mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2025-12-24 00:18:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
flatpak/NEWS
Sebastian Wick 56dfd306d6 Post-branching version bump
2025-12-15 19:36:46 +01:00

3862 lines
160 KiB
Plaintext
Raw Permalink Blame History

Changes in 1.17.3
~~~~~~~~~~~~~~~~~~
Released: not yet
...
Changes in 1.17.2
~~~~~~~~~~~~~~~~~~
Released: 2025-12-15
This is a follow-up release for the 1.17.1 release, which was published
immutably without the dist artifacts due to a bug in the release workflow.
Changes in 1.17.1
~~~~~~~~~~~~~~~~~~
Released: 2025-12-15
Enhancements:
* Drop libsoup2 support in favor of libcurl. The `http_backend` build option has
been dropped as well. (#6395)
* Support conditional permissions for shared subsystems and features. This
extends the conditional permission system that was introduced in 1.17.0 to
shares and features.
* Enable progress escape sequence by default (#6393)
* Allow passing device permissions to sub-sandbox created via the Flatpak portal
(#6123)
* Add the runtime repository to the OCI image metadata when building OCI bundles
(#6409)
* The CI now checks for translatable files and is now used to do releases
(#6408, #6407)
* OCI remotes can now be configured to check for a matching signature in a
standard OCI signature storage lookaside service, when installing apps and
runtimes. (#6426)
* Applications distributed as OCI images now support the extra-data mechanism
which should help with h.265 playback in Fedora Flatpaks (#6299)
* Add support for building OCI bundles with zstd compressed layers. This speeds
up compression by several times, resulting in about a 20% smaller result. gzip
is kept as the default for maximum compatibility. (#5540)
* Improve i18n of the command line progress reporting (#6397)
* Translation updates: tr (#6388), hr (#6387), sl (#6405), zh_CN (#6366, #6410)
Bug fixes:
* Fix an issue where the home directory would accidentally be accessible when
a bad version of glib is in use, the app has access to a standard XDG
directory, and that directory is not available on the system. (#6420)
* Fix incorrect CURLM_OK comparison in curl_easy_setopt checks (#6396)
* Error out when mandatory OCI JSON fields are missing (#6402)
* Fix various memory leaks (#6403, #6093)
Internal changes:
* Avoid triggering glib thumbnailing when enumerating `.portals` files
(#6427)
* Add a test case for pre-installing from a sideload repo and a non-reachable
network repo (#6423)
* Remove references to the defunct Open Collective (#6406)
* Improve various tests (#6406)
* Update note on seccomp filter code sharing (#6383)
Changes in 1.17.0
~~~~~~~~~~~~~~~~~~
Released: 2025-11-03
Enhancements:
* Allow directories to be forwarded to the sandboxed app as command-line
arguments. This requires xdg-desktop-portal >= 1.7.0. (#6247)
* Allow Flatpak apps that are conceptually part of the operating system
to be preinstalled by dropping files into `preinstall.d` directories.
(#6116)
* Allow direct installation from an OCI image (#5972)
* Allow OCI remotes to have a collection ID, so they can be used with
flatpak preinstall (#6083)
* Show a message if `flatpak document-list` finds no documents, and if
`flatpak uninstall` finds nothing to uninstall (#6197)
* Support sideloading from OCI repositories and archives. This allows
installing apps from OCI images stored in local sideload repositories.
(#6294)
* Add support for flatpak+https:// URIs in `flatpak install --from`
(#6372)
* New `--clear-env` option for `flatpak run` to clear the environment
from the host before running the application (#6298)
* Support for conditional permissions. Permissions can now be conditioned
on system and runtime capabilities. This for example allows to replace
`--device=all` permissions with
`--device-if=all:!has-input-device --device=input`. (#6285)
* Add host-root export which exposes the host's root directory at
/run/host/root in the sandbox (#6314)
* Enable the VA-API extension for Intel Xe GPUs (#6311)
* JSON output support for various commands, making it easier to parse
flatpak command output programmatically (#6337)
* Add basic OS information to Flatpak-Os-Info header when pulling objects,
helping repository administrators understand their user base (#6346)
* `flatpak build` does not grant the host permissions by default, improving
build isolation and reproducibility (#6308)
* Support the reinstall option on bundle installations (#5546)
* Drop a workaround for AppStream CIDs with duplicate `.desktop` suffixes
(#6350)
* Add cancellation support for curl downloads (#6356)
* `build-finish` exports external AppStream release metainfo (#6133)
* The default D-Bus configuration moved from /etc to /usr (#6347)
* Documentation improvements (#6266, #6348, #6240, #6374)
* Translation updates: cs (#6306), nl (#6241), pl (#6290, #6288),
sl (#6279, #6377), ru (#6278), zh_CN (#6304, #6334, #6354, #6366)
Bug fixes:
* Provide an empty /run/host/font-dirs.xml during `flatpak build` (#6138)
* Various bug fixes for the OCI support (#6296)
* Improve clearing the environment in the flatpak portal to fix support for
FLATPAK_SPAWN_FLAGS_CLEAR_ENV with FLATPAK_SPAWN_FLAGS_NOTIFY_START (#6298)
* Fix various issues with `flatpak mask` and `flatpak pin` by reloading the
repo configuration after changes done via the system helper (#6073)
* Fix propagation of `resolv.conf` into the sandbox via the session-helper by
improving the file monitoring in case of broken symlinks (#6349)
* Preinstallation now works if the ref is not available in the first configured
remote (#6373)
* Flatpak now allows the usage of sudo for changing the user (#6371)
* `flatpak-kill` will no longer send SIGKILL to all processes in the current
process group (#6375)
* Authorization for parental controls no longer relies on racy PIDs (#6303)
* Fix various memory leaks (#6286, #6260)
* Fix various crashes (#6074, #6376)
Internal changes:
* Testing and CI improvements (#6284, #6302, #6291, #6295, #6067)
* Improvements to the formatting (#6331)
* Avoid using an uninitialised variable (#6345)
* Remove duplicate pointer clearing (#6361)
Changes in 1.16.1
~~~~~~~~~~~~~~~~~~
Released: 2025-05-10
Enhancements:
* When using parental controls, allow a child account to update existing
apps by default, to ensure that security and bugfix updates can be
installed. This can be overridden by setting polkit policy rules for
the new `org.freedesktop.Flatpak.override-parental-controls-update`
action if necessary. (#5552)
* Make systemd scopes easier to match to Flatpak app instances,
by using the instance ID instead of the top-level process ID in the
scope name (#6015)
* Access to `--device=dri` now includes `/dev/udmabuf` (#6158)
* Improve the error message for an invalid parameter to
flatpak-spawn --sandbox-a11y-own-name (#6048)
* Speed up `flatpak prune --dry-run` by not calculating potential freed
space and avoiding operations that would need to hold a lock
(#5813, #6121)
* Speed up `flatpak permission-reset` by only writing entries that have
actually changed (#5772)
* Documentation improvements (#4859, #6066, #6134)
* Look for TLS certificates at /etc/containers/certs.d when interacting with
OCI registries (#5916)
* Translation updates: bg (#6120), ka (#6176), pl (#6106),
pt_BR (#6076, #6188), ro (#6139), ru (#6145), sl (#6054), sv (#6193),
tr (#6109)
Bug fixes:
* Fix intermittent flatpak-portal crashes by avoiding unnecessary
multi-threading (#5605)
* Don't show a confusing confirmation prompt when `flatpak remove --unused`
removes `autoprune-unless` extensions that are no longer needed, such as
older Nvidia drivers (#5712, #2718)
* Don't propagate `$PYTHONPYCACHEPREFIX` from host into sandbox (#6110)
* Don't propagate `$WAYLAND_DISPLAY`, `$WAYLAND_SOCKET` from host into
sandbox if access to the Wayland socket has been denied (#3948)
* When discovering the AT-SPI bus, treat `$AT_SPI_BUS_ADDRESS` as
higher-priority than GetAddress(), more closely matching the behaviour
of AT-SPI itself (#6173)
* Fix a memory leak when installing extra-data (#6069)
* Don't show fatal transaction errors twice (#3400)
* Fix the build with -Ddefault_library=static (#6119)
* Fix incorrect error reporting (#6127, #5170)
* When using `FLATPAK_TTY_PROGRESS`, terminate OSC escape sequence with
standard ST sequence instead of xterm-specific BEL (#6092)
* Include all options in shell completion for `flatpak search` (#6096)
Internal changes:
* Fix an unclear boolean expression (no functional change) (#5013)
* Avoid a duplicate redirection in the test suite (#6117)
* CI updates
Changes in 1.16.0
~~~~~~~~~~~~~~~~~~
Released: 2025-01-09
Bug fixes:
* Update libglnx to 2024-12-06:
- Fix an assertion failure if creating a parent directory encounters a
dangling symlink (GNOME/libglnx#1)
- Fix a Meson warning
* Don't emit terminal progress indicator escape sequences by default. They are
interpreted as notifications by some terminal emulators. (#6052)
* Fix introspection annotations in libflatpak
Enhancements:
* Add the `FLATPAK_TTY_PROGRESS` environment variable, which re-enables the
terminal progress indicator escape sequences added in 1.15.91.
* Document the `FLATPAK_FANCY_OUTPUT` environment variable, which allows
disabling the fancy formatting when outputting to a terminal.
Changes in 1.15.91
~~~~~~~~~~~~~~~~~~
Released: 2024-12-19
Enhancements:
* Add the `FLATPAK_DATA_DIR` environment variable, which allows overriding
at runtime the data directory location that Flatpak uses to search for
configuration files such as remotes. This is useful for running tests,
and for when installing using Flatpak in a chroot.
* Add a `FLATPAK_DOWNLOAD_TMPDIR` variable. This allows using download
directories other than /var/tmp.
* Emit progress escape sequence. This can be used by terminal emulators
to detect and display progress of Flatpak operations on their graphical
user interfaces.
Bug fixes:
* Install missing test data. This should fix "as-installed" tests via
`ginsttest-runner`, used for example in Debian's autopkgtest framework.
* Unify and improve how the Wayland socket is passed to the sandboxed app.
This should fix a regression that is triggered by compositors that both
implement the security-context-v1 protocol, and sets the `WAYLAND_DISPLAY`
environment variable when launching Flatpak apps. (#5863)
* Fix the plural form of a translatable string.
Changes in 1.15.12
~~~~~~~~~~~~~~~~~~
Released: 2024-11-28
Bug fixes:
* Return to using the process ID of the Flatpak app in the cgroup name.
Using the instance ID in 1.15.11 caused crashes when installing apps,
extensions or runtimes that use the "extra data" mechanism, which
does not set up an instance ID. (#6009)
Changes in 1.15.11
~~~~~~~~~~~~~~~~~~
Released: 2024-11-26
Dependencies:
* In distributions that compile Flatpak to use a separate bubblewrap
executable, version 0.11.0 is recommended (but not required).
The minimum bubblewrap continues to be 0.10.0.
* In distributions that compile Flatpak to use a separate xdg-dbus-proxy
executable, version 0.1.6 is recommended (but not required).
The minimum xdg-dbus-proxy continues to be 0.1.0.
Enhancements:
* Allow applications like WebKit to connect the AT-SPI accessibility tree
of processes in a sub-sandbox with the tree in the main process (#5898)
* New sandboxing parameter `flatpak run --a11y-own-name`, which is
like `--own-name` but for the accessibility bus
* flatpak-portal API v7: add new sandbox-a11y-own-names option, which
accepts names matching `${FLATPAK_ID}.*`
* Apps may call the `org.a11y.atspi.Socket.Embedded` method on names
matching `${FLATPAK_ID}.Sandboxed.*` by default
* `flatpak run -vv $app_id` shows all applicable sandboxing parameters
and their source, including overrides, as debug messages (#5895)
* Add --device=usb, a subset of --device=all
* Introduce USB device listing
* Apps can list which USB devices they want to access ahead of time by
using the `--usb` parameter. Check the manpages for the more information
about the accepted syntax.
* Denying access to USB devices is also possible with the `--no-usb`
parameter. The syntax is equal to `--usb`.
* Both options merely store metadata, and aren't used by Flatpak itself.
This metadata is intended to be used by the (as of now, still in
progress) USB portal to decide which devices the app can enumerate and
request access.
* Add support for KDE search completion
* Use the instance id of the Flatpak app as part of the cgroup name. This
better matches the naming conventions for cgroup.
* Preconfigured repositories can now be set up by OS vendors using
`${datadir}/flatpak/remotes.d` (typically /usr/share/flatpak/remotes.d),
in addition to `${sysconfdir}/flatpak/remotes.d` (typically
/etc/flatpak/remotes.d) which is intended for local sysadmin use
Bug fixes:
* Update libglnx to 2024-08-23 (#5918)
* fix build in environments that use -Werror=return-type, such as
openSUSE Tumbleweed (#5778)
* add a fallback definition for G_PID_FORMAT with older GLib
* avoid warnings for g_steal_fd() with newer GLib
* improve compatibility of g_closefrom() backport with newer GLib
* Update meson wrap file for bubblewrap to version 0.11.0:
* drop Autotools build system
* improve handling of EINTR
* improve handling of socket control messages
* improve compatibility with busybox
* improve compatibility with older Meson
* fix deprecation warnings
* Update meson wrap file for xdg-dbus-proxy to version 0.1.6:
* compatibility with D-Bus implementations that pipeline the
authentication handshake, such as sd-bus and zbus
* compatibility with D-Bus implementations that use non-consecutive
serial numbers, such as godbus and zbus
* broadcast signals can be allowed without having to add TALK permission
(#5828)
* fix memory leaks
* Fix some memory leaks
* Translation updates: cs, pl, zh_CN
Internal changes:
* Better const-correctness (#5913)
* Fix a shellcheck warning in the tests (#5914)
Changes in 1.15.10
~~~~~~~~~~~~~~~~~~
Released: 2024-08-14
Dependencies:
* In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
executable, version 0.10.0 is required.
This version adds a new feature which is required by the security fix
in this release.
Security fixes:
* Don't follow symbolic links when mounting persistent directories
(--persist option). This prevents a sandbox escape where a malicious or
compromised app could edit the symlink to point to a directory that
the app should not have been allowed to read or write.
(CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
Documentation:
* Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)
Other bug fixes:
* Fix several memory leaks (#5883, #5884)
Internal changes:
* Record a log file when running build-time tests with
AddressSanitizer (#5884)
* Add initial suppressions file for AddressSanitizer (#5884)
Changes in 1.15.9
~~~~~~~~~~~~~~~~~
Released: 2024-07-22
Dependencies:
* bubblewrap and xdg-dbus-proxy are now provided by Meson wrap files
instead of being directly vendored via `git submodule`.
If downloading external software during build is not allowed in your
environment, please install suitable versions of bubblewrap and
xdg-dbus-proxy separately, then configure Flatpak with options similar to
`-Dsystem_bubblewrap=bwrap -Dsystem_dbus_proxy=xdg-dbus-proxy`
(most major distributions package it like this already).
Enhancements:
* If xdg-dbus-proxy is new enough (0.1.6 or later, not yet released),
allow two broadcast signals from AT-SPI by default, allowing bus
traffic to be reduced. If xdg-dbus-proxy is older, this change will
have no practical effect but is harmless. (#5828)
* Install csh profile snippet (#5753)
Bug fixes:
* Expand the list of environment variables that Flatpak apps do not
inherit from the host system (#5765, #5785)
* Take time zone information from $TZDIR if set (#5850)
* Fix a memory leak since 1.15.7 when reloading D-Bus configuration (#5856)
* Fix a memory leak when running `flatpak permissions` (#5844)
* Fix memory leaks in `flatpak update` (#5816)
* Fix memory leaks when installing packages (#5811)
* Use more similar translatable strings for some error messages (#5748)
* Document `flatpak config --set languages '*all*'` correctly:
it is really `*all*` (or equivalently `*`), not just `all` (#5836)
* Fix a misleading comment in the test for CVE-2024-32462 (#5779)
* Fix a copy/paste error in the 1.15.7 release notes
* On systems where subdirectories of /sys have been made inaccessible,
continue without them (#5138)
* Make tests more compatible with non-GNU shell utilities (#5812)
* Translation updates: ka (#5873), hi (#5838), pt_BR (#5877), zh_CN (#5843)
Internal changes:
* libglnx and variant-schema-compiler are now managed as `git subtree`
instead of `git submodule`.
Maintainers and contributors, please see `subprojects/README.md` for
details of how to interact with these.
In particular this means that submodules no longer need to be set up
before working on a git clone. (#5800, #5845)
* Split library code into more, smaller translation units, reducing
internal circular dependencies (#5409, #5801, #5803)
* Add some convenience macros in the test suite (#5693)
* Minor internal robustness improvement (#5833)
* Add configuration for Github Codespaces (#5767)
* Improve CI configuration (#5791)
* Work around infrastructure issues in third-party apt repositories
used by default in Github Workflows (#5786)
Changes in 1.15.8
~~~~~~~~~~~~~~~~~
Released: 2024-04-18
Security fixes:
* Don't allow an executable name to be misinterpreted as a command-line
option for bwrap(1). This prevents a sandbox escape where a malicious
or compromised app could ask xdg-desktop-portal to generate a .desktop
file with access to files outside the sandbox. (CVE-2024-32462)
Other bug fixes:
* Pass the -export-dynamic linker option as -Wl,-export-dynamic,
fixing build failures with clang 18 and lld 18 (#5760)
* Fix a double-free when installation is cancelled (#5763)
* Fix installed-tests failure with "FUSERMOUNT: unbound variable"
(#5751)
* Translation updates: pt_BR (#5762), tr (#5761)
Changes in 1.15.7
~~~~~~~~~~~~~~~~~
Released: 2024-03-27
Dependencies:
* The Meson build system is now required.
