug output for release + + fuse: Always open files with O_NOFOLLOW + + document-portals: Support unique documents + + document-portal: Use xdg_app_is_valid_name() to validate app + names + + export-files: Allow specifying app permissions + + document-portal: Actually respect WRITE permissions + + Add check-valgrind target + + db: Fix leak + + export-file: Fix leak + + Add minimal document portal tests + + fuse: Unmount previous fuse instance if ENOTCONN + + fuse: Add daemonizing switch + + test-doc-portal: Launch the portal manually + + fuse: Properly invalidate inodes and entries + + fuse: Raise entry cache times now that we invalidate + + fuse: Add some more debug spew + + document-portal: Allow dbus owner replacing + + document portal: Move locking explicitly into portal handlers + + export-file: Print the full document pathname + + document portal: Correctly handle recursive documents + + fuse: Drop DOC_DIR_INO_CLASS + + test-doc-portal: Fix unique boolean arg + + fuse: Add some more debug spew + + test-doc-portal: Work around GTestDbus env unsetting + + test-doc-portal: Add recursive file export test + + XdgAppContext: Properly handle masking things from parent + context + + run: Correctly report errors talking to document portal + + document portal: Fix crashes when dbus activated + + run: Never propagate DISPLAY if X socket not requested + + run: Read per-app override metadata file + + build-finish: Don't export hidden or backup files + + XdgAppContext: Always initialize bitfields + + run: Support system overrides as well as per-user + + create dirs with 755, not 777 + + Add new override builtin to override app permissions + + lib: Handle libsoup now having built-in autocleanup support + + add modify-remote command + + list-remotes: Add more details to remotes list + + Fix unused label warning + + Add XdgAppChainInputStream based on ostree version + + add/modify-remote: Support importing trusted gpg keys + + list-remotes: Separate columns with tab + + docs: Update remote related docs + + list-remotes: Use --show-details instead of --details + + Rename repo-contents to ls-remote + + Update docs for new/changes interface + + bash completion: Update to match the lastest options + + bump version to 0.4.0 + + Updated NEWS for release + + document portal: Add support for transient documents + + Fix distcheck issues +- Drop 0001-Finish-switch-to-glibc-s-xattr.patch: fixed upstream. +- Add pkgconfig(fuse) BuildRequires: new dependency. + +------------------------------------------------------------------- +Mon Aug 10 07:48:18 UTC 2015 - opensuse-packaging@opensuse.org + +- Update to version 0.3.6: + + helper: Fix typo in the socket-family blacklist. + + run: Make users fonts appear in /run/host/user-fonts. + + helper: Disable socket filters on x86. + + Write user-dirs.dirs under app's XDG_CONFIG_HOME. + + helper: Mount extra dirs/files only after all other mounts are + up. + + helper: Add all possible architectures to seccomp filter. + + Restructure directories and build. + + Add NEWS file. + + If home is accessible, make user-dirs.dir visible in custom + config dir. + + Bump version to 0.3.6. + +------------------------------------------------------------------- +Tue Jul 14 08:56:22 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.3.5: + + update: Don't remove existing deployment if there was no updates + + Bump version to 0.3.2 + + helper: Keep any existing old mount flags when remounting + + helper: Remove noremount hack now that we keep old mount flags + + helper: No need for a tmpfs on /dev these days + + configure: Add checks for docbook xsl/dtd + + Bump version to 0.3.3 + + Avoid unnecessary escapes in desktop file exports + + Bump version to 0.3.4 + + xdg-app.sh: /usr/local/share is also in the default + XDG_DATA_DIRS + + Add xdg-app.env file for gdm + + profile: Don't override pre-existing XDG_DATA_DIRS env vars + + Bump version to 0.3.5 + +------------------------------------------------------------------- +Tue