If you're building a runtime and have a base runtime with expected
extensions, fail to build if the actually installed extension is
partial (i.e. if it has a subdir specified).
Fixes https://github.com/flatpak/flatpak/issues/390
We juse use g_file_new_for_commandline_arg instead of g_file_new_for_path.
This is somewhat related to https://github.com/flatpak/flatpak/issues/401
but doesn't actually handle the specific case of tilde.
Its pretty common to e.g. ship an icon theme bundled in the app,
but you then don't want to have a warning for every file.
So, instead make this a debug message.
It makes no sense to allow you to install an application systemwide
if it only works for your user. However, its generally fine if to
install a per-user app that relies on a system-installed runtime.
In particular, this fixes installing system-wide extra-data apps where
we need the runtime to be system-installed to run the unpack script.
The g_key_file_load_from_bytes() function was added in GLib 2.50, and that
is too high as flatpak wants to support centos7/rhel7, which is now in 2.42.
If the downloaded app has a "xa.extra-data-sources" property in
the commit, then we download these as part of the pull operation
and store the result in the commitmeta object in the repo.
Then during deploy we look at the xa.extra-data-sources properties
again and extract them from the commitmeta into /app/extra
in the app, and afterwards we run /app/bin/apply_extra in a minimal
sandbox that has read-write access to /app/extra, but nowhere else.
There are some complexities:
We need to re-verify when extracting, because the commitmeta is not
really signed, so we could have picked up random stuff there
from the upstream repo, or from an attacker misusing the system-helper
local install codepath.
When using the system-helper the pull will fail if the commitmeta
is to large, so we have some code in this case to manually transfer
the larger commitmeta on the side to the local-pull code.
If you put a section like:
[Extra Data]
uri=https://sdk.gnome.org/gno%6De.flatpakrepo
checksum=ace1b504d32eefdf05b53044e6f785fe7886cc5657b5df034c3b9ac8e3aeb70c
size=1335
uri2=http://sdk.gnome.org/gedit.flatpakref
checksum2=d8baa109fb5fdcfe90379f3e93c5ab29f11772b42bf569bb3481e4aff489b0dd
size2=1472
name2=renamed.flatpakref
Then this information will be put in the commit object and the
later will be used when downloading the app.
This means you can do:
flatpak run org.freedesktop.Sdk
to get a shell in a sandbox with that runtime, but with an
empty /app.
You can also specify a particular runtime branch and command like so:
flatpak run --command=ls org.gnome.Platform//3.22 /
When an application requires a runtime that is not installed, search
for it and prompt for permissions to install it. Also, update required
runtimes when the app is being updated.
If this is set for a remote we will never automatically look for
dependencies in it. This makes dependency search faster, as we
don't need to search in app-only remotes.
Otherwise we'll be always trying to force the installation from the
default branch for a repo, regardless of whether the app being
installed is available for that branch.
This new command relies on flatpak_dir_update_remote_configuration()
and allows updating the local configuration for the remotes based on
the extra metadata present in the OSTree repo's summary file.
This parameter can still be combined with --title and --default-branch,
which take precedence when combined with --update.
If no branch is explicitly stated when installing a flatpak, and several
options (branches) are available for the same ID, we now check the remote's
default branch and use that one, if it's defined and available for the app.
https://github.com/flatpak/flatpak/issues/221
Add support for this flag in build-update-repo, so that we can define
a default branch in the server side, to be picked by the clients.
https://github.com/flatpak/flatpak/issues/221
Just like we do with the title, fetch the default-branch from the
repository's summary file and use that information when adding a
remote reference from the command line.
https://github.com/flatpak/flatpak/issues/221
We can't fetch the extra metadata from a repository's summary file before
having added it locally, since ostree_repo_remote_fetch_summary() will
fetch data by remote's name, and for that it needs to be added first.
Instead of using "NAME [BRANCH]" as the command list we now
support REF..., where each REF can be partial. This is easiest
explained by examples. Here are some valid refs:
org.test.App - only app id
app/org.test.App/x86_64/stable - full ref
org.test.App/x86_64/stable - full ref without prefix
org.test.App - only app id
org.test.App//stable - only branch
org.test.App/x86_64 - only arch
If any parts are left out they are wildcarded. Such parts are filled
first by looking at other command line arguments like --arch and
--app/--runtime. And finally by looking at what is available in the
remote. If there are multiple matches the user is told the options
in an error message.
For now this is a purely client side setting which lets you store
the default branch to use for a remote. This is mostly meant to
be used for UI tools, although the CLI could also be made to use this.
You can set this manually in the CLI with --default-branch, or via a
flatpakrepo file (new key DefaultBranch).
