From a3f8112ba6a0ae185b451d14776cea2d75c03c4b3fbd741db41cdb08de2301c8 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Wed, 20 May 2020 10:37:00 +0000
Subject: [PATCH] Accepting request 807123 from
 home:yfjiang:branches:GNOME:Factory

- When SLE uses GNOME desktop environment, GNOME Software is
  automatically started to provide key update features. During the
  startup, it setups flatpak repository so that related features
  can function properly. In a system environment of no flatpak
  repository has ever been setup before, this triggers
  "org.freedesktop.Flatpak.modify-repo" polkit action.
  Therefore in systems which use a restrictive security policy
  (eg. SLES) for the aforementioned policy action, a polkit
  authentication dialog will pop up without any user interaction
  for the first time login. This is not user friendly.
  This submission creates /var/lib/flatpak/repo at package
  installation to avoid such a confusing authentication pop-up, at
  nearly 0 cost of security compromise (bsc#1171822).

OBS-URL: https://build.opensuse.org/request/show/807123
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=107
---
 flatpak.changes | 19 +++++++++++++++++++
 flatpak.spec    |  4 +++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/flatpak.changes b/flatpak.changes
index 97904e0..227b2fa 100644
--- a/flatpak.changes
+++ b/flatpak.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Mon May 18 08:53:10 UTC 2020 - Yifan Jiang <yfjiang@suse.com>
+
+- When SLE uses GNOME desktop environment, GNOME Software is
+  automatically started to provide key update features. During the
+  startup, it setups flatpak repository so that related features
+  can function properly. In a system environment of no flatpak
+  repository has ever been setup before, this triggers
+  "org.freedesktop.Flatpak.modify-repo" polkit action.
+
+  Therefore in systems which use a restrictive security policy
+  (eg. SLES) for the aforementioned policy action, a polkit
+  authentication dialog will pop up without any user interaction
+  for the first time login. This is not user friendly.
+
+  This submission creates /var/lib/flatpak/repo at package
+  installation to avoid such a confusing authentication pop-up, at
+  nearly 0 cost of security compromise (bsc#1171822).
+
 -------------------------------------------------------------------
 Mon Apr  6 14:31:20 UTC 2020 - Antonio Larrosa <alarrosa@suse.com>
 
diff --git a/flatpak.spec b/flatpak.spec
index ad45ad1..f3cbad9 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -179,6 +179,7 @@ rm -Rf %{buildroot}%{_libexecdir}/systemd/user-environment-generators/
 %endif
 
 mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d
+mkdir -p %{buildroot}%{_localstatedir}/lib/flatpak/repo
 
 %find_lang %{name}
 
@@ -239,7 +240,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d
 %{_sbindir}/rcflatpak-system-helper
 %{_userunitdir}/flatpak-session-helper.service
 %{_userunitdir}/flatpak-portal.service
-%ghost %dir %{_localstatedir}/lib/flatpak
+%dir %{_localstatedir}/lib/flatpak
+%dir %{_localstatedir}/lib/flatpak/repo
 %if %{support_environment_generators}
 %dir %{_libexecdir}/systemd/user-environment-generators
 %{_libexecdir}/systemd/user-environment-generators/60-flatpak