rpms/flatpak
6
0
Fork 1
Code Issues Pull Requests Releases Activity

import flatpak-1.0.6-4.el8

Browse Source
This commit is contained in:
CentOS Sources 2019-08-06 15:25:30 -04:00 committed by Stepan Oksanichenko
commit cb023e96c4
6 changed files with 822 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.flatpak.metadata Normal file
View File

@ -0,0 +1 @@
d2ebda16446fbd28d78d2f7df5ccb77c34f2874c SOURCES/flatpak-1.0.6.tar.xz

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/flatpak-1.0.6.tar.xz

346
SOURCES/flatpak-1.0.4-oci-fixes.patch Normal file
View File

@ -0,0 +1,346 @@
From 3f5235e925ba6555cd9c639684660356867c952f Mon Sep 17 00:00:00 2001
From: "Owen W. Taylor" <otaylor@fishsoup.net>
Date: Fri, 30 Nov 2018 16:11:06 -0500
Subject: [PATCH 1/3] flatpak_cache_http_uri: save downloaded files with
permission 0644
Previously, downloaded files were being saved with 0600 permissions,
which prevented OCI icons downloaded by the system helper at appstream
creation time from being read by users.
Closes: #2362
Approved by: matthiasclasen
---
common/flatpak-utils-http.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/common/flatpak-utils-http.c b/common/flatpak-utils-http.c
index 53074162..997c9db8 100644
--- a/common/flatpak-utils-http.c
+++ b/common/flatpak-utils-http.c
@@ -645,6 +645,9 @@ sync_and_rename_tmpfile (GLnxTmpfile *tmpfile,
if (fdatasync (tmpfile->fd) != 0)
return glnx_throw_errno_prefix (error, "fdatasync");
+ if (fchmod (tmpfile->fd, 0644) != 0)
+ return glnx_throw_errno_prefix (error, "fchmod");
+
if (!glnx_link_tmpfile_at (tmpfile,
GLNX_LINK_TMPFILE_REPLACE,
tmpfile->src_dfd, dest_name, error))
--
2.19.2
From 3263827dbbd4d84919899e91ca066d2d3cf338bc Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 30 Nov 2018 10:30:20 +0100
Subject: [PATCH 2/3] OCI: Use system helper to generate summary for OCI
remotes
The OCI support relies on downloading a json index and converting it
to a ostree-style summary, which we the use in all sorts of operations
in the client code. Currently this happens in the user code, which means
that it will fail (due to permissions) in the system installation case.
We could do the conversion as the user, but when eventually installing
something the system-helper will anyway do this download and
conversion, so that would only double the work and risk things going out
of sync. Also, the OCI index is not gpg signed, so we can't realy on
downloads done as the user.
So, the solution done here is to add a GenerateOciSummary
system-helper call which we use instead of directly generating the
oci summary.
