Its not super uncommon to e.g. have a 64bit kernel with 32bit userspace.
So, we default to the arch xdg-app was built for, rather than what
uname reports (the kernel version).
This uses various environment variables set during make check
to find the trigger, bwrap and xdg-app-dbusproxy from the build/source dir
rather than the installed location.
This patch adds the --arch option to the build-export builtin command.
Previously build-export derives this from the metadata and then falls back
to xdg_app_get_arch(), except that this does not work when the metadata does
not specify an arch (such as with extensions like .Debug or .Locale).
https://bugs.freedesktop.org/show_bug.cgi?id=95226
Bubblewrap is a new tool from project atomic. Its similar to the old
xdg-app-helper, but even more minimal, and a bit more generic. Its designed
to be easy to git submodule install, but at some point we will probably
support using the system installed version too.
Using bubblewraps lets us share the load of security mainainance and
allows other people to use bubblewrap to do their own unprivileged
sandboxes.
This lets you export and import a runtime or an application into a tarball
that explodes to match the oci runtime spec. This goal of this is to interchange
xdg-app apps with other systems that support OCI.
Note that this is highly experimental, because the oci specs are in flux, and
in fact we should probably use the OCI image spec instead of the runtime spec,
but its not yet finished enough for us to use it. So, don't rely on this for
now other than to experiment with it.
Sometimes you want to replace an existing file, like a config.sub,
and sometimes that existing config.sub does not have the writable
bits set. Just delete the file if we intend to replace it anyway.
Instead of separate "origin", "subpaths" and eventually "installed-size"
files we store a single (extensible) gvariant with all this info, which
means we need to seek less to get it.
Also, we move this file into the deploy dir as some of the data
differs for each deploy, and that way we can rely on the the active
symlink to make the update atomic.