forked from flatpak/flatpak
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
2398 lines (2086 loc) · 108 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes in 1.9.2
~~~~~~~~~~~~~~~~
Released: 2020-11-20
* Some build fixes on non-x86-64 arches
* Fix permission issue in endless installer
* Fixed a bug where flatpak was accidentally clearing the summary cache
during updates in the user installation.
* Fix handling of the multiarch permission.,
* Add back the commit timestamp to the summary file.
Changes in 1.9.1
~~~~~~~~~~~~~~~~
Released: 2020-11-19
This is the first unstable release in the series that will lead to
1.10. The main change in this version is a new format for the summary
file used when accessing an OSTree repository on the network. For this
reason we now require OSTree version 2020.8.
The new format should make getting the initial metadata required for
most flatpak operations much faster, and use less network
bandwidth. This will allow repositories to scale to more apps and more
architectures without affecting clients. The old format is still
generated for compatibility with older clients.
The new format also allows repositories to publish named subsets, and
for clients to declare that they only want to see that subset. The
goal here is to allow for example flathub to mark all FOSS apps, and
make it possible for users to use a flathub-foss remote without
flathub having to maintain two duplicated repositories. This is
accessible by passing --subset=SUBSET to the build-commit-from and
build-export commands.
The new repo option `flatpak.summary-arches` controls which architectures
are put in the old format summary. This can be used to avoid newly added
architectures making old clients slower, at the cost of requiring a newer
flatpak client version for the new architecture.
Other major changes
* There is a new `flatpak pin` command that lets you pin runtimes
so that they are not considered unused. Also, we now by default pin
runtimes that are installed explicitly (i.e. not as a dependency of an
app).
* During a regular update or uninstall of an app, if the operation
makes a previously used runtime unused, and the runtime is marked
as end-of-lifed, then the runtime is automatically uninstalled.
* During `flatpak update` (i.e. with no specific app given) flatpak
now automatically adds uninstall operations for end-of-life runtimes
that are unused.
* The end-of-life warnings in the flatpak CLI are now better, showing
more useful details (like version and what apps are using the runtime)
and less unuseful details.
* Some changes was made in which dconf paths were considered "similar"
to the app id, allowing for example `org.gnome.SoundJuicer` to
migrate from `/org/gnome/sound-juicer`.
* Flatpak run now implements the new standard for os-release in containers
(https://www.freedesktop.org/software/systemd/man/os-release.html).
* There is now a tcsh profile snippet
* The origin remote for an app is now prioritized over other remotes with
the same priority when looking for dependencies.
* We now allow extra-data apply_extra processes to run multiarch code.
* A new internal representation for ostree ref strings was added which
is more efficient. This should not affect the behaviour of flatpak
but the large amounts of changes to use this may have accidentally
introduced regressions.
* Some fixes to the in-memory summary cache make it more efficient.
* --filesystem=/ is now explicitly forbidden as it doesn't work (and never
did).
* Flatpak install/update now only prints `(partial)` for an update that
actually is partial (not just for all locales).
* Flatpak remote-ls on a file: uri (for example a sideloaded repo) now
correctly lists the refs in the repo.
* New library APIS: flatpak_installation_list_pinned_refs,
flatpak_transaction_set_disable_auto_pin,
flatpak_transaction_set_include_unused_uninstall_ops,
flatpak_transaction_operation_get_subpaths,
flatpak_transaction_operation_get_requires_authentication.
* flatpak_installation_list_installed_refs_for_update() now returns
refs that have a end-of-life rebase that it could be updated to.
* There is a new `ready-pre-auth` signal in FlatpakTransaction allowing
clients new ways to handling authentication.
