diff --git a/flatpak-enable-collection-ids-for-oci-remotes.patch b/flatpak-enable-collection-ids-for-oci-remotes.patch new file mode 100644 index 0000000..f40a7ad --- /dev/null +++ b/flatpak-enable-collection-ids-for-oci-remotes.patch @@ -0,0 +1,53 @@ +From 5c84fa21cc590811936d36dd8b122025a4340f85 Mon Sep 17 00:00:00 2001 +From: "Owen W. Taylor" +Date: Wed, 30 Oct 2024 14:27:44 -0400 +Subject: [PATCH] Enable collection IDs for OCI remotes + +We want to use collection IDs to specify what remote to install from +when processing /etc/flatpak/preinstall.d; in order for this to work +for OCI remotes, we need to permit collection IDs. + + - In flatpakrepo files, don't require a GPGKey for a OCI remote + with a collection - we don't have signature verification for GPG remotes. + - Don't validate that the collection ID appears in the summary - + the image index doesn't currently contain an image ID +--- + common/flatpak-dir.c | 6 +++++- + common/flatpak-repo-utils.c | 5 ++++- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c +index 6936d45f89..b0937eaa65 100644 +--- a/common/flatpak-dir.c ++++ b/common/flatpak-dir.c +@@ -12995,9 +12995,13 @@ _flatpak_dir_get_remote_state (FlatpakDir *self, + return NULL; + } + ++ /* For OCI remotes, the collection ID is local configuration only: ++ * In the future we could add it to the index format. ++ */ + if (state->collection_id != NULL && + state->summary != NULL && +- !_validate_summary_for_collection_id (state->summary, state->collection_id, error)) ++ !(flatpak_dir_get_remote_oci (self, state->remote_name) || ++ _validate_summary_for_collection_id (state->summary, state->collection_id, error))) + return NULL; + + if (flatpak_dir_get_remote_oci (self, remote_or_uri)) +diff --git a/common/flatpak-repo-utils.c b/common/flatpak-repo-utils.c +index 63dc9981e7..52508d2df1 100644 +--- a/common/flatpak-repo-utils.c ++++ b/common/flatpak-repo-utils.c +@@ -2929,7 +2929,10 @@ flatpak_parse_repofile (const char *remote_name, + FLATPAK_REPO_COLLECTION_ID_KEY); + if (collection_id != NULL) + { +- if (gpg_key == NULL) ++ /* We don't support signatures for OCI remotes, but Collection ID's are ++ * still useful for preinstallation. ++ */ ++ if (gpg_key == NULL && !g_str_has_prefix (uri, "oci+")) + { + flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _("Collection ID requires GPG key to be provided")); + return NULL; diff --git a/flatpak.spec b/flatpak.spec index ead7354..7c458de 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -12,7 +12,7 @@ Name: flatpak Version: 1.16.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Application deployment framework for desktop apps License: LGPL-2.1-or-later @@ -40,6 +40,9 @@ Patch2: flatpak-support-sideload-repositories-for-oci-remotes.patch # Add support for preinstalling flatpaks # https://github.com/flatpak/flatpak/pull/5832 Patch3: flatpak-add-support-for-preinstalling-flatpaks.patch +# Enable collection IDs for OCI remotes +# https://github.com/flatpak/flatpak/pull/6083 +Patch4: flatpak-enable-collection-ids-for-oci-remotes.patch # ostree not on i686 for RHEL 10 # https://github.com/containers/composefs/pull/229#issuecomment-1838735764 @@ -309,6 +312,10 @@ fi %changelog +* Fri Jan 17 2025 Jan Grulich - 1.16.0-3 +- Backport: Enable collection IDs for OCI remotes + Resolves: RHEL-72779 + * Fri Jan 17 2025 Jan Grulich - 1.16.0-2 - Rebase backported upstream patches to updated versions Resolves: RHEL-26066