Compiling with Autotools is no longer possible.
* In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
executable, version 0.9.0 is recommended. Several of the bug fixes listed
below will not be active if an older version is used.
* In distributions that compile Flatpak to use a separate xdg-dbus-proxy
executable, version 0.1.5 is recommended.
* If libmalcontent (parental controls) is enabled, it must be version 0.5.0
or later.
New features:
* Automatically remove obsolete driver versions and other autopruned refs
(#5632)
* `--socket=inherit-wayland-socket` (#5614)
* Automatically reload D-Bus session bus configuration after installing
or upgrading apps, to pick up any exported D-Bus services (#3342)
Bug fixes:
* Update included copy of bubblewrap to version 0.9.0:
* `--symlink` is now idempotent, meaning it succeeds if the
symlink already exists and already has the desired target
(#2387, #3477, #5255)
* Report a better error message if `mount(2)` fails with `ENOSPC`
* Fix a double-close on error reading from `--args`, `--seccomp` or
`--add-seccomp-fd` argument
* Improve memory allocation behaviour
* Silence various compiler warnings
* Update included copy of xdg-dbus-proxy to version 0.1.5:
* Fix handling of long object paths
* Don't parse `<developer><name/></developer>` as the application name
(#5700)
* Don't refuse to start apps when there is no D-Bus system bus available
(#5076)
* Don't try to repeat migration of apps whose data was migrated to a new
name and then deleted (#5668)
* Improve handling of mixed locales on systems with systemd-localed (#5497)
* Improve display of ellipsized columns in wide terminals (#5722)
* Make `flatpak info -e` look for extensions in all installations (#5670)
* Fix warnings from newer GLib versions (#5660, #5737)
* Always set the `container` environment variable (#5610)
* Always let the app inherit redirected file descriptors (#5626)
* In `flatpak ps`, add xdg-desktop-portal-gnome to the list of backends
we'll use to learn which apps are running in the background (#5729)
* Don't use `WAYLAND_SOCKET` unless given `--socket=inherit-wayland-socket`
(#5614)
* Use `fusermount3` if compiled with FUSE 3, overridable with
`-Dsystem_fusermount` compile-time option (#5104)
* Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into
the shell environment (#5574)
* Improve async-signal safety (#5687)
* Fix various memory leaks (#5683, #5690, #5691)
* Avoid undefined behaviour of signed left-shift when storing object IDs
in a hash table (#5738)
* Detect the correct gtk-doc when cross-compiling (#5650)
* Detect the correct wayland-scanner when cross-compiling (#5596)
* Documentation improvements (#5659, #5677, #5682, #5664, #5719)
* Skip more tests when FUSE isn't available (#5611)
* Translation updates (#5602, #5707)
Changes in 1.15.6
~~~~~~~~~~~~~~~~~
Released: 2023-11-14
Dependencies:
* In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
executable, version 0.8.0 is now required.
* Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and wayland-protocols >= 1.32.
* Ubuntu 18.04 is no longer routinely tested. Support for dependency
versions included in Ubuntu 18.04 should be considered "at risk".
Features:
* Add --device=input, for access to evdev devices in /dev/input (#5481)
* Update bundled copy of bubblewrap to version 0.8.0, and rely on its
features:
* Improve error message if seccomp is disabled in kernel config
* Security hardening: set user namespace limit to 0, to prevent creation
of nested user namespaces in a more robust way (#5084)
* For subsandboxes started by flatpak-portal, inherit environment
variables from the `flatpak run` that started the original instance
rather than from flatpak-portal, fixing behaviour of FLATPAK_GL_DRIVERS
and similar features (#5278)
* Stop http transfers if a download in progress becomes very slow (#5519)
* Make it easier to configure extra languages, by picking them up from
AccountsService if configured there (#5006)
* Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended replacement
more reliably (#3991)
* Create a private Wayland socket with the "security context" extension
if available, allowing the compositor to identify connections from
sandboxed apps as belonging to the sandbox (#4920, #5507, #5558)
* Update libglnx to 2023-08-29
* Use features of newer GLib versions if available
* Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
* Add anchors to link to sections of flatpak-metadata documentation (#5582)
* New translations: ka, nl.
Bug fixes:
* Avoid warnings processing symbolic links with GLib >= 2.77.0, and
with GLib 2.76.0 (GLib 2.76.1 or later silences these warnings)
* Bypass page cache for backend requests in revokefs, fixing installation
errors with libostree 2023.4 (#5452)
* Show AppStream metadata in `flatpak remote-info` as intended
(#5523; regression in 1.9.1)
* Don't let Flatpak apps inherit VK_DRIVER_FILES or VK_ICD_FILENAMES
from the host system, which would be wrong for the sandbox (#5553)
* Fix build failure with prereleases of libappstream 0.17.x (#5472)
* Forward-compatibility with libappstream 1.0 (#5563)
* Fix installation with Meson if configured with -Dauto_sideloading=true
(#5495)
* Fix a memory leak (#5329)
* Fix compiler warnings (#5362, #5366)
* Make the tests fail more comprehensibly if a required tool is missing
(#5020)
* Clean up `/var/tmp/flatpak-cache-*` directories on boot (#1119)
* Don't force `GIO_USE_VFS=local` for programs launched via flatpak-spawn
(#5567)
* Clarify documentation for D-Bus name ownership (#5582)
* Translation updates: id, tr, zh_CN
(#5332, #5565)
Internal changes:
* Split up large source files into smaller modules, reducing internal
circular dependencies (#5410, #5411, #5415, #5419, #5416, #5414)
* Re-synchronize code backported from GLib with the version in GLib
(#5410)
* Make the flags used to apply "extra data" clearer (#5466)
* Use glnx_opendirat() where possible (#5527)
* CI improvements (#5374, #5381)
Changes in 1.15.4
~~~~~~~~~~~~~~~~~
Released: 2023-03-16
Security fixes:
* Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata (CVE-2023-28101).
* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such as
xterm, gnome-terminal or Konsole.
Other bug fixes:
* Document the path used for `flatpak override`
* Translation updates: oc, pl, ru, sv, tr
Changes in 1.15.3
~~~~~~~~~~~~~~~~~
Released: 2023-02-21
Build system:
* Building this version of Flatpak with Meson is recommended. The source
release flatpak-1.15.3.tar.xz no longer contains Autotools-generated
files, although this version can still be built using Autotools after
running `./autogen.sh`. Future versions are likely to remove the
Autotools build system.
Bug fixes:
* When splitting an upgrade into two steps (download without installing, and
then upgrade without allowing further downloads) like GNOME Software does,
if an app is marked EOL and superseded by a replacement, don't remove the
superseded app in the first step, which would result in the replacement
incorrectly not being installed (#5172)
* Fix a crash when --socket=gpg-agent is used (#5095)
* Fix a crash when listing apps if one of them is broken or misconfigured
(#5293)
* If an app has invalid syntax in its overrides or metadata, mention the
filename in the error message (#5293)
* Unset $GDK_BACKEND for apps, ensuring GTK apps with --socket=fallback-x11
can work (#5303)
* Fix a deprecation warning when compiled with curl >= 7.85 (#5284)
* Translation updates: es, ru (#5266, #5312, #5313)
Internal changes:
* Better diagnostic messages for why runtimes are or are not considered
unused (#5237)
Changes in 1.15.2
~~~~~~~~~~~~~~~~~
Released: 2023-02-06
Bug fixes:
* Never try to export a parent of reserved directories as a --filesystem,
for example /run, which would prevent the app from starting (#5205, #5207)
* Never try to export a --filesystem below /run/flatpak or /run/host,
which could similarly prevent the app from starting
* The above change also fixes apps not starting if a --filesystem is a
symlink to the root directory (#1357)
* Show a warning when the --filesystem exists but cannot be shared with
the sandbox (#1357, #5035, #5205, #5207)
* Display the intended messages for `flatpak repair` (#5204)
* Exporting an app to an existing repository on a CIFS filesystem
now works as intended (#5257)
* Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in some GLib
apps when set to a path on the host (#5206)
* Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and Qt apps
under Wayland when this variable is set to a path not available in the
sandbox (#5194)
* When using the fish shell, avoid duplicate XDG_DATA_DIRS entries if the
profile script is sourced more than once (#5198)
* Update included copy of bubblewrap to 0.7.0 for better error messages
* Install SELinux files correctly when building with Meson
* Translation updates: ru, tr (#5256, #5262)
Internal changes:
* Update included copy of libglnx
* flatpak -v now uses the INFO log level, and flatpak -vv uses the
DEBUG log level in the flatpak log domain. Previously, the extra
messages that were logged by flatpak -vv were in a separate "flatpak2"
log domain. G_MESSAGES_DEBUG=flatpak previously had an effect similar to
flatpak -v, and is now more similar to flatpak -vv. (#5001)
Changes in 1.15.1
~~~~~~~~~~~~~~~~~
Released: 2022-11-17
Dependencies:
* When building with Meson, gpgme 1.8.0 is now required.
Older versions can still be used by building with Autotools.
Features:
* If an old temporary deploy directory was leaked by versions before #5146,
clean it up the next time the same app is updated (#5164)
Bug fixes:
* If an app update is blocked by parental controls policies, clean up the
temporary deploy directory (#5146)
* Fix Autotools build with versions of gpgme that no longer provide
gpgme-config(1) (#5173)
* Fix a possible parallel build failure with Meson (#5165)
* Fix a compiler warning on 32-bit architectures (#5148)
* When building with Autotools, be more consistent about applying compiler
warning flags (#5149)
* Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR (#5168)
* Treat /efi the same as /boot/efi (#5155)
Changes in 1.15.0
~~~~~~~~~~~~~~~~~
Released: 2022-10-24
Build system:
* Flatpak can now be compiled using Meson instead of Autotools.
This requires Meson 0.53.0 or later, and Python 3.5 or later.
The Autotools build system is likely to be removed during either the
1.15.x or 1.17.x cycle. (#4845)
New features:
* Allow the `modify_ldt` system call as part of `--allow=multiarch`.
This increases attack surface, but is required when running 16-bit
executables in some versions of Wine. (#4297)
* Share gssproxy socket, which acts like a portal for Kerberos authentication.
This lets apps use Kerberos authentication without needing a sandbox hole.
(#4914)
* Add a httpbackend variable to flatpak.pc, allowing dependent projects
like GNOME Software to detect whether they are compatible with libflatpak
(#5054)
Bug fixes:
* Terminate the flatpak-session-helper and flatpak-portal services when the
session ends, so that applications will not inherit outdated Wayland
and X11 socket addresses (#5068)
* When using `fish` shell, don't overwrite a previously-set XDG_DATA_DIRS
(#5123)
* Don't try to enable HTTP 2 if linked to a libcurl version that doesn't
support it (#5074)
* Stop systemd reporting the session-helper as failed when terminated by
a signal (#5129)
* Fix a warning when listing a document with no permissions (#5055)
* Fix compilation with GLib 2.66.x (as used in Debian 11) (#5062)
* Fix compilation with GLib 2.58.x (as used in Debian 10) (#5066)
* Make generated files more reproducible (#5085)
* Translation updates: cs, id, pl, pt_BR (#5052, #5056, #5059, #5126)
Internal changes:
* Update project logo in README (#5119)
* Update libglnx subproject (#5140)
Changes in 1.14.0
~~~~~~~~~~~~~~~~~
Released: 2022-08-22
Known issues:
* There may be an issue where non-primary architecture builds don't show up
(https://github.com/flatpak/flatpak/issues/5045)
* There is a new security advisory on Flatpak but all supported versions are
not affected due to using new enough versions of libostree
(https://github.com/flatpak/flatpak/security/advisories/GHSA-45jq-5658-v38x)
Dependencies:
* Conditional on a build time option, revokefs will now use version 3 of the
FUSE API rather than version 2 (#4326)
* Libappstream should be updated to at least 0.15.3 to avoid critical warning
messages when using the "flatpak search" command
(https://github.com/ximion/appstream/issues/384)
New features:
* A new key "DeploySideloadCollectionID" is now supported in flatpakref and
flatpakrepo files, to allow setting a collection ID at the time a remote is
added from one of those files, rather than when metadata is pulled from the
remote, and without affecting versions of Flatpak with the older pre-sideload
P2P implementation (#4826)
* Allow sub-sandboxes to own MPRIS names on the session bus (#5023)
* Commands that accept "--user" will now also take "-u" as an alias for that
(#5014)
* The CLI now properly informs the user of which apps are (indirectly) using
end-of-life runtime extensions in end-of-life info messages (#4835)
* The CLI now takes into account operations in the pending transaction when
printing end-of-life messages (#4835)
* The uninstall command now asks for confirmation before removing in-use
runtimes or runtime extensions (#4835)
* A "--socket=gpg-agent" option is now recognized by "flatpak run" and related
commands (#4958)
Bug fixes:
* Fix a memory corruption issue caused by use of libcurl in an unsafe way
(#5046)
* Update selinux policy to cover symbolic links in /var/lib/flatpak (#4992)
* Fix a crash in case a .desktop file processed by the build-export command has
no Exec= key, and some related fixes for handling such .desktop files (#4817)
* Preserve the X11 display number rather than redirecting it to :99 (#5034)
Other changes:
* Various improvements to the unit tests, CI infra, and documentation
* Some changes were made to ensure translators can work on full sentences
rather than fragments in several places
* Translation updates: de, ru, sv, tr, uk, zh_CN
Changes in 1.13.3
~~~~~~~~~~~~~~~~~
Released: 2022-06-16
Dependencies:
* Support curl 7.29 or later as an additional, and the default, HTTP backend
alongwith libsoup 2.x (#4943)
* Clarify that glib 2.46 or later is now required (#4944)
New features:
* Implement support for rewriting dynamic launchers when an app is renamed
(#4703)
* Add --include-sdk/debug options to install command to install SDK/debuginfo
along with a ref (#4777)
* Improve --sideload-repo option to take create-usb dirs (#4843)
* Add a new library API flatpak_transaction_get_operation_for_ref() (#4947)
Bug fixes:
* Update the SELinux module to explicitly permit the system helper have read
access to /etc/passwd and systemd-userdbd, read and lock access to
/var/lib/flatpak, and watch files inside $libexecdir (#4852, #4855, #4892)
* Fix the error messages and the exit code of the 'uninstall' command when
non-existent refs are specified (#4857)
* Be more careful with errors when creating directories and deleting files,
and address some memory errors (#4930)
* Fix support for --noninteractive in the 'uninstall' command (#4947)
Other changes:
* Cosmetic improvements to end-of-life messages and other aspects of the CLI
output (#4947)
* Speed up the tests by not installing the polkit agent (#4942)
* Disable fuzzy ref matching when ID has a period or a slash, or when the
standard input or output is not a TTY (#4829, #4848)
* Update the icon-validator to print the format and size for consumption by
the dynamic launcher portal (#4803, #4808)
* Remove a pointless test (#4856)
* Improve various details of the GitHub workflows (#4870)
* Prepare for the addition of a Meson build (#4842, #4871, #4888, #4889, #4890)
* Only add the specified 'summary-arches' to the compat summary. This is
important since we're nearing the 10MB size limit for Flathub's legacy
summary files. (#4880)
* Translation updates: id, pt, sv, tr, uk
Changes in 1.13.2
~~~~~~~~~~~~~~~~~
Released: 2022-03-14
Bug fixes:
* Consistently pass relative subpaths to libostree, working around a bug
in libostree < 2021.6 when used with GLib >= 2.71 (#4805)
* Document have-kernel-module-* as having been added in 1.13.1
* Fix some memory leaks in GVariant data processing
Changes in 1.13.1
~~~~~~~~~~~~~~~~~
Released: 2022-03-01
Dependencies:
* libappstream 0.12.0 or later is now required
* appstream-glib is no longer required
* In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
executable, version 0.5.0 is now required
New features:
* Create a directory for XDG_STATE_HOME and set the environment variable
(#4477)
- Apps requiring a state directory without a dependency on this updated
Flatpak version can get similar functionality by using:
--persist=.local/state --unset-env=XDG_STATE_HOME
which will use the same storage location
* Set HOST_XDG_STATE_HOME environment variable (#4477)
* Add have-kernel-module-foo family of conditionals for extensions, a
generalization of have-intel-gpu (which is now mostly equivalent to
have-kernel-module-i915) (#4647)
* Add `flatpak document-unexport --doc-id=...` (#1897)
* Export Appstream metadata for host system to use (#4350, #4599)
* Add command-line completion for the Fish shell (#3109)
* Add FlatpakTransaction:no-interaction API (#4699)
* We now allow networked access to X11 and PulseAudio services
if that is configured, and the application has network access.