* Fix bug where extension sources were sometimes auto-installed
Changes in 1.8.3
~~~~~~~~~~~~~~~~
Released: 2020-11-17
* Fixed progress reporting for OCI and extra-data
* The in-memory summary cache is more efficient
* Fixed authentication getting stuck in a loop in some cases
* Fixed authentication error reporting
* We now extract OCI info for runtimes as well as apps
* Fixed crash if anonymous authentication fails and -y is specified
* flatpak info now only looks at the specified installation
if one is specified
* Better error reporting for server HTTP errors during download
* Uninstall now removes applications before the runtime it depends on
* Fixed test-suite to pass with the latest OSTree version
* Fixed dbus environment variables in flatpak enter
* Avoid updating metadata from the remote when uninstalling
* Fixed error message handling in various places
* FlatpakTransaction now verifies all passed in refs to avoid
potential issues with invalid names
* Updated translations
Changes in 1.8.2
================
* Added validation of collection id settins for remotes
* Fix seccomp filters on s390
* Robustness fixes to the spawn portal
* Fix support for masking update in the system installation
* Better support for distros with uncommon models of merged /usr
* Cache responses from localed/AccoutService
* Fix hangs in cases where xdg-dbus-proxy fails to start
* Fix double-free in cups socket detection
* OCI authenticator now doesn't ask for auth in case of http errors
Changes in 1.8.1
================
* Avoid calling authenticator in update if ref didn't change
* Don't fail transaction if ref is already installed (after transaction start)
* Fix flatpak run handling of userns in the --device=all case
* Fix handling of extensions from different remotes
* Fix flatpak run --no-session-bus
* Updated translations
Changes in 1.8.0
================
New stable release series 1.8.
Changes:
* FlatpakTransaction has a new signal "install-authenticator" which clients can handle to
install authenticators needed for the transaction. This is done in the CLI commands.
* We now always expose the host timezone data, allowing us the expose the host /etc/localtime
in a way that works better, fixing several apps that had timezone issues.
* Fix flatpak enter which didn't work in some cases.
* We now ship a systemd unit (not installed by default) to automatically detect plugged in
usb sticks with sideload repos.
* By default we no longer install the gdm env.d file, as the systemd generators work better
* create-usb now exports partial commits by default
* Fix handling of docker media types in oci remotes
* Fix subjects in remote-info --log output
Changes in 1.7.3
================
* Allow direct ALSA device access if app has pulseaudio access.
* Flatpak now ships a sysusers.d file for allowing systemd to create the required users.
* Fix issue in remote-delete where it failed to delete system remotes if it had to uninstall
something first.
* New library calls flatpak_transaction_operation_get_related_to_ops(), flatpak_transaction_operation_get_is_skipped() and
flatpak_transaction_set_no_interaction().
* New options --[no-]follow-redirect in remote-add/modify
* New spawn portal APIs to get real pid of launched app.
* By default, all OCI remotes now use the flatpak-oci-authenticator.
* Support flatpak remote-info and flatpak update --commit= to specific versions for OCI remotes.
* Initial work in progress on using deltas for OCI remotes.
* Fix race in the generation of ld.so.cache when starting copies of the same app at the same time.
* Minor fix in what locales are installed on update.
* Flatpak uninstall now doesn't fail if one ref (of many) was not installed.
* Flatpak systemd transient units now have an app-prefix to match new XDG spec for
cgroup names.
* In some cases we previously downloaded the summary twice.
* flatpak upgrade is now an alias for flatpak update.
* Fix to selinux module to work without unconfined module.
* Respect user XDG basedirs when finding users fonts and icons.
* Fix issue where thread were sometimes initialized causing flatpak enter to fail.
* Better error reporting when authentication goes wrong.
Changes in 1.7.2
================
This fixes some regressions in progress reporting in 1.7.1, where it would report > 100%.
Other changes:
* Completion support for fish shell
* Properly handle migration of remotes with collection ids
* The summary now has some extra-data download size info which can make downloads slightly more efficient
Changes in 1.7.1
================
This is the first release in the 1.7.x unstable release series.
A major change is that the support for the ostree peer-to-peer installation has been
simplified. Flatpak no longer supports installing from local network peers, and sideloading
from local usb stick is no longer automatic. To enable sideloading you have to configure
a sideload repository by creating a symlink to it from /var/lib/flatpak/sideload-repos or
/run/flatpak/sideload-repos. Due to this the flatpak code has been simplified internally
and the p2p support is more efficient.
Other major changes
* If an app has filesystem access, the host /lib is accessible as /run/host/lib, etc.
* New filesystem permission "host-etc" and "host-os" give access to system /usr and /etc.
* Flatpak now uses variant-schema-compiler to generate more efficient code for
parsing GVariant files from ostreee.
* libsystemd use is now optional in configure.
* Journal sockets are mounted readonly
* document-export now supports exporting directories (requires new portal version)
* DConf migration now allows version numbers in object paths
Changes in 1.6.3
================
The main change in this version is a fix for a regression in the progress calculation
for applications using extra-data. Additionally the bundled version of bubblewrap
is updated to 0.4.1 which fixes a security issue in some cases. See
https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj
for details.
