rpms/flatpak
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import flatpak-1.4.3-2.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 15:53:44 -05:00 committed by Stepan Oksanichenko
parent cb023e96c4
commit 52f2ec615b
7 changed files with 136 additions and 461 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.flatpak.metadata
View File

@ -1 +1 @@
d2ebda16446fbd28d78d2f7df5ccb77c34f2874c SOURCES/flatpak-1.0.6.tar.xz
9efde3d86f706e2bed43cb6bcd7177126388e544 SOURCES/flatpak-1.4.3.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/flatpak-1.0.6.tar.xz
SOURCES/flatpak-1.4.3.tar.xz

26
SOURCES/0001-ref-Fix-a-memory-leak.patch Normal file
View File

@ -0,0 +1,26 @@
From 18a16227556ad0aa24f9b8c759d571fcc5cdb728 Mon Sep 17 00:00:00 2001
From: Kalev Lember <klember@redhat.com>
Date: Fri, 14 Jun 2019 12:30:57 +0200
Subject: [PATCH] ref: Fix a memory leak
Closes: #2964
Approved by: mwleeds
---
common/flatpak-ref.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/common/flatpak-ref.c b/common/flatpak-ref.c
index 38554e97..6dacb19c 100644
--- a/common/flatpak-ref.c
+++ b/common/flatpak-ref.c
@@ -82,6 +82,7 @@ flatpak_ref_finalize (GObject *object)
g_free (priv->arch);
g_free (priv->branch);
g_free (priv->commit);
+ g_free (priv->collection_id);
G_OBJECT_CLASS (flatpak_ref_parent_class)->finalize (object);
}
--
2.21.0

