- Update to version 1.2.0:
+ Ensure DeployCollectionID works in flatpakrepo files in all
cases.
+ Don't error out with empty installations in uninstall.
+ Add helper that validates icon files during export.
+ Don't allow root to modify the (non-root) per-user flatpak
installation, as this risks causing problems later.
+ Remove some incorrect warnings from flatpak repair.
+ Allow multiple name segments after prefix when exporting files.
+ Allow specification of ellipsization in --colums options.
+ Handle dates as well as timestamps in appdata
+ Fixed a bug where flatpak remote-delete removed too many refs.
+ Now we use raw terminal mode during a transaction to a avoid
problems with input during the operation causing problems with
escape sequences.
+ Generate a fontconfig directory remapping snippet as will be
needed for newer versions of fontconfig.
+ Support --extra-collection-id in build-commit-from to bind the
commit to multiple collection ids. This is work in progress in
ostree.
- Add pkgconfig(dconf) BuildRequires: New dependency.
+ This release fixes an issue that lets system-wide installed
+ The permissions of the files created by the apply_extra script
is canonicalized and the script itself is run without any
capabilities.
+ Better matching of existing remotes when the local and remote
configuration differs wrt collection ids.
+ New flatpakrepo DeployCollectionID replaces CollectionID, doing
the same thing. It is recommended to use this instead because
OBS-URL: https://build.opensuse.org/request/show/672437
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=67
- Update to version 1.0.6:
* This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir
(somewhere in /var/lib/flatpak/app). Setuid support is disabled
inside flatpaks, so such files are only a risk if the user runs
them manually outside flatpak. Installing a flatpak system-wide
needs root access, so this isn't a privilege elevation for
non-root users.
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
- Mark flatpak.sh as %config and move the systemhelper dbus config
file under /usr
- Remove the flatpak-rpmlintrc file that is no longer needed.
- Make polkit_rules_usability.patch effective by adding a 60- prefix
to the rules file. This will cause it to be executed before the (forwarded request 657831 from alarrosa)
OBS-URL: https://build.opensuse.org/request/show/659047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=25
- Update to version 1.0.6:
* This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir
(somewhere in /var/lib/flatpak/app). Setuid support is disabled
inside flatpaks, so such files are only a risk if the user runs
them manually outside flatpak. Installing a flatpak system-wide
needs root access, so this isn't a privilege elevation for
non-root users.
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
- Mark flatpak.sh as %config and move the systemhelper dbus config
file under /usr
- Remove the flatpak-rpmlintrc file that is no longer needed.
- Make polkit_rules_usability.patch effective by adding a 60- prefix
to the rules file. This will cause it to be executed before the
OBS-URL: https://build.opensuse.org/request/show/657831
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=65
- Update to version 1.0.5:
+ Make the /etc -> /usr/etc bind-mounts read-only.
+ Make various app-specific configuration files read-only.
+ flatpak is more picky about remote names to avoid problems with
storing weird names in the ostree config.
+ A segfault in libflatpak handling of bundles was fixed.
+ Updated translations
+ Fixed a regression in flatpak run that caused problems running
user-installed apps when the system installation was broken.
+ Implicity grant MPRIS2 permissions
- Changes from version 1.0.4:
+ Flatpak 0.99.1 removed the inheritance of permissions from the
runtime due to concerns with dynamic app permissions. Due to
popular requests, this version re-introduces such inheritance,
but does it instead at build time. This solved the issues with
dynamic permissions while still allowing runtimes to have
default permissions. Apps can disable this by passing
--no-inherit-permissions to build-finish.
+ The sandbox now always includes a /etc/timezone file, following
the (old) debian standard for this. This is needed, because the
more modern way of exposing the timezone name by having
/etc/localtime be a symlink into /usr/share/zoneinfo doesn't
work when exposing the host timezone.
+ All apps now have automatic permissions to own their own app id
as a subname of org.mpris.MediaPlayer2.
+ We now properly re-load remote state in FlatpakTransaction if
the metadata was updated for the remote.
+ The signature of the FlatpakTransaction::operation-done signal
was wrong in the header and has now been corrected to the
signature that is actually emitted.
OBS-URL: https://build.opensuse.org/request/show/649033
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=62
- Add rpmlintrc to ignore files being installed under /etc not
marked as %config (since they're not).
- Don't run "flatpak remote-list --system" on %post anymore since
it's not needed nowadays. Also let /var/lib/flatpak be created on
demand since writing to /var should be avoided for transactional
updates (boo#1111385, fate#325524).