This fixes https://github.com/flatpak/flatpak/issues/2350
Closes: #2363
Approved by: matthiasclasen
---
common/flatpak-dir-private.h | 5 ++
common/flatpak-dir.c | 94 +++++++++++++++++++--------
data/org.freedesktop.Flatpak.xml | 5 ++
system-helper/flatpak-system-helper.c | 52 ++++++++++++++-
4 files changed, 129 insertions(+), 27 deletions(-)
diff --git a/common/flatpak-dir-private.h b/common/flatpak-dir-private.h
index 64a72758..f6126056 100644
--- a/common/flatpak-dir-private.h
+++ b/common/flatpak-dir-private.h
@@ -718,6 +718,11 @@ FlatpakRemoteState * flatpak_dir_get_remote_state_for_summary (FlatpakDir *sel
GBytes *opt_summary_sig,
GCancellable *cancellable,
GError **error);
+gboolean flatpak_dir_remote_make_oci_summary (FlatpakDir *self,
+ const char *remote,
+ GBytes **out_summary,
+ GCancellable *cancellable,
+ GError **error);
FlatpakRemoteState * flatpak_dir_get_remote_state_optional (FlatpakDir *self,
const char *remote,
GCancellable *cancellable,
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 828945ca..7853b74a 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -1385,6 +1385,22 @@ flatpak_dir_system_helper_call_update_summary (FlatpakDir *self,
return ret != NULL;
}
+static gboolean
+flatpak_dir_system_helper_call_generate_oci_summary (FlatpakDir *self,
+ const gchar *arg_origin,
+ const gchar *arg_installation,
+ GCancellable *cancellable,
+ GError **error)
+{
+ g_autoptr(GVariant) ret =
+ flatpak_dir_system_helper_call (self, "GenerateOciSummary",
+ g_variant_new ("(ss)",
+ arg_origin,
+ arg_installation),
+ cancellable, error);
+ return ret != NULL;
+}
+
static OstreeRepo *
system_ostree_repo_new (GFile *repodir)
{
@@ -9088,7 +9104,7 @@ flatpak_dir_cache_summary (FlatpakDir *self,
G_UNLOCK (cache);
}
-static gboolean
+gboolean
flatpak_dir_remote_make_oci_summary (FlatpakDir *self,
const char *remote,
GBytes **out_summary,
@@ -9103,42 +9119,68 @@ flatpak_dir_remote_make_oci_summary (FlatpakDir *self,
g_autoptr(GError) local_error = NULL;
g_autoptr(GMappedFile) mfile = NULL;
g_autoptr(GBytes) cache_bytes = NULL;
+ g_autoptr(GBytes) summary_bytes = NULL;
- self_name = flatpak_dir_get_name (self);
-
- index_cache = flatpak_dir_update_oci_index (self, remote, &index_uri, cancellable, error);
- if (index_cache == NULL)
- return FALSE;
+ if (flatpak_dir_use_system_helper (self, NULL))
+ {
+ const char *installation = flatpak_dir_get_id (self);
- summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error);
- if (summary_cache == NULL)
- return FALSE;
+ if (!flatpak_dir_system_helper_call_generate_oci_summary (self, remote,
+ installation ? installation : "",
+ cancellable, error))
+ return FALSE;
- if (check_destination_mtime (index_cache, summary_cache, cancellable))
+ summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error);
+ if (summary_cache == NULL)
+ return FALSE;
+ }
+ else
{
- mfile = g_mapped_file_new (flatpak_file_get_path_cached (summary_cache), FALSE, NULL);
- if (mfile)
+ self_name = flatpak_dir_get_name (self);
+
+ index_cache = flatpak_dir_update_oci_index (self, remote, &index_uri, cancellable, error);
+ if (index_cache == NULL)
+ return FALSE;
+
+ summary_cache = flatpak_dir_get_oci_summary_location (self, remote, error);
+ if (summary_cache == NULL)
+ return FALSE;
+
+ if (!check_destination_mtime (index_cache, summary_cache, cancellable))
{
- cache_bytes = g_mapped_file_get_bytes (mfile);
- *out_summary = g_steal_pointer (&cache_bytes);
+ summary = flatpak_oci_index_make_summary (index_cache, index_uri, cancellable, &local_error);
+ if (summary == NULL)
+ {
+ g_propagate_error (error, g_steal_pointer (&local_error));
+ return FALSE;
+ }
+
+ summary_bytes = g_variant_get_data_as_bytes (summary);
+
+ if (!g_file_replace_contents (summary_cache,
+ g_bytes_get_data (summary_bytes, NULL),
+ g_bytes_get_size (summary_bytes),
+ NULL, FALSE, 0, NULL, cancellable, error))
+ {
+ g_prefix_error (error, _("Failed to write summary cache: "));
+ return FALSE;
+ }
+
+ if (out_summary)
+ *out_summary = g_steal_pointer (&summary_bytes);
return TRUE;
}
}
- summary = flatpak_oci_index_make_summary (index_cache, index_uri, cancellable, &local_error);
