This gives us conditionals for shares and features. So far we have no
use case for this, but the system already exists, it makes the code
simpler, and when we need this in the future, we don't have to wait for
it to roll out.
For device and socket the negated versions are nodevice and nosocket,
but for shares, the strings are allow and disallow. Take arguments for
both forms.
Allow specifying a lookside URL for downloading signatures for
an OCI remote. This can be specified:
In a .repofile with the SignatureLookaside key
As the --signature-lookaside option to remote-add/remote-modify
FlatpakOciSignature was a Flatpak-specific analog to
the containers/image "simple signatures" - but it wasn't used at
all, and Flatpaks on registry.redhat.io are signed by the
original simple signatures. So modify it correspond to
the original simple signatures.
There is some code for OCI signature verification that isn't currently
hooked up at all. In preparation for reworking it to usefully check
signatures that actually exist in OCI registries, move it to a
separate file.
Only G_FILE_ATTRIBUTE_STANDARD_NAME is necessary here for
g_file_info_get_name() and g_file_enumerator_get_child() purpose. This
avoids various thumbnailing house-keeping that GIO tries to do when any
thumbnailing file attribute is requested (fairly visible when run with
strace), in addition to just making more sense that way.
At the moment the --runtime-repo flags of flatpak build-bundle export is
ignored when building an OCI image. So an Flatpak OCI registry which
wants to supports a .flatpakref file has no information about the
runtime repo. With this PR the runtime repo gets added as the
org.flatpak.runtime-repo label to the OCI image.
This is currently only metadata to be used by repositories and not
used by flatpak during install.
journalctl also prints something when the message didn't make it to
whatever journalctl connects to. Check for the specific message showing
up instead to make sure it all works as expected.
We declare the autoptrs explicitly on those typedefs so it works on
older systems but this one accidentally uses the type provided by polkit
itself.
Fixes: 1372e16d ("dir: Check parental control authorization via system bus name")
When an xdg dir is not available, it is supposed to point at $HOME. We
do not want to mount $HOME though in that case, so we just skip the xdg
dir instead.
The check compares the strings of the the xdg dir path and the home dir
path. So far it relied on the functions internally canonicalizing the
paths in the same way, but there was a glib regression:
https://gitlab.gnome.org/GNOME/glib/-/issues/3811
("g_get_user_special_dir doesn't strip trailing slash from $HOME")
Which then was fixed in cb3e9fe74 ("gutils: Strip all trailing
slashes").
We can however just canonicalize on the paths on the caller side to make
this more robust, so let's just do that.
Closes: #6323
Instead of doing meson dist on the developers machine and uploading it,
and creating the release in github, we can let the CI take care of it.
Closes#6404
Extra-data usually is downloaded on the user side into an ostree repo.
For system installs, a temporary ostree repo is used on the user side
and then imported on the system side. This doesn't work for OCI images
because importing the image into an ostree repo makes it impossible for
the system side to verify the data.
So instead, the OCI image is first mirrored into a local OCI repo and
then gets imported on the system side, which can verify the image from
the index by the digest.
Closes: https://github.com/flatpak/flatpak/issues/3790
It took in a ostree commit before, but it really only needs the detached
metadata. The single caller now converts it correctly.
This will become useful when we want to know the size of the extra data
when the metadata is coming from an OCI image.
This cleans up flatpak_dir_pull_extra_data in a way that it is only
responsible for downloading the extra-data. In has no dependencies on
ostree concepts any more.
The new flatpak_dir_pull_ostree_extra_data now takes care of extracing
the extra data sources and saving it in the detached metadata.
CURLcode return values from curl_easy_setopt() were being compared
with CURLM_OK (a CURLMcode constant) instead of CURLE_OK. This is
incorrect as CURLM_OK is for multi interface functions, not easy
interface functions.
A few years ago there was a very painful attempt at porting from
libsoup2 to libsoup3. Flatpak libsoup3 support never landed and it seems
like a large amount of distros have switched over to libcurl instead.
This commit removes libsoup2 support completely instead of growing
libsoup3 support.
Closes#5915Closes#4582
Add an option to build OCI bundles with zstd compressed layers.
gzip is kept as the default for maximum compatibility:
Ecosystem support:
distribution/distribution: no explicit support, but works
quay.io: sinc 2021
Amazon ECR: supported
pulp_container: since 2022
flatpak: since first-OCI supporting version
tardiff: since first version
- Make percent values translatable
Various languages use different ways to format the percentage
values[1], making it translatable will allow a more coherent way to
display the information.
- Make remaining time abbreviation translatable
Making this value translatable will allow languages to display the
seconds abbreviation in their language. This is particulary an issue
for Turkish, in which hours and seconds start with the same letter, so
it's not possible to distinguish which is which. We use a second
letter (sa, sn) to figure it out.
[1] https://en.wikipedia.org/wiki/Percent_sign#Form_and_spacing
Signed-off-by: Emir SARI <emir_sari@icloud.com>
In 4febfb59 ("flatpak: Disable progress escape sequence by default") the
escape sequence has been disabled by default, but we want to enable it
again for 1.18.