(#397, #3908, #4702)
* `flatpak build-init` automatically sets the build directory to be
ignored by git (#4741)
Other changes:
* Updated bundled xdg-dbus-proxy to 0.1.3 (#4737)
* Updated bundled bubblewrap to 0.6.1 (#4779)
* The default branch in the Github repository is now named 'main'
* Don't offer options in CLI tab completion unless the user typed a '-'
(#4753)
* Disable fancy output (e.g. progress bars that get redrawn) when
G_MESSAGES_DEBUG is set in the environment (#4767)
* Most commands now work if /var/lib/flatpak exists but /var/lib/flatpak/repo
does not, and will automatically populate the repo directory if
possible (#4111)
* Disable session bus access for `flatpak-spawn --sandbox` as intended
(#4630)
* Make `sudo flatpak --user ...` fail with an error message, since acting
on root's per-user installation is unlikely to be what was intended
(#4638)
* Don't mention "negative" permissions like !host in /.flatpak-info (#4691)
* Improve performance when finding related refs
* Use SHA256 instead of SHA1 to avoid false-positives from static analysis
(in fact the use of SHA1 was not security-sensitive here) (#4716)
* Create sandbox's XDG_RUNTIME_DIR with 0700 permissions (#3397)
* Always create /.flatpak-info with 0600 permissions
* Absolute paths in WAYLAND_DISPLAY now work (#4752)
* Improve reliability of detecting the current GTK theme (#4754)
* Fix some error code paths when deploying malformed apps
* Improve some error messages
* Use URN for fontconfig DTD, consistent with fontconfig itself (#4617)
* Use `type -P` or `command -v` in preference to which(1) (#4696)
* Improve measurement of test coverage (#4681)
* Translation updates: de, fr, hi, hr, id, oc, pl, pt_BR, sv, uk, zh_CN
Changes in 1.12.6
~~~~~~~~~~~~~~~~~
Released: 2022-02-21
* Fix a bug that sometimes caused repo corruption in case downloads are
interrupted or canceled, necessitating a "flatpak repair" to recover
(#3479, #4258)
* More reliably detect the GTK theme (#4754)
* Fix history command unit test in some edge cases (#4764)
* Improve NEWS for 1.12.5
* Translation update: pt_BR
Changes in 1.12.5
~~~~~~~~~~~~~~~~~
Released: 2022-02-11
* Fixed a case where temporary data was sometimes left in
/var/lib/flatpak/appstream, and we now detect such leftover data and
remove it. (#4735)
* Fix regressions in `flatpak history` since 1.9.1 (#4121, #4332)
- Don't display the appstream branch used internally
- Don't display temporary repositories used internally
- Warn instead of failing if other non-app, non-runtime refs are found
- Don't set up an unnecessary polkit agent for `flatpak history`
- Add test coverage
* Don't propagate GStreamer-related environment variables into
sandbox (#4728)
* Fix a typo in an error message
* Fix incorrect year in NEWS for 1.12.4 release
* Translation update: pl
Changes in 1.12.4
~~~~~~~~~~~~~~~~~
Released: 2022-01-18
This is a regression fix update, reverting non-backwards-compatible
behaviour changes in the solution previously chosen for CVE-2022-21682.
Flatpak 1.12.3 and 1.10.6 changed the behaviour of `--nofilesystem=host`
and `--nofilesystem=home` in a way that was not backwards-compatible in
all cases. For example, some Flatpak users previously used a global
`flatpak override --nofilesystem=home` or
`flatpak override --nofilesystem=host`, but expected that individual apps
would still be able to have finer-grained filesystem access granted by the
app manifest, such as Zoom's `--filesystem=~/Documents/Zoom:create`. With
the changes in 1.12.3, this no longer had the intended result, because
`--nofilesystem=home` was special-cased to disallow inheriting the
finer-grained `--filesystem`.
Flatpak 1.12.4 and 1.10.7 return to the previous behaviour of
`--nofilesystem=host` and `--nofilesystem=home`. Instead, CVE-2022-21682
will be resolved by a new 1.2.2 release of flatpak-builder, which will
use a new option `--nofilesystem=host:reset` introduced in Flatpak 1.12.4
and 1.10.7. In addition to behaving like `--nofilesystem=host`, the new
option prevents filesystem permissions from being inherited from the
app manifest.
Other changes:
* Clarify documentation of `--nofilesystem`
* Improve unit test coverage around `--filesystem` and `--nofilesystem`
* Restore compatibility with older appstream-glib versions, fixing a
regression in 1.12.3
Changes in 1.12.3
~~~~~~~~~~~~~~~~~
Released: 2022-01-12
This is a security update that fixes two issues that were found in flatpak:
https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
(also known as CVE-2021-43860)
This issue is about the possibility for a malicious repository to send
invalid application metadata in a way that hides some of the app
permissions displayed during installation.
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
(also known as CVE-2022-21682)
This issue is a problem with how flatpak-builder uses flatpak, that
can cause `flatpak-builder --mirror-screenshots-url` commands to be
allowed to create directories outside of the build directory.
The fix for this is done in flatpak by making the --nofilesystem=host
and --nofilesystem=home more powerful. They previously only removed
access to the particular location, i.e. `--nofilesystem=host` negated
`--filesystem=host`, but not `--filesytem=/some/dir`. This is a minor
change in behavior, as it may change the behavior of an override
with these specific options, however it is likely that the new
behavior was the expected one.
Other changes:
* Extra-data downloading now properly handles compressed content-encodings
which fixes checksum verification (see #4415)
Note: In some corner case server setups this may require the extra-data
checksum to be changed
* Avoid unnecessary policy-kit dialog due to auto-pinning when installing runtimes
* Better handling of updates of extensions that exist in multiple repositories
* Fixed (initial) installation apps with renamed ids
* Support more pulseaudio configuration, including the one used in WSL2
* Fixed regression in updates from no-enumerate remotes
* We now verify checksums of summary caches, to better handle local file
corruption
* Improved cli output for non-terminal targets
* Flatpak run --session-bus now works
* Fix build with PyParsing >= 3.0.4
* Fixed "Since" annotations on FlatpakTransaction signals
* bash auto completion now doesn't complete on command name aliases
* Minor improvements to the search command
* Minor improvements to the list command
* Minor improvements to the repair command
* Add more tests
* Updated translations and docs
Changes in 1.12.2
~~~~~~~~~~~~~~~~~
Released: 2021-10-12
* Install translations referenced by LANG, LANGUAGE or LC_ALL
* Fix error handling for the syscalls that are blocked when not using --devel
* Improve diagnostic messages when seccomp rules cannot be applied
* Update Polish translation
Changes in 1.12.1
~~~~~~~~~~~~~~~~~
Released: 2021-10-08
The security fix in the 1.12.0 release failed when used with some
older versions of libseccomp (that don't know about the new syscalls).
More specifically, installing modules that use extra-data would fail, and so
would running applications with the --allow=multiarch feature, such as Steam.
This release fixes those regressions.
Changes in 1.12.0
~~~~~~~~~~~~~~~~~
Released: 2021-10-08
This is the first stable release in the 1.12.x series. The major changes
in this series is the support for better control of sub-sandboxes, as
used by the Steam Flatpak app to run Windows games under Proton.
In addition, this release fixes a security vulnerability in the portal
support. Some recently added syscalls were not blocked by the seccomp rules
which allowed the application to create sub-sandboxes which can confuse
the sandboxing verification mechanisms of the portal. This has been
fixed by extending the seccomp rules. (CVE-2021-41133)
For details, see:
https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
Other changes in this version:
* Some test fixes
* Update translations
* Support for specifying the flatpak binary to use during exports
* Install translations for all languages in the locale, not just the ones in
LC_MESSAGES.
* Fix progress reporting in flatpak fsck
* Handle cases where /var/tmp is a symlink
* Expose /etc/gai.conf to the sandbox
* Fix the parental control checks for root
* Handle missing /etc/ld.so.cache (musl)
Changes in 1.11.3
~~~~~~~~~~~~~~~~~
Released: 2021-08-25
Dependencies:
* For Linux distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, updating to version 0.5.0 is recommended,
but not required. The minimal version is still 0.4.0.
Bug fixes:
* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox, fixing
a regression introduced when CVE-2021-21261 was fixed in 1.8.5 and 1.10.0
* Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
- Better diagnostics when a --bind or other bind-mount fails
- Create non-directories with safer permissions
- Allow mounting an non-directory over an existing non-directory
- Silence kernel messages for our bind-mounts
- Improve ability to bind-mount directories on case-insensitive filesystems
* Don't ask user which remote to download from if there is only one option
* Improve robustness of autogen.sh
Internal changes:
* Improve test coverage
* Spelling fixes
Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
Changes in 1.11.2
~~~~~~~~~~~~~~~~~
Released: 2021-06-17
Bug fixes:
* Fix logic error when migrating AppStream XML
* Improve error-checking
* Fix various memory and file descriptor leaks, in particular with
flatpak-spawn --env=...
* Fix fd confusion in flatpak-spawn --env=... --forward-fd=..., which
caused "Steam Linux Runtime" containers to fail to start
* Avoid a crash when looking up summary for a ref without an arch
* Improve handling of refs belonging to more than one architecture,
e.g. for cross-compilation
* Don't abort uninstall if deploy metadata is missing
* Don't fail transaction if searching for dependencies fails in one remote
* Fix test failure when running tests as root
* Improve error message for 'sudo flatpak run'
Internal changes:
* Improve printf format string validation
* Improve test coverage
* Reduce risk of accidentally hard-coding x86 in the tests
Translation updates: Danish, Indonesian, Russian
Changes in 1.11.1
~~~~~~~~~~~~~~~~~
Released: 2021-04-26
This is the first unstable release in the series that will lead to 1.12.
New features:
* All instances of the same app-ID share their /tmp directory
* All instances of the same app-ID share their $XDG_RUNTIME_DIR
* Instances of the same app-ID can optionally share their /dev/shm directory
(enabled by a new --allow flag, --allow=per-app-dev-shm)
* Allow a subsandbox to have a different /usr and/or /app.
Steam will use this to launch games with its own container runtime
as /usr (the "Steam Linux Runtime" mechanism).
* enter: Improve support for TUI programs like gdb
* build-update-repo: Add a higher-performance reimplementation of
`ostree prune` specialized for archive-mode repositories
Bug fixes:
* Fix deploys of local remotes in system-helper
* Fix test failures on non-x86_64 systems
* Fix two intermittent test failures
* Make polkit queries non-interactive when operating in non-interactive mode
* Use a local main-context when using libsoup in a thread
* create-usb: Skip copying extra-data flatpaks
* OCI: Switch to pax-format tar archives
* history: Handle transaction log entries with empty REF field
* portal: Fix flatpak-spawn --clear-env on OSs where flatpak is not on
the fallback PATH, such as NixOS
* Fix various issues detected by scan-build
Internal changes:
* Use GNU bison to build parse-datetime.y
* Add information about security support and security vulnerability
reporting (see `SECURITY.md`)
* Move all git submodules into subprojects/ directory
* Several sockets are now created in /run/flatpak in the sandbox, with
symbolic links in $XDG_RUNTIME_DIR
Changes in 1.10.2
~~~~~~~~~~~~~~~~~
Released: 2021-03-10
This is a security update which fixes a potential attack where
a flatpak application could use custom formated .desktop files to
gain access to files on the host system.
Other changes:
* Fix memory leaks
* Some test fixes
* Documentation updates
* G_BEGIN/END_DECLS added to library headders for c++ use
* Fix for X11 cookies on OpenSUSE
* Spawn portal better handles non-utf8 filenames
Changes in 1.10.1
~~~~~~~~~~~~~~~~~
Released: 2021-01-21
* Fix flatpak build on systems with setuid bwrap
* Fix some compiler warnings
* Add --enable-asan configure option
* Fix crash on updating apps with no deploy data
* Update translations
Changes in 1.10.0
~~~~~~~~~~~~~~~~~
Released: 2021-01-14
This is the first stable release after the 1.9.x unstable series.
The major new feature in this series compared to 1.8 is the support
for the new repo format which should make updates faster and download
less data.
This release also contains the security fixes from 1.8.5, so everyone
on the 1.9.x series should update immediately. (CVE-2021-21261)
Other changes since 1.9.3:
* The systemd generator snippets now call flatpak --print-updated-env
in place of a bunch of shell for better login performance.
* The .profile snippets now disable GVfs when calling flatpak to
avoid spawning a gvfs daemon when logging in via ssh.
* Build fixes for GCC 11.
* Flatpak now finds the pulseaudio sockets better in uncommon
configurations.
* Sandboxes with network access it now also has access to the
systemd-resolved socket to do dns lookups.
* Flatpak supports unsetting env vars in the sandbox using --unset-env,
and `--env=FOO=` now sets FOO to the empty string instead of
unsetting it.
* Similarly the spawn portal has an option to unset an env var.
* The spawn portal now has an option to share the pid namespace
with the sub-sandbox.
Changes in 1.9.3
~~~~~~~~~~~~~~~~
Released: 2020-12-22
I expect this to be the final 1.9.x release, and we can expect 1.10.0
early next year, containing basically whats in this release in terms
of features.
A minor change in the new indexed summary format in this release. The
gpg signature of the summary index is now stored in a filename indexed
by the checksum of the index rather than a static filename. This fixes
an update race between clients accessing the two files during and update.
It also helps in keeping mirrors and cached coherent. The old filename
is still created/used for backwards compat with 1.9.1, but may go
away in the future.
Other changes:
* --filesystem=host now exposed /var/usrlocal (as seen on ostree)
* Better error messages in flatpak portal.
* Rebases during update now install the new app before uninstalling
the old, which means failure during the first doesn't leave the app
uninstalled.
* flatpak_installation_list_installed_refs_for_update() now handles
some case better when apps in the user installation depends on
runtimes in the system installation.
* New version of the deploy files which guarantees the existance of
a bit more data. This is useful for eol detection of apps that were
installed with previous flatpak versions.
* Some corner cases when installing an app with extra-data into a nonstandard
installation were fixed.
* Fixed crashed when killing and entering running instance that have
was running a runtime, not an app.
* The root user can now bypass parental controls.
* Some fixes to library annotations.
* Updated translations
Changes in 1.9.2
~~~~~~~~~~~~~~~~
Released: 2020-11-20
* Some build fixes on non-x86-64 arches
* Fix permission issue in endless installer
* Fixed a bug where flatpak was accidentally clearing the summary cache
during updates in the user installation.
* Fix handling of the multiarch permission.,
* Add back the commit timestamp to the summary file.
Changes in 1.9.1
~~~~~~~~~~~~~~~~
Released: 2020-11-19
This is the first unstable release in the series that will lead to
1.10. The main change in this version is a new format for the summary
file used when accessing an OSTree repository on the network. For this
reason we now require OSTree version 2020.8.
The new format should make getting the initial metadata required for
most flatpak operations much faster, and use less network
bandwidth. This will allow repositories to scale to more apps and more
architectures without affecting clients. The old format is still
generated for compatibility with older clients.
The new format also allows repositories to publish named subsets, and
for clients to declare that they only want to see that subset. The
goal here is to allow for example flathub to mark all FOSS apps, and
make it possible for users to use a flathub-foss remote without
flathub having to maintain two duplicated repositories. This is
accessible by passing --subset=SUBSET to the build-commit-from and
build-export commands.
The new repo option `flatpak.summary-arches` controls which architectures
are put in the old format summary. This can be used to avoid newly added
architectures making old clients slower, at the cost of requiring a newer
flatpak client version for the new architecture.
Other major changes
* There is a new `flatpak pin` command that lets you pin runtimes
so that they are not considered unused. Also, we now by default pin
runtimes that are installed explicitly (i.e. not as a dependency of an
app).
* During a regular update or uninstall of an app, if the operation
makes a previously used runtime unused, and the runtime is marked
as end-of-lifed, then the runtime is automatically uninstalled.
* During `flatpak update` (i.e. with no specific app given) flatpak
now automatically adds uninstall operations for end-of-life runtimes
that are unused.
* The end-of-life warnings in the flatpak CLI are now better, showing
more useful details (like version and what apps are using the runtime)
and less unuseful details.
* Some changes was made in which dconf paths were considered "similar"
to the app id, allowing for example `org.gnome.SoundJuicer` to
migrate from `/org/gnome/sound-juicer`.
* Flatpak run now implements the new standard for os-release in containers
(https://www.freedesktop.org/software/systemd/man/os-release.html).
* There is now a tcsh profile snippet
* The origin remote for an app is now prioritized over other remotes with
the same priority when looking for dependencies.
* We now allow extra-data apply_extra processes to run multiarch code.
* A new internal representation for ostree ref strings was added which
is more efficient. This should not affect the behaviour of flatpak
but the large amounts of changes to use this may have accidentally
introduced regressions.
* Some fixes to the in-memory summary cache make it more efficient.
* --filesystem=/ is now explicitly forbidden as it doesn't work (and never
did).
* Flatpak install/update now only prints `(partial)` for an update that
actually is partial (not just for all locales).
* Flatpak remote-ls on a file: uri (for example a sideloaded repo) now
correctly lists the refs in the repo.
* New library APIS: flatpak_installation_list_pinned_refs,
flatpak_transaction_set_disable_auto_pin,
flatpak_transaction_set_include_unused_uninstall_ops,
flatpak_transaction_operation_get_subpaths,
flatpak_transaction_operation_get_requires_authentication.