- if (summary == NULL)
+ if (out_summary)
{
- g_propagate_error (error, g_steal_pointer (&local_error));
- return FALSE;
- }
-
- *out_summary = g_variant_get_data_as_bytes (summary);
+ mfile = g_mapped_file_new (flatpak_file_get_path_cached (summary_cache), FALSE, error);
+ if (mfile == NULL)
+ return FALSE;
- if (!g_file_replace_contents (summary_cache,
- g_bytes_get_data (*out_summary, NULL),
- g_bytes_get_size (*out_summary),
- NULL, FALSE, 0, NULL, cancellable, NULL))
- g_warning ("Failed to write summary cache");
+ cache_bytes = g_mapped_file_get_bytes (mfile);
+ *out_summary = g_steal_pointer (&cache_bytes);
+ }
return TRUE;
}
diff --git a/data/org.freedesktop.Flatpak.xml b/data/org.freedesktop.Flatpak.xml
index 25dc8a02..8b1606c6 100644
--- a/data/org.freedesktop.Flatpak.xml
+++ b/data/org.freedesktop.Flatpak.xml
@@ -144,6 +144,11 @@
<arg type='s' name='installation' direction='in'/>
</method>
+ <method name="GenerateOciSummary">
+ <arg type='s' name='origin' direction='in'/>
+ <arg type='s' name='installation' direction='in'/>
+ </method>
+
</interface>
</node>
diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c
index ce647b6e..29a2d3e1 100644
--- a/system-helper/flatpak-system-helper.c
+++ b/system-helper/flatpak-system-helper.c
@@ -1122,6 +1122,54 @@ handle_update_summary (FlatpakSystemHelper *object,
return TRUE;
}
+static gboolean
+handle_generate_oci_summary (FlatpakSystemHelper *object,
+ GDBusMethodInvocation *invocation,
+ const gchar *arg_origin,
+ const gchar *arg_installation)
+{
+ g_autoptr(FlatpakDir) system = NULL;
+ g_autoptr(GError) error = NULL;
+ gboolean is_oci;
+
+ g_debug ("GenerateOciSummary %s %s", arg_origin, arg_installation);
+
+ system = dir_get_system (arg_installation, &error);
+ if (system == NULL)
+ {
+ g_dbus_method_invocation_return_gerror (invocation, error);
+ return TRUE;
+ }
+
+ if (!flatpak_dir_ensure_repo (system, NULL, &error))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
+ "Can't open system repo %s", error->message);
+ return TRUE;
+ }
+
+ is_oci = flatpak_dir_get_remote_oci (system, arg_origin);
+ if (!is_oci)
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+ "%s is not a OCI remote", arg_origin);
+ return TRUE;
+ }
+
+ if (!flatpak_dir_remote_make_oci_summary (system, arg_origin, NULL, NULL, &error))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
+ "Failed to update OCI summary: %s", error->message);
+ return TRUE;
+ }
+
+
+ flatpak_system_helper_complete_generate_oci_summary (object, invocation);
+
+ return TRUE;
+}
+
+
static gboolean
flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface,
GDBusMethodInvocation *invocation,
@@ -1250,7 +1298,8 @@ flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface,
g_strcmp0 (method_name, "PruneLocalRepo") == 0 ||
g_strcmp0 (method_name, "EnsureRepo") == 0 ||
g_strcmp0 (method_name, "RunTriggers") == 0 ||
- g_strcmp0 (method_name, "UpdateSummary") == 0)
+ g_strcmp0 (method_name, "UpdateSummary") == 0 ||
+ g_strcmp0 (method_name, "GenerateOciSummary") == 0)
{
const char *remote;
@@ -1321,6 +1370,7 @@ on_bus_acquired (GDBusConnection *connection,
g_signal_connect (helper, "handle-ensure-repo", G_CALLBACK (handle_ensure_repo), NULL);
g_signal_connect (helper, "handle-run-triggers", G_CALLBACK (handle_run_triggers), NULL);
g_signal_connect (helper, "handle-update-summary", G_CALLBACK (handle_update_summary), NULL);
+ g_signal_connect (helper, "handle-generate-oci-summary", G_CALLBACK (handle_generate_oci_summary), NULL);
g_signal_connect (helper, "g-authorize-method",
G_CALLBACK (flatpak_authorize_method_handler),
--
2.19.2
From b7f1d5118fc4e1df472f7108472f122e279fe2b9 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Fri, 7 Dec 2018 14:39:06 -0500
Subject: [PATCH 3/3] Fix oci pull progress reporting
Comparing the code in flatpak-utils.c:progress_cb,
we need to set bytes-transferred for the total amount
of data that has been transferred so far. The value
we were setting so far, fetched-delta-part-size, refers
to the size of the objects we already have locally, and
is subtracted from the total, which explains oci progress
running backwards.
