This disables build-args support, which is nice when building things
on e.g. a shared build-machine, where we don't want the build to
be able to break out of the sandbox (by specifying e.g. --share=network).
Stop building at a specified module from the json file.
This is useful during development. For instance, you can do --stop-at=main-app
to build all the dependencies into the appdir, then you can do a build of an
already checked out git repo (possibly with changes).
- Fix typos in doc/flatpak-install and doc/flatpak-update.
- The commands ending in -app were deprecated in commit f7a1fdaa,
so update a few remaining references to them.
- flatpak-update is used for runtimes and applications, so fix its short
description.
Currently to use a local copy of a git repo you have to specify the url
as "file:///path/to/repo". This commit allows you to specify a path directly
as "/path/to/repo", which is faster and more space-efficient because
git-clone will hardlink the objects rather than copying them.
Some of the options do not explicitly say they can be used multiple
times even though it's clear from the code that they can. This commit
fixes that by saying so in the manpages.
Any "related" references from the same remote are automatically
handled when installing, unless you specify --no-related.
The set of related refs is based on the declared extensions for
the main ref. By default, all such extensions are automatically
installed/updated unless they have "no-autodownload" set to false
in the extension info, and its not already installed locally.
Only extensions marked as "autodelete" will be automatically deleted
when you remove the main ref.
There is some special handling:
Any *.Debug or *.Locale extension is automatically treated as "autodelete".
A *.Locale extension that is autodownloaded will be subsetted using subpaths
such that existing subpaths are kept, and the current locale is added.
I don't think it makes sense to have to enable this for everything.
It should be safe in the sense that you can't ever do more than
the user can do anyway, and there is no way to use this to communicate
with the rest of the system because you can't read from it.
The worst this could ever cause is to overload the system, but the
sandbox doesn't protect against that in any other way anyway.
This adds --forbid-read, --forbid-write, --forbid-delete and
--forbid-grant-permissons options to flatpaks document-export
command, to let it revoke permissions on exported documents.
This gives the application full access to the host /dev. Obviously
this is not great in terms of sandboxing, but its nice for applications
that use flatpak mostly as a way to do distribution of the app.
Also, its not like the app has full access to anything, its still
limited to the access right of the user.
