From b231e9912aa0ccb16109c7c8407c9ad3c4797451 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <debarshir@gnome.org>
Date: Mon, 6 Nov 2023 17:50:31 +0100
Subject: [PATCH] Rebase to 1.12.8

RHEL 8's SELinux stack doesn't have the systemd_userdbd_stream_connect()
interface, and hence it was dropped.  Otherwise, it leads to:
  flatpak.te:36:ERROR 'syntax error' at token
    'systemd_userdbd_stream_connect' on line 4970:
      systemd_userdbd_stream_connect(flatpak_helper_t)

The dependencies specified by the %systemd_requires RPM macro are not
required for the %systemd_post, %systemd_postun_with_restart and
%systemd_preun macros that are used [1].  Hence, %systemd_requires was
dropped.

The workaround to cope better with /var/lib/flatpak existing but being
empty, by using 'flatpak remote-list --system' in %post, was dropped
because the root cause was fixed in 1.12.7 [2].

[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/

[2] https://github.com/flatpak/flatpak/issues/4111
    https://github.com/flatpak/flatpak/releases/tag/1.12.7

Resolves: RHEL-4220
---
 .gitignore                                    |  1 +
 ...selinux-Permit-using-systemd-userdbd.patch | 28 ++++++++++++
 flatpak-add-fedora-repos.service              | 14 ++++++
 flatpak.spec                                  | 45 ++++++++++++++++---
 sources                                       |  2 +-
 5 files changed, 82 insertions(+), 8 deletions(-)
 create mode 100644 flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
 create mode 100644 flatpak-add-fedora-repos.service

diff --git a/.gitignore b/.gitignore
index cc54d03..f5d0765 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 SOURCES/flatpak-1.10.7.tar.xz
 /flatpak-1.10.7.tar.xz
 /flatpak-1.10.8.tar.xz
+/flatpak-1.12.8.tar.xz
diff --git a/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch b/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
new file mode 100644
index 0000000..8c9dd9f
--- /dev/null
+++ b/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
@@ -0,0 +1,28 @@
+From 1c73110795b865246ce3595042dcd2d5e7891359 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <debarshir@gnome.org>
+Date: Mon, 6 Nov 2023 20:27:16 +0100
+Subject: [PATCH] Revert "selinux: Permit using systemd-userdbd"
+
+This reverts commit 399710ada185c1ee232bc3e6266a71688eb152b7.
+---
+ selinux/flatpak.te | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/selinux/flatpak.te b/selinux/flatpak.te
+index bb3d80e316eb..4cf895c44abe 100644
+--- a/selinux/flatpak.te
++++ b/selinux/flatpak.te
+@@ -33,10 +33,6 @@ optional_policy(`
+    policykit_dbus_chat(flatpak_helper_t)
+ ')
+ 
+-optional_policy(`
+-   systemd_userdbd_stream_connect(flatpak_helper_t)
+-')
+-
+ optional_policy(`                   
+     unconfined_domain(flatpak_helper_t)
+ ')
+-- 
+2.41.0
+
diff --git a/flatpak-add-fedora-repos.service b/flatpak-add-fedora-repos.service
new file mode 100644
index 0000000..56c246b
--- /dev/null
+++ b/flatpak-add-fedora-repos.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Add Fedora flatpak repositories
+ConditionPathExists=!/var/lib/flatpak/.fedora-initialized
+Before=flatpak-system-helper.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/flatpak remote-add --system --if-not-exists --title "Fedora Flatpaks" fedora oci+https://registry.fedoraproject.org
+ExecStart=/usr/bin/flatpak remote-add --system --if-not-exists --disable --title "Fedora Flatpaks (testing)" fedora-testing oci+https://registry.fedoraproject.org#testing
+ExecStartPost=/usr/bin/touch /var/lib/flatpak/.fedora-initialized
+
+[Install]
+WantedBy=multi-user.target
diff --git a/flatpak.spec b/flatpak.spec
index 308ab89..a91f8f4 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -2,14 +2,22 @@
 %global ostree_version 2020.8
 