Jun 09 07:55:25 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.3.1: + + helper: Clean up launched command line + + Bump version to 0.3.1 + +------------------------------------------------------------------- +Tue Jun 02 12:25:36 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.3+git.20150602.d781e27: + + Add a README + + Make symlinks lib64 -> usr/lib64, etc if those exist in the + runtime + + Fix debug message format string + + dbus proxy in progress + + Parse dbus headers + + Add some minimal policy on send/receive + + Flesh out filtering + + DBusProxy: Add non-filtering mode + + Add wildcard policies + + Better handling of fd passing + + dbus-proxy: Add some test policy + + Break out dbus proxy implementation to separate file + + Make xdg-dbus-proxy talk command line args and install it + + Only print headers when logging + + Allow runtime and apps to override environment variables + + Don't clear the [Vars] group in build-finish command and + improve error reporting + + Ignore errors in add_env_overrides() + + Actually unset the env variable when the value is empty + + Report error when --var option is missing '=' + + Close any unexpectedly inherited fds in helper monitor and + init. + + xdg-dbus-proxy: Add support for syncing via fd + + Fix path generation when recursively exporting a directory + + xdg-app-helper: Add -S fd support + + xdg-app run: use a dbus proxy if needed + + Clean up filtering and allow all messages from bus to client + + xdg-app-proxy: Only allow replies from the bus that we + requested + + xdg-app-proxy: Only allow pending replies from client + + xdg-app-proxy: Large rewrite of docs comment + + xdg-app-proxy: Don't filter unicast signals + + proxy: Don't forward method returns and errors with no + reply_serial + + proxy: Ensure that we SEE from peers we've gotten messages from + + proxy: unlink socket on exit + + proxy: Free some members on finalize + + proxy: Send initial AddMatch and GetNameOwner to handle policy + + proxy: Remove unneeded code for old name tracking + + Update docs wrt new ownership tracking code. + + proxy: Fully support policies for wildcarded names + + proxy: Update docs + + Some typo fixes + + Add missing space + + proxy: Fix double-free of socket control messages + + XdgAppDir: Add XdgAppDeploy helper object + + Add xdg_app_find_deploy_for_ref + + builtins-run: Use XdgAppDeploy + + Move setting of env vars from helper to launcher + + build: Use an strv for envp instead of a GPtrArray + + Add xdg_app_run_apply_env_vars() helper + + build: Apply runtime env vars + + builtin-run: Switch over to same env helpers + + More special casing of LD_LIBRARY_PATH + + Support filtering of session bus + + metadata: Rename [Vars] to [Environment Vars] + + build-init: Don't fail if /var/run already exists + + xdg-app build: Bind mount host resolv.conf during builds + + Only warn if removing old commits fail + + Bump version to 0.2 + + Fix a typo + + Fix build with old glib + + helper: Bind mount /sys subset + + Add a simple profile.d snippet for XDG_DATA_DIRS + + proxy: Minor cleanup for first byte case + + proxy: Properly detect authentication end + + proxy: Always read all incomming socket messages on each + mainloop callback + + proxy: Always send all possible queued messages in main + callback + + build: Fix srcdir != builddir from git + + Bump version to 0.2.1 + + Change /self to /app + + Add new XdgAppContext helper object + + Convert all builtins to the new metadata/arg formats using + XdgAppContext + + Make extra_dirs and lock_dirs dynammic + + helper: Add support for read/write extra dirs + + Add support for persistent homedirectory dirs + + helper: If old CWD is not mapped, use $HOME + + helper: Add support for moving files into sandbox + + Context: Finish support for filesystems + + run: Remove hardcoded GI_TYPELIB_PATH + + helper: Remove backwars compat /self symlink + + Update docs for new run command