The normal behavior where we only list already installed refs for
a noenumerate remote doesn't work for the case where flatpak-system-helper
verifies a ref on an OCI server during installation - in that case, the
ref being installed to does not *yet* exist locally.
We previously made a separate request to the registry index to see if
the manifest hash of an image was the hash of the image in the registry.
Since the summary is now downloaded by the system helper and trusted, just
check if the hash matches the hash in the summary data. This is as good,
and in is a lot more efficient if the index is statically generated,
and we can't get the index data for just one image.
Closes: #1910
Approved by: alexlarsson
Checking the registry against a previous etag is now handled inside
flatpak_cache_http_uri(), so remove the etag parameters that were
previously passed around in various places for simplicity.
Closes: #1910
Approved by: alexlarsson
Previously the code assumed that appstream data was stored in a separate
OCI image in the registry. Replace that with storing the appstream data
and icons as image annotations. When we download a new version of the
image index, the appstream data is combined, and icons are downloaded
as necessary.
Since there is no longer a content hash for the appstream data, it's
not practical for the user to download the appstream data and pass it
to the system helper, instead the system helper just downloads the
appstream data directly.
Closes: #1910
Approved by: alexlarsson
This system-helper method will allow flatpak to update the ostree repo
summary while running as a non-root user that's in the "sudo" group.
This will allow the `flatpak create-usb` command to work without
requiring the user to first run `sudo ostree summary -u`, and without
requiring the system to have `core.auto-update-summary` set to true in
the ostree repo config. This is also much more efficient than
`core.auto-update-summary` because it allows us to only update the
summary when we need it rather than after every transaction.
Generating the summary basically just involves traversing the repo to
enumerate all the refs and putting this information into a file, so I
don't think there are security concerns with allowing it to happen
without authentication.
Closes: #1945
Approved by: alexlarsson
Setting an error with second_error->message is going to work poorly
when second_error has never been set non-NULL.
Related to #1845, although not necessarily the full solution.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1867
Approved by: alexlarsson
This is used to create the /var/lib/flatpak repo if
needed so that other later operations work. We have
some partial support for it not working in various
operations (using the allow_empty argument) but
this is in no way complete. For example, this
can easily happen if you have a per-user installation
but no system one and then you run flatpak install
with no --user, then it will try to figure out
which one to use and die.
Simplify some of the return logic when handling pushing/popping the
thread default main context by using g_autoptr(GMainContextPopDefault).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1736
Approved by: alexlarsson
This moves the triggers from out of flatpak_install/update/uninstall
and instead calls them manually at all the sites that call this.
This allows FlatpakTransaction to only run the triggers once for the
entire operation.
Closes: #1743
Approved by: alexlarsson
This moves all the files from lib into common, and it also adds all the libflatpak
sources into libflatpak-common, making libflatpak just a wrapper around the common
helper library.
This move allows the CLI to use all the code from libflatpak. We were already doing
this with a few things like flatpak-error*.[ch], and we want to do it even more
when sharing FlatpakTransaction. This also allows use to slowly move
the CLI to using the libflatpak apis for some things.
Closes: #1706
Approved by: alexlarsson
Currently we try to update the "appstream2" branch and if that fails try
to update the "appstream" branch. If that fails too we return the error
message from the appstream2 update, which can be misleading. So this
commit combines both error messages into one so you get something like
this:
$ flatpak update --appstream tamaulipas-apps
error: Error updating appstream2: No such ref 'appstream2/x86_64' in
remote tamaulipas-apps; Error updating appstream: Update is older than
current version
That should make debugging easier for
https://github.com/flatpak/flatpak/issues/1615.
This is safe as we do the pull locally, and root configured the local
path. We already do the same for regular installs, so its weird that
its not done for appstream.
Should fix https://github.com/flatpak/flatpak/issues/1580Closes: #1585
Approved by: alexlarsson
By default we use the new appstream2 branch if it exists in the remote,
also in this case we compress the xml when deploying to be backwards
compat with the old deploys.
