Hello community,
here is the log from the commit of package flatpak.13486 for
openSUSE:Leap:15.2:Update checked in at 2020-07-26 16:25:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/flatpak.13486 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.flatpak.13486.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flatpak.13486"
Sun Jul 26 16:25:40 2020 rev:1 rq:822387 version:1.6.3
Changes:
--------
New Changes file:
--- /dev/null 2020-07-16 02:54:20.700682797 +0200
+++ /work/SRC/openSUSE:Leap:15.2:Update/.flatpak.13486.new.3592/flatpak.changes
2020-07-26 16:25:41.505161543 +0200
@@ -0,0 +1,3012 @@
+-------------------------------------------------------------------
+Tue Jun 16 02:21:39 UTC 2020 - Yifan Jiang <yfji...@suse.com>
+
+- Create a skeleton flatpak repo using "flatpak remotes" instead
+ of a manually created directory (bsc#1172316, bsc#1169619,
+ bsc#1170416).
+
+-------------------------------------------------------------------
+Mon May 18 08:53:10 UTC 2020 - Yifan Jiang <yfji...@suse.com>
+
+- When SLE uses GNOME desktop environment, GNOME Software is
+ automatically started to provide key update features. During the
+ startup, it setups flatpak repository so that related features
+ can function properly. In a system environment of no flatpak
+ repository has ever been setup before, this triggers
+ "org.freedesktop.Flatpak.modify-repo" polkit action.
+
+ Therefore in systems which use a restrictive security policy
+ (eg. SLES) for the aforementioned policy action, a polkit
+ authentication dialog will pop up without any user interaction
+ for the first time login. This is not user friendly.
+
+ This submission creates /var/lib/flatpak/repo at package
+ installation to avoid such a confusing authentication pop-up, at
+ nearly 0 cost of security compromise (bsc#1169619, bsc#1170416).
+
+-------------------------------------------------------------------
+Mon Apr 6 14:31:20 UTC 2020 - Antonio Larrosa <alarr...@suse.com>
+
+- Require bubblewrap 0.4.1
+
+-------------------------------------------------------------------
+Mon Apr 6 09:32:31 UTC 2020 - Antonio Larrosa <alarr...@suse.com>
+
+- Update to version 1.6.3:
+ + The main change in this version is a fix for a regression in
+ the progress calculation for applications using extra-data.
+ Additionally the bundled version of bubblewrap is updated to
+ 0.4.1 which fixes a security issue in some cases. See
+ GHSA-j2qp-rvxj-43vj for details.
+ + Don't break if users primary gid is not in the nsswitch
+ database
+ + Fix crash in flatpak repair if no remotes are configured
+ + Some updates to the oci authenticator
+ + Retry downloads of extra data
+ + Updated translations.
+
+-------------------------------------------------------------------
+Sun Feb 16 17:22:44 UTC 2020 - Bjørn Lie <bjorn....@gmail.com>
+
+- Drop obsolete _servicedata file.
+
+-------------------------------------------------------------------
+Thu Feb 13 15:57:51 UTC 2020 - Antonio Larrosa <alarr...@suse.com>
+
+- Update to version 1.6.2:
+ + Due to a combination of some behaviour in flatpak and recent
+ versions of ostree we at some point lost the use of deltas for
+ the initial install case, instead always falling back to a full
+ ostree operation which is a lot less efficient for pulls with
+ many small files like a runtime. This caused some very slow
+ installs from e.g. flathub, so it's recommended to update to
+ this version to get better install performance.
+ + We now correctly handle TMPDIR env var overrides when bwrap is
+ setuid
+ + Disallow running "flatpak run" under sudo (as it doesn't work
+ and causes issues)
+ + Fix build with older versions of glib
+ + Minor documentation updates
+ + Updated translations.
+
+-------------------------------------------------------------------
+Thu Jan 30 16:56:01 UTC 2020 - Antonio Larrosa <alarr...@suse.com>
+
+- Update to version 1.6.1:
+ + This is a (mild) security update. Flatpak 1.6.0 added the
+ ability for an application to request it to be updated, as long
+ as the new version doesn't require new permissions.
+ Unfortunately in some special cases, if an app had access to
+ the home directory, but not the rest of the filesystem it would
+ still allow a self-update where the new version could access
+ some files outside the home directory.
+ + New permission --device=shm giving access to host /dev/shm, as
+ needed for jack.
+ + Generated correct download size in build-commit-from
+ + sub-sandbox now allows the child to share the gpu of the caller
+ has full device access
+ + Fix crash with disabled remotes
+ + Fix builds with older versions of glib
+ + Updated translations.