Closes: #2392
Closes: #2400
Approved by: matthiasclasen
---
common/flatpak-dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 7853b74a..51cd1e66 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -4154,7 +4154,7 @@ oci_pull_progress_cb (guint64 total_size, guint64 pulled_size,
"total-delta-parts", "u", n_layers,
"fetched-delta-fallbacks", "u", 0,
"total-delta-fallbacks", "u", 0,
- "fetched-delta-part-size", "t", pulled_size,
+ "bytes-transferred", "t", pulled_size,
"total-delta-part-size", "t", total_size,
"total-delta-part-usize", "t", total_size,
"total-delta-superblocks", "u", 0,
--
2.19.2

29
SOURCES/flatpak-1.0.6-CVE-2019-10063.patch Normal file
View File

@ -0,0 +1,29 @@
From 77f076712949c13b9bcecc02d043cbd6de6e291e Mon Sep 17 00:00:00 2001
From: Ryan Gonzalez <rymg19@gmail.com>
Date: Mon, 25 Mar 2019 13:00:15 -0500
Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
Closes #2782.
Closes: #2783
Approved by: alexlarsson
---
common/flatpak-run.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 90b435fe..d1acd9f2 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2147,7 +2147,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
- {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
+ {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
};
struct
--
2.21.0

65
SOURCES/flatpak-1.0.6-CVE-2019-5736.patch Normal file
View File

@ -0,0 +1,65 @@
From 9cb5f1e465cf5a3e643caf7159e89530ae867be2 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Sun, 10 Feb 2019 18:23:44 +0100
Subject: [PATCH] Don't expose /proc when running apply_extra
As shown by CVE-2019-5736, it is sometimes possible for the sandbox
app to access outside files using /proc/self/exe. This is not
typically an issue for flatpak as the sandbox runs as the user which
has no permissions to e.g. modify the host files.
However, when installing apps using extra-data into the system repo
we *do* actually run a sandbox as root. So, in this case we disable mounting
/proc in the sandbox, which will neuter attacks like this.
