This works around:
https://github.com/ostreedev/ostree/issues/541
Which is causing us to not pull the entire set of objects, rather
stopping at the first object which is locally available. We fix
this by pulling twice in the subdirs != NULL case, which works
because the second time the new commit is marked partial and
we then pull the entire thing.
This means we will not end up with a partial download if something
goes wrong during the extra-data download, because we don't
commit the downloaded base files until everything is finished.
Note, this requires the latest ostree for this feature.
If the downloaded app has a "xa.extra-data-sources" property in
the commit, then we download these as part of the pull operation
and store the result in the commitmeta object in the repo.
Then during deploy we look at the xa.extra-data-sources properties
again and extract them from the commitmeta into /app/extra
in the app, and afterwards we run /app/bin/apply_extra in a minimal
sandbox that has read-write access to /app/extra, but nowhere else.
There are some complexities:
We need to re-verify when extracting, because the commitmeta is not
really signed, so we could have picked up random stuff there
from the upstream repo, or from an attacker misusing the system-helper
local install codepath.
When using the system-helper the pull will fail if the commitmeta
is to large, so we have some code in this case to manually transfer
the larger commitmeta on the side to the local-pull code.
This allows you do do something like
flatpak build-finish --add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2
Which maps to this metadata keys:
[Policy subsystem]
key=v1;v2;
You can also --remove-policy to remove values from a key.
The policy values are parsed from the app and runtime metadata, and
are overridable by per-app overrides and on the command line, however
the values are never used by flatpak. They do end up in the flatpak-info
file for the running application though, so external agents can look
at them.
These
This means you can do:
flatpak run org.freedesktop.Sdk
to get a shell in a sandbox with that runtime, but with an
empty /app.
You can also specify a particular runtime branch and command like so:
flatpak run --command=ls org.gnome.Platform//3.22 /
When an application requires a runtime that is not installed, search
for it and prompt for permissions to install it. Also, update required
runtimes when the app is being updated.
If this is set for a remote we will never automatically look for
dependencies in it. This makes dependency search faster, as we
don't need to search in app-only remotes.
The new function flatpak_dir_update_remote_configuration() can be called
to fetch the contents of the summary file from the remote's source location
and update the local configuration in the installation directory accordingly.
For now, only the xa.title and xa.default-branch configuration parameters
are supported, since those seem to be the only relevant ones at the moment.
If no branch is explicitly stated when installing a flatpak, and several
options (branches) are available for the same ID, we now check the remote's
default branch and use that one, if it's defined and available for the app.
https://github.com/flatpak/flatpak/issues/221
Add support for this flag in build-update-repo, so that we can define
a default branch in the server side, to be picked by the clients.
https://github.com/flatpak/flatpak/issues/221
Just like we do with the title, fetch the default-branch from the
repository's summary file and use that information when adding a
remote reference from the command line.
https://github.com/flatpak/flatpak/issues/221
Instead of using "NAME [BRANCH]" as the command list we now
support REF..., where each REF can be partial. This is easiest
explained by examples. Here are some valid refs:
org.test.App - only app id
app/org.test.App/x86_64/stable - full ref
org.test.App/x86_64/stable - full ref without prefix
org.test.App - only app id
org.test.App//stable - only branch
org.test.App/x86_64 - only arch
If any parts are left out they are wildcarded. Such parts are filled
first by looking at other command line arguments like --arch and
--app/--runtime. And finally by looking at what is available in the
remote. If there are multiple matches the user is told the options
in an error message.
For now this is a purely client side setting which lets you store
the default branch to use for a remote. This is mostly meant to
be used for UI tools, although the CLI could also be made to use this.
You can set this manually in the CLI with --default-branch, or via a
flatpakrepo file (new key DefaultBranch).
It turns out that live apps were exporting files with dashes
other than "-symbolic". For instance "org.libreoffice.LibreOffice" was
exporting "org.libreoffice.LibreOffice-writer.desktop".
Allowing any dashes in the last segment like this is really no diffent
than allowing org.libreoffice.LibreOffice.writer.desktop which we
already do. Any conflicts here are under the control of the owner
of the org.libreoffice prefix.
However, allowing dashes in the earlier segments is more problematic.
For instance, any file exported by "org.my-foo.App" could conflict with
an app called "org.my" if this was allowed.
So, as a middle ground, we're allowing dashes in the last segment of
the App id only.
This adds a new "multiarch" feature which allows bundling e.g. 32-bit
binaries to be run in a x86_64 environment. By default, the seccomp
filter is configured to allow only the native architecture. When the
"multiarch" feature is enabled, the filter will be configured to allow
running binaries of additional architectures supported. For x86_64, this
allows x86 32-bit binaries; and for Aarch64, allows 32-bit ARM binaries.
Application bundles can use the feature e.g. in order to ship 32-bit
binaries alongside with a mostly-64-bit application. This is particularly
interesting when for applications that might launch themselves prebuilt
programs for which 64-bit versions do not exist. For example, the Steam
application is available as a 64-bit executable, but some of the games
available are 32-bit only. A Flatpak bundle for the Steam application
with "multiarch" enabled is able launch the 32-bit games -- without the
feature enabled, the seccomp filter would prevent them from running.
Multiple-architecture support is enabled by adding the "multiarch" value
for the "features" key in the metadata file for a Flatpak:
[Context]
features=multiarch;
The corresponding "--allow=multiarch" command line option is supported
in "flatpak build-finish" as well.
This means that the remote is there, but disabled.
This is needed for e.g. bundles without origin url, and when bundles
starting using this codepath this regressed like in:
https://github.com/flatpak/flatpak/issues/314
For a long time we have been disallowing "-" in application names,
which is different than what dbus allows for bus names. Also "-" used
to be not allowed by GApplication in glib. This is in part because
dbus object paths do *not* allow dashes, so you can't legally map
from e.g. a valid name like "org.foo-bar.gazonk" to a valid path
like "/org/foo-bar/gazonk".
This is a problem because many existing apps already use "-" in the
name, either as the last part (org.gnome.font-viewer) or because
the dns name it refers to has a dash.
This was recently discussed in the dbus community, and the result
is to recommend that "-" in the bus names be converted to "_" in object
paths.
This change makes it also allowed to have "-" in a flatpak app id.
For flatpak specifically we were relying on "-" not being allowed to
handle the case of exporting "org.foo.App-symbolic.png". If "-" is
allowed this name can conflict between apps called "org.foo.App-symbolic"
and "org.foo.App".
To handle this we add two special cases:
* App ids can't end with "-symbolic".
* Apps are allowed to export files with $appid-symbolic as prefix.
Commit 352e761c0e started the trend
to print the errno error code when unable to open a file, make all
occurrences where files are opened print the same kind of message.