+
+-------------------------------------------------------------------
+Sat Jan 25 14:07:31 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org>
+
+- No longer recommend -lang: supplements are in use
+
+-------------------------------------------------------------------
+Tue Jan 14 11:23:06 UTC 2020 - Antonio Larrosa <alarr...@suse.com>
+
+- Update dependencies required by flatpak 1.6.0 .
+- Require xdg-dbus-proxy instead of building the (outdated)
+ builtin version.
+
+-------------------------------------------------------------------
+Mon Dec 30 10:00:24 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Change %_prefix/lib to %_libexecdir: Makefile installs the file
+ explicitly into libexecdir. Let's be ready in case this path is
+ going to change.
+
+-------------------------------------------------------------------
+Fri Dec 27 10:23:14 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Co-own /usr/lib/systemd/user-environment-generators. We don't
+ want to forcibly pull in systemd into the buildroot just to own
+ this directory.
+
+-------------------------------------------------------------------
+Fri Dec 20 22:44:39 UTC 2019 - Bjørn Lie <bjorn....@gmail.com>
+
+- Update to version 1.6.0:
+ + This is the first stable release in the 1.6 series, main
+ changes since 1.4 is the support for protected content and
+ improvements in the self-sandboxing support.
+ + There is one change in the support for OCI remotes, we now only
+ support the use of labels, not annotations, as labels work with
+ more registries. This means pre-existing OCI flatpak registries
+ (like fedora) may need some changes.
+ + New permissions --socket=cups for direct cups access.
+ + Fix some leaks.
+ + Fix reporting of progress with latest version of ostree.
+ + New no-interaction flag for authenticators.
+ + Support for auto-installing authenticators from a flatpak
+ remote.
+ + Warn less about unset XDG_DATA_DIRS.
+ + Don't poll for updates in the portal when on a metered
+ connection.
+- Modernize spec with current macros.
+
+-------------------------------------------------------------------
+Mon Nov 25 16:59:29 UTC 2019 - Frederic Crozat <fcro...@suse.com>
+
+- Package empty /etc/flatpak/remotes.d.
+
+-------------------------------------------------------------------
+Wed Nov 20 12:53:08 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Add pkgconfig(libsystemd) BuildRequires (boo#1157126).
+- Drop systemd_requires: strictly speaking, we do not require
+ systemd.
+
+-------------------------------------------------------------------
+Mon Oct 21 19:10:42 UTC 2019 - Bjørn Lie <bjorn....@gmail.com>
+
+- Update to version 1.4.3:
+ + Fix crash in revokefs.
+ + Handle 'versions' extension key (in addition to 'version') when
+ checking for local extensions, which was causing us to
+ uninstall some actually used extensions with uninstall
+ --unused.
+ + The 'required-flatpak' metadata key now supports listing
+ multiple versions to support backported features.
+ + Fix crash with older versions of polkit.
+ + Fix installation of bundles.
+ + Fix crash on deploy error.
+ + Support building bundles of apps installed from a remote.
+ + OCI: Fix handling of locally cached icons.
+ + Fix crash when listing unconfigured remotes.
+ + Ignore differences in trailing slashes for repo uris.
+
+-------------------------------------------------------------------
+Mon Jul 8 12:53:30 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Add system-user-flatpak.conf: generate a flatpak user for the
+ system helper (boo#1137537).
+
+-------------------------------------------------------------------
+Wed Jul 3 08:27:20 UTC 2019 - Antonio Larrosa <alarr...@suse.com>
+
+- Update to version 1.4.2:
+ * Support extra_data in extensions.
+ * Handle double slashes ("//") in XDG_DATA_DIRS.
+ * Fix detection of local related refs.
+
+-------------------------------------------------------------------
+Thu Jun 14 09:33:16 UTC 2019 - Antonio Larrosa <alarr...@suse.com>
+
+- Add a _dbusconfigdir variable in the spec file so we install the
+ flatpak-system-helper config file in a location actually read by
+ dbus, which didn't support having config files in /usr/share
+ until 1.9.18 (first introduced in SLE15).
+- Remove the systemd environment generator if building with
+ systemd < 233 which doesn't support environment generators.
+- Rename the libflapak-doc.xml file which has a typo in the name
+ upstream.
+- BuildRequire libgpgme-devel, not libqgpgme-devel which is not
+ really needed.