346
SOURCES/flatpak-1.0.4-oci-fixes.patch
View File

@ -1,346 +0,0 @@
From 3f5235e925ba6555cd9c639684660356867c952f Mon Sep 17 00:00:00 2001
From: "Owen W. Taylor" <otaylor@fishsoup.net>
Date: Fri, 30 Nov 2018 16:11:06 -0500
Subject: [PATCH 1/3] flatpak_cache_http_uri: save downloaded files with
permission 0644
Previously, downloaded files were being saved with 0600 permissions,
which prevented OCI icons downloaded by the system helper at appstream
creation time from being read by users.
Closes: #2362
Approved by: matthiasclasen
---
common/flatpak-utils-http.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/common/flatpak-utils-http.c b/common/flatpak-utils-http.c
index 53074162..997c9db8 100644
--- a/common/flatpak-utils-http.c
+++ b/common/flatpak-utils-http.c
@@ -645,6 +645,9 @@ sync_and_rename_tmpfile (GLnxTmpfile *tmpfile,
if (fdatasync (tmpfile->fd) != 0)
return glnx_throw_errno_prefix (error, "fdatasync");
+ if (fchmod (tmpfile->fd, 0644) != 0)
+ return glnx_throw_errno_prefix (error, "fchmod");
+
if (!glnx_link_tmpfile_at (tmpfile,
GLNX_LINK_TMPFILE_REPLACE,
tmpfile->src_dfd, dest_name, error))
--
2.19.2
From 3263827dbbd4d84919899e91ca066d2d3cf338bc Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 30 Nov 2018 10:30:20 +0100
Subject: [PATCH 2/3] OCI: Use system helper to generate summary for OCI
remotes
The OCI support relies on downloading a json index and converting it
to a ostree-style summary, which we the use in all sorts of operations
in the client code. Currently this happens in the user code, which means
that it will fail (due to permissions) in the system installation case.
We could do the conversion as the user, but when eventually installing
something the system-helper will anyway do this download and
conversion, so that would only double the work and risk things going out
of sync. Also, the OCI index is not gpg signed, so we can't realy on
downloads done as the user.
So, the solution done here is to add a GenerateOciSummary
system-helper call which we use instead of directly generating the
oci summary.
This fixes https://github.com/flatpak/flatpak/issues/2350
Closes: #2363
Approved by: matthiasclasen
---
common/flatpak-dir-private.h | 5 ++
common/flatpak-dir.c | 94 +++++++++++++++++++--------
data/org.freedesktop.Flatpak.xml | 5 ++
system-helper/flatpak-system-helper.c | 52 ++++++++++++++-
4 files changed, 129 insertions(+), 27 deletions(-)
diff --git a/common/flatpak-dir-private.h b/common/flatpak-dir-private.h
index 64a72758..f6126056 100644
--- a/common/flatpak-dir-private.h
+++ b/common/flatpak-dir-private.h
@@ -718,6 +718,11 @@ FlatpakRemoteState * flatpak_dir_get_remote_state_for_summary (FlatpakDir *sel
GBytes *opt_summary_sig,
GCancellable *cancellable,
GError **error);
+gboolean flatpak_dir_remote_make_oci_summary (FlatpakDir *self,
+ const char *remote,
+ GBytes **out_summary,
+ GCancellable *cancellable,
+ GError **error);
FlatpakRemoteState * flatpak_dir_get_remote_state_optional (FlatpakDir *self,
const char *remote,
GCancellable *cancellable,
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 828945ca..7853b74a 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -1385,6 +1385,22 @@ flatpak_dir_system_helper_call_update_summary (FlatpakDir *self,
return ret != NULL;
}
+static gboolean
+flatpak_dir_system_helper_call_generate_oci_summary (FlatpakDir *self,
+ const gchar *arg_origin,
+ const gchar *arg_installation,
+ GCancellable *cancellable,
+ GError **error)
+{
+ g_autoptr(GVariant) ret =
+ flatpak_dir_system_helper_call (self, "GenerateOciSummary",
+ g_variant_new ("(ss)",
+ arg_origin,
+ arg_installation),
+ cancellable, error);