line options + + helper: Fix errors caused by create_file() return value change + + build: Always allow host fs access + + build: Remove duplicated helper arguments + + Bump version to 0.3.0 + + run: Fix typo that broke env var support + + helper: Only call get[ug]id() once at the start + + helper: Drop setuid and use user namespaces + + helper: Minor cleanup of uid/gid handling + + helper: Optionally add back setuid support + + Add xdg_app_dir_get_origin() helper + + Use xdg_app_dir_get_origin helper + + Show source repo when listing apps and runtimes + + Show version when listing apps and runtimes + + Make /var/cache persistent (in app-data cache dir) + + helper: Fix thinko due to create_file() return type change + + helper: Make all helper functions static + + Use seccomp to limit allowed syscalls + + helper: Make ~/.local/share/xdg-app read-only in sandbox + + helper: Don't fail if ~/.local/share/xdg-app does not exist + + run: If session helper not available, bind-mount + /etc/resolv.conf +- Add pkgconfig(libseccomp) BuildRequires: new dependency. + +------------------------------------------------------------------- +Wed Apr 8 20:42:14 UTC 2015 - dimstar@opensuse.org + +- Add ostree Requires: xdg-app can't start without its presence. + +------------------------------------------------------------------- +Wed Apr 08 09:46:56 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.1+git.20150407.fc8db2b: + + Add COPYING to reflect license headers + + Pass name into build-init and store in metadata + + build-finish: Only export files with app-id prefix + + Switch to using glibc xattrs. + + Remove dead code in xdg-app-builtins-build-finish.c. + + Remove dead code xdg-app-builtins-build-init.c. + + Remove dead code xdg-app-dir.c. + + xdg-app-builtins-list.c: Cleanup comma separator code +- Add 0001-Finish-switch-to-glibc-s-xattr.patch: complete port of + libgnx to xattr. + +------------------------------------------------------------------- +Mon Mar 23 13:11:29 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.0.1~20150323: + + Mount system fonts in /run/host/fonts + + deploy: Split the file rewriting and prefix checkout out from + the exporting + + Move update_exports out of deploy/undeploy + + Remove old code handling per-app data + + Add xdg_app_dir_list_refs[_for_name] helpers + + builtins-list: Use the new helper to list refs + + uninstal: Fix the cleanup of empty dirs + + Track which branch of an app is current + + Add make-app-current + + Make sure we initialize variables that auto-cleanup + + xdg-app-dir: Move exports to update_exports + + Import libglnx + + Convert to g_autoptr + + Use cleanup macros from libglnx + + Switch to GLnxDirFd + + Use glnx_set_error_from_errno + + Use g_steal_pointer + + Check for libattr header + + fixup g_steal_pointer use + + Fix dist + + Require ostree 2015.3 + + helper: Manually apply bind flags recursively + + Bump version to 0.1 + + Fix build on older glib + + Add copyright headers + +------------------------------------------------------------------- +Fri Mar 06 11:53:38 UTC 2015 - dimstar@opensuse.org + +- Update to version 0.0.1~20150305: + + Fix warning in add-remote if no summary. + + Look for libcap pkg-config file for cflags to ensure we have + the headers. + + Revert "Look for libcap pkg-config file for cflags to ensure we + have the headers". + + Check for sys/capability.h via AC_CHECK_HEADER instead. + + Run each app in a custom systemd user scope (if available). + + xdg-app-helper: Flesh out usage output. + + xdg-app-helper: Sort the command line parsing. + + Mount /run/media if mount-host-fs. + + Add metadata option to limit DRI access. + +------------------------------------------------------------------- +Thu Feb 19 17:05:02 UTC 2015 - dimstar@opensuse.org + +- Initial package. + diff --git a/flatpak.spec b/flatpak.spec new file mode 100644 index 0000000..98fa1f0 --- /dev/null +++ b/flatpak.spec @@ -0,0 +1,410 @@ +# +# spec file