(cherry picked from commit 468858c1cbcdbcb27266deb5c7347b37adf3a9e4)
---
common/flatpak-common-types-private.h | 1 +
common/flatpak-dir.c | 2 +-
common/flatpak-run.c | 6 +++++-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/common/flatpak-common-types-private.h b/common/flatpak-common-types-private.h
index e361777e1..b8f76b9c4 100644
--- a/common/flatpak-common-types-private.h
+++ b/common/flatpak-common-types-private.h
@@ -45,6 +45,7 @@ typedef enum {
FLATPAK_RUN_FLAG_NO_DOCUMENTS_PORTAL = (1 << 15),
FLATPAK_RUN_FLAG_BLUETOOTH = (1 << 16),
FLATPAK_RUN_FLAG_CANBUS = (1 << 17),
+ FLATPAK_RUN_FLAG_NO_PROC = (1 << 19),
} FlatpakRunFlags;
typedef struct FlatpakDir FlatpakDir;
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 0809a42be..7d44cfb4f 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -6507,7 +6507,7 @@ apply_extra_data (FlatpakDir *self,
NULL);
if (!flatpak_run_setup_base_argv (bwrap, runtime_files, NULL, runtime_ref_parts[2],
- FLATPAK_RUN_FLAG_NO_SESSION_HELPER,
+ FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_NO_PROC,
error))
return FALSE;
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index e8e55262e..ab167c00d 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2373,9 +2373,13 @@ flatpak_run_setup_base_argv (FlatpakBwrap *bwrap,
"# Disable user pkcs11 config, because the host modules don't work in the runtime\n"
"user-config: none\n";
+ if ((flags & FLATPAK_RUN_FLAG_NO_PROC) == 0)
+ flatpak_bwrap_add_args (bwrap,
+ "--proc", "/proc",
+ NULL);
+
flatpak_bwrap_add_args (bwrap,
"--unshare-pid",
- "--proc", "/proc",
"--dir", "/tmp",
"--dir", "/var/tmp",
"--dir", "/run/host",

380
SPECS/flatpak.spec Normal file
View File

@ -0,0 +1,380 @@
%global bubblewrap_version 0.2.1
%global ostree_version 2018.7
Name: flatpak
Version: 1.0.6
Release: 4%{?dist}
Summary: Application deployment framework for desktop apps
License: LGPLv2+
URL: http://flatpak.org/
Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
# https://bugzilla.redhat.com/show_bug.cgi?id=1657306
Patch0: flatpak-1.0.4-oci-fixes.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1675776
Patch1: flatpak-1.0.6-CVE-2019-5736.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1700654
Patch2: flatpak-1.0.6-CVE-2019-10063.patch
BuildRequires: pkgconfig(appstream-glib)
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0
BuildRequires: pkgconfig(json-glib-1.0)
BuildRequires: pkgconfig(libarchive) >= 2.8.0
BuildRequires: pkgconfig(libsoup-2.4)
BuildRequires: pkgconfig(libxml-2.0) >= 2.4
BuildRequires: pkgconfig(ostree-1) >= %{ostree_version}
BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(libseccomp)
BuildRequires: pkgconfig(xau)
BuildRequires: bison
BuildRequires: bubblewrap >= %{bubblewrap_version}
BuildRequires: docbook-dtds
BuildRequires: docbook-style-xsl
BuildRequires: gettext
BuildRequires: gpgme-devel
BuildRequires: libcap-devel
BuildRequires: systemd
BuildRequires: /usr/bin/xmlto
BuildRequires: /usr/bin/xsltproc
Requires: bubblewrap >= %{bubblewrap_version}
Requires: ostree-libs%{?_isa} >= %{ostree_version}
Recommends: p11-kit-server
# Make sure the document portal is installed
%if 0%{?fedora} || 0%{?rhel} > 7
Recommends: xdg-desktop-portal > 0.10
# Remove in F30.
Conflicts: xdg-desktop-portal < 0.10
%else
Requires: xdg-desktop-portal > 0.10
%endif
%description
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
%package devel
Summary: Development files for %{name}
License: LGPLv2+
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description devel
This package contains the pkg-config file and development headers for %{name}.
%package libs
Summary: Libraries for %{name}
License: LGPLv2+
Requires: bubblewrap >= %{bubblewrap_version}
Requires: ostree%{?_isa} >= %{ostree_version}
%description libs
This package contains libflatpak.
