diff --git a/NEWS b/NEWS index 165d755f..e69de29b 100644 --- a/NEWS +++ b/NEWS @@ -1,1049 +0,0 @@ -Major changes in 0.9.8 -====================== - -Core: - - * Experimental support for peer2peer installation, enable with --enable-p2p - * Add default language setting to flatpak config. Defaults to all locales for - system installs and the users locale for per-user installs. - * build-update-repo: Now always keeps the *two* latest deltas around to avoid - race conditions with outstanding downloads at the time or running the update. - * Support loading extra data from local lookaside cache. - -Flatpak-builder: - - * Set terminal title to the currently building module - * Added ability to specify http url for sources mirror with --extra-sources-url. - * --install-deps-from=REMOTE installs the dependencies needed for the - manifest. - * New option --delete-build-dirs to always delete build directories, - even on a failed build. - * New property "add-extension" makes it nicer to create extension points. - -Major changes in 0.9.7 -====================== - - * Don't re-download git repo when bundling sources - * Build modules with no source if buildsystem is "simple" - * Build cleanups - -Major changes in 0.9.6 -====================== - -This version requires the latest ostree version (2017.7) because it -uses a new feature that hardens the security of flatpak. Previously, -if you installed to a system-wide repository, the files created for an -application were as specified by the remote repo, but owned by root, -which could include problematic permissions like setuid or -world-writable. We now never create such problematic files or -directories on disk. Flatpak export was also changed to never -create problematic files in new apps. - -Related to this, newly created flatpak installations also use the -new "bare-user-only" mode for the repositories, which means you -can now install applications even if your filesystem does not -support extended attributes. - -Other changes: - - * flatpak info --show-metadata now only shows the metadata, in - a machine parseable way. - * build-export now records the flatpak version in the commit message - * builder: The .pyc timestamp fixer now allows .pyc files with no - corresponding .py file. - * builder: New feature 'inherit-extensions' lets you copy extension - info from the parent runtime. - * builder: Set ExtensionOf in auto-created extensions (like Locale - and Debug) - * builder: Setting CPPFLAGS now works - -Major changes in 0.9.5 -====================== - - Changes in flatpak: - - * Fix installation of installed tests - * Don't show an error when updating if a remote is disabled - * Store the app id in the X-Flatpak key when exporting a - desktop file. - * flatpak run: Handle paths when rewriting %u urls during - file forwarding. - * builder: Always assume separate builddir when using meson, as - meson only works with this. - * document-portal: The app-specific directory is always accessible - to the app, take this into consideration for AddFull. - * builder: Don't warn for unknown keys if they start with x- - * Fix a race condition whe restarting the document portal - * build-update-repo: Don't list removed deltas in the summary - * list: Don't show .Locale/.Debug/.Sources by default. Show with -a. - * remote-ls: Don't show .Locale/.Debug/.Sources, or non-primary - arches (unless the primary does not exist) by default. - Show with -a. - * dbus-portal: Fix handling of NameHasOwner - * builder: Add --export-only to export a previous build. - * run: Allow regular files for --filesystem=xdg-config/path - * run: Allow --filesystem=xdg-config/subdir:ro (previously - it needed to be writable). - * build-commit-from: Properly handle xa.ref when rewriting - refnames. - -Major changes in 0.9.4 -====================== - - Changes in flatpak: - - * Now requires ostree 2017.6 and bubblewrap 0.1.8 - * Better progress reporting in CLI and UI - * Improved output from commands info, list, remotes, - remote-ls: More detail, colors, nicer table formating. - * New command flatpak repo that lets you show information - about local repositories. - * When launching exported desktop files, the paths - passed to it are automatically created as documents - to allow access to the arguments, if needed. - * Flatpak install of an already installed application is - now a warning, not an error. - * flatpak build now kills all the processes in the - sandbox when it exits. - * flatpak update --subpath=... now updates the app event - if there is no new upstream version, but the subpath is - different from what is currently installed. - * Exports are now whitelisted, and the only thing you can - export are: - desktop files, icons, dbus services, mime definitions, and - gnome-shell search providers - * Exported gnome-shell search providers are automatically - disabled by default. - * Exported mimetypes are rewritten to only allow globs, and to - make the globs have a low priority vs system mime info. - * A remote can now redirect to a new URL and/or a new GPG key, by - using build-update-repo --redirect-url=URL --gpg-import=FILE. - When clients see this they permanently change the local configuration. - This is very useful when migrating official repositories. - * flatpak caches in the homedir are now stored in ~/.cache - (or $XDG_CACHE_HOME) instead of ~/.local/share/flatpak/system-cache. - * Added version field to all exported dbus interfaces. - * New AddFull method in the Document Portal, which allows - exporting multiple files, as-needed by a particular target - app. This is useful for implementations of dbus activation - for desktop files. - * New flag --no-static-deltas for install/update without - using static deltas. Mostly useful for debugging. - * TMPDIR is now unset in the sandbox, if set on the - host. Each sandbox has a personal /tmp that is used. - * Flatpak run now works if /tmp is a symlink on the - host. - * /etc/hosts and /etc/hosts.conf from the host are now exposed - in the sandbox in addition to /etc/resolv.conf. - * Titles and default branches are now automatically updated from - the remote unless they are explicitly set. You no longer have - to run flatpak remote-modify --update. - * Some performance inprovements when installing apps. - * When exporting a build, the commit objects now always include - the branchname, the metadata and install/download size. - The sizes are reused for faster summary building, and the - others changes are for future use. The fields