Other changes:
* Updated translations
* Don't break if users primary gid is not in the nsswitch database
* Fix crash in flatpak repair if no remotes are configured
* Some updates to the oci authenticator
* Retry downloads of extra data
Changes in 1.6.2
================
Due to a combination of some behaviour in flatpak and recent versions of ostree we at some
point lost the use of deltas for the initial install case, instead always falling back
to a full ostree operation which is a lot less efficient for pulls with many small files
like a runtime. This caused some very slow installs from e.g. flathub, so I recommend
everyone update to this version to get better install performance.
Other changes are:
* We now correctly handle TMPDIR env var overrides when bwrap is setuid
* Disallow running "flatpak run" under sudo (as it doesn't work and causes issues)
* Fix build with older versions of glib
* Minor documentation updates
* Updated translations
Changes in 1.6.1
================
This is a (mild) security update. Flatpak 1.6.0 added the ability for an application to request it to be
updated, as long as the new version doesn't require new permissions. Unfortunately in some special cases,
if an app had acces to the home directory, but not the rest of the filesystem it would still allow a
self-update where the new version could access some files outside the home directory..
This is fixed in this version, and all users of 1.6.0 are recommended to update.
Other changes are:
* New permission --device=shm giving access to host /dev/shm, as needed for jack.
* Generated correct download size in build-commit-from
* sub-sandbox now allows the child to share the gpu of the caller has full device access
* Fix crash with disabled remotes
* Fix builds with older versions of glib
* Update translations
Changes in 1.6.0
================
This is the first stable release in the 1.6 series, main changes
since 1.4 is the support for protected content and improvements
in the self-sandboxing support.
There is one change in the support for OCI remotes, we now
only support the use of labels, not annotations, as labels
work with more registries. This means pre-existing OCI flatpak
registries (like fedora) may need some changes.
Changes since 1.5.2:
* New permissions --socket=cups for direct cups access
* Fix some leaks
* Fix reporting of progress with latest version of ostree
* New no-interaction flag for authenticators
* Support for auto-installing authenticators from a flatpak remote
* Warn less about unset XDG_DATA_DIRS
* Don't poll for updates in the portal when on a metered connection
Changes in 1.5.2
================
This version has further changes to the protocol and API for handing
authentication, in order to make it more flexible and futureproof. The
sample authenticator has been updated to the new APIs. Flatpak now
ships with a OCI authenticator that can be used to access private OCI
registries.
FlatpakTransaction now also has a callback for simple user/password
authentication for an authenticator (the basic-auth-start signal)
modeled on HTTP basic authentication. This is handled in the flatpak
CLI by interactive prompts on the terminal. This is needed by the OCI
authenticator, but can also be used by other authenticators that have
simple authentication requirements.
There were also some fixes to the new self-sandboxing support of the
flatpak spawn portal, allowing webkit to use it.
Other changes:
* Show background status in flatpak ps
* Improved docs and help output
* Fix support for fd forwarding and the allow_a11y flag in the sandboxing portal
* Some improvements to the new permission-set command
* New remote option that allows settting the default token type (mostly for debugging)
Changes in 1.5.1
================
The major new feature of this is the support for protected applications and the system
around authenticting downloads to it. This is not considered stable yet, but this release
has the initial work to make it possible for developers to play around with this. I
will send out a separate mail about this later.
Other changes:
* Flatpak now bundles bubblewrap 0.4.0, and requires 0.4.0 to use the system bubblewrap.
* Optional support for parental controls using libmalcontent.
* Transaction now installs extensions before apps to ensure we have a working app immediately after install.
* Changes in temporary file use makes flatpak run work better in low disk space situations.
* flatpak enter now works without sudo, and works better in general.
* New features for the flatpak portal:
* Support starting a sub-sandbox with the child processes visible in the original sandbox.
* Support adding some kinds of permissions to sub-sandboxes
* New commands flatpak permission-set and permission-remove
* flatpak install CLI now always shows what kind of operations everything is.
* libflatpak now returns apps as updatable if doing so would auto-download missing extensions or runtimes.
* new API: flatpak_transaction_get_no_(deploy|pull).