%prep
%autosetup -p1
%build
(if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; CONFIGFLAGS=--enable-gtk-doc; fi;
# User namespace support is sufficient.
%configure --with-priv-mode=none \
--with-system-bubblewrap --enable-docbook-docs $CONFIGFLAGS)
%make_build V=1
%install
%make_install
install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir}
# The system repo is not installed by the flatpak build system.
install -d %{buildroot}%{_localstatedir}/lib/flatpak
install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d
rm -f %{buildroot}%{_libdir}/libflatpak.la
%find_lang %{name}
%post
# Create an (empty) system-wide repo.
flatpak remote-list --system &> /dev/null || :
%ldconfig_scriptlets libs
%files -f %{name}.lang
%license COPYING
# Comply with the packaging guidelines about not mixing relative and absolute
# paths in doc.
%doc %{_pkgdocdir}
%{_bindir}/flatpak
%{_bindir}/flatpak-bisect
%{_bindir}/flatpak-coredumpctl
%{_datadir}/bash-completion
%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml
%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml
%{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service
%{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service
%{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service
# Co-own directory.
%{_datadir}/gdm/env.d
%{_datadir}/%{name}
%{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy
%{_datadir}/polkit-1/rules.d/org.freedesktop.Flatpak.rules
%{_datadir}/zsh/site-functions
%{_libexecdir}/flatpak-dbus-proxy
%{_libexecdir}/flatpak-portal
%{_libexecdir}/flatpak-session-helper
%{_libexecdir}/flatpak-system-helper
%dir %{_localstatedir}/lib/flatpak
%{_mandir}/man1/%{name}*.1*
%{_mandir}/man5/%{name}-metadata.5*
%{_mandir}/man5/flatpak-flatpakref.5*
%{_mandir}/man5/flatpak-flatpakrepo.5*
%{_mandir}/man5/flatpak-installation.5*
%{_mandir}/man5/flatpak-remote.5*
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
%{_sysconfdir}/flatpak/remotes.d
%{_sysconfdir}/profile.d/flatpak.sh
%{_unitdir}/flatpak-system-helper.service
%{_userunitdir}/flatpak-portal.service
%{_userunitdir}/flatpak-session-helper.service
# Co-own directory.
%{_userunitdir}/dbus.service.d
%files devel
%{_datadir}/gir-1.0/Flatpak-1.0.gir
%{_datadir}/gtk-doc/
%{_includedir}/%{name}/
%{_libdir}/libflatpak.so
%{_libdir}/pkgconfig/%{name}.pc
%files libs
%license COPYING
%{_libdir}/girepository-1.0/Flatpak-1.0.typelib
%{_libdir}/libflatpak.so.*
%changelog
* Tue May 14 2019 David King <dking@redhat.com> - 1.0.6-4
- Bump release (#1700654)
* Mon Apr 29 2019 David King <dking@redhat.com> - 1.0.6-3
- Fix IOCSTI sandbox bypass (#1700654)
* Wed Feb 13 2019 David King <dking@redhat.com> - 1.0.6-2
- Do not mount /proc in root sandbox (#1675776)
* Tue Dec 18 2018 Kalev Lember <klember@redhat.com> - 1.0.6-1
- Update to 1.0.6 (#1630249)
- Recommend p11-kit-server instead of just p11-kit (#1649049)
* Mon Dec 10 2018 David King <dking@redhat.com> - 1.0.4-2
- Backport patches to improve OCI support (#1657306)
* Fri Oct 12 2018 Kalev Lember <klember@redhat.com> - 1.0.4-1
- Update to 1.0.4 (#1630249)
* Thu Sep 13 2018 Kalev Lember <klember@redhat.com> - 1.0.2-1
- Update to 1.0.2 (#1630249)
* Tue Aug 28 2018 David King <dking@redhat.com> - 1.0.1-1
- Update to 1.0.1 (#1621401)
* Wed Aug 01 2018 David King <dking@redhat.com> - 0.99.3-1
- Update to 0.99.3
* Wed May 23 2018 Adam Jackson <ajax@redhat.com> - 0.11.7-2
- Remove Requires: kernel >= 4.0.4-202, which corresponds to rawhide
somewhere before Fedora 22 which this spec file certainly no longer
supports.
