commit a5b04029d849aa3863022a96ea6b5acda3b2f20e Author: CentOS Sources Date: Tue Jul 21 10:14:29 2020 -0400 import flatpak-1.6.2-3.el8_2 diff --git a/.flatpak.metadata b/.flatpak.metadata new file mode 100644 index 0000000..3007110 --- /dev/null +++ b/.flatpak.metadata @@ -0,0 +1 @@ +6763d41ca91cb2547456c16ca5f7d53c95d89a14 SOURCES/flatpak-1.6.2.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4568fda --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/flatpak-1.6.2.tar.xz diff --git a/SOURCES/flatpak-1.6.2-oci-fixes.patch b/SOURCES/flatpak-1.6.2-oci-fixes.patch new file mode 100644 index 0000000..c2c6550 --- /dev/null +++ b/SOURCES/flatpak-1.6.2-oci-fixes.patch @@ -0,0 +1,161 @@ +diff -urN flatpak-1.6.2/common/flatpak-oci-registry.c flatpak-1.6.2.new/common/flatpak-oci-registry.c +--- flatpak-1.6.2/common/flatpak-oci-registry.c 2019-12-20 09:52:17.000000000 +0000 ++++ flatpak-1.6.2.new/common/flatpak-oci-registry.c 2020-03-20 12:01:39.923000000 +0000 +@@ -901,6 +901,7 @@ + + static char * + get_token_for_www_auth (FlatpakOciRegistry *self, ++ const char *repository, + const char *www_authenticate, + const char *auth, + GCancellable *cancellable, +@@ -911,6 +912,7 @@ + g_autoptr(GHashTable) params = NULL; + g_autoptr(GHashTable) args = NULL; + const char *realm, *service, *scope, *token; ++ g_autofree char *default_scope = NULL; + g_autoptr(SoupURI) auth_uri = NULL; + g_autoptr(GBytes) body = NULL; + g_autoptr(JsonNode) json = NULL; +@@ -941,16 +943,21 @@ + service = g_hash_table_lookup (params, "service"); + if (service) + g_hash_table_insert (args, "service", (char *)service); ++ + scope = g_hash_table_lookup (params, "scope"); +- if (scope) +- g_hash_table_insert (args, "scope", (char *)scope); ++ if (scope == NULL) ++ scope = default_scope = g_strdup_printf("repository:%s:pull", repository); ++ g_hash_table_insert (args, "scope", (char *)scope); + + soup_uri_set_query_from_form (auth_uri, args); + + auth_msg = soup_message_new_from_uri ("GET", auth_uri); + +- g_autofree char *basic_auth = g_strdup_printf ("Basic %s", auth); +- soup_message_headers_replace (auth_msg->request_headers, "Authorization", basic_auth); ++ if (auth) ++ { ++ g_autofree char *basic_auth = g_strdup_printf ("Basic %s", auth); ++ soup_message_headers_replace (auth_msg->request_headers, "Authorization", basic_auth); ++ } + + auth_stream = soup_session_send (self->soup_session, auth_msg, NULL, error); + if (auth_stream == NULL) +@@ -1030,7 +1037,7 @@ + return NULL; + } + +- token = get_token_for_www_auth (self, www_authenticate, basic_auth, cancellable, error); ++ token = get_token_for_www_auth (self, repository, www_authenticate, basic_auth, cancellable, error); + if (token == NULL) + return NULL; + +diff -urN flatpak-1.6.2/oci-authenticator/flatpak-oci-authenticator.c flatpak-1.6.2.new/oci-authenticator/flatpak-oci-authenticator.c +--- flatpak-1.6.2/oci-authenticator/flatpak-oci-authenticator.c 2019-12-19 09:33:40.000000000 +0000 ++++ flatpak-1.6.2.new/oci-authenticator/flatpak-oci-authenticator.c 2020-03-20 12:01:39.936000000 +0000 +@@ -428,10 +428,12 @@ + g_autoptr(GError) error = NULL; + g_autoptr(AutoFlatpakAuthenticatorRequest) request = NULL; + const char *auth = NULL; ++ gboolean have_auth; + const char *oci_registry_uri = NULL; + gsize n_refs, i; + gboolean no_interaction = FALSE; + g_autoptr(FlatpakOciRegistry) registry = NULL; ++ g_autofree char *first_token = NULL; + GVariantBuilder tokens; + GVariantBuilder results; + g_autofree char *sender = g_strdup (g_dbus_method_invocation_get_sender (invocation)); +@@ -439,6 +441,7 @@ + g_debug ("handling Authenticator.RequestRefTokens"); + + g_variant_lookup (arg_authenticator_options, "auth", "&s", &auth); ++ have_auth = auth != NULL; + + if (!g_variant_lookup (arg_options, "xa.oci-registry-uri", "&s", &oci_registry_uri)) + { +@@ -476,18 +479,33 @@ + return error_request (request, sender, error->message); + + +- if (auth == NULL) ++ /* Look up credentials in config files */ ++ if (!have_auth) + { + g_debug ("Looking for %s in auth info", oci_registry_uri); + auth = lookup_auth_from_config (oci_registry_uri); ++ have_auth = auth != NULL; + } + ++ /* Try to see if we can get a token without presenting credentials */ + n_refs = g_variant_n_children (arg_refs); +- if (auth == NULL && n_refs > 0 && ++ if (!have_auth && n_refs > 0) ++ { ++ g_autoptr(GVariant) ref_data = g_variant_get_child_value (arg_refs, 0); ++ ++ first_token = get_token_for_ref (registry, ref_data, NULL, &error); ++ if (first_token != NULL) ++ have_auth = TRUE; ++ else ++ g_clear_error (&error); ++ } ++ ++ /* Prompt the user for credentials */ ++ n_refs = g_variant_n_children (arg_refs); ++ if (!have_auth && n_refs > 0 && + !no_interaction) + { + g_autoptr(GVariant) ref_data = g_variant_get_child_value (arg_refs, 0); +- g_autofree char *token = NULL; + + while (auth == NULL) + { +@@ -498,13 +516,21 @@ + if (test_auth == NULL) + return cancel_request (request, sender); + +- token = get_token_for_ref (registry, ref_data, test_auth, &error); +- if (token != NULL) +- auth = g_steal_pointer (&test_auth); ++ first_token = get_token_for_ref (registry, ref_data, test_auth, &error); ++ if (first_token != NULL) ++ { ++ auth = g_steal_pointer (&test_auth); ++ have_auth = TRUE; ++ } ++ else ++ { ++ g_debug ("Failed to get token: %s", error->message); ++ g_clear_error (&error); ++ } + } + } + +- if (auth == NULL) ++ if (!have_auth) + return error_request (request, sender, "No authentication information available"); + + g_variant_builder_init (&tokens, G_VARIANT_TYPE ("a{sas}")); +@@ -515,9 +541,16 @@ + char *for_refs_strv[2] = { NULL, NULL}; + g_autofree char *token = NULL; + +- token = get_token_for_ref (registry, ref_data, auth, &error); +- if (token == NULL) +- return error_request (request, sender, error->message); ++ if (i == 0 && first_token != NULL) ++ { ++ token = g_steal_pointer (&first_token); ++ } ++ else ++ { ++ token = get_token_for_ref (registry, ref_data, auth, &error); ++ if (token == NULL) ++ return error_request (request, sender, error->message); ++ } + + g_variant_get_child (ref_data, 0, "&s", &for_refs_strv[0]); + g_variant_builder_add (&tokens, "{s^as}", token, for_refs_strv); diff --git a/SOURCES/flatpak-1.6.2-oci-fixes2.patch b/SOURCES/flatpak-1.6.2-oci-fixes2.patch new file mode 100644 index 0000000..fe91e75 --- /dev/null +++ b/SOURCES/flatpak-1.6.2-oci-fixes2.patch @@ -0,0 +1,322 @@ +From 1b9a64e943e2233e009e01a08191b4c17580b3f6 Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Mon, 4 May 2020 13:00:35 +0200 +Subject: [PATCH 1/7] oci authenticator: Accept the right docker manifest when + authenticating + +Without this I got for the fedora registry: + +``` +getting token for https://registry.fedoraproject.org/v2/f32/flatpak-runtime/manifests/sha256:bd83b4f6974094848efac22b933419c1dbe11b553def148a82f821faf595de8a +F: Anonymous authentication failed: Unexpected response status 404 from repo +``` + +(cherry picked from commit 1ee132e70e5d0cb5fa0e022c2271f76bcfd03054) +--- + common/flatpak-oci-registry.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/common/flatpak-oci-registry.c b/common/flatpak-oci-registry.c +index 2505771ee..ae363bc1a 100644 +--- a/common/flatpak-oci-registry.c ++++ b/common/flatpak-oci-registry.c +@@ -1015,6 +1015,9 @@ flatpak_oci_registry_get_token (FlatpakOciRegistry *self, + + msg = soup_message_new_from_uri ("HEAD", uri); + ++ soup_message_headers_replace (msg->request_headers, "Accept", ++ FLATPAK_OCI_MEDIA_TYPE_IMAGE_MANIFEST ", " FLATPAK_DOCKER_MEDIA_TYPE_IMAGE_MANIFEST2); ++ + stream = soup_session_send (self->soup_session, msg, NULL, error); + if (stream == NULL) + return NULL; + +From 0d4deebbd5855ceef1cdb5bac3d5c6fb630dc29e Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Mon, 4 May 2020 12:35:16 +0200 +Subject: [PATCH 2/7] By default, always try to auth to OCI remotes + +This makes for instance docker hub work. + +(cherry picked from commit fdfcae7a91e3af207c4acec918276511f112cafe) +--- + common/flatpak-auth.c | 4 ++++ + common/flatpak-dir.c | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/common/flatpak-auth.c b/common/flatpak-auth.c +index 9d0f689fc..9e45da41e 100644 +--- a/common/flatpak-auth.c ++++ b/common/flatpak-auth.c +@@ -49,6 +49,10 @@ flatpak_auth_new_for_remote (FlatpakDir *dir, + if (!ostree_repo_get_remote_option (repo, remote, FLATPAK_REMOTE_CONFIG_AUTHENTICATOR_NAME, NULL, &name, error)) + return NULL; + } ++ ++ if (name == NULL && flatpak_dir_get_remote_oci (dir, remote)) ++ name = g_strdup ("org.flatpak.Authenticator.Oci"); ++ + if (name == NULL || *name == 0 /* or if no repo */) + { + flatpak_fail (error, _("No authenticator configured for remote `%s`"), remote); +diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c +index 2c8e12eaf..19de4fd38 100644 +--- a/common/flatpak-dir.c ++++ b/common/flatpak-dir.c +@@ -11233,6 +11233,11 @@ _flatpak_dir_get_remote_state (FlatpakDir *self, + } + } + ++ if (flatpak_dir_get_remote_oci (self, remote_or_uri)) ++ { ++ state->default_token_type = 1; ++ } ++ + if (state->collection_id == NULL) + { + if (state->summary != NULL) /* In the optional case we might not have a summary */ + +From 77e4db40f40a92f4f7e0ddb21ae367e9a0af9cb4 Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Fri, 8 May 2020 15:09:02 +0200 +Subject: [PATCH 3/7] oci: Add flatpak_oci_registry_is_local() + +(cherry picked from commit d4962628aa8db6132e98660fe52aa5a9ac5d3637) +--- + common/flatpak-oci-registry-private.h | 1 + + common/flatpak-oci-registry.c | 6 ++++++ + 2 files changed, 7 insertions(+) + +diff --git a/common/flatpak-oci-registry-private.h b/common/flatpak-oci-registry-private.h +index 1804e43b6..6745c5f65 100644 +--- a/common/flatpak-oci-registry-private.h ++++ b/common/flatpak-oci-registry-private.h +@@ -62,6 +62,7 @@ FlatpakOciRegistry * flatpak_oci_registry_new (const char *uri, + GError **error); + void flatpak_oci_registry_set_token (FlatpakOciRegistry *self, + const char *token); ++gboolean flatpak_oci_registry_is_local (FlatpakOciRegistry *self); + const char * flatpak_oci_registry_get_uri (FlatpakOciRegistry *self); + FlatpakOciIndex * flatpak_oci_registry_load_index (FlatpakOciRegistry *self, + GCancellable *cancellable, +diff --git a/common/flatpak-oci-registry.c b/common/flatpak-oci-registry.c +index ae363bc1a..fdeee56bd 100644 +--- a/common/flatpak-oci-registry.c ++++ b/common/flatpak-oci-registry.c +@@ -205,6 +205,12 @@ flatpak_oci_registry_init (FlatpakOciRegistry *self) + self->tmp_dfd = -1; + } + ++gboolean ++flatpak_oci_registry_is_local (FlatpakOciRegistry *self) ++{ ++ return self->dfd != -1; ++} ++ + const char * + flatpak_oci_registry_get_uri (FlatpakOciRegistry *self) + { + +From 3deeea1ad50b469f7daaca7e2e0d7ba9c5efc26e Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Fri, 8 May 2020 15:10:38 +0200 +Subject: [PATCH 4/7] oci: Set token on child oci registry and pass to + system-helper + +When we create a system child registry we also set the current token on +it. This is not used directly in the client, however its saved in a +file called .token and re-read in the system-helper, allowing it to +also do the remote registry operations it needs to verify the child +registry. + +(cherry picked from commit 5d8fd2d1be914a26e128ab97be6f00e9c34bfa9d) +--- + common/flatpak-dir.c | 8 ++++++-- + common/flatpak-oci-registry.c | 15 +++++++++++++++ + 2 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c +index 19de4fd38..25f874ecf 100644 +--- a/common/flatpak-dir.c ++++ b/common/flatpak-dir.c +@@ -92,6 +92,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (AutoPolkitSubject, g_object_unref) + + static FlatpakOciRegistry *flatpak_dir_create_system_child_oci_registry (FlatpakDir *self, + GLnxLockFile *file_lock, ++ const char *token, + GError **error); + + static OstreeRepo * flatpak_dir_create_child_repo (FlatpakDir *self, +@@ -8602,6 +8603,7 @@ flatpak_dir_deploy_update (FlatpakDir *self, + static FlatpakOciRegistry * + flatpak_dir_create_system_child_oci_registry (FlatpakDir *self, + GLnxLockFile *file_lock, ++ const char *token, + GError **error) + { + g_autoptr(GFile) cache_dir = NULL; +@@ -8636,6 +8638,8 @@ flatpak_dir_create_system_child_oci_registry (FlatpakDir *self, + if (new_registry == NULL) + return NULL; + ++ flatpak_oci_registry_set_token (new_registry, token); ++ + return g_steal_pointer (&new_registry); + } + +@@ -8952,7 +8956,7 @@ flatpak_dir_install (FlatpakDir *self, + g_autoptr(FlatpakOciRegistry) registry = NULL; + g_autoptr(GFile) registry_file = NULL; + +- registry = flatpak_dir_create_system_child_oci_registry (self, &child_repo_lock, error); ++ registry = flatpak_dir_create_system_child_oci_registry (self, &child_repo_lock, token, error); + if (registry == NULL) + return FALSE; + +@@ -9662,7 +9666,7 @@ flatpak_dir_update (FlatpakDir *self, + g_autoptr(FlatpakOciRegistry) registry = NULL; + g_autoptr(GFile) registry_file = NULL; + +- registry = flatpak_dir_create_system_child_oci_registry (self, &child_repo_lock, error); ++ registry = flatpak_dir_create_system_child_oci_registry (self, &child_repo_lock, token, error); + if (registry == NULL) + return FALSE; + +diff --git a/common/flatpak-oci-registry.c b/common/flatpak-oci-registry.c +index fdeee56bd..c3ddb8c2b 100644 +--- a/common/flatpak-oci-registry.c ++++ b/common/flatpak-oci-registry.c +@@ -223,8 +223,15 @@ flatpak_oci_registry_set_token (FlatpakOciRegistry *self, + { + g_free (self->token); + self->token = g_strdup (token); ++ ++ if (self->token) ++ (void)glnx_file_replace_contents_at (self->dfd, ".token", ++ (guchar *)self->token, ++ strlen (self->token), ++ 0, NULL, NULL); + } + ++ + FlatpakOciRegistry * + flatpak_oci_registry_new (const char *uri, + gboolean for_write, +@@ -415,6 +422,7 @@ flatpak_oci_registry_ensure_local (FlatpakOciRegistry *self, + int dfd; + g_autoptr(GError) local_error = NULL; + g_autoptr(GBytes) oci_layout_bytes = NULL; ++ g_autoptr(GBytes) token_bytes = NULL; + gboolean not_json; + + if (self->dfd != -1) +@@ -476,6 +484,13 @@ flatpak_oci_registry_ensure_local (FlatpakOciRegistry *self, + else if (!verify_oci_version (oci_layout_bytes, ¬_json, cancellable, error)) + return FALSE; + ++ if (self->dfd != -1) ++ { ++ token_bytes = local_load_file (self->dfd, ".token", cancellable, NULL); ++ if (token_bytes != NULL) ++ self->token = g_strndup (g_bytes_get_data (token_bytes, NULL), g_bytes_get_size (token_bytes)); ++ } ++ + if (self->dfd == -1 && local_dfd != -1) + self->dfd = glnx_steal_fd (&local_dfd); + + +From 36f87863baa848c8709b75958c85857f45e97e0a Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Thu, 11 Jun 2020 15:43:16 +0200 +Subject: [PATCH 5/7] OCI: Also look for the docker media type when looking + manifests + +We handle both types, so look for both. + +(cherry picked from commit 0fdec95fe068cd497b1c5a5b60d21103c711d2a4) +--- + common/flatpak-json-oci.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/common/flatpak-json-oci.c b/common/flatpak-json-oci.c +index 6d60279d0..f5b3f0a0c 100644 +--- a/common/flatpak-json-oci.c ++++ b/common/flatpak-json-oci.c +@@ -469,7 +469,8 @@ const char * + flatpak_oci_manifest_descriptor_get_ref (FlatpakOciManifestDescriptor *m) + { + if (m->parent.mediatype == NULL || +- strcmp (m->parent.mediatype, FLATPAK_OCI_MEDIA_TYPE_IMAGE_MANIFEST) != 0) ++ (strcmp (m->parent.mediatype, FLATPAK_OCI_MEDIA_TYPE_IMAGE_MANIFEST) != 0 && ++ strcmp (m->parent.mediatype, FLATPAK_DOCKER_MEDIA_TYPE_IMAGE_MANIFEST2) != 0)) + return NULL; + + if (m->parent.annotations == NULL) + +From 0da4a6c82c16d4560d4931d567e2685efd8dff0d Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Mon, 4 May 2020 15:51:48 +0200 +Subject: [PATCH 6/7] tests: Make OCI authenticator available + +(cherry picked from commit 4d79110cb682b79819913aa6ce033cb7a7787c86) +--- + tests/Makefile.am.inc | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/tests/Makefile.am.inc b/tests/Makefile.am.inc +index 7c2e8271f..15f521485 100644 +--- a/tests/Makefile.am.inc ++++ b/tests/Makefile.am.inc +@@ -105,11 +105,15 @@ tests/services/org.flatpak.Authenticator.test.service: tests/org.flatpak.Authent + mkdir -p tests/services + $(AM_V_GEN) $(SED) -e "s|\@libexecdir\@|$(abs_top_builddir)/tests|" $< > $@ + ++tests/services/org.flatpak.Authenticator.Oci.service: oci-authenticator/org.flatpak.Authenticator.Oci.service.in ++ mkdir -p tests/services ++ $(AM_V_GEN) $(SED) -e "s|\@libexecdir\@|$(abs_top_builddir)|" $< > $@ ++ + tests/share/xdg-desktop-portal/portals/test.portal: tests/test.portal.in + mkdir -p tests/share/xdg-desktop-portal/portals + $(AM_V_GEN) install -m644 $< $@ + +-tests/libtest.sh: tests/services/org.freedesktop.Flatpak.service tests/services/org.freedesktop.Flatpak.SystemHelper.service tests/services/org.freedesktop.portal.Flatpak.service tests/share/xdg-desktop-portal/portals/test.portal tests/services/org.freedesktop.impl.portal.desktop.test.service tests/services/org.flatpak.Authenticator.test.service ++tests/libtest.sh: tests/services/org.freedesktop.Flatpak.service tests/services/org.freedesktop.Flatpak.SystemHelper.service tests/services/org.freedesktop.portal.Flatpak.service tests/share/xdg-desktop-portal/portals/test.portal tests/services/org.freedesktop.impl.portal.desktop.test.service tests/services/org.flatpak.Authenticator.test.service tests/services/org.flatpak.Authenticator.Oci.service + + install-test-data-hook: + if ENABLE_INSTALLED_TESTS +@@ -223,6 +227,7 @@ DISTCLEANFILES += \ + tests/services/org.freedesktop.portal.Flatpak.service \ + tests/services/org.freedesktop.impl.portal.desktop.test.service \ + tests/services/org.flatpak.Authenticator.test.service \ ++ tests/services/org.flatpak.Authenticator.Oci.service \ + tests/share/xdg-desktop-portal/portals/test.portal \ + tests/package_version.txt \ + $(NULL) + +From 8fb4369439e57cc25c706610c5ce1ee776220278 Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Mon, 4 May 2020 15:51:59 +0200 +Subject: [PATCH 7/7] Tests: Support HEAD requests in oci-registry-server + +This just does a GET, which is not quite right, but will work. +This is needed for the authenticator. + +(cherry picked from commit 530475b9abff81d990424ca46ec57458e1bb9604) +--- + tests/oci-registry-server.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tests/oci-registry-server.py b/tests/oci-registry-server.py +index 23c2db916..33c3b646b 100755 +--- a/tests/oci-registry-server.py ++++ b/tests/oci-registry-server.py +@@ -135,6 +135,9 @@ def do_GET(self): + else: + self.wfile.write(response_string.encode('utf-8')) + ++ def do_HEAD(self): ++ return self.do_GET() ++ + def do_POST(self): + if self.check_route('/testing/@repo_name/@tag'): + repo_name = self.matches['repo_name'] diff --git a/SPECS/flatpak.spec b/SPECS/flatpak.spec new file mode 100644 index 0000000..fae2728 --- /dev/null +++ b/SPECS/flatpak.spec @@ -0,0 +1,489 @@ +%global bubblewrap_version 0.4.0 +%global ostree_version 2018.9 + +Name: flatpak +Version: 1.6.2 +Release: 3%{?dist} +Summary: Application deployment framework for desktop apps + +License: LGPLv2+ +URL: http://flatpak.org/ +Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz +# https://bugzilla.redhat.com/show_bug.cgi?id=1814045 +Patch0: flatpak-1.6.2-oci-fixes.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1847201 +Patch1: flatpak-1.6.2-oci-fixes2.patch + +BuildRequires: pkgconfig(appstream-glib) +BuildRequires: pkgconfig(dconf) +BuildRequires: pkgconfig(fuse) +BuildRequires: pkgconfig(gdk-pixbuf-2.0) +BuildRequires: pkgconfig(gio-unix-2.0) +BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0 +BuildRequires: pkgconfig(json-glib-1.0) +BuildRequires: pkgconfig(libarchive) >= 2.8.0 +BuildRequires: pkgconfig(libseccomp) +BuildRequires: pkgconfig(libsoup-2.4) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(libxml-2.0) >= 2.4 +BuildRequires: pkgconfig(ostree-1) >= %{ostree_version} +BuildRequires: pkgconfig(polkit-gobject-1) +BuildRequires: pkgconfig(xau) +BuildRequires: bison +BuildRequires: bubblewrap >= %{bubblewrap_version} +BuildRequires: docbook-dtds +BuildRequires: docbook-style-xsl +BuildRequires: gettext +BuildRequires: gpgme-devel +BuildRequires: libcap-devel +BuildRequires: systemd +BuildRequires: /usr/bin/xmlto +BuildRequires: /usr/bin/xsltproc + +%{?systemd_requires} + +Requires: bubblewrap >= %{bubblewrap_version} +Requires: librsvg2%{?