* We can now store locale info in the extra-languages key (in addition to the country code).
* remote-ls and list --app-runtime now only shows apps, no runtimes.
* Stop using mirror refs and delete any useless mirror refs you might have in your repo.
* Fix busy-loop regression in revokefs-fuse in 1.5.0
Changes in 1.5.0
================
* New options flatpak install --or-update operation.
* New command flatpak mask allows pinning version and avoiding auto-downloads.
* Support self-updates and update monitoring in the flatpak portal.
* Fix updates of exported services with dbus-broken.
* Don't show arch columns in terminal outout if all are the same.
* Fix some cases where origin remotes were not properly removed.
* flatpak-session-helper now links to more libraries.
* OCI: Support images tagged with labels as well as annotations.
* OCI: Alway generate a history for images.
* OCI: Support docker mimetypes in addition to OCI mimetypes.
* Uninstall now always work, even if the remote it came from was force removed.
* New config key default-languages that allows additions to the system list
instead of overriding it.
* Various minor tweak to CLI behaviour and output.
Changes in 1.4.3
================
* Fix crash in revokefs.
* Handle 'versions' extension key (in addition to 'version') when
checking for local extensions, which was causing us to uninstall
some actually used extensions with uninstall --unused.
* The 'required-flatpak' metadata key now supports listing multiple
versions to support backported features.
* Fix crash with older versions of polkit.
* Fix installation of bundles.
* Fix crash on deploy error.
* Support building bundles of apps installed from a remote.
* OCI: Fix handling of locally cached icons.
* Fix crash when listing unconfigured remotes.
* Ignore differences in trailing slashes for repo uris.
Changes in 1.4.2
================
* Support extra_data in extensions.
* Handle double slashes ("//")in XDG_DATA_DIRS.
* Fix detection of local related refs.
Changes in 1.4.1
================
*WARNING* *WARNING* *WARNING*
There was an accidental ABI break in libflatpak in 1.4.0 compared to
the 1.2.x ABI which caused crashes in apps like gnome-software.
This has been fixed in this release so it is now ABI compatible with
1.2.x, but *NOT* compatible with 1.4.0. It is recommended that all
distributions that shipped 1.4.0 update to 1.4.1 and rebuild all
dependencies of libflatpak.
* Make ABI compatible with 1.2.x
* Update translations
* Fix some potential crashes
* Fix some corner case where it was impossible to remove a remote
* Restore support for file: uris in the RuntimeRepo key in flatpakref files
Changes in 1.4.0
================
This is the new stable series, ending the 1.3.x series. The major changes
since the 1.2.x is the improved I/O use for system-installed applications,
and the new format for pre-configured remotes.
* Recalculate download-size when moving between repos in
build-commit-from.
* New library error FLATPAK_ERROR_REF_NOT_FOUND returned instead of
G_IO_ERROR_NOT_FOUND.
* Fix installed tests when running on a tty.
* Fix a double-set of a GError.
* Grant more permissions on the /run/host/monitor directory to
work with e.g. toolbox on the host.
Changes in 1.3.4
================
This version changes how default remotes are configured. We still
use files in /etc/flatpak/remotes.d, however instead of the old
*.conf files we now use regular flatpakrepo files, and the first
time you use flatpak these are automatically imported.
The advantage of this new model is that the configuration is imported
once, but then becomes writable and removable, just like a manually
added remote. In the previous model the remote was always there and it
was impossible to change or remove.
However, this means that anyone currently shipping a .conf file with
a distro needs to change this to a .flatpakrepo file.
* Support for flatpakrepo files in /etc/flatpak/remotes.d
* Support for client side filtering of a remote. This allows you
to limit what apps are seen from a remote, using either a whitelist
or a blacklist model.
* Add library API to easily add remotes from flatpakref files.
* Fix the dconf support.
* Fix app updates in system-wide OCI remotes.
* Fix CLI completion if G_MESSAGES_DEBUG is set
* Add a docker seccomp profile for running flatpak inside a container.
* Look for the new default dbus session socket at $XDG_RUNTIME_DIR/bus
* Improve ability to pull from multiple p2p sources (needs latest ostree).
Changes in 1.3.3
================
* Fixed a crash in the system helper that made installation via
the helper sometimes not work.
* Fix build with older versions of glib
* The list and remote-ls output is now less wide, not showing the
appdata summary by default and only showing the archtecture and
origin if necessary (i.e. not if its the same for all rows).