+ return ret != NULL;
+}
+
static OstreeRepo *
system_ostree_repo_new (GFile *repodir)
{
@@ -9088,7 +9104,7 @@ flatpak_dir_cache_summary (FlatpakDir *self,
G_UNLOCK (cache);
}
-static gboolean
+gboolean
flatpak_dir_remote_make_oci_summary (FlatpakDir *self,
const char *remote,
GBytes **out_summary,
@@ -9103,42 +9119,68 @@ flatpak_dir_remote_make_oci_summary (FlatpakDir *self,
g_autoptr(GError) local_error = NULL;
g_autoptr(GMappedFile) mfile = NULL;
g_autoptr(GBytes) cache_bytes = NULL;
+ g_autoptr(GBytes) summary_bytes = NULL;
- self_name = flatpak_dir_get_name (self);
-
- index_cache = flatpak_dir_update_oci_index (self, remote, &index_uri, cancellable, error);
- if (index_cache == NULL)
- return FALSE;
+ if (flatpak_dir_use_system_helper (self, NULL))
+ {
+ const char *installation = flatpak_dir_get_id (self);
- summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error);
- if (summary_cache == NULL)
- return FALSE;
+ if (!flatpak_dir_system_helper_call_generate_oci_summary (self, remote,
+ installation ? installation : "",
+ cancellable, error))
+ return FALSE;
- if (check_destination_mtime (index_cache, summary_cache, cancellable))
+ summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error);
+ if (summary_cache == NULL)
+ return FALSE;
+ }
+ else
{
- mfile = g_mapped_file_new (flatpak_file_get_path_cached (summary_cache), FALSE, NULL);
- if (mfile)
+ self_name = flatpak_dir_get_name (self);
+
+ index_cache = flatpak_dir_update_oci_index (self, remote, &index_uri, cancellable, error);
+ if (index_cache == NULL)
+ return FALSE;
+
+ summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error);
+ if (summary_cache == NULL)
+ return FALSE;
+
+ if (!check_destination_mtime (index_cache, summary_cache, cancellable))
{
- cache_bytes = g_mapped_file_get_bytes (mfile);
- *out_summary = g_steal_pointer (&cache_bytes);
+ summary = flatpak_oci_index_make_summary (index_cache, index_uri, cancellable, &local_error);
+ if (summary == NULL)
+ {
+ g_propagate_error (error, g_steal_pointer (&local_error));
+ return FALSE;
+ }
+
+ summary_bytes = g_variant_get_data_as_bytes (summary);
+
+ if (!g_file_replace_contents (summary_cache,
+ g_bytes_get_data (summary_bytes, NULL),
+ g_bytes_get_size (summary_bytes),
+ NULL, FALSE, 0, NULL, cancellable, error))
+ {
+ g_prefix_error (error, _("Failed to write summary cache: "));
+ return FALSE;
+ }
+
+ if (out_summary)
+ *out_summary = g_steal_pointer (&summary_bytes);
return TRUE;
}
}
- summary = flatpak_oci_index_make_summary (index_cache, index_uri, cancellable, &local_error);
- if (summary == NULL)
+ if (out_summary)
{
- g_propagate_error (error, g_steal_pointer (&local_error));
- return FALSE;
- }
-
- *out_summary = g_variant_get_data_as_bytes (summary);
+ mfile = g_mapped_file_new (flatpak_file_get_path_cached (summary_cache), FALSE, error);
+ if (mfile == NULL)
+ return FALSE;
- if (!g_file_replace_contents (summary_cache,
- g_bytes_get_data (*out_summary, NULL),
- g_bytes_get_size (*out_summary),
- NULL, FALSE, 0, NULL, cancellable, NULL))
- g_warning ("Failed to write summary cache");
+ cache_bytes = g_mapped_file_get_bytes (mfile);
+ *out_summary = g_steal_pointer (&cache_bytes);
+ }
return TRUE;
}
diff --git a/data/org.freedesktop.Flatpak.xml b/data/org.freedesktop.Flatpak.xml
index 25dc8a02..8b1606c6 100644
--- a/data/org.freedesktop.Flatpak.xml
+++ b/data/org.freedesktop.Flatpak.xml
@@ -144,6 +144,11 @@
<arg type='s' name='installation' direction='in'/>
</method>
+ <method name="GenerateOciSummary">
+ <arg type='s' name='origin' direction='in'/>
+ <arg type='s' name='installation' direction='in'/>
+ </method>
+
</interface>
</node>
diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c
index ce647b6e..29a2d3e1 100644
--- a/system-helper/flatpak-system-helper.c
+++ b/system-helper/flatpak-system-helper.c
@@ -1122,6 +1122,54 @@ handle_update_summary (FlatpakSystemHelper *object,
return TRUE;
}
+static gboolean
+handle_generate_oci_summary (FlatpakSystemHelper *object,
+ GDBusMethodInvocation *invocation,
+ const gchar *arg_origin,
+ const gchar *arg_installation)
+{
+ g_autoptr(FlatpakDir) system = NULL;
+ g_autoptr(GError) error = NULL;
+ gboolean is_oci;
+
+ g_debug ("GenerateOciSummary %s %s", arg_origin, arg_installation);
+
+ system = dir_get_system (arg_installation, &error);
+ if (system == NULL)
+ {
+ g_dbus_method_invocation_return_gerror (invocation, error);
+ return TRUE;
+ }
+
+ if (!flatpak_dir_ensure_repo (system, NULL, &error))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
+ "Can't open system repo %s", error->message);
+ return TRUE;
+ }
+
+ is_oci = flatpak_dir_get_remote_oci (system, arg_origin);
+ if (!is_oci)
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+ "%s is not a OCI remote", arg_origin);
+ return TRUE;
+ }
+
+ if (!flatpak_dir_remote_make_oci_summary (system, arg_origin, NULL, NULL, &error))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
+ "Failed to update OCI summary: %s", error->message);
+ return TRUE;
+ }
+
+
+ flatpak_system_helper_complete_generate_oci_summary (object, invocation);
+
+ return TRUE;
+}
+
+
static gboolean
flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface,
GDBusMethodInvocation *invocation,
@@ -1250,7 +1298,8 @@ flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface,
g_strcmp0 (method_name, "PruneLocalRepo") == 0 ||
g_strcmp0 (method_name, "EnsureRepo") == 0 ||
g_strcmp0 (method_name, "RunTriggers") == 0 ||
- g_strcmp0 (method_name, "UpdateSummary") == 0)
+ g_strcmp0 (method_name, "UpdateSummary") == 0 ||
+ g_strcmp0 (method_name, "GenerateOciSummary") == 0)
{
const char *remote;
@@ -1321,6 +1370,7 @@ on_bus_acquired (GDBusConnection *connection,
g_signal_connect (helper, "handle-ensure-repo", G_CALLBACK (handle_ensure_repo), NULL);
g_signal_connect (helper, "handle-run-triggers", G_CALLBACK (handle_run_triggers), NULL);
g_signal_connect (helper, "handle-update-summary", G_CALLBACK (handle_update_summary), NULL);
+ g_signal_connect (helper, "handle-generate-oci-summary", G_CALLBACK (handle_generate_oci_summary), NULL);
g_signal_connect (helper, "g-authorize-method",
G_CALLBACK (flatpak_authorize_method_handler),
--
2.19.2
From b7f1d5118fc4e1df472f7108472f122e279fe2b9 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Fri, 7 Dec 2018 14:39:06 -0500
Subject: [PATCH 3/3] Fix oci pull progress reporting
Comparing the code in flatpak-utils.c:progress_cb,
we need to set bytes-transferred for the total amount
of data that has been transferred so far. The value
we were setting so far, fetched-delta-part-size, refers
to the size of the objects we already have locally, and
is subtracted from the total, which explains oci progress
running backwards.
Closes: #2392
Closes: #2400
Approved by: matthiasclasen
---
common/flatpak-dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 7853b74a..51cd1e66 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -4154,7 +4154,7 @@ oci_pull_progress_cb (guint64 total_size, guint64 pulled_size,
"total-delta-parts", "u", n_layers,
"fetched-delta-fallbacks", "u", 0,
"total-delta-fallbacks", "u", 0,
- "fetched-delta-part-size", "t", pulled_size,
+ "bytes-transferred", "t", pulled_size,
"total-delta-part-size", "t", total_size,
"total-delta-part-usize", "t", total_size,
"total-delta-superblocks", "u", 0,
--
2.19.2