- Update to version 1.0.3:
+ run: You can now use --system to run an app that otherwise
would run the user version.
+ New permission --allow=canbus that filters out access to AF_CAN
sockets.
+ lib: New install flags FLATPAK_INSTALL_FLAGS_NO_TRIGGERS and
new function flatpak_installation_run_triggers()
+ lib: Better error reporting, including some new error values
that replace the generic FAILED.
+ uninstall --unused: Improve handling of which .Locale
extensions are used
+ run: Make flatpak run on systems where $XDG_RUNTIME_DIR
contains a symlink beneath /var (commonly /var/run -> /run).
+ Don't export any desktop/dbus/mimetype files in subdirectories.
+ build-init: We now record the base ref (if used) in the
metadata. Nothing uses this atm, but it can be used by tools.
+ We now respect the upstream ostree.deploy-collection-id instead
of the flatpak-specific xa.collection-id metadata key to decide
whether to switch to collection ids for a remote. This is
useful, because if you use the new one, only new clients (that
support it better) will use it.
+ create-usb: Fix assertion failure in some error cases
OBS-URL: https://build.opensuse.org/request/show/643193
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=23
- Add rpmlintrc to ignore files being installed under /etc not
marked as %config (since they're not).
- Don't run "flatpak remote-list --system" on %post anymore since
it's not needed nowadays. Also let /var/lib/flatpak be created on
demand since writing to /var should be avoided for transactional
updates (boo#1111385, fate#325524).
- Update to version 1.0.3:
+ run: You can now use --system to run an app that otherwise
would run the user version.
+ New permission --allow=canbus that filters out access to AF_CAN
sockets.
+ lib: New install flags FLATPAK_INSTALL_FLAGS_NO_TRIGGERS and
new function flatpak_installation_run_triggers()
+ lib: Better error reporting, including some new error values
that replace the generic FAILED.
+ uninstall --unused: Improve handling of which .Locale
extensions are used
+ run: Make flatpak run on systems where $XDG_RUNTIME_DIR
contains a symlink beneath /var (commonly /var/run -> /run).
+ Don't export any desktop/dbus/mimetype files in subdirectories.
+ build-init: We now record the base ref (if used) in the
metadata. Nothing uses this atm, but it can be used by tools.
+ We now respect the upstream ostree.deploy-collection-id instead
of the flatpak-specific xa.collection-id metadata key to decide
whether to switch to collection ids for a remote. This is
useful, because if you use the new one, only new clients (that
support it better) will use it.
+ create-usb: Fix assertion failure in some error cases
OBS-URL: https://build.opensuse.org/request/show/643183
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=59
- polkit_rules_usability.patch: Improve usability by allowing members of the
group 'wheel' to bypass polkit authentication checks when locally logged in
(bnc#984817). This adds a few polkit actions to the rules that are not
covered by upstream, because they are set to 'yes' for active users by
default. On SUSE we require 'auth_admin' for regular users, however.
OBS-URL: https://build.opensuse.org/request/show/624834
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=53
- Update to version 0.11.7:
* Fix regression in installing .flatpak bundles
- Changes in version 0.11.6:
* Further work on the export filename regression, now also fixes the
same issue as in 0.11.5 but in flatpak build-finish.
* Fix segfault when installing from .flatpakref in gnome-software
* Build yacc parser from source.
* Don't tab-complete Sources/Locale/Debug extension by default.
* Fix tests on debian.
- Changes in version 0.11.5:
* Fix a regression which caused installation of epiphany and
other apps that export multiple .service files to fail.
* Fix appstream updates in p2p mode.
* Don't distribute generated gdbus code with tarball.
* Add documentation for the flatpak portal
- Changes in version 0.11.4:
* flatpak remove is now an alias for flatpak uninstall.
* flatpak uninstall now picks system or user automatically if not specified
* New appstream branch format which is more efficient to distribute, the
old is still generated for backwards compat.
* Appstream data now contains compatible arches (for applications
that doesn't exist for the primary arch). For example, an
i386-only app is now listed in the x86-64 appstream.
* The flatpak version is included in the user agent when downloading.
* The Flatpak-Ref http header is set to the currently installing ref when
downloading.
* New argument --timestamp in build-commit-from.
* When updating many apps we now only prune the local repo when all
updates are done, making multi-app updates faster.
* flatpak build now always allows multiarch use.
* flatpak build now mounts app extensions during build.
* flatpak build-init now supports --extension to add extension points earlier
than build-finish. Also build-finish now supports --remove-extension.
* New flatpak portal allows applications to sandbox themselves and restart a
newer version of themselves.