++++ 2815 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.2:Update/.flatpak.13486.new.3592/flatpak.changes
New:
----
_service
flatpak-1.6.3.tar.xz
flatpak.changes
flatpak.spec
polkit_rules_usability.patch
system-user-flatpak.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ flatpak.spec ++++++
#
# spec file for package flatpak
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# dbus only used config files in /etc until 1.9.18
%if %{pkg_vcmp dbus-1 < 1.9.18}
%define _dbusconfigdir %{_sysconfdir}/dbus-1/system.d
%else
%define _dbusconfigdir %{_datadir}/dbus-1/system.d
%endif
# systemd only supports environment generators since version 233
%if %{pkg_vcmp systemd < 233}
%define support_environment_generators 0
%else
%define support_environment_generators 1
%endif
%define libname libflatpak0
Name: flatpak
Version: 1.6.3
Release: 0
Summary: OSTree based application bundles management
License: LGPL-2.1-or-later
Group: System/Packages
URL: https://flatpak.github.io/
Source0: %{name}-%{version}.tar.xz
Source1: system-user-flatpak.conf
Patch0: polkit_rules_usability.patch
BuildRequires: bison
BuildRequires: bubblewrap >= 0.4.1
BuildRequires: docbook-xsl-stylesheets
BuildRequires: gtk-doc
BuildRequires: intltool >= 0.35.0
BuildRequires: libcap-devel
BuildRequires: libdwarf-devel
BuildRequires: libgpgme-devel >= 1.1.8
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: sysuser-tools
BuildRequires: xdg-dbus-proxy >= 0.1.0
BuildRequires: xsltproc
BuildRequires: pkgconfig(appstream-glib)
BuildRequires: pkgconfig(dconf)
BuildRequires: pkgconfig(fuse)
BuildRequires: pkgconfig(gio-2.0)
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(glib-2.0) >= 2.44
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0
BuildRequires: pkgconfig(gobject-introspection-no-export-1.0) >= 1.40.0
BuildRequires: pkgconfig(json-glib-1.0)
BuildRequires: pkgconfig(libarchive) >= 2.8.0
BuildRequires: pkgconfig(libelf) >= 0.8.12
BuildRequires: pkgconfig(libseccomp)
BuildRequires: pkgconfig(libsoup-2.4)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(ostree-1) >= 2018.9
BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(xau)
Requires: %{libname} = %{version}
Requires: bubblewrap >= 0.4.1
Requires: ostree >= 2018.9
Requires: xdg-dbus-proxy >= 0.1.0
Requires: xdg-desktop-portal >= 0.10
Requires: user(flatpak)
# Remove after openSUSE Leap 42 is out of scope
Provides: xdg-app = %{version}
Obsoletes: xdg-app < %{version}
%description
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
%package -n system-user-flatpak
Summary: System user for the flatpak system helper
Group: System/Base
%sysusers_requires
%description -n system-user-flatpak
System user for the flatpak system helper.
%package -n %{libname}
Summary: OSTree based application bundle management library
Group: System/Libraries
%description -n %{libname}
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
%package -n typelib-1_0-Flatpak-1_0
Summary: Introspection bindings for the flatpak library
Group: System/Libraries
%description -n typelib-1_0-Flatpak-1_0
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
%package zsh-completion
Summary: Zsh tab-completion for flatpak
Group: System/Shells
Supplements: packageand(%{name}:%(rpm -q --qf '%%{NAME}' --whatprovides zsh))
%description zsh-completion
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
This package provides zsh tab-completion for flatpak.
%package devel
Summary: Development files for the flatpak library
Group: Development/Languages/C and C++
Requires: %{libname} = %{version}
Requires: %{name} = %{version}
Requires: typelib-1_0-Flatpak-1_0 = %{version}
%description devel
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
%lang_package
%prep
%autosetup -p1
sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
%build
%define _lto_cflags %{nil}
NOCONFIGURE=1 ./autogen.sh
%configure \
--disable-silent-rules \
--enable-gtk-doc \
--disable-document-portal \
--with-system-bubblewrap \
--with-priv-mode=none \
--with-dbus-config-dir=%{_dbusconfigdir} \
--with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \
%{nil}
%make_build
%sysusers_generate_pre %{SOURCE1} system-user-flatpak
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
mkdir -p %{buildroot}%{_sbindir}
ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
# add a 60- prefix to the rules file, otherwise it is not effective, because
# /etc/polkit-1/rules.d/90-default-privs.rules is executed first and if no
# polkit-default-privs rule grants access then an explicit reject is the
# result. This should fix bsc#984817, granting members of group wheel access
# w/o password entry.
mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules
mkdir -p %{buildroot}%{_sysusersdir}
install -m 644 %{SOURCE1} %{buildroot}%{_sysusersdir}/system-user-flatpak.conf
%if !%{support_environment_generators}
rm -Rf %{buildroot}%{_libexecdir}/systemd/user-environment-generators/
%endif
mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d
%find_lang %{name}
%pre -n system-user-flatpak -f system-user-flatpak.pre
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%pre
%service_add_pre flatpak-system-helper.service
%preun
%service_del_preun flatpak-system-helper.service
%post
%service_add_post flatpak-system-helper.service
# Remove any empty repo directory, which is seen as invalid by flatpak. After
that, create a skeleton repository using "flatpak remotes".