29
SOURCES/flatpak-1.0.6-CVE-2019-10063.patch
View File

@ -1,29 +0,0 @@
From 77f076712949c13b9bcecc02d043cbd6de6e291e Mon Sep 17 00:00:00 2001
From: Ryan Gonzalez <rymg19@gmail.com>
Date: Mon, 25 Mar 2019 13:00:15 -0500
Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
Closes #2782.
Closes: #2783
Approved by: alexlarsson
---
common/flatpak-run.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 90b435fe..d1acd9f2 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2147,7 +2147,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
- {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
+ {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
};
struct
--
2.21.0

65
SOURCES/flatpak-1.0.6-CVE-2019-5736.patch
View File

@ -1,65 +0,0 @@
From 9cb5f1e465cf5a3e643caf7159e89530ae867be2 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Sun, 10 Feb 2019 18:23:44 +0100
Subject: [PATCH] Don't expose /proc when running apply_extra
As shown by CVE-2019-5736, it is sometimes possible for the sandbox
app to access outside files using /proc/self/exe. This is not
typically an issue for flatpak as the sandbox runs as the user which
has no permissions to e.g. modify the host files.
However, when installing apps using extra-data into the system repo
we *do* actually run a sandbox as root. So, in this case we disable mounting
/proc in the sandbox, which will neuter attacks like this.
(cherry picked from commit 468858c1cbcdbcb27266deb5c7347b37adf3a9e4)
---
common/flatpak-common-types-private.h | 1 +
common/flatpak-dir.c | 2 +-
common/flatpak-run.c | 6 +++++-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/common/flatpak-common-types-private.h b/common/flatpak-common-types-private.h
index e361777e1..b8f76b9c4 100644
--- a/common/flatpak-common-types-private.h
+++ b/common/flatpak-common-types-private.h
@@ -45,6 +45,7 @@ typedef enum {
FLATPAK_RUN_FLAG_NO_DOCUMENTS_PORTAL = (1 << 15),
FLATPAK_RUN_FLAG_BLUETOOTH = (1 << 16),
FLATPAK_RUN_FLAG_CANBUS = (1 << 17),
+ FLATPAK_RUN_FLAG_NO_PROC = (1 << 19),
} FlatpakRunFlags;
typedef struct FlatpakDir FlatpakDir;
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 0809a42be..7d44cfb4f 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -6507,7 +6507,7 @@ apply_extra_data (FlatpakDir *self,
NULL);
if (!flatpak_run_setup_base_argv (bwrap, runtime_files, NULL, runtime_ref_parts[2],
- FLATPAK_RUN_FLAG_NO_SESSION_HELPER,
+ FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_NO_PROC,
error))
return FALSE;
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index e8e55262e..ab167c00d 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2373,9 +2373,13 @@ flatpak_run_setup_base_argv (FlatpakBwrap *bwrap,
"# Disable user pkcs11 config, because the host modules don't work in the runtime\n"
"user-config: none\n";
+ if ((flags & FLATPAK_RUN_FLAG_NO_PROC) == 0)
+ flatpak_bwrap_add_args (bwrap,
+ "--proc", "/proc",
+ NULL);
+
flatpak_bwrap_add_args (bwrap,
"--unshare-pid",
- "--proc", "/proc",
"--dir", "/tmp",
"--dir", "/var/tmp",
"--dir", "/run/host",