Closes: #1585
Approved by: alexlarsson
If you're installing something and its already installed, we undeploy
the old install first before deploying the new. This makes it very
easy to switch an application from one remote to another, without
having to uninstall first, which is both painful and could cause
the download to be unnecessary large.
Closes: #1241
Approved by: alexlarsson
I got weird crashes in the local repo pull case where the default
progress reporting callback tried to get some unset key on
the progress. We don't want any progress reporting anyway, so fix
this by dropping all progress reporting.
Closes: #1243
Approved by: alexlarsson
Since we don't have GPG signatures for the OCI images we verify
the data sent by the client by doing a query to the index from
the helper to ensure that the ref/digest tuple is correct.
Closes: #1171
Approved by: alexlarsson
This means the url of the remote is a service supporting:
https://github.com/owtaylor/metastore/blob/master/docs/protocol.md
And we use that to find all flatpak images and the repository url
itself.
This also add support for docker-v2 registries that support OCI
images.
Closes: #1171
Approved by: alexlarsson
We might want to prune the repo from within the library or
the command line and may not be in a privileged context, so
we'll need to jump through the system helper to prune the refs.
Closes: #1034
Approved by: alexlarsson
In order to eliminate some race conditions around updating the
summary{,.sig} file on the server, and to decouple signing the summary
from signing commits, and to support peer to peer mirrors of content
from multiple upstream collections: add support for unsigned summary
files.
This relaxes the requirement for gpg-verify-summary=true iff
collection-id is set in a remote’s local configuration. It depends on
some pending libostree changes to verify the ref for each commit using
the commit’s signed metadata. See
https://github.com/ostreedev/ostree/issues/983.
Metadata storage has moved from the summary file to a new
ostree-metadata well-known branch on each repository, since this can be
signed for each update and for each collection separately. If the
collection-id is set in a remote’s local configuration, flatpak will
retrieve all repository metadata from this branch rather than from the
summary file. If collection-id is unset, it will ignore this branch and
continue to use the summary file, which will continue to be updated (and
externally signed as summary.sig) for backwards compatibility.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Search for updates on peer to peer sources as well as the internet in
check_for_updates(), and pass the resulting OstreeRepoFinderResult array
to the pull() calls, so a consistent set of checksums are pulled.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Previously they weren’t getting distributed unless the system helper was
enabled at configure time for distcheck. They should be distributed
unconditionally so the user can choose whether to enable the system
helper when they call configure.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
The GLib logging framework automatically appends a \n to messages, so it
doesn’t need to be added by callers.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We download the summary and send it to the system helper, it verifies
the checksum and applies the changes, with the same polkit permissions
required as for an app update (i.e. typically none).
This allows us to update metadata automatically, without permission
requests.
If EXTERNAL_INSTALL_DIR wasn't defined (which is likely, since nothing
in the build system does), then we would tell the system helper
to search /exports/share, which is not Flatpak's territory
(but is a semi-commonly-used path for site-specific NFS shares,
which might have contents that are inappropriate to search here).
Installations that do define an external installation directory
(Endless OS?) can easily override the Environment to include it
by placing a drop-in in
/etc/systemd/user/flatpak-system-helper.service.d/external.conf
or similar.
This change fixes GCC compiler warnings where a cleanup function was
specified on an uninitialised pointer, which in the view of GCC could
result in an errornous free of uninitialised memory, if the functions
that initialise them do not return NULL.
Signed-off-by: Ikey Doherty <ikey@solus-project.com>
Newer versions of dbus support stateless directories, and many distributions
now use /usr/share/dbus-1/system.d for the vendor configuration files, as
opposed to the legacy /etc/dbus-1/system.d directory.
To enable this, we add a new --with-dbus-config-dir option to control the
configuration directory, whilst retaining backwards compatibility for those
still using older versions of dbus.
Signed-off-by: Ikey Doherty <ikey@solus-project.com>
If the bundle contains an origin link we can now install related
things from it, such as locale data.
You can also build the bundle with --runtime-repo=URL, where the url
points to a flatpakrepo file for a repo with runtimes. This works
similar to the RuntimeRepo= feature in flatpakref files.