if [ -e "%{_localstatedir}/lib/flatpak/repo" ] && [ -z "$(ls -A
%{_localstatedir}/lib/flatpak/repo)" ]; then
rm -r %{_localstatedir}/lib/flatpak/repo
fi
%{_bindir}/flatpak remotes 1> /dev/null
%postun
%service_del_postun flatpak-system-helper.service
%files -f %{name}.lang
%license COPYING
%{_bindir}/flatpak
%{_bindir}/flatpak-bisect
%{_bindir}/flatpak-coredumpctl
%{_libexecdir}/flatpak-portal
%{_libexecdir}/flatpak-session-helper
%{_libexecdir}/flatpak-system-helper
%{_libexecdir}/flatpak-validate-icon
%{_libexecdir}/revokefs-fuse
%{_datadir}/bash-completion/completions/flatpak
# # Own dirs so we don't have to depend on dbus for building.
%dir %{_datadir}/dbus-1
%dir %{_datadir}/dbus-1/interfaces
%dir %{_datadir}/dbus-1/services
%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml
%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml
%{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service
%{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service
%{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service
%{_dbusconfigdir}/org.freedesktop.Flatpak.SystemHelper.conf
# policykit rules
%{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy
%{_datadir}/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules
%{_mandir}/man1/%{name}*.1%{ext_man}
%{_mandir}/man5/flatpak-metadata.5%{ext_man}
%{_mandir}/man5/flatpak-flatpakref.5%{ext_man}
%{_mandir}/man5/flatpak-flatpakrepo.5%{ext_man}
%{_mandir}/man5/flatpak-installation.5%{ext_man}
%{_mandir}/man5/flatpak-remote.5%{ext_man}
%{_datadir}/%{name}/
%config %{_sysconfdir}/profile.d/flatpak.sh
%{_sysconfdir}/flatpak
# Own dirs so we don't have to depend on gdm for building.
%dir %{_datadir}/gdm/
%dir %{_datadir}/gdm/env.d/
%{_datadir}/gdm/env.d/flatpak.env
%{_unitdir}/flatpak-system-helper.service
%{_sbindir}/rcflatpak-system-helper
%{_userunitdir}/flatpak-session-helper.service
%{_userunitdir}/flatpak-portal.service
%ghost %dir %{_localstatedir}/lib/flatpak
%if %{support_environment_generators}
%dir %{_libexecdir}/systemd/user-environment-generators
%{_libexecdir}/systemd/user-environment-generators/60-flatpak
%endif
%{_libexecdir}/flatpak-oci-authenticator
%{_userunitdir}/flatpak-oci-authenticator.service
%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml
%{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service
%files -n system-user-flatpak
%{_sysusersdir}/system-user-flatpak.conf
%files -n %{libname}
%{_libdir}/libflatpak.so.*
%files -n typelib-1_0-Flatpak-1_0
%{_libdir}/girepository-1.0/Flatpak-1.0.typelib
%files zsh-completion
%dir %{_datadir}/zsh/site-functions
%{_datadir}/zsh/site-functions/_flatpak
%files devel
%{_libdir}/pkgconfig/flatpak.pc
%{_datadir}/gtk-doc/
%{_includedir}/%{name}/
%{_libdir}/libflatpak.so
%{_datadir}/gir-1.0/Flatpak-1.0.gir
%changelog
++++++ _service ++++++
<?xml version="1.0"?>
<services>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/flatpak/flatpak.git</param>
<param name="scm">git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="revision">refs/tags/1.6.3</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
<service name="set_version" mode="disabled"/>
</services>
++++++ polkit_rules_usability.patch ++++++
Index: flatpak-0.11.8.3/system-helper/org.freedesktop.Flatpak.rules.in
===================================================================
--- flatpak-0.11.8.3.orig/system-helper/org.freedesktop.Flatpak.rules.in
+++ flatpak-0.11.8.3/system-helper/org.freedesktop.Flatpak.rules.in
@@ -3,7 +3,10 @@ polkit.addRule(function(action, subject)
action.id == "org.freedesktop.Flatpak.runtime-install"||
action.id == "org.freedesktop.Flatpak.app-uninstall" ||
action.id == "org.freedesktop.Flatpak.runtime-uninstall" ||
- action.id == "org.freedesktop.Flatpak.modify-repo") &&
+ action.id == "org.freedesktop.Flatpak.modify-repo" ||
+ action.id == "org.freedesktop.Flatpak.app-update" ||
+ action.id == "org.freedesktop.Flatpak.runtime-update" ||
+ action.id == "org.freedesktop.Flatpak.appstream-update") &&
subject.active == true && subject.local == true &&
subject.isInGroup("@privileged_group@")) {
return polkit.Result.YES;
++++++ system-user-flatpak.conf ++++++
# Type Name ID GECOS [HOME]
u flatpak - "User for flatpak system helper"