* New flatpak run options: --no-a11y-bus, --no-documents-portal.
* Initial support for end-of-life:ing applications.
* New option X-Flatpak-RunOptions in exported desktop/files allow you to specify
no-a11y-bus and no-documents-portal.
* Support for tagged extension points, which is useful if you want to use
the same extension id (but maybe different versions) multiple times in an app.
* We now export .service files for names that the app is allowed to own on
the session bus.
* libflatpak got new methods for listing remotes by type.
* libflatpak now has support in FlatpakRemoteRef for getting remote metadata
such as end-of-life, download size, metadata etc.
* There was some internal restructuring on how installs/updates are done
which should improve performance and maintainability.
- Changes in version 0.11.3:
* Fix "open with" and flatpak run --file-forwarding crash
* Fix build with glibc 2.27
- Changes in version 0.11.2:
* Remove fuse dependency, since we don't ship document portal anymore
* Fix various issues with /home being a symlink to /var/home (atomic)
* Allow downgrades when using collection ids
* Search on all supported architectures
- Changes in version 0.11.1:
* Remove document portal and permission store
* Add --socket=fallback-x11 permission
* Fix dbus proxy vulnerability in authentication phase
* Allow personality syscall in devel mode
* commit-from: Migrate static deltas with commit
* Add "network" storage type for installations
* Add flatpak info --show-permissions
* Add flatpak info --file-access
* search: Update appstream (if stale) before searching
* Make libflatpak work when /var/lib/flatpak is empty
* build-bundle: Add --from-commit option
* Allow appstream ids that don't end in .desktop
* Make permission handling ignore unknown permissions for forwards
compatibility
* Removed incorrect error message in update --appdata when there
was no updates
* Fix handling of abort in the duplicate remote prompt
* Fix division by zero in progress calculation
* Fix flatpak remote-info --show-metadata
* Fixed crash when installing some flatpak bundle files
* Fix installation of telegram
* remote-ls -u only considers app from the origin remote
* Fix assertion error in extra-data progress reporting
* Report nicer errors when trying to downgrade as non-root
* pulseaudio: Try to find pulseaudio socket better
* Fixed some warnings reported by coverity
* Cleaned up code by splitting up some large source files (forwarded request 610043 from stawidy)
OBS-URL: https://build.opensuse.org/request/show/610102
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=18
- Update to version 0.11.7:
* Fix regression in installing .flatpak bundles
- Changes in version 0.11.6:
* Further work on the export filename regression, now also fixes the
same issue as in 0.11.5 but in flatpak build-finish.
* Fix segfault when installing from .flatpakref in gnome-software
* Build yacc parser from source.
* Don't tab-complete Sources/Locale/Debug extension by default.
* Fix tests on debian.
- Changes in version 0.11.5:
* Fix a regression which caused installation of epiphany and
other apps that export multiple .service files to fail.
* Fix appstream updates in p2p mode.
* Don't distribute generated gdbus code with tarball.
* Add documentation for the flatpak portal
- Changes in version 0.11.4:
* flatpak remove is now an alias for flatpak uninstall.
* flatpak uninstall now picks system or user automatically if not specified
* New appstream branch format which is more efficient to distribute, the
old is still generated for backwards compat.
* Appstream data now contains compatible arches (for applications
that doesn't exist for the primary arch). For example, an
i386-only app is now listed in the x86-64 appstream.
* The flatpak version is included in the user agent when downloading.
* The Flatpak-Ref http header is set to the currently installing ref when
downloading.
* New argument --timestamp in build-commit-from.
* When updating many apps we now only prune the local repo when all
updates are done, making multi-app updates faster.
* flatpak build now always allows multiarch use.
* flatpak build now mounts app extensions during build.
* flatpak build-init now supports --extension to add extension points earlier
than build-finish. Also build-finish now supports --remove-extension.
* New flatpak portal allows applications to sandbox themselves and restart a
newer version of themselves.
* New flatpak run options: --no-a11y-bus, --no-documents-portal.
* Initial support for end-of-life:ing applications.
* New option X-Flatpak-RunOptions in exported desktop/files allow you to specify
no-a11y-bus and no-documents-portal.
* Support for tagged extension points, which is useful if you want to use
the same extension id (but maybe different versions) multiple times in an app.
* We now export .service files for names that the app is allowed to own on
the session bus.
* libflatpak got new methods for listing remotes by type.
* libflatpak now has support in FlatpakRemoteRef for getting remote metadata
such as end-of-life, download size, metadata etc.