* flatpak_installation_list_installed_refs_for_update() now returns
refs that have a end-of-life rebase that it could be updated to.
* There is a new `ready-pre-auth` signal in FlatpakTransaction allowing
clients new ways to handling authentication.
* Fix bug where extension sources were sometimes auto-installed
Changes in 1.8.3
~~~~~~~~~~~~~~~~
Released: 2020-11-17
* Fixed progress reporting for OCI and extra-data
* The in-memory summary cache is more efficient
* Fixed authentication getting stuck in a loop in some cases
* Fixed authentication error reporting
* We now extract OCI info for runtimes as well as apps
* Fixed crash if anonymous authentication fails and -y is specified
* flatpak info now only looks at the specified installation
if one is specified
* Better error reporting for server HTTP errors during download
* Uninstall now removes applications before the runtime it depends on
* Fixed test-suite to pass with the latest OSTree version
* Fixed dbus environment variables in flatpak enter
* Avoid updating metadata from the remote when uninstalling
* Fixed error message handling in various places
* FlatpakTransaction now verifies all passed in refs to avoid
potential issues with invalid names
* Updated translations
Changes in 1.8.2
================
* Added validation of collection id settins for remotes
* Fix seccomp filters on s390
* Robustness fixes to the spawn portal
* Fix support for masking update in the system installation
* Better support for distros with uncommon models of merged /usr
* Cache responses from localed/AccoutService
* Fix hangs in cases where xdg-dbus-proxy fails to start
* Fix double-free in cups socket detection
* OCI authenticator now doesn't ask for auth in case of http errors
Changes in 1.8.1
================
* Avoid calling authenticator in update if ref didn't change
* Don't fail transaction if ref is already installed (after transaction start)
* Fix flatpak run handling of userns in the --device=all case
* Fix handling of extensions from different remotes
* Fix flatpak run --no-session-bus
* Updated translations
Changes in 1.8.0
================
New stable release series 1.8.
Changes:
* FlatpakTransaction has a new signal "install-authenticator" which clients can handle to
install authenticators needed for the transaction. This is done in the CLI commands.
* We now always expose the host timezone data, allowing us the expose the host /etc/localtime
in a way that works better, fixing several apps that had timezone issues.
* Fix flatpak enter which didn't work in some cases.
* We now ship a systemd unit (not installed by default) to automatically detect plugged in
usb sticks with sideload repos.
* By default we no longer install the gdm env.d file, as the systemd generators work better
* create-usb now exports partial commits by default
* Fix handling of docker media types in oci remotes
* Fix subjects in remote-info --log output
Changes in 1.7.3
================
* Allow direct ALSA device access if app has pulseaudio access.
* Flatpak now ships a sysusers.d file for allowing systemd to create the required users.
* Fix issue in remote-delete where it failed to delete system remotes if it had to uninstall
something first.
* New library calls flatpak_transaction_operation_get_related_to_ops(), flatpak_transaction_operation_get_is_skipped() and
flatpak_transaction_set_no_interaction().
* New options --[no-]follow-redirect in remote-add/modify
* New spawn portal APIs to get real pid of launched app.
* By default, all OCI remotes now use the flatpak-oci-authenticator.
* Support flatpak remote-info and flatpak update --commit= to specific versions for OCI remotes.
* Initial work in progress on using deltas for OCI remotes.
* Fix race in the generation of ld.so.cache when starting copies of the same app at the same time.
* Minor fix in what locales are installed on update.
* Flatpak uninstall now doesn't fail if one ref (of many) was not installed.
* Flatpak systemd transient units now have an app-prefix to match new XDG spec for
cgroup names.
* In some cases we previously downloaded the summary twice.
* flatpak upgrade is now an alias for flatpak update.
* Fix to selinux module to work without unconfined module.
* Respect user XDG basedirs when finding users fonts and icons.
* Fix issue where thread were sometimes initialized causing flatpak enter to fail.
* Better error reporting when authentication goes wrong.
Changes in 1.7.2
================
This fixes some regressions in progress reporting in 1.7.1, where it would report > 100%.
Other changes:
* Completion support for fish shell
* Properly handle migration of remotes with collection ids
* The summary now has some extra-data download size info which can make downloads slightly more efficient
Changes in 1.7.1
================
This is the first release in the 1.7.x unstable release series.
A major change is that the support for the ostree peer-to-peer installation has been
simplified. Flatpak no longer supports installing from local network peers, and sideloading
from local usb stick is no longer automatic. To enable sideloading you have to configure
a sideload repository by creating a symlink to it from /var/lib/flatpak/sideload-repos or
/run/flatpak/sideload-repos. Due to this the flatpak code has been simplified internally
and the p2p support is more efficient.
Other major changes
* If an app has filesystem access, the host /lib is accessible as /run/host/lib, etc.
* New filesystem permission "host-etc" and "host-os" give access to system /usr and /etc.
* Flatpak now uses variant-schema-compiler to generate more efficient code for
parsing GVariant files from ostreee.
* libsystemd use is now optional in configure.
* Journal sockets are mounted readonly
* document-export now supports exporting directories (requires new portal version)
* DConf migration now allows version numbers in object paths
Changes in 1.6.3
================
The main change in this version is a fix for a regression in the progress calculation
for applications using extra-data. Additionally the bundled version of bubblewrap
is updated to 0.4.1 which fixes a security issue in some cases. See
https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj
for details.
Other changes:
* Updated translations
* Don't break if users primary gid is not in the nsswitch database
* Fix crash in flatpak repair if no remotes are configured
* Some updates to the oci authenticator
* Retry downloads of extra data
Changes in 1.6.2
================
Due to a combination of some behaviour in flatpak and recent versions of ostree we at some
point lost the use of deltas for the initial install case, instead always falling back
to a full ostree operation which is a lot less efficient for pulls with many small files
like a runtime. This caused some very slow installs from e.g. flathub, so I recommend
everyone update to this version to get better install performance.
Other changes are:
* We now correctly handle TMPDIR env var overrides when bwrap is setuid
* Disallow running "flatpak run" under sudo (as it doesn't work and causes issues)
* Fix build with older versions of glib
* Minor documentation updates
* Updated translations
Changes in 1.6.1
================
This is a (mild) security update. Flatpak 1.6.0 added the ability for an application to request it to be
updated, as long as the new version doesn't require new permissions. Unfortunately in some special cases,
if an app had acces to the home directory, but not the rest of the filesystem it would still allow a
self-update where the new version could access some files outside the home directory..
This is fixed in this version, and all users of 1.6.0 are recommended to update.
Other changes are:
* New permission --device=shm giving access to host /dev/shm, as needed for jack.
* Generated correct download size in build-commit-from
* sub-sandbox now allows the child to share the gpu of the caller has full device access
* Fix crash with disabled remotes
* Fix builds with older versions of glib
* Update translations
Changes in 1.6.0
================
This is the first stable release in the 1.6 series, main changes
since 1.4 is the support for protected content and improvements
in the self-sandboxing support.
There is one change in the support for OCI remotes, we now
only support the use of labels, not annotations, as labels
work with more registries. This means pre-existing OCI flatpak
registries (like fedora) may need some changes.
Changes since 1.5.2:
* New permissions --socket=cups for direct cups access
* Fix some leaks
* Fix reporting of progress with latest version of ostree
* New no-interaction flag for authenticators
* Support for auto-installing authenticators from a flatpak remote
* Warn less about unset XDG_DATA_DIRS
* Don't poll for updates in the portal when on a metered connection
Changes in 1.5.2
================
This version has further changes to the protocol and API for handing
authentication, in order to make it more flexible and futureproof. The
sample authenticator has been updated to the new APIs. Flatpak now
ships with a OCI authenticator that can be used to access private OCI
registries.
FlatpakTransaction now also has a callback for simple user/password
authentication for an authenticator (the basic-auth-start signal)
modeled on HTTP basic authentication. This is handled in the flatpak
CLI by interactive prompts on the terminal. This is needed by the OCI
authenticator, but can also be used by other authenticators that have
simple authentication requirements.
There were also some fixes to the new self-sandboxing support of the
flatpak spawn portal, allowing webkit to use it.
Other changes:
* Show background status in flatpak ps
* Improved docs and help output
* Fix support for fd forwarding and the allow_a11y flag in the sandboxing portal
* Some improvements to the new permission-set command
* New remote option that allows settting the default token type (mostly for debugging)
Changes in 1.5.1
================
The major new feature of this is the support for protected applications and the system
around authenticting downloads to it. This is not considered stable yet, but this release
has the initial work to make it possible for developers to play around with this. I
will send out a separate mail about this later.
Other changes:
* Flatpak now bundles bubblewrap 0.4.0, and requires 0.4.0 to use the system bubblewrap.
* Optional support for parental controls using libmalcontent.
* Transaction now installs extensions before apps to ensure we have a working app immediately after install.
* Changes in temporary file use makes flatpak run work better in low disk space situations.
* flatpak enter now works without sudo, and works better in general.
* New features for the flatpak portal:
* Support starting a sub-sandbox with the child processes visible in the original sandbox.
* Support adding some kinds of permissions to sub-sandboxes
* New commands flatpak permission-set and permission-remove
* flatpak install CLI now always shows what kind of operations everything is.
* libflatpak now returns apps as updatable if doing so would auto-download missing extensions or runtimes.
* new API: flatpak_transaction_get_no_(deploy|pull).
* We can now store locale info in the extra-languages key (in addition to the country code).
* remote-ls and list --app-runtime now only shows apps, no runtimes.
* Stop using mirror refs and delete any useless mirror refs you might have in your repo.
* Fix busy-loop regression in revokefs-fuse in 1.5.0
Changes in 1.5.0
================
* New options flatpak install --or-update operation.
* New command flatpak mask allows pinning version and avoiding auto-downloads.
* Support self-updates and update monitoring in the flatpak portal.
* Fix updates of exported services with dbus-broken.
* Don't show arch columns in terminal outout if all are the same.
* Fix some cases where origin remotes were not properly removed.
* flatpak-session-helper now links to more libraries.
* OCI: Support images tagged with labels as well as annotations.
* OCI: Alway generate a history for images.
* OCI: Support docker mimetypes in addition to OCI mimetypes.
* Uninstall now always work, even if the remote it came from was force removed.
* New config key default-languages that allows additions to the system list
instead of overriding it.
* Various minor tweak to CLI behaviour and output.
Changes in 1.4.3
================
* Fix crash in revokefs.
* Handle 'versions' extension key (in addition to 'version') when
checking for local extensions, which was causing us to uninstall
some actually used extensions with uninstall --unused.
* The 'required-flatpak' metadata key now supports listing multiple
versions to support backported features.
* Fix crash with older versions of polkit.
* Fix installation of bundles.
* Fix crash on deploy error.
* Support building bundles of apps installed from a remote.
* OCI: Fix handling of locally cached icons.
* Fix crash when listing unconfigured remotes.
* Ignore differences in trailing slashes for repo uris.
Changes in 1.4.2
================
* Support extra_data in extensions.
* Handle double slashes ("//")in XDG_DATA_DIRS.
* Fix detection of local related refs.
Changes in 1.4.1
================
*WARNING* *WARNING* *WARNING*
There was an accidental ABI break in libflatpak in 1.4.0 compared to
the 1.2.x ABI which caused crashes in apps like gnome-software.
This has been fixed in this release so it is now ABI compatible with
1.2.x, but *NOT* compatible with 1.4.0. It is recommended that all
distributions that shipped 1.4.0 update to 1.4.1 and rebuild all
dependencies of libflatpak.
* Make ABI compatible with 1.2.x
* Update translations
* Fix some potential crashes
* Fix some corner case where it was impossible to remove a remote
* Restore support for file: uris in the RuntimeRepo key in flatpakref files
Changes in 1.4.0
================
This is the new stable series, ending the 1.3.x series. The major changes
since the 1.2.x is the improved I/O use for system-installed applications,
and the new format for pre-configured remotes.
* Recalculate download-size when moving between repos in
build-commit-from.
* New library error FLATPAK_ERROR_REF_NOT_FOUND returned instead of
G_IO_ERROR_NOT_FOUND.
* Fix installed tests when running on a tty.
* Fix a double-set of a GError.
* Grant more permissions on the /run/host/monitor directory to
work with e.g. toolbox on the host.
Changes in 1.3.4
================
This version changes how default remotes are configured. We still
use files in /etc/flatpak/remotes.d, however instead of the old
*.conf files we now use regular flatpakrepo files, and the first
time you use flatpak these are automatically imported.
The advantage of this new model is that the configuration is imported
once, but then becomes writable and removable, just like a manually
added remote. In the previous model the remote was always there and it
was impossible to change or remove.
However, this means that anyone currently shipping a .conf file with
a distro needs to change this to a .flatpakrepo file.
* Support for flatpakrepo files in /etc/flatpak/remotes.d
* Support for client side filtering of a remote. This allows you
to limit what apps are seen from a remote, using either a whitelist
or a blacklist model.
* Add library API to easily add remotes from flatpakref files.
* Fix the dconf support.
* Fix app updates in system-wide OCI remotes.
* Fix CLI completion if G_MESSAGES_DEBUG is set
* Add a docker seccomp profile for running flatpak inside a container.
* Look for the new default dbus session socket at $XDG_RUNTIME_DIR/bus
* Improve ability to pull from multiple p2p sources (needs latest ostree).
Changes in 1.3.3
================
* Fixed a crash in the system helper that made installation via
the helper sometimes not work.
* Fix build with older versions of glib
* The list and remote-ls output is now less wide, not showing the
appdata summary by default and only showing the archtecture and
origin if necessary (i.e. not if its the same for all rows).
* flatpak remote-ls now filters end-of-lifed apps by default.
* flatpak permission-reset now supports --all
* Flatpak now works will all set values of umask.
* The flatpak profile.d snippet now works if flatpak is not installed
(in case it gets left over after deletion).
* Fixed flatpak install --noninteractive still asking questions in some cases.
* flatpak now returns a failure exit status if you abort the operation early.
* flatpak remote-ls and remote-info now supports --cached to prefer
using locally cached data.
* libflatpak grew a FLATPAK_QUERY_FLAGS_ONLY_CACHED that allows you to
get at locally cached data about remotes without doing network i/o.
* Documentation updates
Changes in 1.3.2
================
This release contains a major change in how flatpak does system-wide
installation as a user. We used to pull into a temporary user-owned
directory and then ask the flatpak system-helper to import from this
directory. Unfortunately, since we can't trust the user directory
it had to copy these files as they were being imported, which caused
unnecessary i/o, as well as temporarily using more diskspace.
The new setup uses a new custom fuse filesystem which the user writes
to, and then when this is done we can safely revoke any access to this
from the user, meaning the files can be directly imported into the
system repository without needing to make a copy.
However, this makes packaging flatpak a bit more complex, as we now
require flatpak to have a user. By default flatpak will look for a user
called "flatpak", and for the new feature to work you need to create
it in your package. If you want to use a different name you can specify
that in configure as --with-system-helper-user=USERNAME.
Additionally, the new code passed a unix socket over the system bus, which
is prohibited by the default selinux policy. To work around this flatpak
now ships with a custom selinux module (enable with --enable-selinux-module).
For the new feature to work you need to install this module and ensure
the flatpak-system-helper binary gets the proper selinux context.
Other changes:
* We now support specifying a rebasing version of end-of-life, where
the clients will be asked if they want to use the new version. At
runtime any old per-user application data will be migrated to the
new name. Note: This works for the CLI app, but needs some changes
for installers to take advantage of the automatic rebasing.
* New permission --socket=pcsc for access to smart cards.
* We now store the description, comment, icon and homepage fields from
the flatpakrepo files in the remote confiuration and have new library
APIs to read these back.
* The fields above are now also settable in a repo and changes to these
can propagate to clients.
* run now tries the determine what branch to use when you run a runtime.
* Print maximum icon size when icon-validator fails.
* flatpak override can now disallow access to a dbus name.
* flatpak list now has a new runtime column
Changes in 1.3.1
================
This release fixes CVE-2019-10063.
It has been discovered that the previous fix for CVE-2017-5226, which uses
seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
was only incomplete on 64bit arches. This is now fixed.
* seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
* Fix the required runtime prompt during installation.
* When installing, only check dependencies from the same installation.
* flatpak list --arch now works correctly again.
* Create origin symlinks in appstream branch for libappstream compat.
Changes in 1.3.0
================
This is the start of a new unstable series, targeting stable release
as 1.4.0.
Major changes:
* Support systems with multiple nvidia devices
* Checks are update output are green again
* Fix support for systems like gentoo where /var/run is a symlink.
* Initial support for sandboxed dconf support.
* build-update-repo: New options --no-update-[summary,appstream] and
--static-delta-ignore-ref=PATTERN.
* Regenerating the appstream branch is now much faster for large
repositories.
* We no longer limit the size of svgs in the icon validator.
Changes in 1.2.3
================
This release fixes CVE-2019-8308.
The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
to modify the host side binary from the sandbox. This mostly does not
affect flatpak since the flatpak sandbox is not run with root permissions.
However, there is one case (running the apply_extra script for system
installs) where this happens, so this release contains a fix for that.
* Don't expose /proc in apply_extra script sandbox.
Changes in 1.2.2
================
* Reverted green checkbox as they caused table alignment issues
* Fix a division by zero if the terminal reports a zero terminal
width (which happens in the flathub build environment).
