Accepting request 659047 from GNOME:Factory

- Update to version 1.0.6:
  * This release fixes an issue that lets system-wide installed
    applications create setuid root files inside their app dir
    (somewhere in /var/lib/flatpak/app). Setuid support is disabled
    inside flatpaks, so such files are only a risk if the user runs
    them manually outside flatpak. Installing a flatpak system-wide
    needs root access, so this isn't a privilege elevation for
    non-root users.
  * The permissions of the files created by the apply_extra script is
    canonicalized and the script itself is run without any capabilities.
  * Better matching of existing remotes when the local and remote configuration
    differs wrt collection ids.
  * New flatpakrepo DeployCollectionID replaces CollectionID, doing the
    same thing. It is recommended to use this instead because older versions
    of flatpak has bugs in the support of collection ids, and this key
    will only be respected in versions where it works.
  * The X11 socket is now mounted read-only.

- Mark flatpak.sh as %config and move the systemhelper dbus config
  file under /usr
- Remove the flatpak-rpmlintrc file that is no longer needed.

- Make polkit_rules_usability.patch effective by adding a 60- prefix
  to the rules file. This will cause it to be executed before the (forwarded request 657831 from alarrosa)

OBS-URL: https://build.opensuse.org/request/show/659047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=25

_service

@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
-    <param name="revision">refs/tags/1.0.5</param>
+    <param name="revision">refs/tags/1.0.6</param>
   </service>
   <service name="recompress" mode="disabled">
     <param name="file">*.tar</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/flatpak/flatpak.git</param>
-              <param name="changesrevision">89a7da60a21678bd1fc4b020050cf66feb676a0d</param></service></servicedata>
+              <param name="changesrevision">38b5560c66a5b28287df964b6a61d928ec163ed2</param></service></servicedata>

flatpak-1.0.5.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c7cc295be5d5cf99d4fc29d523e6fe39620ee17c5357a295f71ab1934b6eb14d
-size 718180

flatpak-1.0.6.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0da41c8a5ee5782188fea4fd0376275dd6eba1c21e3bd59b1fd03cb367d7b4c4
+size 719476

flatpak-rpmlintrc

@@ -1,5 +0,0 @@
-# Files /etc/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
-# and /etc/profile.d/flatpak.sh are not actually config files so there's
-# no way we can mark them as %config
-
-addFilter("non-conffile-in-etc")

flatpak.changes

@@ -1,12 +1,40 @@
+-------------------------------------------------------------------
+Thu Dec 13 12:54:42 UTC 2018 - alarrosa@suse.com
+
+- Update to version 1.0.6:
+  * This release fixes an issue that lets system-wide installed
+    applications create setuid root files inside their app dir
+    (somewhere in /var/lib/flatpak/app). Setuid support is disabled
+    inside flatpaks, so such files are only a risk if the user runs
+    them manually outside flatpak. Installing a flatpak system-wide
+    needs root access, so this isn't a privilege elevation for
+    non-root users.
+  * The permissions of the files created by the apply_extra script is
+    canonicalized and the script itself is run without any capabilities.
+  * Better matching of existing remotes when the local and remote configuration
+    differs wrt collection ids.
+  * New flatpakrepo DeployCollectionID replaces CollectionID, doing the
+    same thing. It is recommended to use this instead because older versions
+    of flatpak has bugs in the support of collection ids, and this key
+    will only be respected in versions where it works.
+  * The X11 socket is now mounted read-only.
+
+-------------------------------------------------------------------
+Thu Dec 13 12:29:18 UTC 2018 - alarrosa@suse.com
+
+- Mark flatpak.sh as %config and move the systemhelper dbus config
+  file under /usr
+- Remove the flatpak-rpmlintrc file that is no longer needed.
+
 -------------------------------------------------------------------
 Fri Nov 16 10:09:01 UTC 2018 - matthias.gerstner@suse.com
 
-- Make polkit_rules_usability.patch effective by adding a 60- prefix to the
-  rules file. This will cause it to be executed before the
+- Make polkit_rules_usability.patch effective by adding a 60- prefix
+  to the rules file. This will cause it to be executed before the
   polkit-default-privs are executed (bsc#984817).
 
 -------------------------------------------------------------------
-Tue Nov 13 08:55:03 UTC 2018 - Antonio Larrosa <alarrosa@suse.com>
+Tue Nov 13 08:55:03 UTC 2018 - alarrosa@suse.com
 
 - Update to version 1.0.5:
   + Make the /etc -> /usr/etc bind-mounts read-only.

flatpak.spec

@@ -12,20 +12,19 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 %define libname libflatpak0
 Name:           flatpak
-Version:        1.0.5
+Version:        1.0.6
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later
 Group:          System/Packages
 URL:            https://flatpak.github.io/
 Source:         %{name}-%{version}.tar.xz
-Source99:       %{name}-rpmlintrc
 Patch0:         polkit_rules_usability.patch
 BuildRequires:  bison
 BuildRequires:  bubblewrap >= 0.2.1
@@ -124,7 +123,8 @@ NOCONFIGURE=1 ./autogen.sh
     --enable-gtk-doc \
     --disable-document-portal \
     --with-system-bubblewrap \
-    --with-priv-mode=none
+    --with-priv-mode=none \
+    --with-dbus-config-dir=%{_datadir}/dbus-1/system.d
 make %{?_smp_mflags}
 
 %install
@@ -174,6 +174,7 @@ mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules
 %{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service
 %{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service
 %{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service
+%{_datadir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
 # policykit rules
 %{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy
 %{_datadir}/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules
@@ -184,8 +185,7 @@ mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules
 %{_mandir}/man5/flatpak-installation.5%{ext_man}
 %{_mandir}/man5/flatpak-remote.5%{ext_man}
 %{_datadir}/%{name}/
-%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
-%{_sysconfdir}/profile.d/flatpak.sh
+%config %{_sysconfdir}/profile.d/flatpak.sh
 # Own dirs so we don't have to depend on gdm for building.
 %dir %{_datadir}/gdm/
 %dir %{_datadir}/gdm/env.d/