Add a flag that triggers extra processing of the 'rest'
commandline arguments, as follows: When we see arguments
that are enclosed in a pair of '@@' arguments, we interpret
them as file paths, export them in the document store, and
pass the resulting document path to the launched application.
Currently, the files are exported non-persistent (i.e. only
for the current session), and with read and write permissions
for the app.
Its quite possible that a custom TMPDIR is not mapped
in the sandbox, and /tmp is per-app anyway, so it doesn't
really make sense to use the custom one.
Fixes https://github.com/alexlarsson/spotify-app/issues/41
Sometimes we need to pull a commit without using static deltas to e.g.
make sure that an app with a corrupted commit can still be updated by
pulling the new commit in full.
This option has been added to the FlatpakUpdateFlags,
FlatpakInstallFlags, as well as a parameter for the CLI.
This is a pretty standalone object, and it is nicer to
have it in its own files. All users have been updated
to include the new flatpak-table-printer.h header.
The new `glnx_regfile_copy_bytes()` is better than the previous
`flatpak_copy_bytes()` in that it will use reflink/sendfile if available.
More information in 3a4d0f4684
After the introduction of linear progress reports based on
heuristics, Flatpak still couldn't make precise reports for
the extra-data field is contained in the commits. When we
were setting extra-data up, Flatpak didn't have the commits,
so it always failed.
Fix that by downloading the commits first, and then setting
up the extra-data fields.
flatpak/flatpak#609
Some previous g_set_error messages were related to 'unknown type', but this one about 'unknown location'. So it would probably be best to suggest 'valid locations', instead of 'valid types'.
WAYLAND_DISPLAY can be other than "wayland-0" for various reasons, such
as using a custom Wayland display server or the session display server
using a custom display name.
Note that for xdg-desktop-portal to support showing portal windows, the
xdg-desktop-portal service MUST use the same WAYLAND_DISPLAY.
* Use ostree's BARE_USER_ONLY flag
Now that Ostree has a 'bare user only' mode for repositories, we should
use it.
This allows installing Flatpak run times inside different Docker layers.
Original patch by: Alexander Larsson <alexl@redhat.com>
Tested-by: Emmanuele Bassi <ebassi@gmail.com>
* Use the parent mode when creating a child repo
Instead of hard coding the repository mode, query the parent's mode.
* Gate bare-user-only repo creation behind an environment variable
We keep the default of bare-user repositories, but with an environment
variable we change new repositories to bare-user-only.
If you run "flatpak update" then we will never update to
a commit that is older than the currently installed one. This
protects against a man-in-the-middle attack that would otherwise
let the attacker downgrade to a previously signed version that
may have some vulnerability.
We never want the system-helper to downgrade. If you want to run
not-the-latest version you need to be "real root". However, the
check for this was broken, as it compared the new commit with the
new commit, which was always ok. Instead check the timestamp
on the new commit with the current one.
The export g_autoptr changes in ostree will be in the release 2017.4,
but the gnome CI is currently failing due to them also being in current
git master which is called 2017.3 atm. We fix this by checking against
2017.3 instead, which is safe, because the actual OSTREE_CHECK_VERSION
macro was added after the 2017.3 release too.
This means we verify the exact data we use, which is
what was signed. In particular, this means in the
system-helper we don't open us up to the user
manipulating the file while it is being applied.
This ensures the actual manifest ref matches what was specified
in the index. This is required as the goal is to sign/trust
the manifest, but not necessarily the index.