are verified - against the deployed metadata during installation, so it - is trusted. - * Fixed minor race condition in portal application identification. - * lib: New flatpak_installation_update_appstream_full_sync method - that allows progress reporting. - * bash-completion: Fix out-of-bounds read that could produce - weird completion at times. - - Changes in flatpak-builder: - - * Added support for appdata screenshot mirroring. - * New property "install-rule" lets you change what Makefile rule to - use in the install phase. - * The git "commit" property can now specify both a tag object and the - commit object it refers to. - * New cppflags property, similar to e.g. cflags. - * The "env" property now overrides the cflags/cxxflags/ldflags - properties, to allow these to be reset. - * Initial checkout of git/bzr to a temporary directory so that errors - during checkout do not persist. - * Properly take the "buildsystem" field into account when calculating - cache freshness. - * Don't crash if appstream-compose fails. - * "ldflags" property now works correctly. - -Major changes in 0.9.3 -====================== - Changes in flatpak-builder: - - * "rename-icon" renames in translated icons too - * Moved manifest format docs to own manpage, "flatpak-manifest". - * "bootstrap.sh" is now recognized as an autogen.sh alternative - * Fall back to not using rofiles-fuse if it is not available. - * Make sure flatpak-builder --run grants the app access to dbus. - * Make paths paths for module includes and module dependencies - relative to the included module rather than the "base" json file. - * When cross-compiling 32bit apps on 64bit arches (like i386 on x86-64) - then we automatically set a linux32 personallity. - * Print warnings for unhandled json properties. - * Make sure flatpak-builder --run works if --extra-data is in the - finish args. - * Take build-commands into consideration when considering if the - build cache is stale. - * Support for --extra-sources= to pre-seed downloaded sources. - * Support for --bundle-sources which creates a runtime with the sources - that were used to build the app. - * Handle trailing whitespace in git submodule uris - * Progress reporting while downloading files. - - Other changes: - * build-export now always exports directories as readable and executable. - * build-update-repo --generate-static-deltas now fork the work process - rather than using threads, which avoids problems with this using - a lot of memory in a single process in some cases. - * Report flatpak version in HTTP request user agent. - * New "flatpak repo" command added that has some options for maintaining - a repository. - * flatpak info can now report more information and handles multiple - installed branches better. - * Support non-default WAYLAND_DISPLAY environment var. - * Handle application ids that end with .desktop when generating - appstream data. - * Documentation updates - -Major changes in 0.9.2 -====================== - - * Fixed a use-after-free and some leaks in the dbus-proxy. This - is not currently believed to be exploitable, but the proxy is a - security boundary, so we still recommend to update. - * Regular updates now never allow updates to an older version - than what is currently installed (unless you explicitly specify - an old commit id). This closes a hole where a MITM attacker can - force clients to downgrade to an earlier (gpg-signed) version of - the application. - * The automatic detection of --from in flatpak install now detects - flatpakref extensions even in URIs that end in a query string such as - https://git.gnome.org/browse/gnome-apps-nightly/plain/gedit.flatpakref?h=stable - * OCI support now supports GPG signatures - * OCI support now works with the system-helper for unprivileged systemwide - installation. - * Experimental support for the new ostree bare-user-only repo mode that - allows flatpak to run on filesytems without xattrs. Set - FLATPAK_OSTREE_REPO_MODE=user-only in the environment to use this. - * builder: New property disable-fsckobjects for git sources - * builder: New property commit for git sources. This lets you specify - both a tag (for readability) and a commit id (to ensure the tag doesn't - change). - * builder: The manifest file format docs have been split out into its - own manpage. - * builder: App manifests now support specifying sdk-extensions that has - to be installed for the app to build. - * builder: When creating the platform, remove all sdk-specific extensions, - allowing creation of sdk-specific extensions. - * builder: Correctly handle absolute pathnames in the specified - command. - * builder: Support --default-branch which defined the branch to build in - case the manifest doesn't specify one. - * When exporting builds to ostree we now use the canonical permissions - for bare-user files, which means the resulting builds can safely - be used with the new ostree bare-user-only repository type. - * The detection of "unmaintained" system extensions was broken, and - in some cases these extensions were not found. This now always - works. - * Flatpak now builds with latest OSTree. This required some fixing for - multiple definitions of the g_auto* macros as OSTree now exports - those. - * We no longer rely on ostree trivial-httpd for the tests, because - this is optional in later versions of ostree. Instead we use - they python SimpleHTTPServer. - * The minimum glib version has been corrected to 2.44. - * The minumum automake version has been increased to 1.13.4 - because some older version didn't work. - -Major changes in 0.9.1 -====================== - -This release mostly has changes to flatpak-builder and the build -machinery. All flatpaks built with this version can run -on flatpak 0.8.x, but there has been additions and minor -changes in flatpak-builder that may require minor changes -to existing builder manifests, see below. - -The flatpak-builder build cache now uses an ostree feature called -rofiles-fuse. This allows the build to work directly against -hardlinked checkouts of the cache, because rofiles-fuse disallows -writes to the hardlinked files (but allows replacing them). This makes -cache commits and checkouts much faster. However, it also means that -installation cannot do in-place modification of files in the -installation directory. There is a new per-module property called -"ensure-writable" that takes a list of patterns and ensures all files -matching them are writable (by manually breaking the hardlinks). This -may need to be added to some manifests to keep them building in the new -version. - -The cflags and cxxflags module properties now work by appending, -rather that replacing, when there are multiple values specified. For -instance, the per-arch or per-module cflags will be appended to the -base cflags. This may cause old json files do duplicate cflags in -some cases. Normally compiler flags are repeatable without problems -though, so it is unlikely to cause problems. - -Here are a short summary of the rest of the flatpak-builder changes: - - * The build cache was changed so that it is not invalidated if - the installed version of the SDK changed. This means that the app - will not rebuilt if you updated the SDK. This is generally the right - thing to do, as SDKs are meant to be compatible. If you want - to avoid this (for instance when building against an unstable sdk) - you can use the --rebuild-on-sdk-change argument. - * The build cache is now per-arch, so building on one arch doesn't - invalidate the cache for another arch. - * New buildsystem "cmake-ninja" which works like "cmake", but builds - using ninja, rather than make. - * New buildsystem "simple" which doesn't use configure or make, it - just runs a set of shell commands specified in the "build-commands" - property. Note: build-commands is also available to other buildsystems - and are run between make and make install. - * flatpak-builder now has build-runtime and build-extension properties that - makes it easier to build runtimes and extensions. - * FLATPAK_DEST is set in the build environment to the installation - destination (i.e. typically /app). It is particularly useful when - building an extension where the destination is more complex. - * flatpak-builder now supports --from-git=URL which pulls the - json manifest and related files directly from a git repo. - * modules have a new no-make-install property which skips - the make install step. - * Modules and sources have only-arches and skip-arches properties, - which lets you enable/disable them based on the build architecture. - * build-options has a new property ldflags, which is similar - to cflags and cxxflags. - * flatpak build (and thus flatpak-builder --run) now supports - dbus proxies when needed. - * All git repos are cloned with fsckObjects=true, which means - we verify that the repos are valid. - * New flatpak-builder argument --build-shell=MODULE extracts and - prepares the sources for a specified module and then starts - a build sandbox inside it. - -There are also some other changes: - - * build-export: Now supports --timestamp=ISO-8601-TIMESTAMP, which - allows you to create reproducible commits. - * The OCI support has been updated to the latest version of the - OCI image specification format. - * There is a new flatpak-bisect script that can be used to bisect - flatpak applications, looking for regressions. - * flatpak list got a revamp. It now shows more information, and - shows both apps and runtimes by default. - * flatpak remote-list was renamed flatpak remotes in order - to minimize confusion with flatpak remote-ls. The old name - is deprecated but still works. - -Major changes in 0.8.4 -====================== - -In addition to the regular list of bugfixes this stable release -include backports of one more feature required for making OpenGL work -well. Now extra-data using extensions (such as the nvidia driver) can -specify that it doesn't need a runtime to run its apply script. We use -this in the nvidia driver by making the script a static binary, which -lets us use the nvidia driver for multiple runtimes without requering -that a particular one is installed. We also support an extension point -supporting multiple versions, which will be use for sharing the -nvidia driver between different runtime versions. - -Additional fixes: - * Documentation fixes - * Crash fixes - * Fix xauth propagation in some cases - * Don't remove origin remotes on uninstall if some other app - is installed from it. - * Don't reset what locales are installed when updating a locale - extension - * Disable splice for the documentation portal as it seems - to be broken in fuse - * Append, don't override XDG_DATA_DIRS in profile script - * Fix progress reporting in libflatpak to go from 0 to - 100% once, merging the various phases. - -Major changes in 0.8.3 -====================== - -In addition to the regular list of bugfixes this stable release -include backports of a the updated OpenGL support from master. This, -in combination with the work in the runtime allows flatpak to work out -of the box with out-of-tree OpenGL drivers, including the nvidia -driver. - -Additionally, due to some complicated issues wrt ptrace and user -namespaces this version disables the use of user namespaces if -bubblewrap is setuid, as it cause problems for the way flatpak -portals identifies applications. (See issue #557 for details) - - * Better handling of errors for extra-data - * Handle extra-data properly for runtimes (as well as apps) - * Respect required version for runtimes (as well as apps) - * flatpak list: Don't break if some local ref is not deployed - * builder: Look for appstream data in /app/share/metadata also - * builder: Fix buildsystem=cmake builds - * Add progress reporting to extra-data download - * Fix uid/gid for directories in document portal - -Major changes in 0.8.2 -====================== - -This is a bugfix and security update. - -Some of the bind-mounts that flatpak sets up were not read-only as -they should have. This includes: extensions, system fonts, -resolv.conf, localtime and machine-id. Many of thse are typically only -writable by root, but some, like the user-specific fonts and -user-installed extensions could be modified from the sandbox. - -Everyone using 0.8.x is recommended to update to this version. - -Other fixes: - - * There are new configure options for where to install dbus configuration - * Broken symlinks in the root directory no longer break flatpak run - * flatpak run with HOME in /var now works - * dri access now also handles mali devices - * install handles --arch when installing flatpakrefs - * system-helper activation fixed on systemd-less setups - * dbus-proxy now works without /run - * During installation, failing to update a dependency is now not - fatal. - * /etc is now fully writable when building runtimes - * --filesystem=xdg-config/foo now sets up the bind-mount from the host dir - even when not using :create. - -Major changes