for package flatpak +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global selinuxtype targeted +%define libname libflatpak0 +%define bubblewrap_version 0.10.0 +%define ostree_version 2020.8 +%define xdg_dbus_proxy_version 0.1.0 + +# dbus only used config files in /etc until 1.9.18 +%if %{pkg_vcmp dbus-1 < 1.9.18} +%define _dbusconfigdir %{_sysconfdir}/dbus-1/system.d +%else +%define _dbusconfigdir %{_datadir}/dbus-1/system.d +%endif +# systemd only supports environment generators since version 233 +%if %{pkg_vcmp systemd < 233} +%define support_environment_generators 0 +%else +%define support_environment_generators 1 +%endif +Name: flatpak +Version: 1.15.10 +Release: 0 +Summary: OSTree based application bundles management +License: LGPL-2.1-or-later +Group: System/Packages +URL: https://flatpak.github.io/ +Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz +Source1: update-system-flatpaks.service +Source2: update-system-flatpaks.timer +Source3: update-user-flatpaks.service +Source4: update-user-flatpaks.timer +Source5: https://flathub.org/repo/flathub.flatpakrepo +# PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations +Patch0: polkit_rules_usability.patch +# PATCH-FIX-UPSTREAM libglnx.patch https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/57 +Patch1: libglnx.patch + +BuildRequires: bison +BuildRequires: bubblewrap >= %{bubblewrap_version} +BuildRequires: docbook-xsl-stylesheets +BuildRequires: gtk-doc +BuildRequires: intltool >= 0.35.0 +BuildRequires: libcap-devel +BuildRequires: libgpg-error-devel +BuildRequires: libgpgme-devel >= 1.1.8 +BuildRequires: libtool +BuildRequires: meson +BuildRequires: pkgconfig +BuildRequires: python3-pyparsing +BuildRequires: selinux-policy-%{selinuxtype} +BuildRequires: selinux-policy-devel +BuildRequires: systemd-rpm-macros +BuildRequires: sysuser-tools +BuildRequires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version} +BuildRequires: xmlto +BuildRequires: xsltproc +BuildRequires: pkgconfig(appstream) >= 0.12.0 +BuildRequires: pkgconfig(dconf) >= 0.26 +BuildRequires: pkgconfig(fuse3) >= 3.1.1 +BuildRequires: pkgconfig(gdk-pixbuf-2.0) +BuildRequires: pkgconfig(gio-2.0) +BuildRequires: pkgconfig(gio-unix-2.0) +BuildRequires: pkgconfig(glib-2.0) >= 2.46 +BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0 +BuildRequires: pkgconfig(gobject-introspection-no-export-1.0) >= 1.40.0 +BuildRequires: pkgconfig(json-glib-1.0) +BuildRequires: pkgconfig(libarchive) >= 2.8.0 +BuildRequires: pkgconfig(libcurl) >= 7.29.0 +BuildRequires: pkgconfig(libelf) >= 0.8.12 +BuildRequires: pkgconfig(libseccomp) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(libxml-2.0) >= 2.4 +BuildRequires: pkgconfig(libzstd) >= 0.8.1 +BuildRequires: pkgconfig(ostree-1) >= %{ostree_version} +BuildRequires: pkgconfig(polkit-gobject-1) +BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(wayland-client) >= 1.15 +BuildRequires: pkgconfig(wayland-protocols) >= 1.32 +BuildRequires: pkgconfig(wayland-scanner) >= 1.15 +BuildRequires: pkgconfig(xau) +Requires: %{libname} = %{version} +Requires: bubblewrap >= %{bubblewrap_version} +Requires: ostree >= %{ostree_version} +Requires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version} +Requires: xdg-desktop-portal >= 0.10 +Requires: (flatpak-selinux = %{version} if selinux-policy-%{selinuxtype}) +Requires: user(flatpak) +# as per documentation from flatpak 1.0: add weak dep on p11-kit-server for certificate transfer +Recommends: p11-kit-server +# Remove after openSUSE Leap 42 is out of scope +Provides: xdg-app = %{version} +Obsoletes: xdg-app < %{version} + +%description +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +%package -n system-user-flatpak +Summary: System user for the flatpak system helper +Group: System/Base +BuildArch: noarch +%sysusers_requires + +%description -n system-user-flatpak +System user for the flatpak system helper. + +%package -n %{libname} +Summary: OSTree based application