When the document portal is called from within the sandbox with an
app-private file path, translate the path to a document portal URI in
order to make it available to other applications.
The build system did not have any minimum requirements on GLib, which is
somewhat optimistic. We rely on ostree, so the minimum version is the
same as ostree's minimum requirement, 2.40.
This has some important pull fixes that we want people to have.
Also it changed the mtime of checkouts from 0 to 1, so we want
to require only one of those (as flatpak has some special code for mtimes).
Set autodelete=true on locale and debug extensions.
Set no-autodownload=true on debug extensions.
Thats what will happen anyway, but its nice to be explicit.
Also, remove subdirectories=true on the locale extensions, as
we're not using that anymore.
Any "related" references from the same remote are automatically
handled when installing, unless you specify --no-related.
The set of related refs is based on the declared extensions for
the main ref. By default, all such extensions are automatically
installed/updated unless they have "no-autodownload" set to false
in the extension info, and its not already installed locally.
Only extensions marked as "autodelete" will be automatically deleted
when you remove the main ref.
There is some special handling:
Any *.Debug or *.Locale extension is automatically treated as "autodelete".
A *.Locale extension that is autodownloaded will be subsetted using subpaths
such that existing subpaths are kept, and the current locale is added.
This lets us find all the "related" refs to a ref in a particular
remote, or locally. These are the things we should automatically
download or delete when installing/updating/uninstalling the ref.
The implementation currently looks at all the extensions handled by the
app/runtime. For debug extensions and extensions marked no-autodownload we
only consider them related if its already locally installed. For locale
extensions we always consider them related, but we only pull the current
locale data for it.
I don't think it makes sense to have to enable this for everything.
It should be safe in the sense that you can't ever do more than
the user can do anyway, and there is no way to use this to communicate
with the rest of the system because you can't read from it.
The worst this could ever cause is to overload the system, but the
sandbox doesn't protect against that in any other way anyway.
One of the variations tested on Debian's reproducible build
infrastructure is that the second build is done in a French locale.
This test fails there, because it doesn't see "Usage:" in the help.
Signed-off-by: Simon McVittie <smcv@debian.org>