Some apps (like libreoffice) has multiple sup-apps, so we allow them to have multiple
appstream components (as well as e.g. multiple desktop files).
Fixes#1749Closes: #1778
Approved by: alexlarsson
If p11-kit server is installed on the host, we spawn a copy of this, forwarding the access to the
p11-kit trust module in a read-only way.
We then (if the above worked) bind mount the socket as /run/user/$UID/p11-kit/pkcs11 in the sandbox,
which is the default socket path for the p11-kit-client module.
We also add a configuration file in /etc/pkcs11/modules/p11-kit-trust.module that makes the trust
module actually load the client module instead. This means applications automatically switch
to using the host certs for trust if possible, and use the runtime ca-certificates otherwise.
Additionally we add a config file that always disables pkcs user
config merging, because pkcs11 modules on the host are unlikely to work in a random runtime.
Closes: #1757
Approved by: alexlarsson
We only checked this in transaction. This is now the recommended way to installation
via libflatpak too, but if you use the old API this check also ensures that
installation fails if the required version is too old.
Also, we add a specific error code for this so callers can check for it.
Fixes https://github.com/flatpak/flatpak/issues/881Closes: #1755
Approved by: alexlarsson
Simplify some of the return logic when handling pushing/popping the
thread default main context by using g_autoptr(GMainContextPopDefault).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1736
Approved by: alexlarsson
The idea is for e.g. the gl extension to have
download-if=active-gl-driver
autoprune-unless=active-gl-driver
And then we can automatically find and uninstall unused gl drivers.
Closes: #1754
Approved by: alexlarsson
We were not correctly handling the partial refs that ostree_repo_list_refs()
returned, instead assuming they were full refs.
Closes: #1754
Approved by: alexlarsson
This moves the triggers from out of flatpak_install/update/uninstall
and instead calls them manually at all the sites that call this.
This allows FlatpakTransaction to only run the triggers once for the
entire operation.
Closes: #1743
Approved by: alexlarsson
In the no-pull case and when uninstalling, we never want to do any network
i/o for e.g. detecting depenedencies.
Closes: #1744
Approved by: alexlarsson
This does no network i/o and just keeps track of remote name
and collection id. This can be used for no-pull transactions.
Closes: #1744
Approved by: alexlarsson
This reads the current commit for a ref in the local repo.
This can be used e.g. to get at the metadata for an already pulled ref.
Closes: #1744
Approved by: alexlarsson
This is the same as flatpak_dir_search_for_dependency, but it looks only in the local
repo for already pulled dependencies. This is useful if you're in no-pull mode.
Closes: #1744
Approved by: alexlarsson
This makes info, list, remotes, and search work if there is no
system flatpak repo. Before it failed with EPERM.
Closes: #1742
Approved by: alexlarsson
The pop was missing, meaning that calling flatpak_dir_find_latest_rev()
corrupted the thread default main context stack of the caller.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We only need to prune when an already existing ref is changed
to a new value. For example, never on install/update if no_pull, and
not on fresh install (but on reinstall).
We add an error signal to Transaction that the calle (cli) handles. It
decides what to do with the error and whether to continue or abort.
A new error ABORTED is returned from flatpak_run() to indicate
that it errored out because you chose to abort. We also add a new
error SKIPPED that we use to report that some operation is skipped
(due to earlier errors).
This also means we remote the stop_on_first_error argument
from flatpak_transaction_run() as this is now controlled by
the caller.