in 0.8.1 -====================== - -This is a bugfix and security update (CVE-2017-5226). - -Flatpak now uses seccomp to disallow the TIOCSTI ioctl in the sandbox, -which works around the possibility to inject text on the controlling -tty (CVE-2017-5226). - -This was previously fixed in bubblewrap in 0.1.6, but that change has -now been reverted as it introduced other problems for flatpak. - - * Update bundled bubblewrap to 0.1.7 - * Fix writing new file with O_EXCL in the document portal. - * Allow appstream data that doesn't have .desktop in the component id, - such as data for runtimes. - * Drop json-glib dependency from 1.2 to 1.0 - * Builder: Fail if unable to read included file - * OCI: Ensure exported layers are readable by everyone - * Fix extra-data download in gnome-software - * Fix update-mime-database trigger when installing via - the system helper. - * Updating an app by installing a newer bundle now works - again. - * Make /var/tmp not be on a tmpfs (it is now in - ~/.var/app/$appid/cache/tmp). - * Documentation / translation updates - -Major changes in 0.8.0 -====================== - -This is the first release in a new series of stable releases called -0.8.x. New features will be added to 0.9.x, and only bugfixes will be -backported to 0.8.x. The featureset of this release is a good base to -target if you're creating flatpaks that should be widely usable. - -This release technically requires only OSTree 2016.14, and it build -fine with this, but we recommend using OSTree 2016.15, because of the -change in how it verifies the checksums of commits in delta files. - - * Flatpakrepo files now support a RuntimeRepo= key which points to - a flatpakrepo file. This means the user don't have to manually - configure a remote for the runtime, just reply to the prompt - to automatically do this when installing the app. - * We now support dependencies when installing bundles. This includes - required runtimes, related refs, and the equivalent of RuntimeRepo. - * The support for OCI in flatpak has been updated to the latest - OCI spec version, and support has been added to directly install - flatpak applications from an OCI image. - * In flatpak install, the --from and --bundle options are now optional - if the argument has the correct suffix (.flatpakref and .flatpak) - * Flatpak install now supports -y to let you avoid interactive prompts. - * build-finish: We now export mime type files with the right name. - * build-finish: New --require-version option let you specify a particular - version of flatpak, and older version of flatpak will not install - or update to the new version. - * build-sign: Allow signing all apps by omitting the id. - * Fix regression in the document portal when adding named files. - * build-import-bundle now signs the commit if you specify a gpg key. - * Flatpak now reads configuration from /etc/flatpak/installations.d - which lets you support multiple system-level installation paths. - These can be accessed with new --installation=... arguments to - most of the commands. - * flatpak-builder: Support --jobs=N to limit parallel builds - * flatpak-builder: Patch source got new options property that lets - you pass arguments to patch. - * flatpak-builder: New generic "buildsystem: type" option that - replace the (now deprecated) "cmake: true" option. This - supports "autotools", "cmake" and "meson". - -Major changes in 0.6.14 -======================= - * Update bundled bubblewrap to 0.1.4 which has some nice bugfixes. - If you are using an external bubblewrap it is recommended, but - not required to update. - * Requires OSTree 2016.14, which allows us to drop some old - workarounds. - * When installing an application system-wide, don't consider - dependencies that are installed for the user only. - * Flatpak install --from now tries to re-use existing remotes to - avoid creating unnecessary origin remotes. - * Using --filesystem=$dir when $dir is a symlink-to-directory now works. - * Using --filesystem=$file to expose unix sockets to the app is now - allowed. - * By default all the directories in ~/.var/app (except the app), as - well as ~/.local/share/flatpak are hidden in the sandbox. - * New option --filesystem=$dir:create which will create the destination - if it did not previously exist. - * --filesystem= now supports for xdg-[config|cache|data]. This - allows you access to the host versions of these xdg dirs. Additionally - if you use these with a subdirectory, like: - --filesystem=xdg-config/subdir - then that subdirectory on the host will be shared with the per-app - instance of the xdg-dir. - * Builder now correctly handles app-ids that have dashes in them. - Previously this generated invalid ids for the debuginfo and locale - extensions. - * The experimental OCI file format support was changed from creating an - OCI container to creating an OCI image. - * Fix regression where "flatpak update --appstream remotename" broke - -Major changes in 0.6.13 -======================= - * The command line arguments for install/update/uninstall changed - - These used to take an application id and an optional branch name as - two arguments. This meant you could not specify multiple apps - to install in a single command. So, instead of having the branch - as a separate argument we now support partial references. - If you only specify an id we try to match the rest as best we - can depending on what is installed/available, but if this - matches multiple things you have to specify more details. - - For example you can use: - * org.my.App//stable - Any compatible arch, stable branch - * org.my.App/x86_64 - x86-64, look for available branch - * org.my.App/x86_64/stable - exact reference - - This means install/update/uninstall can now install multiple apps - in a single operation. - - * Application runtime depencenies are checked/downloaded - - Whenever you install or update an application we check that the - required runtime is installed. If not, we check if it is available - in any configured remote, and if found asks the user if/where to - install it from. If it is not found, the install/update fails. - - You can mark remotes as --no-use-for-deps, which means flatpak will - never search for runtime dependencies in such remotes. This makes - the dependency search faster if you have app-only remotes. - It is recommended that app-only .flatpakrepo file define this - by specifying NoDeps=true. - - * remote-add and install --from now supports uris - - This means you can