 Name:           flatpak
-Version:        1.10.8
-Release:        3%{?dist}
+Version:        1.12.8
+Release:        1%{?dist}
 Summary:        Application deployment framework for desktop apps
 
 License:        LGPLv2+
 URL:            http://flatpak.org/
 Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
 
+%if 0%{?fedora}
+# Add Fedora flatpak repositories
+Source1:        flatpak-add-fedora-repos.service
+%endif
+
+# https://issues.redhat.com/browse/RHEL-4220
+Patch0:         flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
+
 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(dconf)
 BuildRequires:  pkgconfig(fuse)
@@ -40,8 +48,6 @@ BuildRequires:  systemd
 BuildRequires:  /usr/bin/xmlto
 BuildRequires:  /usr/bin/xsltproc
 
-%{?systemd_requires}
-
 Requires:       bubblewrap >= %{bubblewrap_version}
 Requires:       librsvg2%{?_isa}
 Requires:       ostree-libs%{?_isa} >= %{ostree_version}
@@ -120,7 +126,7 @@ This package contains installed tests for %{name}.
 %prep
 %autosetup -p1
 # Make sure to use the RHEL-lifetime supported Python and no other
-%py3_shebang_fix scripts/*  variant-schema-compiler/*
+%py3_shebang_fix scripts/* subprojects/variant-schema-compiler/* tests/*
 
 
 %build
@@ -144,6 +150,11 @@ install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir}
 install -d %{buildroot}%{_localstatedir}/lib/flatpak
 install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d
 rm -f %{buildroot}%{_libdir}/libflatpak.la
+
+%if 0%{?fedora}
+install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
+%endif
+
 %find_lang %{name}
 
 # Work around selinux denials, see
@@ -160,15 +171,28 @@ getent passwd flatpak >/dev/null || \
 exit 0
 
 
+%if 0%{?fedora}
 %post
-# Create an (empty) system-wide repo.
-flatpak remote-list --system &> /dev/null || :
+%systemd_post flatpak-add-fedora-repos.service
+%endif
 
 
 %post selinux
 %selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
 
 
+%if 0%{?fedora}
+%preun
+%systemd_preun flatpak-add-fedora-repos.service
+%endif
+
+
+%if 0%{?fedora}
+%postun
+%systemd_postun_with_restart flatpak-add-fedora-repos.service
+%endif
+
+
 %postun selinux
 if [ $1 -eq 0 ]; then
     %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
@@ -220,6 +244,10 @@ fi
 %{_userunitdir}/flatpak-portal.service
 %{_systemd_user_env_generator_dir}/60-flatpak
 
+%if 0%{?fedora}
+%{_unitdir}/flatpak-add-fedora-repos.service
+%endif
+
 %files devel
 %{_datadir}/gir-1.0/Flatpak-1.0.gir
 %{_datadir}/gtk-doc/
@@ -249,6 +277,9 @@ fi
 
 
 %changelog
+* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
+- Rebase to 1.12.8 (RHEL-4220)
+
 * Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.10.8-3
 - Let flatpak own %%{_sysconfdir}/flatpak (RHEL-15822)
 
diff --git a/sources b/sources
index 0187955..e58c904 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (flatpak-1.10.8.tar.xz) = 0823aa522d5f5b0a6cb967609ef8db18390a1992578c7c15921494973759d83467f31112d81226797c741a4ed3732087ce6b290bd8d3cc103415094e32d0365a
+SHA512 (flatpak-1.12.8.tar.xz) = 5a37d94e12c18a746b222c1ddbd20bddfb22079af1d3a79dc819cdb25f04774c9e4b3a51f9b5ed64f210317e7ec9fb97324ae38ec3430c6a515ba4042805fc57