* Thu May 03 2018 Kalev Lember <klember@redhat.com> - 0.11.7-1
- Update to 0.11.7
* Wed May 02 2018 Kalev Lember <klember@redhat.com> - 0.11.6-1
- Update to 0.11.6
* Wed May 02 2018 Kalev Lember <klember@redhat.com> - 0.11.5-2
- Backport a fix for a gnome-software crash installing .flatpakref files
* Mon Apr 30 2018 David King <amigadave@amigadave.com> - 0.11.5-1
- Update to 0.11.5
* Thu Apr 26 2018 Kalev Lember <klember@redhat.com> - 0.11.4-1
- Update to 0.11.4
* Mon Feb 19 2018 David King <amigadave@amigadave.com> - 0.11.3-1
- Update to 0.11.3
* Mon Feb 19 2018 David King <amigadave@amigadave.com> - 0.11.2-1
- Update to 0.11.2
* Wed Feb 14 2018 David King <amigadave@amigadave.com> - 0.11.1-1
- Update to 0.11.1 (#1545224)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Feb 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.10.3-2
- Switch to %%ldconfig_scriptlets
* Tue Jan 30 2018 Kalev Lember <klember@redhat.com> - 0.10.3-1
- Update to 0.10.3
* Thu Dec 21 2017 David King <amigadave@amigadave.com> - 0.10.2.1-1
- Update to 0.10.2.1
* Fri Dec 15 2017 Kalev Lember <klember@redhat.com> - 0.10.2-1
- Update to 0.10.2
* Fri Nov 24 2017 David King <amigadave@amigadave.com> - 0.10.1-1
- Update to 0.10.1
* Thu Oct 26 2017 Kalev Lember <klember@redhat.com> - 0.10.0-1
- Update to 0.10.0
* Mon Oct 09 2017 Kalev Lember <klember@redhat.com> - 0.9.99-1
- Update to 0.9.99
* Tue Sep 26 2017 Kalev Lember <klember@redhat.com> - 0.9.98.2-1
- Update to 0.9.98.2
* Tue Sep 26 2017 Kalev Lember <klember@redhat.com> - 0.9.98.1-1
- Update to 0.9.98.1
* Mon Sep 25 2017 Kalev Lember <klember@redhat.com> - 0.9.98-1
- Update to 0.9.98
* Thu Sep 14 2017 Kalev Lember <klember@redhat.com> - 0.9.12-1
- Update to 0.9.12
* Wed Sep 13 2017 Kalev Lember <klember@redhat.com> - 0.9.11-1
- Update to 0.9.11
* Mon Sep 04 2017 Kalev Lember <klember@redhat.com> - 0.9.10-1
- Update to 0.9.10
- Split out flatpak-builder to a separate source package
* Fri Aug 25 2017 Kalev Lember <klember@redhat.com> - 0.9.8-2
- Backport a patch to fix regression in --devel
* Mon Aug 21 2017 David King <amigadave@amigadave.com> - 0.9.8-1
- Update to 0.9.8
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Sun Jul 30 2017 Florian Weimer <fweimer@redhat.com> - 0.9.7-4
- Rebuild with binutils fix for ppc64le (#1475636)
* Thu Jul 27 2017 Owen Taylor <otaylor@redhat.com> - 0.9.7-3
- Add a patch to fix OCI refname annotation
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Jul 01 2017 David King <amigadave@amigadave.com> - 0.9.7-1
- Update to 0.9.7 (#1466970)
* Tue Jun 20 2017 David King <amigadave@amigadave.com> - 0.9.6-1
- Update to 0.9.6
* Sat Jun 10 2017 David King <amigadave@amigadave.com> - 0.9.5-1
- Update to 0.9.5 (#1460437)