bundle management library +Group: System/Libraries + +%description -n %{libname} +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +%package -n typelib-1_0-Flatpak-1_0 +Summary: Introspection bindings for the flatpak library +Group: System/Libraries + +%description -n typelib-1_0-Flatpak-1_0 +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +%package zsh-completion +Summary: Zsh tab-completion for flatpak +Group: System/Shells +Supplements: (%{name} and zsh) +BuildArch: noarch + +%description zsh-completion +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +This package provides zsh tab-completion for flatpak. + +%package devel +Summary: Development files for the flatpak library +Group: Development/Languages/C and C++ +Requires: %{libname} = %{version} +Requires: %{name} = %{version} +Requires: typelib-1_0-Flatpak-1_0 = %{version} + +%description devel +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +%package remote-flathub +Summary: Add Flathub repository to system flatpak +Group: System/Packages +Requires: flatpak +Requires(postun):flatpak +Requires(postun):sed +%if 0%{?suse_version} > 1600 +Supplements: flatpak +%endif +BuildArch: noarch + +%description remote-flathub +Flathub is a widely used repository for Flatpak applications. This package +adds the Flathub repository to the list of system flatpak remotes. + +%package selinux +Summary: SELinux policy module for flatpak +Group: System Environment/Base +Requires: flatpak +BuildArch: noarch +%{?selinux_requires} + +%description selinux +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +This package provides the SELinux policy module for flatpak. + +%postun remote-flathub +# upon uninstall +if [ $1 == 0 ]; then +# unregister the remote +flatpak remote-delete --system flathub +# and make sure it gets re-applied upon next install +sed -i "/^xa\.applied-remotes=/s/flathub[;]*//" %{_localstatedir}/lib/flatpak/repo/config +fi + +%lang_package + +%python3_fix_shebang + +%prep +%autosetup -p1 +sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-* + +%build +%meson \ + -Dsystem_bubblewrap=%{_bindir}/bwrap \ + -Dhttp_backend=curl \ + -Ddbus_config_dir=%{_dbusconfigdir} \ + -Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \ +%if !%{support_environment_generators} + -Dgdm_env_file=enabled \ +%endif + -Dgtkdoc=enabled \ + -Dwayland_security_context=enabled \ + -Dselinux_module=enabled \ + -Dtests=false \ + -Dmalcontent=disabled \ + %{nil} +%meson_build +%sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf + +%install +%meson_install +find %{buildroot} -type f -name "*.la" -delete -print +mkdir -p %{buildroot}%{_sbindir} +ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper +# add a 60- prefix to the rules file, otherwise it is not effective, because +# /etc/polkit-1/rules.d/90-default-privs.rules is executed first and if no +# polkit-default-privs rule grants access then an explicit reject is the +# result. This should fix bsc#984817, granting members of group wheel access +# w/o password entry. +mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules + +%if !%{support_environment_generators} +rm -Rf %{buildroot}%{_systemd_user_env_generator_dir} +rm -Rf %{buildroot}%{_systemd_system_env_generator_dir} +%endif + +# System update Systemd service and timer units +install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE1} +install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE2} + +# User update Systemd service and timer units +install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE3} +install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE4} + +# Flathub remote repository +install -D -m 644 -t %{buildroot}%{_sysconfdir}/flatpak/remotes.d %{SOURCE5} + +%find_lang %{name} + +%pre -n system-user-flatpak -f system-user-flatpak.pre +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%pre +%service_add_pre flatpak-system-helper.service +%service_add_pre update-system-flatpaks.service +%service_add_pre update-system-flatpaks.timer + +%preun +%service_del_preun flatpak-system-helper.service +%service_del_preun update-system-flatpaks.service +%service_del_preun update-system-flatpaks.timer + +%post +%service_add_post flatpak-system-helper.service +%service_add_post update-system-flatpaks.service +%service_add_post update-system-flatpaks.timer +# Remove any empty repo directory, which is seen as invalid by flatpak. After that, create a skeleton repository using "flatpak remotes". +if [ -e "%{_localstatedir}/lib/flatpak/repo" ] && [ -z "$(ls -A %{_localstatedir}/lib/flatpak/repo)" ]; then +rm -r %{_localstatedir}/lib/flatpak/repo +fi +%{_bindir}/flatpak remotes 1> /dev/null +%tmpfiles_create %{_tmpfilesdir}/flatpak.conf + +%postun +%service_del_postun flatpak-system-helper.service +%service_del_postun update-system-flatpaks.service +%service_del_postun update-system-flatpaks.timer + +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/flatpak.pp.bz2 + +%preun selinux +%selinux_relabel_pre -s %{selinuxtype} + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} flatpak + %selinux_relabel_post -s %{selinuxtype} +fi; + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} + +%files -f %{name}.lang +%license COPYING +%{_bindir}/flatpak +%{_libexecdir}/flatpak-portal +%{_libexecdir}/flatpak-session-helper +%{_libexecdir}/flatpak-system-helper +%{_libexecdir}/flatpak-validate-icon +%{_libexecdir}/revokefs-fuse +%{_datadir}/bash-completion/completions/flatpak +%dir %{_datadir}/fish +%dir %{_datadir}/fish/vendor_conf.d +%{_datadir}/fish/vendor_conf.d/flatpak.fish +%dir %{_datadir}/fish/vendor_completions.d +%{_datadir}/fish/vendor_completions.d/flatpak.fish +# # Own dirs so we don't have to depend on dbus for building. +%dir %{_datadir}/dbus-1 +%dir %{_datadir}/dbus-1/interfaces +%dir %{_datadir}/dbus-1/services +%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml +%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml +%{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service +%{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service +%{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service +%{_dbusconfigdir}/org.freedesktop.Flatpak.SystemHelper.conf +# policykit rules +%{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy +%{_datadir}/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules +%{_mandir}/man1/%{name}*.1%{?ext_man} +%{_mandir}/man5/flatpak-metadata.5%{?ext_man} +%{_mandir}/man5/flatpak-flatpakref.5%{?ext_man} +%{_mandir}/man5/flatpakref.5%{?ext_man} +%{_mandir}/man5/flatpak-flatpakrepo.5%{?ext_man} +%{_mandir}/man5/flatpakrepo.5%{?ext_man} +%{_mandir}/man5/flatpak-installation.5%{?ext_man} +%{_mandir}/man5/flatpak-remote.5%{?ext_man} +%{_datadir}/%{name}/ +%config %{_sysconfdir}/profile.d/flatpak.sh +%config %{_sysconfdir}/profile.d/flatpak.csh +%dir %{_sysconfdir}/flatpak +%dir %{_sysconfdir}/flatpak/remotes.d +%{_unitdir}/flatpak-system-helper.service +%{_unitdir}/update-system-flatpaks.{service,timer} +%{_userunitdir}/update-user-flatpaks.{service,timer} +%{_sbindir}/rcflatpak-system-helper +%{_userunitdir}/flatpak-session-helper.service +%{_userunitdir}/flatpak-portal.service +%ghost %dir %{_localstatedir}/lib/flatpak +%if %{support_environment_generators} +%dir %{_systemd_user_env_generator_dir} +%{_systemd_user_env_generator_dir}/60-flatpak +%{_systemd_system_env_generator_dir}/60-flatpak-system-only +%else +# Own dirs so we don't have to depend on gdm for building. +%dir %{_datadir}/gdm/ +%dir %{_datadir}/gdm/env.d/ +%{_datadir}/gdm/env.d/flatpak.env +%endif +%{_libexecdir}/flatpak-oci-authenticator +%{_userunitdir}/flatpak-oci-authenticator.service +%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml +%{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service +%{_tmpfilesdir}/flatpak.conf + +%files -n system-user-flatpak +%license COPYING +%{_sysusersdir}/flatpak.conf + +%files -n %{libname} +%license COPYING +%{_libdir}/libflatpak.so.