install flatpakrefs and flatpakrepos in a - single command like so: - - * flatpak remote-add --from gnome https://sdk.gnome.org/gnome.flatpakrepo - * flatpak install --from https://sdk.gnome.org/gedit.flatpakref - - * flatpak run can now launch a runtime directly - - For example, "flatpak run org.gnome.Platform//3.22" will launch a shell - inside a sandboxy with the gnome 3.22 runtime and an empty /app. - This is useful for development and testing. - - * included bubblewrap was bumped to 0.1.3 which has a security fix - * Support for defining the default branch per remote - * remote-add/modify: --update-metadata pulls current title and default branch - from remote summary file - * Applications can now list a set of URIs that will be downloaded with the - application. The app can then extract these and use as a part of the - application data. This is useful for applications using freely downloadable - parts that can't be redistributed elsewhere. - * flatpak-builder: Support --finish-only and --allow-missing-runtimes - * flatpak-builder: Support app layering - - An app can define a "base" application which is used for the initial - content before the application is built. This way applications can - be built in a layered fashion. - - * dbus proxy: The filtering has been tightened up - * build-finish: Now exports icons for themes other than hicolor too - * There is support in the app metadata for generic policies. - - These are read and propagated and supports overriding, but are - not otherwise interpreted by flatpak. They can be used by other - host services as static permissions for the application. - - * Support for extensions directories - - In addition to using flatpak maintained runtime as an extensions - flatpak can now use raw directories in ~/.local/share/flatpak/extension - and /var/lib/flatpak/extension. For example, if you create a - directory called org.freedesktop.Platform.GStreamer.MyPlugins/x86_64/1.4 - there it will be used as a source for gstreamer plugins for all - runtimes based on the freedesktop 1.4 runtime. - -Major changes in 0.6.12 -======================= - * Partial revert in application id rules. Application ids - can now only have dashes in the last element. This allows - apps to export files such as org.my.App-extra.desktop which - was used by the libreoffice builds. - * By default the kernel keyring is not accessable, as it is - not containable. - * Some robustness fixes for build-commit-from - * Better error messages - * flatpak update --appstream now updates for all remotes - * Made flatpak enter work, and you can now use any pid in the sandbox. - However, it requires root permissions. - * Support for --device=kvm for /dev/kvm access - * Support for --allow=multiarch to support non-primary arch support. - For example running i686 code in an x86_64 app. - * Add new default-branch setting for the remote configuration - -Major changes in 0.6.11 -======================= - - * Dashes are now allowed in application ids. However, to still work with - symbolic icon names, they may not end with "-symbolic". - * HostCommand now handles ptys correctly - * Various documentation updates - * New FLATPAK_CHECK_VERSION macro in libflatpak - * HostCommand now returns the real PID rather than a fake one. - * Fix regression in flatpak update --appstream - * Fix regression installing bundles without origin urls - * New flatpak-builder option --show-deps lists all the files - the manifest depends on. - -Major changes in 0.6.10 -======================= - - * Dropped requirement for systemd --user. - The way we detect if an process we're talking to is sandboxed, and - what application id it has doesn't use cgroups anymore, which means - that the dependency on systemd in the user session is now optional. - This also means the --no-desktop argument is not needed any more. - (It is still accepted but does nothing.) - * Initial support has been added for .flatpakref files. These are simple key - value files similar to .flatpakrepo files, however they specify an application - to install in addition to the repo information. For example, gedit can be - installed by downloading https://sdk.gnome.org/gedit.flatpakref and running: - flatpak install --from gedit.flatpakref - There is also library support for this so it can be added to graphical - installers (such as gnome-software). - * Requires OSTree 2016.10. The change in how OSTree handles mtimes in - checkouts that was introduced in 2016.7 has been reverted, and - the required changes in Flatpak has been made. This means that - flatpak now depends on OSTree 2016.10. - * Requires Bubblewrap 0.1.2 for builds using the system bubblewrap. - Builds using the included copy need no changes. - * The $XDG_RUNTIME_DIR/flatpak-info file has added information - about the running application, and is now also securely available - for a running application from the host as "/proc/$fd/root/.flatpak-info". - This is what is used to identify remote apps instead of the cgroup - info. - * A new run permission --allow=devel has been added. An application with - this permission is allowed to use ptrace and perf. This was previously - only available during "flatpak build" and "flatpak run -d". This - is useful if you're packaging e.g. an IDE. - * When an application is updated or removed a /app/.updated or /app/.removed - file is created for running instances. This can be used by applications to - trigger e.g. a restart for the new version. - * A new dbus request "HostCommand" has been added to org.freedesktop.Flatpak. - This lets you run any command on the host, and is therefore clearly not - sandboxed, so access to this should be limited. However, it is very useful - if you're using flatpak mainly as a distribution mechanism, for a non-sandboxed - application. - * flatpak-builder now supports running from inside a flatpak, by auto-detecting - this and using the HostCommand service to run recursive flatpaks. - * Consecutive calls to flatpak build-update-repo has been speed up. - * The document portal now allows sandboxed applications to create references - to files in /app and /usr (in the app/runtime). - * The update process noew doesn't stop at the first failure. - -Major changes in 0.6.9 -====================== - - * Dropped dependency on libgsystem - * Allow passing partial refs whenever a CLI command takes - an app or runtime name. - * New command build-commit-from creates a new commit based - on the contents of another commit (optionally from another - local repo). - * The sandbox now contains $XDG_RUNTIME_DIR/app/$APPID from the - host (and the directory is created if needed). - * update: Better output, and faster for the no updates case - * build-export: Don't make most validation errors fail, instead - just print a warning. - * builder: Support local path references for git sources - * builder: Better handling of recursive git submodules - * builder: Fixed issues with the .pyc mtime rewriting - * builder: Handle symbolic icons for rename-icon - * builder: Add --stop-at=$module to do partial builds - * builder: Add --sandbox flag to disable the build from escaping - from the sandbox via build-args. - -Major changes in 0.6.8 -====================== - - * Requires OSTree 2016.7, allowing us to enable use of static delta - for system downloads again. - * Support --no-desktop which allows you to run a flatpak app outside - a desktop, with some loss of functionallity (for example, there - will be no systemd --user scope created for the app).. - * More documentation. - * Memory leak fixes. - * Initial support for rpms as flatpak-builder archive sources. - * Start work on translating the CLI. - * Install systemd config snippet to set the right XDG_DATA_DIRS path. - * Support --arch in flatpak list. - * Support access() in the document portal. - * Validate exported desktop files. - -Major changes in 0.6.7 -====================== - - * Automatically download and update related references such - as locales when using the CLI. - * lib: Support for getting related references - * Document metadata format - * Support build using system-installed bwrap - * Allow access to the journal socket in the sandbox - * builder: Support applying patches with git (useful for binary diffs) - * Require ostree 2016.6 - -Major changes in 0.6.6 -====================== - - * Better support for multi-arch (for instance, will automatically install - i386-only app on x86_64 without user having to specify --arch). - * Support --device=all to access the full host /dev - * More command line support for managing exported documents - * Extended API for the document portal: Lookup, Info, List - * flatpak-builder: Support initializing /var from a runtime - extension. - * Disable static deltas when updating via the system helper to - work around bug in ostree. - -Major changes in 0.6.5 -====================== - - * Documentation improvements - * builder: Check that the specified command exists after build is done - * builder: Fix up mtime in headers for python precompiled files - * builder: Allow submodules and including modules from other json files - * system-helper builds are optional (--disable-system-helper) - * system-helper: Support installing from local remotes and bundles - * Improved support for --subpath installs, including libflatpak support - * Improved command line completion - -Major changes in 0.6.4 -====================== - - * Fix an issue where flatpak sometimes created empty "repo" - directories in the CWD - -Major changes in 0.6.3 -====================== - - * Fix resolv.conf regression in `flatpak build` - * Fix LD_LIBRARY_PATH override support in `flatpak build` - * Support forwarding app permissions in `flatpak-builder --run` - * Flatpak is now smarter about the default branch to use in most operations - * update will not fail on the first error if updating several things - * New much more complete bash completion system - * Faster installations - * Support new keyfile format for remote-add --from=file - -Major changes in 0.6.2 -====================== - - * Fixed no-network support regression in setuid mode. - * Fixed creation of root-owned file in home dir when using sudo in some cases - * New --with-privileged-group configure option - -Major changes in 0.6.1 -====================== - - * Fixed support for systems without user namespaces (default for Arch) or - unprivileged support for user namespaces (default for Debian). - * Fix memory leak during install/update. - * update: Fix support for --arch. - * Set the right location for the system directory in the environment. - * system-helper: Support updating without deploying (needed for - gnome-software support). - * lib: Fix support for updates - -Major changes in 0.6.0 -====================== - -Renamed from xdg-app to Flatpak. Existing repositories should keep -working, and locally user installed apps/runtime will be migrated -automatically. However, there are some things that you have to be -aware of: - * The command names are now flatpak/flatpak-builder - * System-wide installed apps/runtimes need to be reinstalled - * flatpak-builder uses a ".flatpak-builder" subdirectory instead - of ".xdg-app-builder". - * The bus name and interface name for the permission - store is changed, it was in org.freedesktop.XdgApp, but is - now in org.freedesktop.impl.portal.DesktopPortal. - * The installation migration is a one-time operation so you can't - go back to xdg-app after updating. - * The library API (and name) changed due to the rename. - -Other changes: - * Flatpak now hard-requires ostree 2016.5 - * Switch from using xdg-app-helper to an included version of bubblewrap: - https://github.com/projectatomic/bubblewrap - * Added a policykit-based system helper that allows you to authenticate - via polkit to install into the system repository. - * Added an experimental command to export/import applications and runtimes - as an OCI tarball. - * builder: Fix creation of locale extensions if there was no locale data in the - build. - * Its now possible to disable/enable configured remotes. - * A lot of new tests where added, and we now support installed tests. - * builder now has an optional --arch argument for multiarch building. - * Builder modules can be disabled with "disabled": true. - * Using --filesystem=/tmp now hides the system X11 sockets. - - -Major changes in 0.5.2 -====================== - -* The way locale extensions work has changed. Now we build a single extension - for all locales, but we allow you to specify a subset of it during installation - and update time using the --subpath commandline flag. - The main reason for this is that the many extensions didn't scale, both in - technical terms (large ostree summary file size), but also in terms of the - UI listing hundreds of uninteresting things. -* We no longer use sizes in the commit objects to get installed and download size, - instead we store some extra metadata in the summary file. This allows us - to get much faster access to these, as