* There was some internal restructuring on how installs/updates are done
which should improve performance and maintainability.
- Changes in version 0.11.3:
* Fix "open with" and flatpak run --file-forwarding crash
* Fix build with glibc 2.27
- Changes in version 0.11.2:
* Remove fuse dependency, since we don't ship document portal anymore
* Fix various issues with /home being a symlink to /var/home (atomic)
* Allow downgrades when using collection ids
* Search on all supported architectures
- Changes in version 0.11.1:
* Remove document portal and permission store
* Add --socket=fallback-x11 permission
* Fix dbus proxy vulnerability in authentication phase
* Allow personality syscall in devel mode
* commit-from: Migrate static deltas with commit
* Add "network" storage type for installations
* Add flatpak info --show-permissions
* Add flatpak info --file-access
* search: Update appstream (if stale) before searching
* Make libflatpak work when /var/lib/flatpak is empty
* build-bundle: Add --from-commit option
* Allow appstream ids that don't end in .desktop
* Make permission handling ignore unknown permissions for forwards
compatibility
* Removed incorrect error message in update --appdata when there
was no updates
* Fix handling of abort in the duplicate remote prompt
* Fix division by zero in progress calculation
* Fix flatpak remote-info --show-metadata
* Fixed crash when installing some flatpak bundle files
* Fix installation of telegram
* remote-ls -u only considers app from the origin remote
* Fix assertion error in extra-data progress reporting
* Report nicer errors when trying to downgrade as non-root
* pulseaudio: Try to find pulseaudio socket better
* Fixed some warnings reported by coverity
* Cleaned up code by splitting up some large source files
OBS-URL: https://build.opensuse.org/request/show/610043
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=49
- Update to version 0.10.0:
+ Added the flatpak config option which can set the language
settings.
+ Fix issue where sometimes ld.so.conf were not generated.
+ /dev/mali0 is added to --device=dri.
+ Work around ostree static delta issues in some cases.
- Changes from version 0.9.99:
+ Requires ostree 2017.12 for important pull stability fix.
+ New libflatpak API: flatpak_dir_cleanup_undeployed_refs,
flatpak_installation_prune_local_repo,
flatpak_installation_remove_local_ref_sync,
flatpak_installation_cleanup_local_refs_sync.
+ build: FLATPAK_ID and FLATPAK_ARCH are now set in the
environment when building.
+ update: Don't fail the entire update if some remote fails to
update its metadata.
+ run: /.flatpak-info now lists exact commits and extensions in
use.
+ run: We now use a per-app ld.so.cache file whenn running. This
should speed things up, and allows ldconfig to report the
correct results.
+ The verbose mode was changed into two levels, use -vv to show
the more detailed info, which currently only contains the full
bubblewrap argument lists.
+ run: Some common problematic host environment variables are now
unset in the sandbox (PYTHONPATH, PERLLIB, PERL5LIB and
XCURSOR_PATH).
+ run: Fixed failure when a higher prio extensions depended on a
lower prio one.
+ run: The extension ld path order is now: app extensions, app, (forwarded request 539882 from dimstar)
OBS-URL: https://build.opensuse.org/request/show/544201
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=12
- Update to version 0.10.0:
+ Added the flatpak config option which can set the language
settings.
+ Fix issue where sometimes ld.so.conf were not generated.
+ /dev/mali0 is added to --device=dri.
+ Work around ostree static delta issues in some cases.
- Changes from version 0.9.99:
+ Requires ostree 2017.12 for important pull stability fix.
+ New libflatpak API: flatpak_dir_cleanup_undeployed_refs,
flatpak_installation_prune_local_repo,
flatpak_installation_remove_local_ref_sync,
flatpak_installation_cleanup_local_refs_sync.
+ build: FLATPAK_ID and FLATPAK_ARCH are now set in the
environment when building.
+ update: Don't fail the entire update if some remote fails to
update its metadata.
+ run: /.flatpak-info now lists exact commits and extensions in
use.
+ run: We now use a per-app ld.so.cache file whenn running. This
should speed things up, and allows ldconfig to report the
correct results.
+ The verbose mode was changed into two levels, use -vv to show
the more detailed info, which currently only contains the full
bubblewrap argument lists.
+ run: Some common problematic host environment variables are now
unset in the sandbox (PYTHONPATH, PERLLIB, PERL5LIB and
XCURSOR_PATH).
+ run: Fixed failure when a higher prio extensions depended on a
lower prio one.
+ run: The extension ld path order is now: app extensions, app,
OBS-URL: https://build.opensuse.org/request/show/539882
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=32