_isa} +Requires: ostree-libs%{?_isa} >= %{ostree_version} +# https://fedoraproject.org/wiki/SELinux/IndependentPolicy +Requires: (flatpak-selinux = %{?epoch:%{epoch}:}%{version}-%{release} if selinux-policy-targeted) +Requires: %{name}-session-helper%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} +Recommends: p11-kit-server + +# Make sure the document portal is installed +%if 0%{?fedora} || 0%{?rhel} > 7 +Recommends: xdg-desktop-portal > 0.10 +# Remove in F30. +Conflicts: xdg-desktop-portal < 0.10 +%else +Requires: xdg-desktop-portal > 0.10 +%endif + +%description +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +%package devel +Summary: Development files for %{name} +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +This package contains the pkg-config file and development headers for %{name}. + +%package libs +Summary: Libraries for %{name} +License: LGPLv2+ +Requires: bubblewrap >= %{bubblewrap_version} +Requires: ostree%{?_isa} >= %{ostree_version} +Requires(pre): /usr/sbin/useradd + +%description libs +This package contains libflatpak. + +%package selinux +Summary: SELinux policy module for %{name} +License: LGPLv2+ +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +BuildArch: noarch +%{?selinux_requires} + +%description selinux +This package contains the SELinux policy module for %{name}. + +%package session-helper +Summary: User D-Bus service used by %{name} and others +License: LGPLv2+ +Conflicts: flatpak < 1.4.1-2 +Requires: systemd + +%description session-helper +This package contains the org.freedesktop.Flatpak user D-Bus service +that's used by %{name} and other packages. + +%package tests +Summary: Tests for %{name} +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-session-helper%{?_isa} = %{version}-%{release} +Requires: bubblewrap >= %{bubblewrap_version} +Requires: ostree%{?_isa} >= %{ostree_version} + +%description tests +This package contains installed tests for %{name}. + + +%prep +%autosetup -p1 + + +%build +(if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; CONFIGFLAGS=--enable-gtk-doc; fi; + # Generate consistent IDs between runs to avoid multilib problems. + export XMLTO_FLAGS="--stringparam generate.consistent.ids=1" + %configure \ + --enable-docbook-docs \ + --enable-installed-tests \ + --enable-selinux-module \ + --with-priv-mode=none \ + --with-system-bubblewrap \ + $CONFIGFLAGS) +%make_build V=1 + + +%install +%make_install +install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir} +# The system repo is not installed by the flatpak build system. +install -d %{buildroot}%{_localstatedir}/lib/flatpak +install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d +rm -f %{buildroot}%{_libdir}/libflatpak.la +%find_lang %{name} + + +%pre +getent group flatpak >/dev/null || groupadd -r flatpak +getent passwd flatpak >/dev/null || \ + useradd -r -g flatpak -d / -s /sbin/nologin \ + -c "User for flatpak system helper" flatpak +exit 0 + + +%post +# Create an (empty) system-wide repo. +flatpak remote-list --system &> /dev/null || : + + +%post selinux +%selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2 + + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2 +fi + + +%ldconfig_scriptlets libs + + +%files -f %{name}.lang +%license COPYING +# Comply with the packaging guidelines about not mixing relative and absolute +# paths in doc. +%doc %{_pkgdocdir} +%{_bindir}/flatpak +%{_bindir}/flatpak-bisect +%{_bindir}/flatpak-coredumpctl +%{_datadir}/bash-completion +%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml +%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml +%{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service +%{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service +%{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service +# Co-own directory. +%{_datadir}/gdm/env.d +%{_datadir}/%{name} +%{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy +%{_datadir}/polkit-1/rules.d/org.freedesktop.Flatpak.rules +%{_datadir}/zsh/site-functions +%{_libexecdir}/flatpak-dbus-proxy +%{_libexecdir}/flatpak-oci-authenticator +%{_libexecdir}/flatpak-portal +%{_libexecdir}/flatpak-system-helper +%{_libexecdir}/flatpak-validate-icon +%{_libexecdir}/revokefs-fuse +%dir %{_localstatedir}/lib/flatpak +%{_mandir}/man1/%{name}*.1* +%{_mandir}/man5/%{name}-metadata.5* +%{_mandir}/man5/flatpak-flatpakref.5* +%{_mandir}/man5/flatpak-flatpakrepo.5* +%{_mandir}/man5/flatpak-installation.5* +%{_mandir}/man5/flatpak-remote.5* +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf +%{_sysconfdir}/flatpak/remotes.d +%{_sysconfdir}/profile.d/flatpak.sh +%{_unitdir}/flatpak-system-helper.service +%{_userunitdir}/flatpak-oci-authenticator.service +%{_userunitdir}/flatpak-portal.service +%{_systemd_user_env_generator_dir}/60-flatpak + +%files devel +%{_datadir}/gir-1.0/Flatpak-1.0.gir +%{_datadir}/gtk-doc/ +%{_includedir}/%{name}/ +%{_libdir}/libflatpak.so +%{_libdir}/pkgconfig/%{name}.pc + +%files libs +%license COPYING +%{_libdir}/girepository-1.0/Flatpak-1.0.typelib +%{_libdir}/libflatpak.so.* + +%files selinux +%{_datadir}/selinux/packages/flatpak.pp.bz2 +%{_datadir}/selinux/devel/include/contrib/flatpak.if + +%files session-helper +%license COPYING +%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml +%{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service +%{_libexecdir}/flatpak-session-helper +%{_userunitdir}/flatpak-session-helper.service + +%files tests +%{_datadir}/installed-tests +%{_libexecdir}/installed-tests + + +%changelog +* Wed Jun 17 2020 David King - 1.6.2-3 +- Further fixes for OCI authenticator (#1847201) + +* Fri Mar 20 2020 David King - 1.6.2-2 +- Fixes for OCI authenticator (#1814045) + +* Thu Feb 13 2020 David King - 1.6.2-1 +- Rebase to 1.6.2 (#1775339) + +* Thu Jan 23 2020 David King - 1.6.1-1 +- Rebase to 1.6.1 (#1775339) + +* Fri Jan 17 2020 David King - 1.6.0-2 +- Remove broken python3 sed hack (#1775339) + +* Sat Dec 21 2019 David King - 1.6.0-1 +- Rebase to 1.6.0 (#1775339) + +* Fri Nov 08 2019 David King - 1.4.3-2 +- Use %%{?selinux_requires} for proper install ordering + +* Tue Oct 08 2019 David King - 1.4.3-1 +- Rebase to 1.4.3 (#1748276) + +* Fri Sep 20 2019 Kalev Lember - 1.0.9-1 +- Update to 1.0.9 (#1753613) + +* Tue May 14 2019 David King - 1.0.6-4 +- Bump release (#1700654) + +* Mon Apr 29 2019 David King - 1.0.6-3 +- Fix IOCSTI sandbox bypass (#1700654) + +* Wed Feb 13 2019 David King - 1.0.6-2 +- Do not mount /proc in root sandbox (#1675776) + +* Tue Dec 18 2018 Kalev Lember - 1.0.6-1 +- Update to 1.0.6 (#1630249) +- Recommend p11-kit-server instead of just p11-kit (#1649049) + +* Mon Dec 10 2018 David King - 1.0.4-2 +- Backport patches to improve OCI support (#1657306) + +* Fri Oct 12 2018 Kalev Lember - 1.0.4-1 +- Update to 1.0.4 (#1630249) + +* Thu Sep 13 2018 Kalev Lember - 1.0.2-1 +- Update to 1.0.2 (#1630249) + +* Tue Aug 28 2018 David King - 1.0.1-1 +- Update to 1.0.1 (#1621401) + +* Wed Aug 01 2018 David King - 0.99.3-1 +- Update to 0.99.3 + +* Wed May 23 2018 Adam Jackson - 0.11.7-2 +- Remove Requires: kernel >= 4.0.4-202, which corresponds to rawhide + somewhere before Fedora 22 which this spec file certainly no longer + supports. + +* Thu May 03 2018 Kalev Lember - 0.11.7-1 +- Update to 0.11.7 + +* Wed May 02 2018 Kalev Lember - 0.11.6-1 +- Update to 0.11.6 + +* Wed May 02 2018 Kalev Lember - 0.11.5-2 +- Backport a fix for a gnome-software crash installing .flatpakref files + +* Mon Apr 30 2018 David King - 0.11.5-1 +- Update to 0.11.5 + +* Thu Apr 26 2018 Kalev Lember - 0.11.4-1 +- Update to 0.11.4 + +* Mon Feb 19 2018 David King - 0.11.3-1 +- Update to 0.11.3 + +* Mon Feb 19 2018 David King - 0.11.2-1 +- Update to 0.11.2 + +* Wed Feb 14 2018 David King - 0.11.1-1 +- Update to 0.11.1 (#1545224) + +* Wed Feb 07 2018 Fedora Release Engineering - 0.10.