This completely regressed, and it seems complicated to fix it without
requiring extra privileges. So, the new version requires you to sudo
to run it, which is not great, but at least it makes it work for
all cases.
This is nice because it guarantees that we get a new commit id
which fixes various issues we had with conflicting commit ids
overriding each others signatures.
These are similar to .flatpakrepo, but for a single app.
For example, if you have a file gedit.flatpakref with this:
[Flatpak Ref]
Title=GEdit
Name=org.gnome.gedit
Branch=stable
Url=http://sdk.gnome.org/repo-apps/
IsRuntime=False
GPGKey=mQENBFUUCGcBCAC/K9WeV4xCaKr3NKRqPXeY5mpaXAJyasLqCtrDx92WUgbu0voWrhohNAKpqizod2dvzc/XTxm3rHyIxmNfdhz1gaGhynU75Qw4aJVcly2eghTIl++gfDtOvrOZo/VuAq30f32dMIgHQdRwEpgCwz7WyjpqZYltPAEcCNL4MTChAfiHJeeiQ5ibystNBW8W6Ymf7sO4m4g5+/aOxI54oCOzD9TwBAe+yXcJJWtc2rAhMCjtyPJzxd0ZVXqIzCe1xRvJ6Rq7YCiMbiM2DQFWXKnmYQbj4TGNMnwNdAajCdrcBWEMSbzq7EzuThIJRd8Ky4BkEe1St6tuqwFaMZz+F9eXABEBAAG0KEdub21lIFNESyAzLjE2IDxnbm9tZS1vcy1saXN0QGdub21lLm9yZz6JATgEEwECACIFAlUUCGcCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEArkz6VV0VKBa5cH/0vXa31YgEjNk78gGFXqnQxdD1WYA87OYxDi189l4lA802EFTF4wCBuZyDOqdd5BhS3Ab0cR778DmZXRUP2gwe+1zTJypU2JMnDpkwJ4NK1VP6/tE4SAPrznBtmb76BKaWBqUfZ9Wq1zg3ugvqkZB/Exq+usypIOwQVp1KL58TrjBRda0HvRctzkNhr0qYAtkfLFe0GvksBp4vBm8uGwAx7fw/HbhIjQ9pekTwvB+5GwDPO/tSip/1bQfCS+XJB8Ffa04HYPLGedalnWBrwhYY+G/kn5Zh9L/AC8xeLwTJTHM212rBjPa9CWs9C6a57MSaeGIEHLC1hEyiJJ15w8jmY=
You can then install gedit with
flatpak install --from gedit.flatpakref
This has two advantages. First of all (and most important) it
lets us put a /.flatpak-info file in it, so that the dbus peers
it talks to have the right "source" app id and sandboxed status.
Secondly, it lets us run the bus with readonly access to things,
thus being somewhat more secure.
The info file is always standalone, as it never needs to stack on top
of another context. This means we can remove all "negative" attributes
such as "shared=!network", making it easier to parse this file.
This is already called automatically from flatpak_dir_deploy_update.
In particular, in the system-installed case this will cause
a warning due to not being able to remove the old checkout with
permission denied.
The commands: install, update, uninstall, info, make-current and run
now supports specifying a partial ref for the name. This is a different
way of specifying optional arch and branch arguments.
For instance org.app.App//master is the same as "org.app.App master" or
"--branch=master org.app.App".
This is useful if you're cutting and pasting from e.g. the list -d output.
This replaces all current callers of gs_file_ensure_directory with
equivalent code.
Actually, two instances were calling gs_file_ensure_directory with
FALSE, i.e. error out on EEXIST, but those cases seem fine with the
do-nothing-if-exists semantics.
While it is frowned upon nowadays, there are still applications
that use system-provided icons for the Icon field in their desktop
file.
Reduce the error to a warning to allow this for now.
Any "related" references from the same remote are automatically
handled when installing, unless you specify --no-related.
The set of related refs is based on the declared extensions for
the main ref. By default, all such extensions are automatically
installed/updated unless they have "no-autodownload" set to false
in the extension info, and its not already installed locally.
Only extensions marked as "autodelete" will be automatically deleted
when you remove the main ref.
There is some special handling:
Any *.Debug or *.Locale extension is automatically treated as "autodelete".
A *.Locale extension that is autodownloaded will be subsetted using subpaths
such that existing subpaths are kept, and the current locale is added.
This lets distributors share a system copy of bubblewrap (>= 0.1.0)
between Flatpak and any other projects that benefit from it, if they are
careful to keep new versions in sync. The default is still to use the
bundled submodule, ensuring compatibility and simplifying dependencies.
Enable $PATH search everywhere that runs bwrap, so that $BWRAP doesn't
necessarily need to be a fully-qualified path.
Signed-off-by: Simon McVittie <smcv@debian.org>