with recent ostree versions we can - cache the summary file. -* New command xdg-app build-sign that lets you sign a commit at any time. -* New argument xdg-app build --force-clean that removes pre-existing build dirs. -* xdg-app run now uses the "current" version as the default if you specify no - branch or arch. It used to default to the "master" branch. This will default - to the last installed version, but can be changed with xdg-app make-current. -* Added config-opts to the build-options in xdg-app-builder. This allows you - to extend the configure flags in an arch dependent way. -* Documentation updates - -Major changes in 0.5.1 -======================= -* Make xdg-app-builder --build-only not export the results -* Create all-in-one Locale extension that combines all the locale extensions -* Extract icons for all appdata nodes when creating appstream -* Documentation updates -* Better handling of metadata in xdg-app-builder cache -* Respect the specified branch when exporting in xdg-app-builder -* Fix support for multi-arch with i386 userspace and 64bit kernel -* Avoid deprecated 32bit capabilities syscalls - -Major changes in 0.5.0 -======================= -* Some libxdg-app API additions for handling bundles -* Default to /bin/sh as user shell in sandbox -* Fix detection of which apps are in use during uninstall -* New implementation of fuse filesystem for document portal. - It is now cleaner and works on 32bit. -* Honor the noenumerate flag on remotes in CLI and libxdg-app. -* Add change notification for permissions store -* Require signed summaries for gpg-signed remotes -* Fix summary signatures of deltas in xdg-app build-update. - -Major changes in 0.4.13 -======================= -* Fix misgeneration of appdata xml in some cases -* Various improvements to bundles, and support in libxdgapp -* Add sources to Debug extensions created by xdg-app-builder -* Allow specifying subdirs of xdg-* dirs, for instance: - --filesystem=xdg-download/some-dir -* Add support for --filesystem=xdg-run/subdir which means - XDG_RUNTIME_DIR dir, rather than xdg-user-dirs. -* Add --generate-static-deltas option to build-update-repo. - -Major changes in 0.4.12 -======================= -* Fix crashes. -* Update exports when removing apps. -* Remove appstream and repo refs when removing a remote. -* Add some build options to make libxdg-app usable inside a sandbox. -* xdg-app-builder builds are now in the .xdg-app-builder/build subdir. -* Make system repo bare-user to avoid creating any setuid binaries. -* Add xdg-app-builder --run operation that runs a command with the - build environment set up. -* Support creating locale extensions with xdg-app-builder. -* Add support for tags to metadata. -* Put runtime info and tags in the appstream data - -Major changes in 0.4.11 -======================= -* Fix assertion when installing runtime - -Major changes in 0.4.10 -======================= -* App desktop files and icons were not being exported to the desktop - -Major changes in 0.4.9 -====================== -* Fix crash at end of runtime install. -* xdg-app-builder has a new source type "shell" which lets you run arbitrary - shell commands. -* Allow apps with writable homedir access to modify the xdg-app repos. -* New xdg-app info command gives you status of an installed app or runtime. -* The xdg-app-builder cache now contains the sdk commit id, so that a new - version of the sdk invalidates the cache. -* Fixed a regression in the xdg-app install-app backwards compatibility - handling. -* xdg-app now gives the application access to the deployment path, which can - be used to give host-side services access to app files (such as help - documents). -* build-export no longer exports appstream files, and when generating appstream - files we don't need them to be. -* The default architecture tag used by xdg-app is now made canonical when needed - (i.e. on arm/x86/mips). - -Major changes in 0.4.8 -====================== -* Changed global installation directory to /var/lib/xdg-app (not /var/xdg-app). -* Add support for a dbus filtering on the system bus. -* Choosing user namespaces or setuid is now a runtime option, not build time. -* Fix xml-escaping in the appstream generation. -* Various build fixes. -* Added some more documentation for the library. -* Disable support for running apps on systems without a systemd user session. -* Fix uninitialized memory read in xdg-app-builder during git checkouts. -* Correctly handle disabled git submodules in xdg-app-builder -* Fix hiding of non-exported symbols in libxdgapp - -Major changes in 0.4.7 -====================== -* Enabled build of libxdg-app by default, now the API is stable - enough for e.g. gnome-software to use it. -* Restructured the command line interface to xdg-app, it is now - more streamlined and easy to use. For instance, to install - both apps or runtimes, now use "xdg-app install $name". - The old commands still work, but are deprecated and not - in the docs. -* xdg-app-builder has gotten a bunch of new features that - makes it easier to build apps, and some initial work to - make it possible to create runtimes using it -* build-export now finds and export any app-info installed by - the app, and build-update-repo collects all such exports - into a per-repo branch for appstream and icons. -* The client (and libs) support for locally mirroring the appstream - branch for each remote. This allows use to create graphical appstores - with user-readable information and icons. -* On the client side one can now specify priorities for each - remote. - -Major changes in 0.4.6 -====================== -* Added an initial version of libxdg-app, a highlevel library - intended to be used by user interface frontends to xdg-app. - It is not yet API stable, so it is disabled by default. - Enable with --enable-libxdgapp -* Added xdg-app-builder, a separate tool that makes it easier to build - applications with external dependencies. -* Add support for single-file bundles, which can be a useful way - to distribute apps on e.g. a usb stick. Only works with the - latest version of ostree. -* Always allow apps to talk to the built-in portals -* Support granting read-only access to the filesystem with e.g. --filesystem=host:ro -* Add /run/user/$uid/xdg-app-info file that contains the current permissions of the app -* Add --writable-sdk option to xdg-app build-init -* Add file locking to better handle concurrent xdg-app operations like update and install -* Various fixes - -Major