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 02 2018 Igor Gnatenko - 0.10.3-2 +- Switch to %%ldconfig_scriptlets + +* Tue Jan 30 2018 Kalev Lember - 0.10.3-1 +- Update to 0.10.3 + +* Thu Dec 21 2017 David King - 0.10.2.1-1 +- Update to 0.10.2.1 + +* Fri Dec 15 2017 Kalev Lember - 0.10.2-1 +- Update to 0.10.2 + +* Fri Nov 24 2017 David King - 0.10.1-1 +- Update to 0.10.1 + +* Thu Oct 26 2017 Kalev Lember - 0.10.0-1 +- Update to 0.10.0 + +* Mon Oct 09 2017 Kalev Lember - 0.9.99-1 +- Update to 0.9.99 + +* Tue Sep 26 2017 Kalev Lember - 0.9.98.2-1 +- Update to 0.9.98.2 + +* Tue Sep 26 2017 Kalev Lember - 0.9.98.1-1 +- Update to 0.9.98.1 + +* Mon Sep 25 2017 Kalev Lember - 0.9.98-1 +- Update to 0.9.98 + +* Thu Sep 14 2017 Kalev Lember - 0.9.12-1 +- Update to 0.9.12 + +* Wed Sep 13 2017 Kalev Lember - 0.9.11-1 +- Update to 0.9.11 + +* Mon Sep 04 2017 Kalev Lember - 0.9.10-1 +- Update to 0.9.10 +- Split out flatpak-builder to a separate source package + +* Fri Aug 25 2017 Kalev Lember - 0.9.8-2 +- Backport a patch to fix regression in --devel + +* Mon Aug 21 2017 David King - 0.9.8-1 +- Update to 0.9.8 + +* Wed Aug 02 2017 Fedora Release Engineering - 0.9.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Sun Jul 30 2017 Florian Weimer - 0.9.7-4 +- Rebuild with binutils fix for ppc64le (#1475636) + +* Thu Jul 27 2017 Owen Taylor - 0.9.7-3 +- Add a patch to fix OCI refname annotation + +* Wed Jul 26 2017 Fedora Release Engineering - 0.9.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Jul 01 2017 David King - 0.9.7-1 +- Update to 0.9.7 (#1466970) + +* Tue Jun 20 2017 David King - 0.9.6-1 +- Update to 0.9.6 + +* Sat Jun 10 2017 David King - 0.9.5-1 +- Update to 0.9.5 (#1460437) + +* Tue May 23 2017 David King - 0.9.4-1 +- Update to 0.9.4 (#1454750) + +* Mon Apr 24 2017 David King - 0.9.3-1 +- Update to 0.9.3 + +* Fri Apr 07 2017 David King - 0.9.2-2 +- Add eu-strip dependency for flatpak-builder + +* Wed Apr 05 2017 Kalev Lember - 0.9.2-1 +- Update to 0.9.2 + +* Wed Mar 15 2017 Kalev Lember - 0.9.1-1 +- Update to 0.9.1 + +* Fri Mar 10 2017 Kalev Lember - 0.8.4-1 +- Update to 0.8.4 + +* Sun Feb 19 2017 David King - 0.8.3-3 +- Make flatpak-builder require bzip2 (#1424857) + +* Wed Feb 15 2017 Kalev Lember - 0.8.3-2 +- Avoid pulling in all of ostree and only depend on ostree-libs subpackage + +* Tue Feb 14 2017 Kalev Lember - 0.8.3-1 +- Update to 0.8.3 + +* Fri Feb 10 2017 Fedora Release Engineering - 0.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 27 2017 Kalev Lember - 0.8.2-1 +- Update to 0.8.2 + +* Wed Jan 18 2017 David King - 0.8.1-1 +- Update to 0.8.1 + +* Tue Dec 20 2016 Kalev Lember - 0.8.0-1 +- Update to 0.8.0 + +* Tue Nov 29 2016 David King - 0.6.14-2 +- Add a patch to fix a GNOME Software crash +- Silence repository listing during post + +* Tue Nov 29 2016 Kalev Lember - 0.6.14-1 +- Update to 0.6.14 + +* Wed Oct 26 2016 David King - 0.6.13-2 +- Add empty /etc/flatpak/remotes.d + +* Tue Oct 25 2016 David King - 0.6.13-1 +- Update to 0.6.13 + +* Thu Oct 06 2016 David King - 0.6.12-1 +- Update to 0.6.12 + +* Tue Sep 20 2016 Kalev Lember - 0.6.11-1 +- Update to 0.6.11 +- Set minimum ostree and bubblewrap versions + +* Mon Sep 12 2016 David King - 0.6.10-1 +- Update to 0.6.10 + +* Tue Sep 06 2016 David King - 0.6.9-2 +- Look for bwrap in PATH + +* Thu Aug 25 2016 David King - 0.6.9-1 +- Update to 0.6.9 + +* Mon Aug 01 2016 David King - 0.6.8-1 +- Update to 0.6.8 (#1361823) + +* Thu Jul 21 2016 David King - 0.6.7-2 +- Use system bubblewrap + +* Fri Jul 01 2016 David King - 0.6.7-1 +- Update to 0.6.7 + +* Thu Jun 23 2016 David King - 0.6.6-1 +- Update to 0.6.6 + +* Fri Jun 10 2016 David King - 0.6.5-1 +- Update to 0.6.5 + +* Wed Jun 01 2016 David King - 0.6.4-1 +- Update to 0.6.4 + +* Tue May 31 2016 David King - 0.6.3-1 +- Update to 0.6.3 +- Move bwrap to main package + +* Tue May 24 2016 David King - 0.6.2-1 +- Rename from xdg-app to flatpak (#1337434)