In addition to the old summary.idx.sig we now create an identical file
in `summaries/$DIGEST.idx.sig`, where the digest is of the summary
index itself. This means it will have a unique name and there will
never be issues where downloading the index and signature will race
during an update.
We keep the new and the previous digested sigs every update to avoid
removing the previous one while its in use.
As suggested by simon in https://github.com/flatpak/flatpak/issues/3983
and https://github.com/ostreedev/ostree/issues/2250
Currently if a deploy file was created (because a flatpak is installed)
using an old Flatpak version (such as 0.10.1 that's in Endless 3.3.16),
it will not include every metadata key, such as "eol" and "eolr". Those
keys were added before deploy version 1. Then when the deploy file is
upgraded to version 3, the metadata is only copied so eol/eolr are still
missing even though they exist in the commit metadata.
So this commit adds deploy version 4 which ensures all metadata keys in
the deploy file are present (when they are present in the source data).
All existing deploy files will be upgraded with this code.
This change is important because we use the end-of-life information to
decide whether an unused runtime should be uninstalled, so without this
change we are not freeing up disk space that we should be.
In elementary OS, we're building our images with some flatpaks pre-installed. To do this, we run noninteractive `flatpak install` commands in the chroot as part of the build scripts. We've bumped into some build failures recently after switching to a version of flatpak with malcontent support built in.
After some debugging, it turns out installations are failing the parental controls checks with errors like `Failed to install org.gnome.Epiphany: Could not connect: No such file or directory` message. I'm assuming this is a failure to connect to the system bus in this method (since there isn't one in the chroot).
Is it reasonable to assume that UID 0 should be allowed to install whatever they want regardless of parental controls? I believe this would fix our issue too.
Gracefully handle flatpak_instance_get_app() returning NULL, which
happens for example when there is a shell in a runtime, e.g. flatpak run
--command=sh org.gnome.Platform
This avoids having to download `master` and then check out a specific
commit. v2020.8 includes the commit which we were previously building.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
There’s no need to fetch the entire git history for OSTree or malcontent
for each CI job. Do shallow clones and don’t fetch tags. This reduces
the bandwidth requirement for clones in a CI job by roughly a factor of
8.5 (from 19.5MB to 2.3MB)
See https://tecnocode.co.uk/2020/07/09/easily-speed-up-ci-by-reducing-download-size/
This is slightly complicated by the fact that OSTree is currently being
built from a relatively-recent git commit. Once the flatpak CI can
depend on a tagged OSTree release (say, 2020.8),
```
--branch master --shallow-since 2020-10-27
```
can be changed to
```
--branch v2020.8 --depth 1
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
When installing to an installation we need to find the runtime to use
for the apply-extra-data script from the installation we're targeting,
because that is the one that FlatpakTransaction guaranteed has the
required dependencies (although its possible they came from the
default dependency source too, i.e. the system repos).
In particular, we run into this issue if nothing is installed
anywhere, and then we install an extra-data app into a custom
directory. The transaction will download the runtime, and it
will not be anywhere else. Without this change flatpak only
looked for the dependency in the systam an regular user dirs
where it isn't.
It seems that all `FlatpakTransaction`s add the default dep sources, so
the internal transaction used to list installed refs for updates should
do the same.
This fixes a bug where
`flatpak_installation_list_installed_refs_for_update()` would return an
error saying “The application x requires the runtime y which was not
found” if the app was installed in the user repo, the runtime was
installed in the system repo, and no remote was configured (or one was
configured `xa.noenumerate=true`) in the user repo to provide the
runtime. If a remote was configured, the error wouldn’t be returned, but
the app would be spuriously listed for an update as its runtime couldn’t
be found.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
In case the second of these two fails, the first will still have been
added to the transaction. And since it's better to install the renamed
app but not uninstall the old one, than to uninstall the old one but not
install the new one, swap the order.
See also https://github.com/flatpak/flatpak/issues/3991
Previously, we'd silently ignore remapped or sandbox-exposed fds that
were not included with the D-Bus message, which seems unlikely to
work as intended.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is syntactic sugar added in GLib 2.67.0, which makes it more clearly
correct when we return TRUE after a GDBus error.
Signed-off-by: Simon McVittie <smcv@collabora.com>
As /usr/local points to ../var/usrlocal on Silverblue,
/run/host/usr/local was previously a broken link inside the
sandbox. This patch checks if /var/usrlocal exists and bind-mounts it
to /run/host/var/usrlocal.
See bug #4010.
The old summary had a ostree.commit.timestamp in the per-ref metadata
dict. However, since this was not used anymore by flatpak I removed it.
However, it turns out that flathub has infra that depends on this,
so I'm adding it back.
We reuse the data in the old summary for unchanged refs when
rebuilding the summary, to avoid having to read all the commits. In
the new world the new format summaries are used for this, which means
we have to keep the timestamp in that too. However, to not be
unnecessary large its now using a shorter key name, as this is
duplicated for each ref in the summary.
Currently this error is happening on the eos3.9 dev branch of Endless
OS:
Nov 19 12:05:55 endless eos-updater-flatpak-installer[464]:
eos-updater-flatpak-installer: Couldn’t apply some flatpak update
actions for this boot: Error opening directory
'/root/.local/share/flatpak/app': Permission denied
The reason is that we have a check in flatpak_dir_list_unused_refs() to
check if the per-user installation exists and only try to list the refs
there if so, but the existence check falsely succeeds due to the systemd
sandboxing on eos-updater-flatpak-installer.service, and
flatpak_dir_list_refs() then fails in find_used_refs(). Specifically the
ProtectHome=yes systemd service option makes /root inaccessible, and due
to a bug in GLib[1] this makes g_file_query_exists() falsely return TRUE
for any paths under /root.
So, check for not found and permission denied errors rather than doing
an existence check, as we should be doing anyway to avoid a
time-of-check/time-of-use race, as explained in the
g_file_query_exists() documentation.
[1] https://gitlab.gnome.org/GNOME/glib/-/issues/1237
This is reported when we reported an error to the user via
::operation-error signal and the app told us to not continue.
If this happens in some weird case and we see the results its nice
to have access to the original error message.
