Alternative fix to https://github.com/flatpak/flatpak/pull/3389
If an app has PulseAudio access, also allow direct ALSA device access.
The practical permissions of ALSA and PulseAudio access are
essentially the same (in fact, its possibly less damaging to have
direct device access as bugs in pulseaudio could allow sandbox
breakout that wouldn't be possible with deivce access).
We could add a separate option for this, but since they are
essentially the same, and since both are not the end goal (which is
using portals and PipeWire for audio), seems like unnecessary churn in
apps and code.
This is useful if to avoid changing the no-interaction of the whole
FlatpakInstallation. Also, having this per transaction lets us
clean up the code in FlatpakQuietTransaction a bit.
The terms whitelist and blacklist are hurtful to some people, and per
our code of conduct Flatpak is an inclusive community. Replace them with
allowlist and blocklist which are also more clear. This terminology
change is being implemented more broadly in the software industry; see
e.g. https://go-review.googlesource.com/c/go/+/236857/
While creating the ld.so.cache file we write to a temporary file
and then rename it to the final reused cache location only when it is
completely finished.
This solves two issues:
a) New app instances never end up with a cache that is not finished
b) Two app starting at the same time don't both try to write the
cache in the same place, failing like in #3029.
This is an alternative fix to https://github.com/flatpak/flatpak/pull/3617
If the magical io.github.containers.DeltaUrl label is set in the
index, then try to download this to use as the delta manifest for the
image. This allows servers to store deltas outside the registry
itself. The label is propagated to the xa.delta-url metadata in the
generated "fake summary" for the remote, and read back on pull.
Note that the delta manifest layers descriptor will need to have a
"urls" key where it references the blobs if the blobs are also not
stored on the registry.
If the specified manifest doesn't exist or doesn't apply to the target
image we fall back to resolving via the _deltaindex tag.
Call flatpak_remote_state_ensure_summary() before dereferencing
RemoteState->summary to return an error instead of crashing if
downloading the summary failed.
When mirroring to a local OCI dir we apply deltas and generate
uncompressed layer blobs instead of regular blobs. Then we pick this
up on the system-helper side.
This is a version of flatpak_oci_registry_apply_delta() that generates
a new blob in a local repo, rather than a temporary file. This is used
when mirroring using a delta into a child oci registry for system-helper
use.
When we create a system child registry we also set the current token on
it. This is not used directly in the client, however its saved in a
file called .token and re-read in the system-helper, allowing it to
also do the remote registry operations it needs to verify the child
registry.
We typically only load by digest id, resolving tags in other ways.
However, we need to load the _deltaindex tag by tagname, so support
this when possible.
It turns out that libarchive doesn't always read the entire file until
the end if it can figure out that the tarfile ended. Normally this is
not hit, because the decompressor reads all the input, but for
uncompressed tarfiles (like those from applied deltas) this is
important.
If downloading a specific commit (or oci manifest) we may get a 401 back.
If so, request a token and try again. In this case we don't yet know the
token type, so pass MAXINT32 for "don't know".
This downloads a manifest by digest and reconstructs the commit except
for the tree/metadata reference. This allows things like flatpak remote-info
and flatpak update --commit=xxx to work.
Only have the single function flatpak_remote_state_load_ref_commit()
that loads the commit objects (and don't support loading other types
of objects as that is not used).
This is a minor cleanup, but it also will be useful later when
we want to be able to "load" commits from OCI repositories.
The newly added https://systemd.io/DESKTOP_ENVIRONMENTS/ lists an XDG
defined specification for how cgroups for applications should be named.
This will allow flatpak's to correctly follow any drop-in's set for
applications on the system as well as help next-gen system monitor's
treat flatpaks as applications.
flatpak-session-helper.service is unaffected.
