Alternative fix to https://github.com/flatpak/flatpak/pull/3389
If an app has PulseAudio access, also allow direct ALSA device access.
The practical permissions of ALSA and PulseAudio access are
essentially the same (in fact, its possibly less damaging to have
direct device access as bugs in pulseaudio could allow sandbox
breakout that wouldn't be possible with deivce access).
We could add a separate option for this, but since they are
essentially the same, and since both are not the end goal (which is
using portals and PipeWire for audio), seems like unnecessary churn in
apps and code.
This is useful if to avoid changing the no-interaction of the whole
FlatpakInstallation. Also, having this per transaction lets us
clean up the code in FlatpakQuietTransaction a bit.
The terms whitelist and blacklist are hurtful to some people, and per
our code of conduct Flatpak is an inclusive community. Replace them with
allowlist and blocklist which are also more clear. This terminology
change is being implemented more broadly in the software industry; see
e.g. https://go-review.googlesource.com/c/go/+/236857/
While creating the ld.so.cache file we write to a temporary file
and then rename it to the final reused cache location only when it is
completely finished.
This solves two issues:
a) New app instances never end up with a cache that is not finished
b) Two app starting at the same time don't both try to write the
cache in the same place, failing like in #3029.
This is an alternative fix to https://github.com/flatpak/flatpak/pull/3617
flatpak enter must not be multi-threaded because it calls setns. This
was causing a problem because g_vfs_get_default spawns threads in some
environments.
If the magical io.github.containers.DeltaUrl label is set in the
index, then try to download this to use as the delta manifest for the
image. This allows servers to store deltas outside the registry
itself. The label is propagated to the xa.delta-url metadata in the
generated "fake summary" for the remote, and read back on pull.
Note that the delta manifest layers descriptor will need to have a
"urls" key where it references the blobs if the blobs are also not
stored on the registry.
If the specified manifest doesn't exist or doesn't apply to the target
image we fall back to resolving via the _deltaindex tag.
Call flatpak_remote_state_ensure_summary() before dereferencing
RemoteState->summary to return an error instead of crashing if
downloading the summary failed.
When mirroring to a local OCI dir we apply deltas and generate
uncompressed layer blobs instead of regular blobs. Then we pick this
up on the system-helper side.
This is a version of flatpak_oci_registry_apply_delta() that generates
a new blob in a local repo, rather than a temporary file. This is used
when mirroring using a delta into a child oci registry for system-helper
use.
When we create a system child registry we also set the current token on
it. This is not used directly in the client, however its saved in a
file called .token and re-read in the system-helper, allowing it to
also do the remote registry operations it needs to verify the child
registry.
We typically only load by digest id, resolving tags in other ways.
However, we need to load the _deltaindex tag by tagname, so support
this when possible.
It turns out that libarchive doesn't always read the entire file until
the end if it can figure out that the tarfile ended. Normally this is
not hit, because the decompressor reads all the input, but for
uncompressed tarfiles (like those from applied deltas) this is
important.