changes in 0.4.5 -====================== -* Support signing commits in build-export -* Correctly handle symlinks in host root when app has host-fs access -* Always regenerate summary after build-export -* Make uninstall a bit more robust -* Install the dbus introspection files -* Add human readable size to build-export report -* Add /dev/ptmx symlink in app -* Fix apps not getting SIGCHILD -* Only expose minimal /etc/[passwd|group] in app - -Major changes in 0.4.4 -====================== -* Fix race condition in fuse fs -* Don't save uid/gid/xattrs in build-export -* run: Handle existing mounts with spaces in them -* propagate xauth cookies to sandbox - -Major changes in 0.4.3 -====================== -* Build with older ostree -* Add --nofilesystem flag to e.g. xdg-app run -* Add xdg-app dump-runtime command - -Major changes in 0.4.2.1 -====================== -* Fix dbus proxy - -Major changes in 0.4.2 -====================== -* Fix build with older versions of glib -* Fix regression in filesystem access configuration -* Make seccomp use optional (for arches without it) -* Add xdg-app enter command to enter a running sandbox -* Fix /var/cache being readonly -* Add /var/data and /var/config shortcuts for per-app data -* Minor fixes to bash completion - -Major changes in 0.4.1 -====================== -* Fixed a parallel build issue -* Fixed a build issue where openat() didn't get a mode passed -* Don't block ptrace and perf in debug and build runs -* Put nvidia drivers in sandbox if DRI allowed -* Support specifying a version for runtime extensions - -Major changes in 0.4.0 -====================== -* A new permissions store was added to the dbus api. - This can be used by portal implementations that want to store - per-app permissions for objects. -* The document portal was added. This is a dbus api - which you can use to create document ids and assign - apps permissions to see these documents. The documents - themselves are accessed via a custom fuse filesystem. -* perf and strace are now blocked via the seccomp filters -* You can now override application metadata on a system - and per-user level, giving apps more or less access - than what they request. -* New command modify-remote added which lets you change - configuration of a remote after it has been added with - add-remote. -* Support for adding trusted gpg keys on a per-remote basis - has been added to add-remote and modify-remote. -* The repo-contents command has been renamed to ls-remote - to better match the other commands. -* The list-remotes command can now show more information - about the remotes. -* The bash completion implementation has been improved. - -Major changes in 0.3.6 -====================== - -* Fix a typo in the socket seccomp rules that made ipv6 not work -* Export the users fonts (~/.local/share/fonts or ~/.fonts) in the sandbox -* Fix seccomp rules to work on i386 -* Make exposing xdg user dirs work right diff --git a/README.md b/README.md index 20bcc915..c4a2a678 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,16 @@ -

Flatpak icon

-Flatpak is a system for building, distributing and running sandboxed -desktop applications on Linux. +Flatpak-builder is a tool for building flatpaks from sources. See http://flatpak.org/ for more information. -Read documentation for the flatpak [commandline tools](http://flatpak.github.io/flatpak/flatpak-docs.html) and for the libflatpak [library API](http://flatpak.github.io/flatpak/reference/html/index.html). +Read documentation for the flatpak-builder [commandline tools](http://flatpak.github.io/flatpak/flatpak-docs.html). # INSTALLATION -Flatpak uses a traditional autoconf-style build mechanism. To build just do +Flatpak-builder uses a traditional autoconf-style build mechanism. To build just do ``` ./configure [args] make @@ -22,47 +20,4 @@ Flatpak uses a traditional autoconf-style build mechanism. To build just do Most configure arguments are documented in `./configure --help`. However, there are some options that are a bit more complicated. -Flatpak relies on a project called -[Bubblewrap](https://github.com/projectatomic/bubblewrap) for the -low-level sandboxing. By default, an in-tree copy of this is built -(distributed in the tarball or using git submodules in the git -tree). This will build a helper called flatpak-bwrap. If your system -has a recent enough version of Bubblewrap already, you can use -`--with-system-bubblewrap` to use that instead. - -Bubblewrap can run in two modes, either using unprivileged user -namespaces or setuid mode. This requires that the kernel supports this, -which some distributions disable. For instance, Arch completely -disables user namespaces, while Debian supports unprivileged user -namespaces, but only if you turn on the -`kernel.unprivileged_userns_clone` sysctl. - -If unprivileged user namespaces are not available, then Bubblewrap must -be built as setuid root. This is believed to be safe, as it is -designed to do this. Any build of Bubblewrap supports both -unprivileged and setuid mode, you just need to set the setuid bit for -it to change mode. - -However, this does complicate the installation a bit. If you pass -`--with-priv-mode=setuid` to configure (of Flatpak or Bubblewrap) then -`make install` will try to set the setuid bit. However that means you -have to run `make install` as root. Alternatively, you can pass -`--enable-sudo` to configure and it will call `sudo` when setting the -setuid bit. Alternatively you can enable setuid completely outside of -the installation, which is common for example when packaging Bubblewrap -in a .deb or .rpm. - -There are some complications when building Flatpak to a different -prefix than the system-installed version. First of all, the newly -built Flatpak will look for system-installed flatpaks in -`$PREFIX/var/lib/flatpak`, which will not match existing installed -flatpaks. You can use `--with-system-install-dir=/var/lib/flatpak` -to make both installations use the same location. - -Secondly, Flatpak ships with a root-privileged policykit helper for -system-installation, called `flatpak-system-helper`. This is dbus -activated (on the system-bus) and if you install in a non-standard -location it is likely that this will not be found by dbus and -policykit. However, if the system installation is synchronized, -you can often use the system installed helper instead - at least -if the two versions are close in versions. +Flatpak-builder relies on flatpak, so it must be installed first.