A series of following commits will introduce a peer to peer feature for
pulling apps and runtimes from LAN peers and USB sticks without needing
an internet connection. This requires experimental API in libostree
(which needs to have been configured with --enable-experimental-api), so
needs to be hidden behind a configure option in flatpak too. It’s called
--enable-p2p, and bumps our libostree dependency to 2017.8 with
experimental API required too.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This includes a change in how ostree reports missing gpg signatures
which makes the test-suite pass. Additionally that change requires
us to change how we detect such missing gpg signatures in one place.
We could try to support both versions, but the easiest fix is to just
require the latest ostree.
This uses the new libostree APIs that landed recently to ensure
that we reject any files with mode outside of `0775` for system
helper pulls, and we also mask directory modes during checkout.
However, this does *not* fix up any already downloaded content.
For that, one could uninstall/reinstall; or a future patch could
do a one-time fixup pass.
Note that I am not aware of a way for flatpak applications to escalate their
privileges directly with this flaw; the bubblewrap `PR_SET_NO_NEW_PRIVS` turns
of setuid. However, in combination with code execution on the host via another
mechanism (e.g. unsandboxed app), a setuid app injected could be used to gain
full host privileges.
At this time we're not aware of any flatpak content exploiting this issue.
Closes: https://github.com/flatpak/flatpak/issues/845
This allows us to rely on the new BARE_USER_ONLY mode, as
well as the fixes to progress reporting. Also, it has a lot
of bugfixes that are nice. If you need an old ostree you can
run the old flatpak series.
We only allow globs, not magic matches, and we drop the glob
priority to a very low level (weight=5) which means that its
hard for app-installed mimetypes to override the system installed
ones. That should make exporting mimetypes pretty safe.
gpgme is built with large file support by default, and checks that
its ABI (size of off_t) matches the ABI expected by library users
like flatpak. This caused build failures on Debian i386 and powerpc.
Signed-off-by: Simon McVittie <smcv@debian.org>
In ostree I maintain what I consider a "baseline" set of compiler
warnings that should *always* be fatal for a modern C project.
I noticed while working on a previous patch that a `-Werror=format`
warning wasn't fatal.
There are a few that are really, really important like
`-Werror=missing-prototypes`. I also take some like `-Werror=misleading-indentation`
which already caught some bugs. See also https://lwn.net/Articles/678019/
This is required for e.g. G_DECLARE_FINAL_TYPE, and most current
distros have this now.
This fixes https://github.com/flatpak/flatpak/issues/622
For distributions that want to build against older glib, see
the issue above, it has patches to make that work.
Typically Linux distributions employ /etc/profile.d for system wide
environment manipulation prior to multi-user initialisation. Modern
distribution efforts split the vendor configuration from the local
sysadmin configuration and data, by not using the /etc/ directories,
for example.
To enable this stateless pattern, this change adds a new --with-profile-dir
option to use an alternative location, such as within /usr/share/. This
ensures that the data (not configuration) is owned through the update
process, and does not conflict with changes made locally to the system,
enforcing domains of ownership.
To preserve backwards compatible behaviour, the default directory remains
set to /etc/profile.d.
Signed-off-by: Ikey Doherty <ikey@solus-project.com>
Newer versions of dbus support stateless directories, and many distributions
now use /usr/share/dbus-1/system.d for the vendor configuration files, as
opposed to the legacy /etc/dbus-1/system.d directory.
To enable this, we add a new --with-dbus-config-dir option to control the
configuration directory, whilst retaining backwards compatibility for those
still using older versions of dbus.
Signed-off-by: Ikey Doherty <ikey@solus-project.com>
We want to use the new transactioned detached metadata support,
multi-subdirs pull, and inherit-transactions on pull. Also, there are
some fixes we like.
It seems OSTree switched back to 0 for mtimes, so we have to switch
back too. We need to depend on this release to ensure that all
created repos gets things right.
Alexander Larsson