* flatpak remote-ls now filters end-of-lifed apps by default.
* flatpak permission-reset now supports --all
* Flatpak now works will all set values of umask.
* The flatpak profile.d snippet now works if flatpak is not installed
(in case it gets left over after deletion).
* Fixed flatpak install --noninteractive still asking questions in some cases.
* flatpak now returns a failure exit status if you abort the operation early.
* flatpak remote-ls and remote-info now supports --cached to prefer
using locally cached data.
* libflatpak grew a FLATPAK_QUERY_FLAGS_ONLY_CACHED that allows you to
get at locally cached data about remotes without doing network i/o.
* Documentation updates
Changes in 1.3.2
================
This release contains a major change in how flatpak does system-wide
installation as a user. We used to pull into a temporary user-owned
directory and then ask the flatpak system-helper to import from this
directory. Unfortunately, since we can't trust the user directory
it had to copy these files as they were being imported, which caused
unnecessary i/o, as well as temporarily using more diskspace.
The new setup uses a new custom fuse filesystem which the user writes
to, and then when this is done we can safely revoke any access to this
from the user, meaning the files can be directly imported into the
system repository without needing to make a copy.
However, this makes packaging flatpak a bit more complex, as we now
require flatpak to have a user. By default flatpak will look for a user
called "flatpak", and for the new feature to work you need to create
it in your package. If you want to use a different name you can specify
that in configure as --with-system-helper-user=USERNAME.
Additionally, the new code passed a unix socket over the system bus, which
is prohibited by the default selinux policy. To work around this flatpak
now ships with a custom selinux module (enable with --enable-selinux-module).
For the new feature to work you need to install this module and ensure
the flatpak-system-helper binary gets the proper selinux context.
Other changes:
* We now support specifying a rebasing version of end-of-life, where
the clients will be asked if they want to use the new version. At
runtime any old per-user application data will be migrated to the
new name. Note: This works for the CLI app, but needs some changes
for installers to take advantage of the automatic rebasing.
* New permission --socket=pcsc for access to smart cards.
* We now store the description, comment, icon and homepage fields from
the flatpakrepo files in the remote confiuration and have new library
APIs to read these back.
* The fields above are now also settable in a repo and changes to these
can propagate to clients.
* run now tries the determine what branch to use when you run a runtime.
* Print maximum icon size when icon-validator fails.
* flatpak override can now disallow access to a dbus name.
* flatpak list now has a new runtime column
Changes in 1.3.1
================
This release fixes CVE-2019-10063.
It has been discovered that the previous fix for CVE-2017-5226, which uses
seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
was only incomplete on 64bit arches. This is now fixed.
* seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
* Fix the required runtime prompt during installation.
* When installing, only check dependencies from the same installation.
* flatpak list --arch now works correctly again.
* Create origin symlinks in appstream branch for libappstream compat.
Changes in 1.3.0
================
This is the start of a new unstable series, targeting stable release
as 1.4.0.
Major changes:
* Support systems with multiple nvidia devices
* Checks are update output are green again
* Fix support for systems like gentoo where /var/run is a symlink.
* Initial support for sandboxed dconf support.
* build-update-repo: New options --no-update-[summary,appstream] and
--static-delta-ignore-ref=PATTERN.
* Regenerating the appstream branch is now much faster for large
repositories.
* We no longer limit the size of svgs in the icon validator.
Changes in 1.2.3
================
This release fixes CVE-2019-8308.
The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
to modify the host side binary from the sandbox. This mostly does not
affect flatpak since the flatpak sandbox is not run with root permissions.
However, there is one case (running the apply_extra script for system
installs) where this happens, so this release contains a fix for that.
* Don't expose /proc in apply_extra script sandbox.
Changes in 1.2.2
================
* Reverted green checkbox as they caused table alignment issues
* Fix a division by zero if the terminal reports a zero terminal
width (which happens in the flathub build environment).
Changes in 1.2.1
================
* Ensure flatpak builds with older versions of glib and appstream-glib.
* build-commit-from: Fix the new --extra-id option.
* build-export: Allow disabling the sandboxing of the icon validator and
do so during the tests.
* profile: Don't break if debug logging is enabled.
* Better handling of the appdata release attribute.
* Don't install polkit agent when not needed, avoiding some unnecessary
log lines in some cases.