* Tue May 23 2017 David King <amigadave@amigadave.com> - 0.9.4-1
- Update to 0.9.4 (#1454750)
* Mon Apr 24 2017 David King <amigadave@amigadave.com> - 0.9.3-1
- Update to 0.9.3
* Fri Apr 07 2017 David King <amigadave@amigadave.com> - 0.9.2-2
- Add eu-strip dependency for flatpak-builder
* Wed Apr 05 2017 Kalev Lember <klember@redhat.com> - 0.9.2-1
- Update to 0.9.2
* Wed Mar 15 2017 Kalev Lember <klember@redhat.com> - 0.9.1-1
- Update to 0.9.1
* Fri Mar 10 2017 Kalev Lember <klember@redhat.com> - 0.8.4-1
- Update to 0.8.4
* Sun Feb 19 2017 David King <amigadave@amigadave.com> - 0.8.3-3
- Make flatpak-builder require bzip2 (#1424857)
* Wed Feb 15 2017 Kalev Lember <klember@redhat.com> - 0.8.3-2
- Avoid pulling in all of ostree and only depend on ostree-libs subpackage
* Tue Feb 14 2017 Kalev Lember <klember@redhat.com> - 0.8.3-1
- Update to 0.8.3
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Jan 27 2017 Kalev Lember <klember@redhat.com> - 0.8.2-1
- Update to 0.8.2
* Wed Jan 18 2017 David King <amigadave@amigadave.com> - 0.8.1-1
- Update to 0.8.1
* Tue Dec 20 2016 Kalev Lember <klember@redhat.com> - 0.8.0-1
- Update to 0.8.0
* Tue Nov 29 2016 David King <amigadave@amigadave.com> - 0.6.14-2
- Add a patch to fix a GNOME Software crash
- Silence repository listing during post
* Tue Nov 29 2016 Kalev Lember <klember@redhat.com> - 0.6.14-1
- Update to 0.6.14
* Wed Oct 26 2016 David King <amigadave@amigadave.com> - 0.6.13-2
- Add empty /etc/flatpak/remotes.d
* Tue Oct 25 2016 David King <amigadave@amigadave.com> - 0.6.13-1
- Update to 0.6.13
* Thu Oct 06 2016 David King <amigadave@amigadave.com> - 0.6.12-1
- Update to 0.6.12
* Tue Sep 20 2016 Kalev Lember <klember@redhat.com> - 0.6.11-1
- Update to 0.6.11
- Set minimum ostree and bubblewrap versions
* Mon Sep 12 2016 David King <amigadave@amigadave.com> - 0.6.10-1
- Update to 0.6.10
* Tue Sep 06 2016 David King <amigadave@amigadave.com> - 0.6.9-2
- Look for bwrap in PATH
* Thu Aug 25 2016 David King <amigadave@amigadave.com> - 0.6.9-1
- Update to 0.6.9
* Mon Aug 01 2016 David King <amigadave@amigadave.com> - 0.6.8-1
- Update to 0.6.8 (#1361823)
* Thu Jul 21 2016 David King <amigadave@amigadave.com> - 0.6.7-2
- Use system bubblewrap
* Fri Jul 01 2016 David King <amigadave@amigadave.com> - 0.6.7-1
- Update to 0.6.7
* Thu Jun 23 2016 David King <amigadave@amigadave.com> - 0.6.6-1
- Update to 0.6.6
* Fri Jun 10 2016 David King <amigadave@amigadave.com> - 0.6.5-1
- Update to 0.6.5
* Wed Jun 01 2016 David King <amigadave@amigadave.com> - 0.6.4-1
- Update to 0.6.4
* Tue May 31 2016 David King <amigadave@amigadave.com> - 0.6.3-1
- Update to 0.6.3
- Move bwrap to main package
* Tue May 24 2016 David King <amigadave@amigadave.com> - 0.6.2-1
- Rename from xdg-app to flatpak (#1337434)