Currently in the FlatpakTransaction implementation we add dependencies
and related refs for each operation in the transaction regardless of if
it's skipped or not. This is an issue in the case of an
end-of-life-rebased ref because in that case if the user agrees a new
install operation is added for the new ref, an uninstall operation is
added for the end-of-lifed ref, and the update operation for the
end-of-lifed one is marked as to be skipped. Then the dependencies of
the end-of-lifed ref get added to the transaction and ultimately after
all the sorting is done you end up with duplicate operations. In the
case of having org.gnome.tetravex installed, "flatpak update" yields a
transaction which uninstalls org.gnome.tetravex.Locale twice and errors
out on the second time (in addition to uninstalling org.gnome.tetravex
and installing org.gnome.Tetravex and org.gnome.Tetravex.Locale).
Fix the issue by skipping operations marked as to be skipped when adding
dependencies and related refs to the transaction.
Alternative fix to https://github.com/flatpak/flatpak/pull/3389
If an app has PulseAudio access, also allow direct ALSA device access.
The practical permissions of ALSA and PulseAudio access are
essentially the same (in fact, its possibly less damaging to have
direct device access as bugs in pulseaudio could allow sandbox
breakout that wouldn't be possible with deivce access).
We could add a separate option for this, but since they are
essentially the same, and since both are not the end goal (which is
using portals and PipeWire for audio), seems like unnecessary churn in
apps and code.
This is useful if to avoid changing the no-interaction of the whole
FlatpakInstallation. Also, having this per transaction lets us
clean up the code in FlatpakQuietTransaction a bit.
The terms whitelist and blacklist are hurtful to some people, and per
our code of conduct Flatpak is an inclusive community. Replace them with
allowlist and blocklist which are also more clear. This terminology
change is being implemented more broadly in the software industry; see
e.g. https://go-review.googlesource.com/c/go/+/236857/
While creating the ld.so.cache file we write to a temporary file
and then rename it to the final reused cache location only when it is
completely finished.
This solves two issues:
a) New app instances never end up with a cache that is not finished
b) Two app starting at the same time don't both try to write the
cache in the same place, failing like in #3029.
This is an alternative fix to https://github.com/flatpak/flatpak/pull/3617
If the magical io.github.containers.DeltaUrl label is set in the
index, then try to download this to use as the delta manifest for the
image. This allows servers to store deltas outside the registry
itself. The label is propagated to the xa.delta-url metadata in the
generated "fake summary" for the remote, and read back on pull.
Note that the delta manifest layers descriptor will need to have a
"urls" key where it references the blobs if the blobs are also not
stored on the registry.
If the specified manifest doesn't exist or doesn't apply to the target
image we fall back to resolving via the _deltaindex tag.
Call flatpak_remote_state_ensure_summary() before dereferencing
RemoteState->summary to return an error instead of crashing if
downloading the summary failed.
When mirroring to a local OCI dir we apply deltas and generate
uncompressed layer blobs instead of regular blobs. Then we pick this
up on the system-helper side.
This is a version of flatpak_oci_registry_apply_delta() that generates
a new blob in a local repo, rather than a temporary file. This is used
when mirroring using a delta into a child oci registry for system-helper
use.
When we create a system child registry we also set the current token on
it. This is not used directly in the client, however its saved in a
file called .token and re-read in the system-helper, allowing it to
also do the remote registry operations it needs to verify the child
registry.
We typically only load by digest id, resolving tags in other ways.
However, we need to load the _deltaindex tag by tagname, so support
this when possible.
It turns out that libarchive doesn't always read the entire file until
the end if it can figure out that the tarfile ended. Normally this is
not hit, because the decompressor reads all the input, but for
uncompressed tarfiles (like those from applied deltas) this is
important.
If downloading a specific commit (or oci manifest) we may get a 401 back.
If so, request a token and try again. In this case we don't yet know the
token type, so pass MAXINT32 for "don't know".
This downloads a manifest by digest and reconstructs the commit except
for the tree/metadata reference. This allows things like flatpak remote-info
and flatpak update --commit=xxx to work.
Only have the single function flatpak_remote_state_load_ref_commit()
that loads the commit objects (and don't support loading other types
of objects as that is not used).
This is a minor cleanup, but it also will be useful later when
we want to be able to "load" commits from OCI repositories.