Changes in 1.2.1
================
* Ensure flatpak builds with older versions of glib and appstream-glib.
* build-commit-from: Fix the new --extra-id option.
* build-export: Allow disabling the sandboxing of the icon validator and
do so during the tests.
* profile: Don't break if debug logging is enabled.
* Better handling of the appdata release attribute.
* Don't install polkit agent when not needed, avoiding some unnecessary
log lines in some cases.
* Fix the output of the sandboxed icon validator not being visible.
* builld-init: Allow specifying a full ref for the sdk, which is used to
select the branch name when checking sdk extensions.
* Make the ok checks in the output green
Changes in 1.2
==============
* Ensure DeployCollectionID works in flatpakrepo files in all cases.
* Don't error out with empty installations in uninstall.
* Add helper that validates icon files during export.
* Don't allow root to modify the (non-root) per-user flatpak installation,
as this risks causing problems later.
* Remove some incorrect warnings from flatpak repair.
* Allow multiple name segments after prefix when exporting files.
* Allow specification of ellipsization in --colums options.
* Handle dates as well as timestamps in appdata
* Fixed a bug where flatpak remote-delete removed too many refs.
* Now we use raw terminal mode during a transaction to a avoid problems with input
during the operation causing problems with escape sequences.
* Generate a fontconfig directory remapping snippet as will be needed
for newer versions of fontconfig.
* Support --extra-collection-id in build-commit-from to bind the commit
to multiple collection ids. This is work in progress in ostree.
Changes in 1.1.3
================
* Various fixes to the CLI output changes
* New flatpak --installations option to list all installations
* Extract license info from appdata among with the other fields.
This is shown in e.g. info and remote-info, and has library API.
* install/update/uninstall now has --noninteractive option with less output
that is useful when called from scripts, etc.
* --devel is now properly forwarded to sub-sandboxes using the flatpak portal.
* Drop dependency on libappstream-glib from libflatpak.
* Initial support for exposing the system dconf defaults to the sandbox.
* We now create deploy refs for the deployed commits to avoid a prune removing
objects that are in use.
* Ask about removing all refs when deleting a remote.
* New environment generator that handles custom installations,
replacing the old dbus service config file.
* Documentation updates
* More robust completion
* Try to report out-of-space errors better.
* Add more tests.
* Various improvements to the repair command.
Changes in 1.1.2
================
* Refreshed the CLI output layout, in particular the install/update progress
and application list/info commands.
* The host XDG_{DATA,CONFIG,CACHE}_HOME env vars are now available as
with the HOST_ prefix in the sandbox.
* FLATPAK_ID is set to the app id in the sandbox (this previously
only happened in flatpak build).
* The spawn portal command now has a kill with parent option.
* Flatpak shells now have custom prompts
* New library APIs: Access to deployed appstream data, list unused refs.
* Flatpak run now has --cwd option.
* New option --static-delta-jobs to limit number of parallel delta
generation jobs in build-update-repo.
* Fixed critical warning with newer policykit versions.
Changes in 1.1.1
================
* New libflatpak function: flatpak_remote_get_main_ref()
* Various changes to the policykit rules in order to cause less, and
more understandable policykit authentication dialogs.
* Give DRI apps access to more nvidia device nodes required for CUDA/OpenCL support.
* search now doesn't search noenumerate remotes.
* Renamed operations permission-list to permissions and document-list to
documents. The old names are still supported as aliases.
* New property 'non-interactive' for installations that allow frontends
to do background updates without triggering policykit authentications.
* New flag in HostCommand to allow killing the child process when
the spawner exits the session bus.
* Flatpak now authenticates on the terminal in case there is no desktop-wide
policykit agent.
* update with no arguments now updates all installations (i.e. also custom
systemwide installations).
* Use system helper to generate summary files for OCI remotes.
* Better progress reporting for OCI downloads.
* New conditional extension download feature, 'on-xdg-desktop-FOO' which downloads
when XDG_CURRENT_DESKTOP matches FOO.
* More sockets are now mounted read-only in the sandbox
* Updated docs, error messages and translations
Changes in 1.1
==============
This is the first release in the new unstable 1.1.x series, leading up to 1.2
which is expected around the end of the year.
Changes in this version:
* New command flatpak kill to kill running flatpak instances.
* The remote argument is now optional in the flatpak install in
interactive installs. Instead you are prompted for which
remote to install from.
* All commands printing tables now support --columns option to specify
exactly what to output.
* flatpak uninstall now supports --delete-data to delete the application
data directory in your homedirectory. If no application is specified
it will remove data from all uninstalled apps.
* flatpak list now supports filtering by runtime with:
--app-runtime=org.gnome.Platform//3.24
* flatpak remote-ls can now show the runtime used for each app.
* flatpak repo now supports --info to show information
about a repository, and it is the default operation
for the flatpak repo.
* flatpak repo now supports --commits to list commits in branch.
* flatpak now logs transactions to the systemd journal if built
against libsystemd.
* libflatpak now exposed FlatpakInstance for a running instance.
* Better error output if a flatpak command is misspelled
* Drop support for migration from xdg-app (previous name for flatpak).
* New library function flatpak_installation_get_min_free_space_bytes.
* In interactive mode "yes" is now the default in most prompts.
* Bumped ostree requirement to 2018.9
* Cleanups and improvements to the test suite.
* Improvements to documentation.
* buildsystem support for coverage generation.
Changes in 1.0.6
================
This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir (somewhere
in /var/lib/flatpak/app). Setuid support is disabled inside flatpaks,
so such files are only a risk if the user runs them manually outside
flatpak.
Installing a flatpak system-wide is needs root access, so this isn't a
privilege elevation for non-root users, and allowing root to install
setuid files is something all traditional packaging systems
allow. However flatpak tries to be better than that, in order to make
it easier to trust third party repositories. Thus, it is recommended
that all distros update to this version, or backport commit
b98e09b20dfab896616b4a65e15c31f684a5f9f2.
Changes in this version:
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
Changes in 1.0.5
================
There was a sandbox bug in the previous version where parts of the runtime
/etc was not mounted read-only. In case the runtime was installed as the
user (not the default) this means that the app could modify files on the
runtime. Nothing in the host uses the runtime files, so this is not a direct
sandbox escape, but it is possible that an app can confuse a different app
that has higher permissions and so gain privileges.
So, it is recommended that everyone shipping flatpak to update to
1.0.5, or at least backport the change in commit
6711d7ae99c50a9dca8e4e2e9e9989a8fa6c3f06.
Changes in this version:
* Make the /etc -> /usr/etc bind-mounts read-only.
* Make various app-specific configuration files read-only.
* flatpak is more picky about remote names to avoid problems with storing weird
names in the ostree config.
* A segfault in libflatpak handling of bundles was fixed.
* Updated translations
* Fixed a regression in flatpak run that caused problems running user-installed
apps when the system installation was broken.
Changes in 1.0.4
================
* Flatpak 0.99.1 removed the inheritance of permissions from the runtime due
to concerns with dynamic app permissions. Due to popular requests, this
version re-introduces such inheritance, but does it instead at build time.
This solved the issues with dynamic permissions while still allowing runtimes
to have default permissions. Apps can disable this by passing
--no-inherit-permissions to build-finish.
* The sandbox now always includes a /etc/timezone file, following the (old)
debian standard for this. This is needed, because the more modern way
of exposing the timezone name by having /etc/localtime be a symlink
into /usr/share/zoneinfo doesn't work when exposing the host timezone.
* All apps now have automatic permissions to own their own app id as a
subname of org.mpris.MediaPlayer2.
* We now properly re-load remote state in FlatpakTransaction if the
metadata was updated for the remote.
* The signature of the FlatpakTransaction::operation-done signal was wrong
in the header and has now been corrected to the signature that is actually
emitted.
* A crash was fixed when reading invalid .flatpakref files.
* A crash during updates when a local ref was unexpectedly missing was fixed.
* An error case on uninstalling was incorrectly returning success even
thought there was an error.
* flatpak_installation_modify_remote did not correctly save the nodeps state.
* flatpak_installation_load_app_overrides() was improperly returning freed
memory.
* The tarball now ships with an icon (flatpak.png).
Changes in 1.0.3
================
* run: You can now use --system to run an app that otherwise would run the
user version.
* New permission --allow=canbus that filters out access to AF_CAN sockets.
* lib: New install flags FLATPAK_INSTALL_FLAGS_NO_TRIGGERS and new function
flatpak_installation_run_triggers()
* lib: Better error reporting, including some new error values that
replace the generic FAILED.
* uninstall --unused: Improve handling of which .Locale extensions are used
* run: Make flatpak run on systems where $XDG_RUNTIME_DIR contains a symlink
beneath /var (commonly /var/run -> /run).
* Don't export any desktop/dbus/mimetype files in subdirectories.
* build-init: We now record the base ref (if used) in the metadata. Nothing
uses this atm, but it can be used by tools.
* We now respect the upstream ostree.deploy-collection-id instead of the
flatpak-specific xa.collection-id metadata key to decide whether to switch
to collection ids for a remote. This is useful, because if you use the
new one, only new clients (that support it better) will use it.
* create-usb: Fix assertion failure in some error cases
* create-usb: Always create archive-z2 repos
* create-usb: Don't create unnecessary summary in repo
* permissions: Avoid errors if there is no permissions table
* repo: Fix flatpak repo sometimes using the wrong ostree-metadata ref.
* Avoid fsync when updating $installation/.changed.
* Add the missing appstream2 ref to the xa.cache metadata
* The test-suite got some modifications to make it easier to maintain.
* Documentation updates
* Translation updates
Changes in 1.0.2
================
* The dbus proxy is now available in a separate git module, xdg-dbus-portal,
which is imported into flatpak as a submodule. It is possible to build
flatpak against the system xdg-dbus-portal instead, but this is not currently
very useful as no other applications yet depend on xdg-dbus-portal.
* Build regressions with older versions of glib have been fixed.
* Flatpak ps now also tracks the pid the main process inside the sandbox.
* Added flatpak override --reset to reset overrides for an app.
* Added flatpak override --show to show overrides for an app.
* flatpak install now automatically pick user or system based on the remote
name given (unless the remote exists in both).
* flatpak uninstall --unused now does not remove SDKs if some installed app
refers to them.
* Fixed bug where flatpak uninstall --unused prompted for uninstall twice.
* Set IO class on the system helper to "idle", which should cause backgroun
updates to affect the system less.
* Fixed regression in flatpak uninstall --no-related.
* Better handling of empty collection ids in flatpak bundles.
* Cleaned up some error messages.
* Various documentation fixes and cleanups.
* Updated translations.
Changes in 1.0.1
================
This fixes various build and test failures that were detected when
packaging 1.0, as well as translations and doc updates. It also
has some minor features, including a new subcommand "flatpak ps"
to list the running flatpak instances for your user.
* Print application tags in the prompt when installing/updating.
* Make sure we don't accidentally leak the host /proc into
the sandbox.
* Translation updates.
* Added a "flatpak ps" command that lists running flatpak instances.
* Improve error reporting when exporting documents.
* Improve detection of dynamic p2p remotes.
* Build fixes for older versions of glib.
* Fix threading issue in the OCI support that was causing the
installed tests to sometimes fail.
* Fix OCI AppStream support on 32bit architectures.
* Fix utf8 issue in the dbus API description.
* Some install fixes to make installed tests work
* Make the tests work with python3 (as well as python2)
* Improve introspection annotations in libflatpak
* Improve libflatpak API docs
Changes in 1.0
==============
Flatpak 1.0 is the first version in a new stable release series. This
new 1.x series is the successor to the 0.10.x series, which was first
introduced in October 2017. 1.0 is the new standard Flatpak version,
and distributions are recommended to update to it as soon as possible.
The following release notes describe the major changes since
0.10.0. For a complete overview of Flatpak, please see
[docs.flatpak.org](http://docs.flatpak.org/en/latest/).
## For users, app developers and distributors
Flatpak 1.0 marks a significant improvement in performance and
reliability, and includes a big collection of bug fixes. 1.0 also
includes a collection of new features, including:
* Faster installation and updates.
* Applications can now be marked as end-of-life. App centers and
desktops can use this information to warn users who have an end-of-life
version installed.
* Permissions now use an up-front verification model: users are
asked to confirm app permissions at install time, if an update
requires additional permissions, the user must also confirm.
* A [new portal](https://flatpak.github.io/xdg-desktop-portal/portal-docs.html#gdbus-org.freedesktop.portal.Flatpak)
allows apps to create sandboxes and restart themselves. This allows
applications to restart themselves after they have been updated (to
start using the new version), and to increase sandboxing for parts
of the application.
* `flatpak-spawn` is a new tool for running host commands (if
permissions allow) and creating new sandboxes from an app (this
uses the above portals APIs).
* Apps can now export D-Bus services for all the D-Bus names they are
privileged to own (rather than just the application ID).
* Flatpak's support for OCI bundles has been updated to the latest
specification. Also, AppData can now be distributed through OCI
repositories.
* Host TLS certificates are now exposed to applications, using
p11-kit-server. This removes a point of friction when accessing
network services in some environments.
* Apps can now request access the host SSH agent to securely access
remote servers or Git repositories.
* A new application permission can be used to grant access to
Bluetooth devices.
* A new `fallback-x11` permission grants X11 access, but only if the
user is running in a X11 session. For applications that support
both Wayland and X11, this can be used to ensure that the app
doesn't have unnecessary X11 access while in Wayland, but still
works in an X11 session.
* Peer-to-peer installation (via USB sticks or local network) is now
enabled and supported by default in all builds.
The Flatpak command line also introduces new commands and options, including:
* `uninstall --unused` automatically removes unused runtimes and
extensions (if you've removed all apps that depend on a runtime, or
all the apps you had depending on it have upgraded to a newer
version).
* New `info` options, including `--show-permissions`,
`--file-access`, `--show-location`, `--show-runtime`, `--show-sdk`.
* `repair` - fixes broken installs by scanning for errors, removing
invalid objects and reinstalling anything that's missing.
* `permission-*` - allows interaction with the portals permissions
store. This is useful for testing and for getting back to a clean
state.
* `create-usb` - can be used to prepare an repository to be used as a
local updates source.
Finally, the command line has a collection of other improvements, such as:
* If `--system` or `--user` aren't specified, one is automatically
picked if it is obvious (or it will ask if the correct option isn't
obvious).
* The `install`, `update` and `uninstall` commands now ask for
confirmation of changes before proceeding, in order to prevent
mistakes, and to show the required application permissions.
* The `uninstall` command now does not allow you to remove a runtime
if some installed application requires it.
* `flatpak remove` is now an alias for `flatpak uninstall`.
## For Linux distributors, OS and platform developers
* Flatpak no longer requires a filesystem that supports `xattr`.
* Portals are now more cleanly separated from Flatpak, thanks to the
document portal and permission store having been moved to
`xdg-desktop-portal`. It is recommended that the flatpak package has
a weak dependency on `xdg-desktop-portal`.
* `libflatpak` now has a transaction API for install, update and
uninstall operations. This means that it is much easier to use as
the basis of app centers and other graphical app management
software.
* Flatpak now sets several HTTP headers when installing applications,
which make it easier for Flatpak repositories to log things like
app download statistics and Flatpak versions in use.
* It is now recommended that Flatpak packages add a dependency on
p11-kit-server, as this allows apps to access host
certificates. However, this does not need to be a hard dependency.
* Requires bubblewrap 0.2.1 or later, and comes bundled with 0.3.0.
* Requires OSTree 2018.7.
Major changes in 0.99.3
=======================
* Fixed case where system install would sometimes fail
due to the system-helper idle exiting.
* Support installing flatpakref files in FlatpakTransaction,
including a new signal add-new-remote for when remotes
might be added.
* Added some new FlatpakError codes.
* We now support .flatpakrepo files with no gpg signatures
* Fix crash in system-helper when updating appstream
* New command create-usb which can be used to prepare
an repo for offline updates.
* Fix some non-handled cases of the CLI not working when
/var/lib/flatpak doesn't exist.
* Fix crash when running with a gid that is not in
/etc/groups.
* Add new permission-* commands to interact with the
permissions store from the portals.
* Include appdata in OCI bundle.
Major changes in 0.99.2
=======================
* Fix race condition on instance id allocation
* Translation updates
* Build fixes for new glibc versions
* Build fixes for new libsoup versions
* Build fixes for old glib versions
Major changes in 0.99.1
=======================
This is the first pre-release before flatpak 1.0. This is considered
feature-complete and we expect no features or major changes before
1.0, only bugfixes.
Note: There were some (minor) API changes in the FlatpakTransaction
APIs that were added in 0.11.8, so please don't use the old
version. (Note: I know of no user of this API).
Changes since last minor release:
* Ostree 2018.6 is required, and with this, the p2p code in
flatpak is made non-optional.
* flatpak install/update/ininstall now lists all the operations
that it will do and asks for confirmation before starting.
* In the above confirmation the permissions (new permissions
for updates) are shown for all applications.
* The FlatpakTranscation API has a new ::ready signal that
allows users to do similar confirmation prompts.
* P2P updates are more efficient
* system-wide installation uses less fsync calls so should
installation should be faster.
* New ssh agent permissions allows granting an app
ssh access.