127
SPECS/flatpak.spec
View File

@ -1,31 +1,32 @@
%global bubblewrap_version 0.2.1
%global ostree_version 2018.7
%global ostree_version 2018.9
Name: flatpak
Version: 1.0.6
Release: 4%{?dist}
Version: 1.4.3
Release: 2%{?dist}
Summary: Application deployment framework for desktop apps
License: LGPLv2+
URL: http://flatpak.org/
Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
# https://bugzilla.redhat.com/show_bug.cgi?id=1657306
Patch0: flatpak-1.0.4-oci-fixes.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1675776
Patch1: flatpak-1.0.6-CVE-2019-5736.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1700654
Patch2: flatpak-1.0.6-CVE-2019-10063.patch
# Backported from upstream
Patch0: 0001-ref-Fix-a-memory-leak.patch
BuildRequires: pkgconfig(appstream-glib)
BuildRequires: pkgconfig(dconf)
BuildRequires: pkgconfig(fuse)
BuildRequires: pkgconfig(gdk-pixbuf-2.0)
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0
BuildRequires: pkgconfig(json-glib-1.0)
BuildRequires: pkgconfig(libarchive) >= 2.8.0
BuildRequires: pkgconfig(libseccomp)
BuildRequires: pkgconfig(libsoup-2.4)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(libxml-2.0) >= 2.4
BuildRequires: pkgconfig(ostree-1) >= %{ostree_version}
BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(libseccomp)
BuildRequires: pkgconfig(xau)
BuildRequires: bison
BuildRequires: bubblewrap >= %{bubblewrap_version}
@ -38,8 +39,14 @@ BuildRequires: systemd
BuildRequires: /usr/bin/xmlto
BuildRequires: /usr/bin/xsltproc
%{?systemd_requires}
Requires: bubblewrap >= %{bubblewrap_version}
Requires: librsvg2%{?_isa}
Requires: ostree-libs%{?_isa} >= %{ostree_version}
# https://fedoraproject.org/wiki/SELinux/IndependentPolicy
Requires: (flatpak-selinux = %{?epoch:%{epoch}:}%{version}-%{release} if selinux-policy-targeted)
Requires: %{name}-session-helper%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Recommends: p11-kit-server
# Make sure the document portal is installed
@ -70,20 +77,63 @@ Summary: Libraries for %{name}
License: LGPLv2+
Requires: bubblewrap >= %{bubblewrap_version}
Requires: ostree%{?_isa} >= %{ostree_version}
Requires(pre): /usr/sbin/useradd
%description libs
This package contains libflatpak.
%package selinux
Summary: SELinux policy module for %{name}
License: LGPLv2+
BuildRequires: selinux-policy
BuildRequires: selinux-policy-devel
BuildArch: noarch
%{?selinux_requires}
%description selinux
This package contains the SELinux policy module for %{name}.
%package session-helper
Summary: User D-Bus service used by %{name} and others
License: LGPLv2+
Conflicts: flatpak < 1.4.1-2
Requires: systemd
%description session-helper
This package contains the org.freedesktop.Flatpak user D-Bus service
that's used by %{name} and other packages.
%package tests
Summary: Tests for %{name}
License: LGPLv2+
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: bubblewrap >= %{bubblewrap_version}
Requires: ostree%{?_isa} >= %{ostree_version}
%description tests
This package contains installed tests for %{name}.
%prep
%autosetup -p1
%build
# Fix generic python shebangs.
find tests -name '*.py' -exec \
sed -i -e 's|/usr/bin/python|/usr/bin/python3|' {} +
(if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; CONFIGFLAGS=--enable-gtk-doc; fi;
# User namespace support is sufficient.
%configure --with-priv-mode=none \
--with-system-bubblewrap --enable-docbook-docs $CONFIGFLAGS)
# Generate consistent IDs between runs to avoid multilib problems.
export XMLTO_FLAGS="--stringparam generate.consistent.ids=1"
%configure \
--enable-docbook-docs \
--enable-installed-tests \
--enable-selinux-module \
--with-priv-mode=none \
--with-system-bubblewrap \
$CONFIGFLAGS)
%make_build V=1
@ -97,11 +147,29 @@ rm -f %{buildroot}%{_libdir}/libflatpak.la
%find_lang %{name}
%pre
getent group flatpak >/dev/null || groupadd -r flatpak
getent passwd flatpak >/dev/null || \
useradd -r -g flatpak -d / -s /sbin/nologin \
-c "User for flatpak system helper" flatpak
exit 0
%post
# Create an (empty) system-wide repo.
flatpak remote-list --system &> /dev/null || :
%post selinux
%selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
fi
%ldconfig_scriptlets libs
@ -114,9 +182,7 @@ flatpak remote-list --system &> /dev/null || :
%{_bindir}/flatpak-bisect
%{_bindir}/flatpak-coredumpctl
%{_datadir}/bash-completion
%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml
%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml
%{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service
%{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service
%{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service
# Co-own directory.
@ -127,8 +193,9 @@ flatpak remote-list --system &> /dev/null || :
%{_datadir}/zsh/site-functions
%{_libexecdir}/flatpak-dbus-proxy
%{_libexecdir}/flatpak-portal
%{_libexecdir}/flatpak-session-helper
%{_libexecdir}/flatpak-system-helper
%{_libexecdir}/flatpak-validate-icon
%{_libexecdir}/revokefs-fuse
%dir %{_localstatedir}/lib/flatpak
%{_mandir}/man1/%{name}*.1*
%{_mandir}/man5/%{name}-metadata.5*
@ -141,9 +208,7 @@ flatpak remote-list --system &> /dev/null || :
%{_sysconfdir}/profile.d/flatpak.sh
%{_unitdir}/flatpak-system-helper.service
%{_userunitdir}/flatpak-portal.service
%{_userunitdir}/flatpak-session-helper.service
# Co-own directory.
%{_userunitdir}/dbus.service.d
%{_systemd_user_env_generator_dir}/60-flatpak
%files devel
%{_datadir}/gir-1.0/Flatpak-1.0.gir
@ -157,8 +222,32 @@ flatpak remote-list --system &> /dev/null || :
%{_libdir}/girepository-1.0/Flatpak-1.0.typelib
%{_libdir}/libflatpak.so.*
%files selinux
%{_datadir}/selinux/packages/flatpak.pp.bz2
%{_datadir}/selinux/devel/include/contrib/flatpak.if
%files session-helper
%license COPYING
%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml
%{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service
%{_libexecdir}/flatpak-session-helper
%{_userunitdir}/flatpak-session-helper.service
%files tests
%{_datadir}/installed-tests
%{_libexecdir}/installed-tests
%changelog
* Fri Nov 08 2019 David King <dking@redhat.com> - 1.4.3-2
- Use %%{?selinux_requires} for proper install ordering
* Tue Oct 08 2019 David King <dking@redhat.com> - 1.4.3-1
- Rebase to 1.4.3 (#1748276)
* Fri Sep 20 2019 Kalev Lember <klember@redhat.com> - 1.0.9-1
- Update to 1.0.9 (#1753613)
* Tue May 14 2019 David King <dking@redhat.com> - 1.0.6-4
- Bump release (#1700654)