* + +%files -n typelib-1_0-Flatpak-1_0 +%license COPYING +%{_libdir}/girepository-1.0/Flatpak-1.0.typelib + +%files zsh-completion +%license COPYING +%dir %{_datadir}/zsh/site-functions +%{_datadir}/zsh/site-functions/_flatpak + +%files devel +%license COPYING +%doc %{_datadir}/gtk-doc/html/flatpak +%dir %{_datadir}/doc/flatpak +%doc %{_datadir}/doc/flatpak/docbook.css +%doc %{_datadir}/doc/flatpak/flatpak-docs.html +%{_bindir}/flatpak-bisect +%{_bindir}/flatpak-coredumpctl +%{_libdir}/pkgconfig/flatpak.pc +%{_includedir}/%{name}/ +%{_libdir}/libflatpak.so +%{_datadir}/gir-1.0/Flatpak-1.0.gir + +%files remote-flathub +%config %{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo + +%files selinux +%{_datadir}/selinux/devel/include/contrib/flatpak.if +%{_datadir}/selinux/packages/flatpak.pp.bz2 + +%changelog diff --git a/libglnx.patch b/libglnx.patch new file mode 100644 index 0000000..f8bff37 --- /dev/null +++ b/libglnx.patch @@ -0,0 +1,13 @@ +Index: flatpak-1.15.8/subprojects/libglnx/meson.build +=================================================================== +--- flatpak-1.15.8.orig/subprojects/libglnx/meson.build ++++ flatpak-1.15.8/subprojects/libglnx/meson.build +@@ -40,7 +40,7 @@ foreach check_function : check_functions + #include + #include + +- int func (void) { ++ void func (void) { + (void) ''' + check_function + '''; + } + ''', diff --git a/polkit_rules_usability.patch b/polkit_rules_usability.patch new file mode 100644 index 0000000..818eb4c --- /dev/null +++ b/polkit_rules_usability.patch @@ -0,0 +1,16 @@ +Index: flatpak-0.11.8.3/system-helper/org.freedesktop.Flatpak.rules.in +=================================================================== +--- flatpak-0.11.8.3.orig/system-helper/org.freedesktop.Flatpak.rules.in ++++ flatpak-0.11.8.3/system-helper/org.freedesktop.Flatpak.rules.in +@@ -3,7 +3,10 @@ polkit.addRule(function(action, subject) + action.id == "org.freedesktop.Flatpak.runtime-install"|| + action.id == "org.freedesktop.Flatpak.app-uninstall" || + action.id == "org.freedesktop.Flatpak.runtime-uninstall" || +- action.id == "org.freedesktop.Flatpak.modify-repo") && ++ action.id == "org.freedesktop.Flatpak.modify-repo" || ++ action.id == "org.freedesktop.Flatpak.app-update" || ++ action.id == "org.freedesktop.Flatpak.runtime-update" || ++ action.id == "org.freedesktop.Flatpak.appstream-update") && + subject.active == true && subject.local == true && + subject.isInGroup("@privileged_group@")) { + return polkit.Result.YES; diff --git a/update-system-flatpaks.service b/update-system-flatpaks.service new file mode 100644 index 0000000..2a5ac39 --- /dev/null +++ b/update-system-flatpaks.service @@ -0,0 +1,12 @@ +[Unit] +Description=Update system Flatpaks +Documentation=man:flatpak-update(1) +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/flatpak --system update -y --noninteractive + +[Install] +WantedBy=default.target diff --git a/update-system-flatpaks.timer b/update-system-flatpaks.timer new file mode 100644 index 0000000..0e0aaa7 --- /dev/null +++ b/update-system-flatpaks.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Update system Flatpaks daily +Documentation=man:flatpak-update(1) + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/update-user-flatpaks.service b/update-user-flatpaks.service new file mode 100644 index 0000000..804b9ad --- /dev/null +++ b/update-user-flatpaks.service @@ -0,0 +1,12 @@ +[Unit] +Description=Update user Flatpaks +Documentation=man:flatpak-update(1) +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/flatpak --user update -y --noninteractive + +[Install] +WantedBy=default.target diff --git a/update-user-flatpaks.timer b/update-user-flatpaks.timer new file mode 100644 index 0000000..77f60c9 --- /dev/null +++ b/update-user-flatpaks.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Update user Flatpaks daily +Documentation=man:flatpak-update(1) + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=timers.target