Major changes in 0.11.8.3
=========================
* Fix a 25 second timeout on startup if using p11-kit < 0.23.10
* Minor change in dbus proxy default filter, now broadcasts are
not accepted from portals.
Major changes in 0.11.8.2
=========================
* Fix crash when building some apps
* Allow multiple appstream components per app
* Fix handling of gl drivers in uninstall --unused
* Don't prompt if nothing changed in uninstall --unused
* Longer timeouts in test suite
* Updated translations
Major changes in 0.11.8.1
=========================
* Fixed regression running apps with --own=* permissions
Major changes in 0.11.8
=======================
* Flatpak uninstall now accepts --all to remove everything and --unused to remove unused
runtimes.
* New command "flatpak repair" allows checking and repairing a flatpak installation.
* New permission --allow=bluetooth allows use of AF_BLUETOOTH sockets
* If p11-kit-server is installed on the host, this is now used to forward the host
certificate trust store to the sandboxed app.
* New transaction API in libflatpak that makes it much easier to implement
installation and updates in frontends.
* Flatpak uninstall now does not allow you to remove a runtime if some installed app requires it.
* We now have tab-completion for zsh.
* New installations of flatpak now defaults to bare-user-only repos, which means
that it works with filesystems that don't support xattrs.
* New flatpak info options: --show-location, --show-runtime, --show-sdk
* New flatpak remote-info options: --show-runtime, --show-sdk
* p2p operations now work when offline.
* Work around hanging on app startup on blocking autofs mounts.
* The dbus proxy filtering now works matches the new dbus containers filtering API.
* Various optimizations make installation and updates faster. In particular
operations like running triggers and pruning only happens once per
install/update operation.
* We now respect multiple extension versions matches when auto-downloading extensions.
* New http header Flatpak-Upgrade-From sent when upgrading.
* Commands like "flatpak info/list/remotes/search" now work properly if /var/lib/flatpak doesn't exist.
* The bubblewrap version required for system-bwrap is now 0.2.1.
Major changes in 0.11.7
=======================
* Fix regression in installing .flatpak bundles
Major changes in 0.11.6
=======================
* Further work on the export filename regression, now also fixes the
same issue as in 0.11.5 but in flatpak build-finish.
* Fix segfault when installing from .flatpakref in gnome-software
* Build yacc parser from source.
* Don't tab-complete Sources/Locale/Debug extension by default.
* Fix tests on debian.
Major changes in 0.11.5
=======================
* Fix a regression which caused installation of epiphany and
other apps that export multiple .service files to fail.
* Fix appstream updates in p2p mode.
* Don't distribute generated gdbus code with tarball.
* Add documentation for the flatpak portal
Major changes in 0.11.4
=======================
* flatpak remove is now an alias for flatpak uninstall.
* flatpak uninstall now picks system or user automatically if not specified
* New appstream branch format which is more efficient to distribute,
the old is still generated for backwards compat.
* Appstream data now contains compatible arches (for applications
that doesn't exist for the primary arch). For example, an
i386-only app is now listed in the x86-64 appstream.
* The flatpak version is included in the user agent when downloading.
* The Flatpak-Ref http header is set to the currently installing ref when
downloading.
* New argument --timestamp in build-commit-from.
* When updating many apps we now only prune the local repo when all
updates are done, making multi-app updates faster.
* flatpak build now always allows multiarch use.
* flatpak build now mounts app extensions during build.
* flatpak build-init now supports --extension to add extension points earlier
than build-finish. Also build-finish now supports --remove-extension.
* New flatpak portal allows applications to sandbox themselves and restart a
newer version of themselves.
* New flatpak run options: --no-a11y-bus, --no-documents-portal.
* Initial support for end-of-life:ing applications.
* New option X-Flatpak-RunOptions in exported desktop/files allow you to specify
no-a11y-bus and no-documents-portal.
* Support for tagged extension points, which is useful if you want to use
the same extension id (but maybe different versions) multiple times in an app.
* We now export .service files for names that the app is allowed to own on
the session bus.
* libflatpak got new methods for listing remotes by type.
* libflatpak now has support in FlatpakRemoteRef for getting remote metadata
such as end-of-life, download size, metadata etc.
* There was some internal restructuring on how installs/updates are done
which should improve performance and maintainability.
Major changes in 0.11.3
=======================
* Fix "open with" and flatpak run --file-forwarding crash
* Fix build with glibc 2.27
Major changes in 0.11.2
=======================
* Remove fuse dependency, since we don't ship document portal anymore
* Fix various issues with /home being a symlink to /var/home (atomic)
* Allow downgrades when using collection ids
* Search on all supported architectures
Major changes in 0.11.1
=======================
This release removes the document portal and the permission store as they
have been added to xdg-desktop-portal 0.10. Packagers need to update
these two in lock-step. Flatpak technically doesn't depend on
xdg-desktop-portal, but it is recommended that the flatpak package
depends on xdg-desktop-portal in some way, because most flatpaks will
want it.
* Remove document portal and permission store
* Add --socket=fallback-x11 permission
* Fix dbus proxy vulnerability in authentication phase
* Allow personality syscall in devel mode
* commit-from: Migrate static deltas with commit
* Add "network" storage type for installations
* Add flatpak info --show-permissions
* Add flatpak info --file-access
* search: Update appstream (if stale) before searching
* Make libflatpak work when /var/lib/flatpak is empty
* build-bundle: Add --from-commit option
* Allow appstream ids that don't end in .desktop
* Make permission handling ignore unknown permissions for forwards
compatibility
* Removed incorrect error message in update --appdata when there
was no updates
* Fix handling of abort in the duplicate remote prompt
* Fix division by zero in progress calculation
* Fix flatpak remote-info --show-metadata
* Fixed crash when installing some flatpak bundle files
* Fix installation of telegram
* remote-ls -u only considers app from the origin remote
* Fix assertion error in extra-data progress reporting
* Report nicer errors when trying to downgrade as non-root
* pulseaudio: Try to find pulseaudio socket better
* Fixed some warnings reported by coverity
* Cleaned up code by splitting up some large source files
Major changes in 0.10.2
=======================
* Flatpak now requires OSTree 2017.14
* flatpak update now updates from both system and user installations
by default.
* flatpak update is less noisy when updating appstream info.
* All the remote-* commands now by default automatically decide to use
--user or --system based on the given remote name.
* flatpak remote-ls with no remote lists the content of all remotes
* Fixed regression that made xdg-user-dirs and theme selection
for kde apps break.
* flatpak override with no argument now overrides globally, i.e. for
all apps.
* flatpak override now supports --nofilesystem properly. For example
flatpak override --nofilesystem=~/.ssh hides the ssh dir for all
apps, even those who have homedir access.
* flatpak install now takes a --reinstall argument which uninstalls
a previously installed version if necessary. This is very useful
when you want to install a new version from a different source.
* flatpak install now allows you to pass an absolute pathname as
remote name, which will create a temporary remote and install
from that. The remote will be removed when the app is uninstalled.
This is very useful during development and testing.
* Flatpak now creates CLI wrappers for all installed apps, so if you
add /var/lib/flatpak/exports/bin or ~/.local/share/flatpak/exports/bin
to your PATH you can easily start flatpak apps by their application id.
Major changes in 0.10.1
=======================
* New command "flatpak remote-info" shows information about applications
in a remote. In particular the --log operation shows the history and
can be used in combination with flatpak update --commit=XYZ to roll
back to a previous version.
* New command "flatpak search" which allows you to search the appstream
data from the commandline.
* flatpak update now updates appstream data for all confured remotes, which
is important for search to work.
* Allow automatic installation of gtk themes matching the active theme.
* Handle the case when /etc/resolv.conf is a symlink
* /usr an /etc are now expose in /run/host in the app if the app has
full filesystem access.
* flatpak remote-add now works as a user when /var/lib/flatpak is empty,
allowing flatpak to work on stateless systems.
* Add support for flatpak build --log-session/system-bus, similar to
what flatpak run already does.
* flatpak build --readonly runs with the target directory (normally /app)
mounted read-only.
* Fall back to LD_LIBRARY_PATH if a runtime doesn't have /usr/bin/ldconfig.
* Updated the support for OCI remotes. This is work in progress and still
disabled by default though.
Major changes in 0.10
=====================
This is the first release in a new series of stable releases called
0.10.x. New features will be added to 0.11.x, and bugfixes will be
backported to 0.10.x. During the early phase of the 0.10.x series we
may also backport minor features, but we guarantee backwards
compatibility.
Changes since 0.9.99
* Added the flatpak config option which can set the language settings
* Fix issue where sometimes ld.so.conf were not generated
* /dev/mali0 is added to --device=dri
* Work around ostree static delta issues in some cases
Major changes in 0.9.99
=======================
* Requires ostree 2017.12 for important pull stability fix
* New libflatpak API: flatpak_dir_cleanup_undeployed_refs, flatpak_installation_prune_local_repo,
flatpak_installation_remove_local_ref_sync, flatpak_installation_cleanup_local_refs_sync
* build: FLATPAK_ID and FLATPAK_ARCH are now set in the environment when building
* update: Don't fail the entire update if some remote fails to update its metadata
* run: /.flatpak-info now lists exact commits and extensions in use
* run: We now use a per-app ld.so.cache file whenn running. This should speed things up,
and allows ldconfig to report the correct results.
* The verbose mode was changed into two levels, use -vv to show the more detailed info, which
currently only contains the full bubblewrap argument lists.
* run: Some common problematic host environment variables are now unset in the sandbox
(PYTHONPATH, PERLLIB, PERL5LIB and XCURSOR_PATH)
* run: Fixed failure when a higher prio extensions depended on a lower prio one.
* run: The extension ld path order is now: app extensions, app, runtime extension, runtime.
This was previously incorrect in that the app could override app extensions.
* Extensions are now not downloaded if a matching unmaintained extension is already installed
* Preemptive changes to handle new bubblewrap change which doesn't user /newroot
* document portal: Disable debug spew that was accidentally enabled
* build-finish: New --extension-priority option
* run: Fix regression in --persist in 0.9.98
* run: Use sealed memfds (instead of just temporary files) when passing data to bubblewrap
Major changes in 0.9.98.2
=========================
* Fix permission denied when using the system-helper
Major changes in 0.9.98.1
=========================
* run: Fix homedir access if the app has --filesystem=host access
* build-update: Fix appstream update in case one arch didn't change
Major changes in 0.9.98
=======================
* libflatpak now correctly finds metadata for subset installations (like locale data)
* flatpak build now supports --appdir which exposes the per-app directory in the
user homedir. This is useful when testing builds.
* The host fontconfig caches are exposed to the sandbox, next to the fonts in /run/host.
This will (pending fontconfig work) allow sharing host fontconfig caches, allowing
much faster initial startup for flatpak apps.
* flatpak install now supports --no-pull
* Added new extension property "locale-subset", which makes the extension point
act like a locale extension (i.e. only install the subset configured by the
locale).
* flatpak remote-add --oci is disabled for now, as this is not up to date with
the latest OCI work, and we don't want to break existing deployments if this
has to change when this lands.
* Parallel installation/updates are now safe because we take a filesystem lock
whenever we prune the local ostree repo.
* Flatpak run now works when important paths like $HOME, etc, are symlinks.
* The ostree min-free-space property is is set to zero by default for the
flatpak repos. This was causing a lot of problems for people, but the feature
is still there if you manually enable it.
Major changes in 0.9.12
=======================
* Fixed a regression in extra-data installation
* Don't expose the a11y bus in flatpak build
Major changes in 0.9.11
=======================
* You can now show all outstanding updates with: flatpak remote-ls --updates
* The dbus filter "org.name.*" now means all subnames of org.name, not just
the first level. This matches how dbus arg0namespace works, and how the
coming dbus container support will work.
* Fixed segfault on update
* Better commandline tab completion
* Flatpak now exposes host icons readonly as /run/host/share/icons to the sandbox.
Major changes in 0.9.10
=======================
Fix regression in dbus proxy that causes some apps to not
work in 0.9.9.
Major changes in 0.9.9
======================
flatpak-builder was split out into its own module:
https://github.com/flatpak/flatpak-builder
* When downloading to a temporary directory for later install to the
system repo we now write to /var/tmp instead of $HOME. This is more
likely to be the same filesystem as /var/lib/flatpak, and thus will
not run into issues with e.g. filesystem full.
* We now get the default language list from AccountService if possible.
* A regression that made --devel crash was fixed.
* New feature for flatpakrefs, SuggestRemoteName=remotename will cause
flatpak to ask if you want to create a generic (not app specific)
remote for the repo url.
* flatpak build now does not die with the parent by default, you have
to pass --die-with-parent. This was done because die-with-parent
uses PR_SET_PDEATHSIG which does not work well if the parent is
threaded, like e.g. gnome-software is.
* We now always re-set the personality in the sandboxed process
in order to avoid inheriting weird settings.
* We now share a single dbus proxy instance for all proxies for a sandbox.
* dbus-proxy now properly disallows old-style eavesdropping.
* We now support accessibility by starting a customized dbus proxy for the
a11y bus.
Major changes in 0.9.8
======================
Core:
* Experimental support for peer2peer installation, enable with --enable-p2p
* Add default language setting to flatpak config. Defaults to all locales for
system installs and the users locale for per-user installs.
* build-update-repo: Now always keeps the *two* latest deltas around to avoid
race conditions with outstanding downloads at the time or running the update.
* Support loading extra data from local lookaside cache.
Flatpak-builder:
* Set terminal title to the currently building module
* Added ability to specify http url for sources mirror with --extra-sources-url.
* --install-deps-from=REMOTE installs the dependencies needed for the
manifest.
* New option --delete-build-dirs to always delete build directories,
even on a failed build.
* New property "add-extension" makes it nicer to create extension points.
Major changes in 0.9.7
======================
* Don't re-download git repo when bundling sources
* Build modules with no source if buildsystem is "simple"
* Build cleanups
Major changes in 0.9.6
======================
This version requires the latest ostree version (2017.7) because it
uses a new feature that hardens the security of flatpak. Previously,
if you installed to a system-wide repository, the files created for an
application were as specified by the remote repo, but owned by root,
which could include problematic permissions like setuid or
world-writable. We now never create such problematic files or
directories on disk. Flatpak export was also changed to never
create problematic files in new apps.
Related to this, newly created flatpak installations also use the
new "bare-user-only" mode for the repositories, which means you
can now install applications even if your filesystem does not
support extended attributes.
Other changes:
* flatpak info --show-metadata now only shows the metadata, in
a machine parseable way.
* build-export now records the flatpak version in the commit message
* builder: The .pyc timestamp fixer now allows .pyc files with no
corresponding .py file.
* builder: New feature 'inherit-extensions' lets you copy extension
info from the parent runtime.
* builder: Set ExtensionOf in auto-created extensions (like Locale
and Debug)
* builder: Setting CPPFLAGS now works
Major changes in 0.9.5
======================
Changes in flatpak:
* Fix installation of installed tests
* Don't show an error when updating if a remote is disabled
* Store the app id in the X-Flatpak key when exporting a
desktop file.
* flatpak run: Handle paths when rewriting %u urls during
file forwarding.
* builder: Always assume separate builddir when using meson, as
meson only works with this.
* document-portal: The app-specific directory is always accessible
to the app, take this into consideration for AddFull.
* builder: Don't warn for unknown keys if they start with x-
* Fix a race condition when restarting the document portal
* build-update-repo: Don't list removed deltas in the summary
* list: Don't show .Locale/.Debug/.Sources by default. Show with -a.
* remote-ls: Don't show .Locale/.Debug/.Sources, or non-primary
arches (unless the primary does not exist) by default.
Show with -a.
* dbus-portal: Fix handling of NameHasOwner
* builder: Add --export-only to export a previous build.
* run: Allow regular files for --filesystem=xdg-config/path
* run: Allow --filesystem=xdg-config/subdir:ro (previously
it needed to be writable).
* build-commit-from: Properly handle xa.ref when rewriting
refnames.
Major changes in 0.9.4
======================
Changes in flatpak:
* Now requires ostree 2017.6 and bubblewrap 0.1.8
* Better progress reporting in CLI and UI
* Improved output from commands info, list, remotes,
remote-ls: More detail, colors, nicer table formatting.
* New command flatpak repo that lets you show information
about local repositories.
* When launching exported desktop files, the paths
passed to it are automatically created as documents
to allow access to the arguments, if needed.
* Flatpak install of an already installed application is
now a warning, not an error.
* flatpak build now kills all the processes in the
sandbox when it exits.
* flatpak update --subpath=... now updates the app event
if there is no new upstream version, but the subpath is
different from what is currently installed.
* Exports are now whitelisted, and the only thing you can
export are:
desktop files, icons, dbus services, mime definitions, and
gnome-shell search providers
* Exported gnome-shell search providers are automatically
disabled by default.
* Exported mimetypes are rewritten to only allow globs, and to
make the globs have a low priority vs system mime info.
* A remote can now redirect to a new URL and/or a new GPG key, by
using build-update-repo --redirect-url=URL --gpg-import=FILE.
When clients see this they permanently change the local configuration.
This is very useful when migrating official repositories.
* flatpak caches in the homedir are now stored in ~/.cache
(or $XDG_CACHE_HOME) instead of ~/.local/share/flatpak/system-cache.
* Added version field to all exported dbus interfaces.
* New AddFull method in the Document Portal, which allows
exporting multiple files, as-needed by a particular target
app. This is useful for implementations of dbus activation
for desktop files.
* New flag --no-static-deltas for install/update without
using static deltas. Mostly useful for debugging.
* TMPDIR is now unset in the sandbox, if set on the
host. Each sandbox has a personal /tmp that is used.
* Flatpak run now works if /tmp is a symlink on the
host.
* /etc/hosts and /etc/hosts.conf from the host are now exposed
in the sandbox in addition to /etc/resolv.conf.
* Titles and default branches are now automatically updated from
the remote unless they are explicitly set. You no longer have
to run flatpak remote-modify --update.
* Some performance inprovements when installing apps.
* When exporting a build, the commit objects now always include
the branchname, the metadata and install/download size.
The sizes are reused for faster summary building, and the
others changes are for future use. The fields are verified
against the deployed metadata during installation, so it
is trusted.
* Fixed minor race condition in portal application identification.
* lib: New flatpak_installation_update_appstream_full_sync method
that allows progress reporting.
* bash-completion: Fix out-of-bounds read that could produce
weird completion at times.
Changes in flatpak-builder:
* Added support for appdata screenshot mirroring.
* New property "install-rule" lets you change what Makefile rule to
use in the install phase.
* The git "commit" property can now specify both a tag object and the
commit object it refers to.
* New cppflags property, similar to e.g. cflags.
* The "env" property now overrides the cflags/cxxflags/ldflags
properties, to allow these to be reset.
* Initial checkout of git/bzr to a temporary directory so that errors
during checkout do not persist.
* Properly take the "buildsystem" field into account when calculating
cache freshness.
* Don't crash if appstream-compose fails.
* "ldflags" property now works correctly.
Major changes in 0.9.3
======================
Changes in flatpak-builder:
* "rename-icon" renames in translated icons too
* Moved manifest format docs to own manpage, "flatpak-manifest".
* "bootstrap.sh" is now recognized as an autogen.sh alternative
* Fall back to not using rofiles-fuse if it is not available.
* Make sure flatpak-builder --run grants the app access to dbus.
* Make paths paths for module includes and module dependencies
relative to the included module rather than the "base" json file.
* When cross-compiling 32bit apps on 64bit arches (like i386 on x86-64)
then we automatically set a linux32 personallity.
* Print warnings for unhandled json properties.
* Make sure flatpak-builder --run works if --extra-data is in the
finish args.
* Take build-commands into consideration when considering if the
build cache is stale.
* Support for --extra-sources= to pre-seed downloaded sources.
* Support for --bundle-sources which creates a runtime with the sources
that were used to build the app.
* Handle trailing whitespace in git submodule uris
* Progress reporting while downloading files.
Other changes:
* build-export now always exports directories as readable and executable.
* build-update-repo --generate-static-deltas now fork the work process
rather than using threads, which avoids problems with this using
a lot of memory in a single process in some cases.
* Report flatpak version in HTTP request user agent.
* New "flatpak repo" command added that has some options for maintaining
a repository.
* flatpak info can now report more information and handles multiple
installed branches better.
* Support non-default WAYLAND_DISPLAY environment var.
* Handle application ids that end with .desktop when generating
appstream data.
* Documentation updates
Major changes in 0.9.2
======================
* Fixed a use-after-free and some leaks in the dbus-proxy. This
is not currently believed to be exploitable, but the proxy is a
security boundary, so we still recommend to update.
* Regular updates now never allow updates to an older version
than what is currently installed (unless you explicitly specify
an old commit id). This closes a hole where a MITM attacker can
force clients to downgrade to an earlier (gpg-signed) version of
the application.
* The automatic detection of --from in flatpak install now detects
flatpakref extensions even in URIs that end in a query string such as
https://git.gnome.org/browse/gnome-apps-nightly/plain/gedit.flatpakref?h=stable
* OCI support now supports GPG signatures
* OCI support now works with the system-helper for unprivileged systemwide
installation.
* Experimental support for the new ostree bare-user-only repo mode that
allows flatpak to run on filesystems without xattrs. Set
FLATPAK_OSTREE_REPO_MODE=user-only in the environment to use this.
* builder: New property disable-fsckobjects for git sources
* builder: New property commit for git sources. This lets you specify
both a tag (for readability) and a commit id (to ensure the tag doesn't
change).
* builder: The manifest file format docs have been split out into its
own manpage.
* builder: App manifests now support specifying sdk-extensions that has
to be installed for the app to build.
* builder: When creating the platform, remove all sdk-specific extensions,
allowing creation of sdk-specific extensions.
* builder: Correctly handle absolute pathnames in the specified
command.
* builder: Support --default-branch which defined the branch to build in
case the manifest doesn't specify one.
* When exporting builds to ostree we now use the canonical permissions
for bare-user files, which means the resulting builds can safely
be used with the new ostree bare-user-only repository type.
* The detection of "unmaintained" system extensions was broken, and
in some cases these extensions were not found. This now always
works.
* Flatpak now builds with latest OSTree. This required some fixing for
multiple definitions of the g_auto* macros as OSTree now exports
those.
* We no longer rely on ostree trivial-httpd for the tests, because
this is optional in later versions of ostree. Instead we use
they python SimpleHTTPServer.
* The minimum glib version has been corrected to 2.44.
* The minimum automake version has been increased to 1.13.4
because some older version didn't work.
Major changes in 0.9.1
======================
This release mostly has changes to flatpak-builder and the build
machinery. All flatpaks built with this version can run
on flatpak 0.8.x, but there has been additions and minor
changes in flatpak-builder that may require minor changes
to existing builder manifests, see below.
The flatpak-builder build cache now uses an ostree feature called
rofiles-fuse. This allows the build to work directly against
hardlinked checkouts of the cache, because rofiles-fuse disallows
writes to the hardlinked files (but allows replacing them). This makes
cache commits and checkouts much faster. However, it also means that
installation cannot do in-place modification of files in the
installation directory. There is a new per-module property called
"ensure-writable" that takes a list of patterns and ensures all files
matching them are writable (by manually breaking the hardlinks). This
may need to be added to some manifests to keep them building in the new
version.
The cflags and cxxflags module properties now work by appending,
rather that replacing, when there are multiple values specified. For
instance, the per-arch or per-module cflags will be appended to the
base cflags. This may cause old json files do duplicate cflags in
some cases. Normally compiler flags are repeatable without problems
though, so it is unlikely to cause problems.
Here are a short summary of the rest of the flatpak-builder changes:
* The build cache was changed so that it is not invalidated if
the installed version of the SDK changed. This means that the app
will not rebuilt if you updated the SDK. This is generally the right
thing to do, as SDKs are meant to be compatible. If you want
to avoid this (for instance when building against an unstable sdk)
you can use the --rebuild-on-sdk-change argument.
* The build cache is now per-arch, so building on one arch doesn't
invalidate the cache for another arch.
* New buildsystem "cmake-ninja" which works like "cmake", but builds
using ninja, rather than make.
* New buildsystem "simple" which doesn't use configure or make, it
just runs a set of shell commands specified in the "build-commands"
property. Note: build-commands is also available to other buildsystems
and are run between make and make install.
* flatpak-builder now has build-runtime and build-extension properties that
makes it easier to build runtimes and extensions.
* FLATPAK_DEST is set in the build environment to the installation
destination (i.e. typically /app). It is particularly useful when
building an extension where the destination is more complex.
* flatpak-builder now supports --from-git=URL which pulls the
json manifest and related files directly from a git repo.
* modules have a new no-make-install property which skips
the make install step.
* Modules and sources have only-arches and skip-arches properties,
which lets you enable/disable them based on the build architecture.
* build-options has a new property ldflags, which is similar
to cflags and cxxflags.
* flatpak build (and thus flatpak-builder --run) now supports
dbus proxies when needed.
* All git repos are cloned with fsckObjects=true, which means
we verify that the repos are valid.
* New flatpak-builder argument --build-shell=MODULE extracts and
prepares the sources for a specified module and then starts
a build sandbox inside it.
There are also some other changes:
* build-export: Now supports --timestamp=ISO-8601-TIMESTAMP, which
allows you to create reproducible commits.
* The OCI support has been updated to the latest version of the
OCI image specification format.
* There is a new flatpak-bisect script that can be used to bisect
flatpak applications, looking for regressions.
* flatpak list got a revamp. It now shows more information, and
shows both apps and runtimes by default.
* flatpak remote-list was renamed flatpak remotes in order
to minimize confusion with flatpak remote-ls. The old name
is deprecated but still works.
Major changes in 0.8.4
======================
In addition to the regular list of bugfixes this stable release
include backports of one more feature required for making OpenGL work
well. Now extra-data using extensions (such as the nvidia driver) can
specify that it doesn't need a runtime to run its apply script. We use
this in the nvidia driver by making the script a static binary, which
lets us use the nvidia driver for multiple runtimes without requering
that a particular one is installed. We also support an extension point
supporting multiple versions, which will be use for sharing the
nvidia driver between different runtime versions.
Additional fixes:
* Documentation fixes
* Crash fixes
* Fix xauth propagation in some cases
* Don't remove origin remotes on uninstall if some other app
is installed from it.
* Don't reset what locales are installed when updating a locale
extension
* Disable splice for the documentation portal as it seems
to be broken in fuse
* Append, don't override XDG_DATA_DIRS in profile script
* Fix progress reporting in libflatpak to go from 0 to
100% once, merging the various phases.
Major changes in 0.8.3
======================
In addition to the regular list of bugfixes this stable release
include backports of a the updated OpenGL support from master. This,
in combination with the work in the runtime allows flatpak to work out
of the box with out-of-tree OpenGL drivers, including the nvidia
driver.
Additionally, due to some complicated issues wrt ptrace and user
namespaces this version disables the use of user namespaces if
bubblewrap is setuid, as it cause problems for the way flatpak
portals identifies applications. (See issue #557 for details)
* Better handling of errors for extra-data
* Handle extra-data properly for runtimes (as well as apps)
* Respect required version for runtimes (as well as apps)
* flatpak list: Don't break if some local ref is not deployed
* builder: Look for appstream data in /app/share/metadata also
* builder: Fix buildsystem=cmake builds
* Add progress reporting to extra-data download
* Fix uid/gid for directories in document portal
Major changes in 0.8.2
======================
This is a bugfix and security update.
Some of the bind-mounts that flatpak sets up were not read-only as
they should have. This includes: extensions, system fonts,
resolv.conf, localtime and machine-id. Many of thse are typically only
writable by root, but some, like the user-specific fonts and
user-installed extensions could be modified from the sandbox.
Everyone using 0.8.x is recommended to update to this version.
Other fixes:
* There are new configure options for where to install dbus configuration
* Broken symlinks in the root directory no longer break flatpak run
* flatpak run with HOME in /var now works
* dri access now also handles mali devices
* install handles --arch when installing flatpakrefs
* system-helper activation fixed on systemd-less setups
* dbus-proxy now works without /run
* During installation, failing to update a dependency is now not
fatal.
* /etc is now fully writable when building runtimes
* --filesystem=xdg-config/foo now sets up the bind-mount from the host dir
even when not using :create.
Major changes in 0.8.1
======================
This is a bugfix and security update (CVE-2017-5226).
Flatpak now uses seccomp to disallow the TIOCSTI ioctl in the sandbox,
which works around the possibility to inject text on the controlling
tty (CVE-2017-5226).
This was previously fixed in bubblewrap in 0.1.6, but that change has
now been reverted as it introduced other problems for flatpak.
* Update bundled bubblewrap to 0.1.7
* Fix writing new file with O_EXCL in the document portal.
* Allow appstream data that doesn't have .desktop in the component id,
such as data for runtimes.
* Drop json-glib dependency from 1.2 to 1.0
* Builder: Fail if unable to read included file
* OCI: Ensure exported layers are readable by everyone
* Fix extra-data download in gnome-software
* Fix update-mime-database trigger when installing via
the system helper.
* Updating an app by installing a newer bundle now works
again.
* Make /var/tmp not be on a tmpfs (it is now in
~/.var/app/$appid/cache/tmp).
* Documentation / translation updates
Major changes in 0.8.0
======================
This is the first release in a new series of stable releases called
0.8.x. New features will be added to 0.9.x, and only bugfixes will be
backported to 0.8.x. The featureset of this release is a good base to
target if you're creating flatpaks that should be widely usable.
This release technically requires only OSTree 2016.14, and it build
fine with this, but we recommend using OSTree 2016.15, because of the
change in how it verifies the checksums of commits in delta files.
* Flatpakrepo files now support a RuntimeRepo= key which points to
a flatpakrepo file. This means the user don't have to manually
configure a remote for the runtime, just reply to the prompt
to automatically do this when installing the app.
* We now support dependencies when installing bundles. This includes
required runtimes, related refs, and the equivalent of RuntimeRepo.
* The support for OCI in flatpak has been updated to the latest
OCI spec version, and support has been added to directly install
flatpak applications from an OCI image.
* In flatpak install, the --from and --bundle options are now optional
if the argument has the correct suffix (.flatpakref and .flatpak)
* Flatpak install now supports -y to let you avoid interactive prompts.
* build-finish: We now export mime type files with the right name.
* build-finish: New --require-version option let you specify a particular
version of flatpak, and older version of flatpak will not install
or update to the new version.
* build-sign: Allow signing all apps by omitting the id.
* Fix regression in the document portal when adding named files.
* build-import-bundle now signs the commit if you specify a gpg key.
* Flatpak now reads configuration from /etc/flatpak/installations.d
which lets you support multiple system-level installation paths.
These can be accessed with new --installation=... arguments to
most of the commands.
* flatpak-builder: Support --jobs=N to limit parallel builds
* flatpak-builder: Patch source got new options property that lets
you pass arguments to patch.
* flatpak-builder: New generic "buildsystem: type" option that
replace the (now deprecated) "cmake: true" option. This
supports "autotools", "cmake" and "meson".
Major changes in 0.6.14
=======================
* Update bundled bubblewrap to 0.1.4 which has some nice bugfixes.
If you are using an external bubblewrap it is recommended, but
not required to update.
* Requires OSTree 2016.14, which allows us to drop some old
workarounds.
* When installing an application system-wide, don't consider
dependencies that are installed for the user only.
* Flatpak install --from now tries to re-use existing remotes to
avoid creating unnecessary origin remotes.
* Using --filesystem=$dir when $dir is a symlink-to-directory now works.
* Using --filesystem=$file to expose unix sockets to the app is now
allowed.
* By default all the directories in ~/.var/app (except the app), as
well as ~/.local/share/flatpak are hidden in the sandbox.
* New option --filesystem=$dir:create which will create the destination
if it did not previously exist.
* --filesystem= now supports for xdg-[config|cache|data]. This
allows you access to the host versions of these xdg dirs. Additionally
if you use these with a subdirectory, like:
--filesystem=xdg-config/subdir
then that subdirectory on the host will be shared with the per-app
instance of the xdg-dir.
* Builder now correctly handles app-ids that have dashes in them.
Previously this generated invalid ids for the debuginfo and locale
extensions.
* The experimental OCI file format support was changed from creating an
OCI container to creating an OCI image.
* Fix regression where "flatpak update --appstream remotename" broke
Major changes in 0.6.13
=======================
* The command line arguments for install/update/uninstall changed
These used to take an application id and an optional branch name as
two arguments. This meant you could not specify multiple apps
to install in a single command. So, instead of having the branch
as a separate argument we now support partial references.
If you only specify an id we try to match the rest as best we
can depending on what is installed/available, but if this
matches multiple things you have to specify more details.
For example you can use:
* org.my.App//stable - Any compatible arch, stable branch
* org.my.App/x86_64 - x86-64, look for available branch
* org.my.App/x86_64/stable - exact reference
This means install/update/uninstall can now install multiple apps
in a single operation.
* Application runtime depencenies are checked/downloaded
Whenever you install or update an application we check that the
required runtime is installed. If not, we check if it is available
in any configured remote, and if found asks the user if/where to
install it from. If it is not found, the install/update fails.
You can mark remotes as --no-use-for-deps, which means flatpak will
never search for runtime dependencies in such remotes. This makes
the dependency search faster if you have app-only remotes.
It is recommended that app-only .flatpakrepo file define this
by specifying NoDeps=true.
* remote-add and install --from now supports uris
This means you can install flatpakrefs and flatpakrepos in a
single command like so:
* flatpak remote-add --from gnome https://sdk.gnome.org/gnome.flatpakrepo
* flatpak install --from https://sdk.gnome.org/gedit.flatpakref
* flatpak run can now launch a runtime directly
For example, "flatpak run org.gnome.Platform//3.22" will launch a shell
inside a sandboxy with the gnome 3.22 runtime and an empty /app.
This is useful for development and testing.
* included bubblewrap was bumped to 0.1.3 which has a security fix
* Support for defining the default branch per remote
* remote-add/modify: --update-metadata pulls current title and default branch
from remote summary file
* Applications can now list a set of URIs that will be downloaded with the
application. The app can then extract these and use as a part of the
application data. This is useful for applications using freely downloadable
parts that can't be redistributed elsewhere.
* flatpak-builder: Support --finish-only and --allow-missing-runtimes
* flatpak-builder: Support app layering
An app can define a "base" application which is used for the initial
content before the application is built. This way applications can
be built in a layered fashion.
* dbus proxy: The filtering has been tightened up
* build-finish: Now exports icons for themes other than hicolor too
* There is support in the app metadata for generic policies.
These are read and propagated and supports overriding, but are
not otherwise interpreted by flatpak. They can be used by other
host services as static permissions for the application.
* Support for extensions directories
In addition to using flatpak maintained runtime as an extensions
flatpak can now use raw directories in ~/.local/share/flatpak/extension
and /var/lib/flatpak/extension. For example, if you create a
directory called org.freedesktop.Platform.GStreamer.MyPlugins/x86_64/1.4
there it will be used as a source for gstreamer plugins for all
runtimes based on the freedesktop 1.4 runtime.
Major changes in 0.6.12
=======================
* Partial revert in application id rules. Application ids
can now only have dashes in the last element. This allows
apps to export files such as org.my.App-extra.desktop which
was used by the libreoffice builds.
* By default the kernel keyring is not accessible, as it is
not containable.
* Some robustness fixes for build-commit-from
* Better error messages
* flatpak update --appstream now updates for all remotes
* Made flatpak enter work, and you can now use any pid in the sandbox.
However, it requires root permissions.
* Support for --device=kvm for /dev/kvm access
* Support for --allow=multiarch to support non-primary arch support.
For example running i686 code in an x86_64 app.
* Add new default-branch setting for the remote configuration
Major changes in 0.6.11
=======================
* Dashes are now allowed in application ids. However, to still work with
symbolic icon names, they may not end with "-symbolic".
* HostCommand now handles ptys correctly
* Various documentation updates
* New FLATPAK_CHECK_VERSION macro in libflatpak
* HostCommand now returns the real PID rather than a fake one.
* Fix regression in flatpak update --appstream
* Fix regression installing bundles without origin urls
* New flatpak-builder option --show-deps lists all the files
the manifest depends on.
Major changes in 0.6.10
=======================
* Dropped requirement for systemd --user.
The way we detect if an process we're talking to is sandboxed, and
what application id it has doesn't use cgroups anymore, which means
that the dependency on systemd in the user session is now optional.
This also means the --no-desktop argument is not needed any more.
(It is still accepted but does nothing.)
* Initial support has been added for .flatpakref files. These are simple key
value files similar to .flatpakrepo files, however they specify an application
to install in addition to the repo information. For example, gedit can be
installed by downloading https://sdk.gnome.org/gedit.flatpakref and running:
flatpak install --from gedit.flatpakref
There is also library support for this so it can be added to graphical
installers (such as gnome-software).
* Requires OSTree 2016.10. The change in how OSTree handles mtimes in
checkouts that was introduced in 2016.7 has been reverted, and
the required changes in Flatpak has been made. This means that
flatpak now depends on OSTree 2016.10.
* Requires Bubblewrap 0.1.2 for builds using the system bubblewrap.
Builds using the included copy need no changes.
* The $XDG_RUNTIME_DIR/flatpak-info file has added information
about the running application, and is now also securely available
for a running application from the host as "/proc/$fd/root/.flatpak-info".
This is what is used to identify remote apps instead of the cgroup
info.
* A new run permission --allow=devel has been added. An application with
this permission is allowed to use ptrace and perf. This was previously
only available during "flatpak build" and "flatpak run -d". This
is useful if you're packaging e.g. an IDE.
* When an application is updated or removed a /app/.updated or /app/.removed
file is created for running instances. This can be used by applications to
trigger e.g. a restart for the new version.
* A new dbus request "HostCommand" has been added to org.freedesktop.Flatpak.
This lets you run any command on the host, and is therefore clearly not
sandboxed, so access to this should be limited. However, it is very useful
if you're using flatpak mainly as a distribution mechanism, for a non-sandboxed
application.
* flatpak-builder now supports running from inside a flatpak, by auto-detecting
this and using the HostCommand service to run recursive flatpaks.
* Consecutive calls to flatpak build-update-repo has been speed up.
* The document portal now allows sandboxed applications to create references
to files in /app and /usr (in the app/runtime).
* The update process noew doesn't stop at the first failure.
Major changes in 0.6.9
======================
* Dropped dependency on libgsystem
* Allow passing partial refs whenever a CLI command takes
an app or runtime name.
* New command build-commit-from creates a new commit based
on the contents of another commit (optionally from another
local repo).
* The sandbox now contains $XDG_RUNTIME_DIR/app/$APPID from the
host (and the directory is created if needed).
* update: Better output, and faster for the no updates case
* build-export: Don't make most validation errors fail, instead
just print a warning.
* builder: Support local path references for git sources
* builder: Better handling of recursive git submodules
* builder: Fixed issues with the .pyc mtime rewriting
* builder: Handle symbolic icons for rename-icon
* builder: Add --stop-at=$module to do partial builds
* builder: Add --sandbox flag to disable the build from escaping
from the sandbox via build-args.
Major changes in 0.6.8
======================
* Requires OSTree 2016.7, allowing us to enable use of static delta
for system downloads again.
* Support --no-desktop which allows you to run a flatpak app outside
a desktop, with some loss of functionality (for example, there
will be no systemd --user scope created for the app)..
* More documentation.
* Memory leak fixes.
* Initial support for rpms as flatpak-builder archive sources.
* Start work on translating the CLI.
* Install systemd config snippet to set the right XDG_DATA_DIRS path.
* Support --arch in flatpak list.
* Support access() in the document portal.
* Validate exported desktop files.
Major changes in 0.6.7
======================
* Automatically download and update related references such
as locales when using the CLI.
* lib: Support for getting related references
* Document metadata format
* Support build using system-installed bwrap
* Allow access to the journal socket in the sandbox
* builder: Support applying patches with git (useful for binary diffs)
* Require ostree 2016.6
Major changes in 0.6.6
======================
* Better support for multi-arch (for instance, will automatically install
i386-only app on x86_64 without user having to specify --arch).
* Support --device=all to access the full host /dev
* More command line support for managing exported documents
* Extended API for the document portal: Lookup, Info, List
* flatpak-builder: Support initializing /var from a runtime
extension.
* Disable static deltas when updating via the system helper to
work around bug in ostree.
Major changes in 0.6.5
======================
* Documentation improvements
* builder: Check that the specified command exists after build is done
* builder: Fix up mtime in headers for python precompiled files
* builder: Allow submodules and including modules from other json files
* system-helper builds are optional (--disable-system-helper)
* system-helper: Support installing from local remotes and bundles
* Improved support for --subpath installs, including libflatpak support
* Improved command line completion
Major changes in 0.6.4
======================
* Fix an issue where flatpak sometimes created empty "repo"
directories in the CWD
Major changes in 0.6.3
======================
* Fix resolv.conf regression in `flatpak build`
* Fix LD_LIBRARY_PATH override support in `flatpak build`
* Support forwarding app permissions in `flatpak-builder --run`
* Flatpak is now smarter about the default branch to use in most operations
* update will not fail on the first error if updating several things
* New much more complete bash completion system
* Faster installations
* Support new keyfile format for remote-add --from=file
Major changes in 0.6.2
======================
* Fixed no-network support regression in setuid mode.
* Fixed creation of root-owned file in home dir when using sudo in some cases
* New --with-privileged-group configure option
Major changes in 0.6.1
======================
* Fixed support for systems without user namespaces (default for Arch) or
unprivileged support for user namespaces (default for Debian).
* Fix memory leak during install/update.
* update: Fix support for --arch.
* Set the right location for the system directory in the environment.
* system-helper: Support updating without deploying (needed for
gnome-software support).
* lib: Fix support for updates
Major changes in 0.6.0
======================
Renamed from xdg-app to Flatpak. Existing repositories should keep
working, and locally user installed apps/runtime will be migrated
automatically. However, there are some things that you have to be
aware of:
* The command names are now flatpak/flatpak-builder
* System-wide installed apps/runtimes need to be reinstalled
* flatpak-builder uses a ".flatpak-builder" subdirectory instead
of ".xdg-app-builder".
* The bus name and interface name for the permission
store is changed, it was in org.freedesktop.XdgApp, but is
now in org.freedesktop.impl.portal.DesktopPortal.
* The installation migration is a one-time operation so you can't
go back to xdg-app after updating.
* The library API (and name) changed due to the rename.
Other changes:
* Flatpak now hard-requires ostree 2016.5
* Switch from using xdg-app-helper to an included version of bubblewrap:
https://github.com/projectatomic/bubblewrap
* Added a policykit-based system helper that allows you to authenticate
via polkit to install into the system repository.
* Added an experimental command to export/import applications and runtimes
as an OCI tarball.
* builder: Fix creation of locale extensions if there was no locale data in the
build.
* It is now possible to disable/enable configured remotes.
* A lot of new tests where added, and we now support installed tests.
* builder now has an optional --arch argument for multiarch building.
* Builder modules can be disabled with "disabled": true.
* Using --filesystem=/tmp now hides the system X11 sockets.
Major changes in 0.5.2
======================
* The way locale extensions work has changed. Now we build a single extension
for all locales, but we allow you to specify a subset of it during installation
and update time using the --subpath commandline flag.
The main reason for this is that the many extensions didn't scale, both in
technical terms (large ostree summary file size), but also in terms of the
UI listing hundreds of uninteresting things.
* We no longer use sizes in the commit objects to get installed and download size,
instead we store some extra metadata in the summary file. This allows us
to get much faster access to these, as with recent ostree versions we can
cache the summary file.
* New command xdg-app build-sign that lets you sign a commit at any time.
* New argument xdg-app build --force-clean that removes pre-existing build dirs.
* xdg-app run now uses the "current" version as the default if you specify no
branch or arch. It used to default to the "master" branch. This will default
to the last installed version, but can be changed with xdg-app make-current.
* Added config-opts to the build-options in xdg-app-builder. This allows you
to extend the configure flags in an arch dependent way.
* Documentation updates
Major changes in 0.5.1
=======================
* Make xdg-app-builder --build-only not export the results
* Create all-in-one Locale extension that combines all the locale extensions
* Extract icons for all appdata nodes when creating appstream
* Documentation updates
* Better handling of metadata in xdg-app-builder cache
* Respect the specified branch when exporting in xdg-app-builder
* Fix support for multi-arch with i386 userspace and 64bit kernel
* Avoid deprecated 32bit capabilities syscalls
Major changes in 0.5.0
=======================
* Some libxdg-app API additions for handling bundles
* Default to /bin/sh as user shell in sandbox
* Fix detection of which apps are in use during uninstall
* New implementation of fuse filesystem for document portal.
It is now cleaner and works on 32bit.
* Honor the noenumerate flag on remotes in CLI and libxdg-app.
* Add change notification for permissions store
* Require signed summaries for gpg-signed remotes
* Fix summary signatures of deltas in xdg-app build-update.
Major changes in 0.4.13
=======================
* Fix misgeneration of appdata xml in some cases
* Various improvements to bundles, and support in libxdgapp
* Add sources to Debug extensions created by xdg-app-builder
* Allow specifying subdirs of xdg-* dirs, for instance:
--filesystem=xdg-download/some-dir
* Add support for --filesystem=xdg-run/subdir which means
XDG_RUNTIME_DIR dir, rather than xdg-user-dirs.
* Add --generate-static-deltas option to build-update-repo.
Major changes in 0.4.12
=======================
* Fix crashes.
* Update exports when removing apps.
* Remove appstream and repo refs when removing a remote.
* Add some build options to make libxdg-app usable inside a sandbox.
* xdg-app-builder builds are now in the .xdg-app-builder/build subdir.
* Make system repo bare-user to avoid creating any setuid binaries.
* Add xdg-app-builder --run operation that runs a command with the
build environment set up.
* Support creating locale extensions with xdg-app-builder.
* Add support for tags to metadata.
* Put runtime info and tags in the appstream data
Major changes in 0.4.11
=======================
* Fix assertion when installing runtime
Major changes in 0.4.10
=======================
* App desktop files and icons were not being exported to the desktop
Major changes in 0.4.9
======================
* Fix crash at end of runtime install.
* xdg-app-builder has a new source type "shell" which lets you run arbitrary
shell commands.
* Allow apps with writable homedir access to modify the xdg-app repos.
* New xdg-app info command gives you status of an installed app or runtime.
* The xdg-app-builder cache now contains the sdk commit id, so that a new
version of the sdk invalidates the cache.
* Fixed a regression in the xdg-app install-app backwards compatibility
handling.
* xdg-app now gives the application access to the deployment path, which can
be used to give host-side services access to app files (such as help
documents).
* build-export no longer exports appstream files, and when generating appstream
files we don't need them to be.
* The default architecture tag used by xdg-app is now made canonical when needed
(i.e. on arm/x86/mips).
Major changes in 0.4.8
======================
* Changed global installation directory to /var/lib/xdg-app (not /var/xdg-app).
* Add support for a dbus filtering on the system bus.
* Choosing user namespaces or setuid is now a runtime option, not build time.
* Fix xml-escaping in the appstream generation.
* Various build fixes.
* Added some more documentation for the library.
* Disable support for running apps on systems without a systemd user session.
* Fix uninitialized memory read in xdg-app-builder during git checkouts.
* Correctly handle disabled git submodules in xdg-app-builder
* Fix hiding of non-exported symbols in libxdgapp
Major changes in 0.4.7
======================
* Enabled build of libxdg-app by default, now the API is stable
enough for e.g. gnome-software to use it.
* Restructured the command line interface to xdg-app, it is now
more streamlined and easy to use. For instance, to install
both apps or runtimes, now use "xdg-app install $name".
The old commands still work, but are deprecated and not
in the docs.
* xdg-app-builder has gotten a bunch of new features that
makes it easier to build apps, and some initial work to
make it possible to create runtimes using it
* build-export now finds and export any app-info installed by
the app, and build-update-repo collects all such exports
into a per-repo branch for appstream and icons.
* The client (and libs) support for locally mirroring the appstream
branch for each remote. This allows use to create graphical appstores
with user-readable information and icons.
* On the client side one can now specify priorities for each
remote.
Major changes in 0.4.6
======================
* Added an initial version of libxdg-app, a highlevel library
intended to be used by user interface frontends to xdg-app.
It is not yet API stable, so it is disabled by default.
Enable with --enable-libxdgapp
* Added xdg-app-builder, a separate tool that makes it easier to build
applications with external dependencies.
* Add support for single-file bundles, which can be a useful way
to distribute apps on e.g. a usb stick. Only works with the
latest version of ostree.
* Always allow apps to talk to the built-in portals
* Support granting read-only access to the filesystem with e.g. --filesystem=host:ro
* Add /run/user/$uid/xdg-app-info file that contains the current permissions of the app
* Add --writable-sdk option to xdg-app build-init
* Add file locking to better handle concurrent xdg-app operations like update and install
* Various fixes
Major changes in 0.4.5
======================
* Support signing commits in build-export
* Correctly handle symlinks in host root when app has host-fs access
* Always regenerate summary after build-export
* Make uninstall a bit more robust
* Install the dbus introspection files
* Add human readable size to build-export report
* Add /dev/ptmx symlink in app
* Fix apps not getting SIGCHILD
* Only expose minimal /etc/[passwd|group] in app
Major changes in 0.4.4
======================
* Fix race condition in fuse fs
* Don't save uid/gid/xattrs in build-export
* run: Handle existing mounts with spaces in them
* propagate xauth cookies to sandbox
Major changes in 0.4.3
======================
* Build with older ostree
* Add --nofilesystem flag to e.g. xdg-app run
* Add xdg-app dump-runtime command
Major changes in 0.4.2.1
======================
* Fix dbus proxy
Major changes in 0.4.2
======================
* Fix build with older versions of glib
* Fix regression in filesystem access configuration
* Make seccomp use optional (for arches without it)
* Add xdg-app enter command to enter a running sandbox
* Fix /var/cache being readonly
* Add /var/data and /var/config shortcuts for per-app data
* Minor fixes to bash completion
Major changes in 0.4.1
======================
* Fixed a parallel build issue
* Fixed a build issue where openat() didn't get a mode passed
* Don't block ptrace and perf in debug and build runs
* Put nvidia drivers in sandbox if DRI allowed
* Support specifying a version for runtime extensions
Major changes in 0.4.0
======================
* A new permissions store was added to the dbus api.
This can be used by portal implementations that want to store
per-app permissions for objects.
* The document portal was added. This is a dbus api
which you can use to create document ids and assign
apps permissions to see these documents. The documents
themselves are accessed via a custom fuse filesystem.
* perf and strace are now blocked via the seccomp filters
* You can now override application metadata on a system
and per-user level, giving apps more or less access
than what they request.
* New command modify-remote added which lets you change
configuration of a remote after it has been added with
add-remote.
* Support for adding trusted gpg keys on a per-remote basis
has been added to add-remote and modify-remote.
* The repo-contents command has been renamed to ls-remote
to better match the other commands.
* The list-remotes command can now show more information
about the remotes.
* The bash completion implementation has been improved.
Major changes in 0.3.6
======================
* Fix a typo in the socket seccomp rules that made ipv6 not work
* Export the users fonts (~/.local/share/fonts or ~/.fonts) in the sandbox
* Fix seccomp rules to work on i386
* Make exposing xdg user dirs work right
Reference in New Issue View Git Blame Copy Permalink