* Fix the output of the sandboxed icon validator not being visible.
* builld-init: Allow specifying a full ref for the sdk, which is used to
select the branch name when checking sdk extensions.
* Make the ok checks in the output green
Changes in 1.2
==============
* Ensure DeployCollectionID works in flatpakrepo files in all cases.
* Don't error out with empty installations in uninstall.
* Add helper that validates icon files during export.
* Don't allow root to modify the (non-root) per-user flatpak installation,
as this risks causing problems later.
* Remove some incorrect warnings from flatpak repair.
* Allow multiple name segments after prefix when exporting files.
* Allow specification of ellipsization in --colums options.
* Handle dates as well as timestamps in appdata
* Fixed a bug where flatpak remote-delete removed too many refs.
* Now we use raw terminal mode during a transaction to a avoid problems with input
during the operation causing problems with escape sequences.
* Generate a fontconfig directory remapping snippet as will be needed
for newer versions of fontconfig.
* Support --extra-collection-id in build-commit-from to bind the commit
to multiple collection ids. This is work in progress in ostree.
Changes in 1.1.3
================
* Various fixes to the CLI output changes
* New flatpak --installations option to list all installations
* Extract license info from appdata among with the other fields.
This is shown in e.g. info and remote-info, and has library API.
* install/update/uninstall now has --noninteractive option with less output
that is useful when called from scripts, etc.
* --devel is now properly forwarded to sub-sandboxes using the flatpak portal.
* Drop dependency on libappstream-glib from libflatpak.
* Initial support for exposing the system dconf defaults to the sandbox.
* We now create deploy refs for the deployed commits to avoid a prune removing
objects that are in use.
* Ask about removing all refs when deleting a remote.
* New environment generator that handles custom installations,
replacing the old dbus service config file.
* Documentation updates
* More robust completion
* Try to report out-of-space errors better.
* Add more tests.
* Various improvements to the repair command.
Changes in 1.1.2
================
* Refreshed the CLI output layout, in particular the install/update progress
and application list/info commands.
* The host XDG_{DATA,CONFIG,CACHE}_HOME env vars are now available as
with the HOST_ prefix in the sandbox.
* FLATPAK_ID is set to the app id in the sandbox (this previously
only happened in flatpak build).
* The spawn portal command now has a kill with parent option.
* Flatpak shells now have custom prompts
* New library APIs: Access to deployed appstream data, list unused refs.
* Flatpak run now has --cwd option.
* New option --static-delta-jobs to limit number of parallel delta
generation jobs in build-update-repo.
* Fixed critical warning with newer policykit versions.
Changes in 1.1.1
================
* New libflatpak function: flatpak_remote_get_main_ref()
* Various changes to the policykit rules in order to cause less, and
more understandable policykit authentication dialogs.
* Give DRI apps access to more nvidia device nodes required for CUDA/OpenCL support.
* search now doesn't search noenumerate remotes.
* Renamed operations permission-list to permissions and document-list to
documents. The old names are still supported as aliases.
* New property 'non-interactive' for installations that allow frontends
to do background updates without triggering policykit authentications.
* New flag in HostCommand to allow killing the child process when
the spawner exits the session bus.
* Flatpak now authenticates on the terminal in case there is no desktop-wide
policykit agent.
* update with no arguments now updates all installations (i.e. also custom
systemwide installations).
* Use system helper to generate summary files for OCI remotes.
* Better progress reporting for OCI downloads.
* New conditional extension download feature, 'on-xdg-desktop-FOO' which downloads
when XDG_CURRENT_DESKTOP matches FOO.
* More sockets are now mounted read-only in the sandbox
* Updated docs, error messages and translations
Changes in 1.1
==============
This is the first release in the new unstable 1.1.x series, leading up to 1.2
which is expected around the end of the year.
Changes in this version:
* New command flatpak kill to kill running flatpak instances.
* The remote argument is now optional in the flatpak install in
interactive installs. Instead you are prompted for which
remote to install from.
* All commands printing tables now support --columns option to specify
exactly what to output.
* flatpak uninstall now supports --delete-data to delete the application
data directory in your homedirectory. If no application is specified
it will remove data from all uninstalled apps.
* flatpak list now supports filtering by runtime with:
--app-runtime=org.gnome.Platform//3.24
* flatpak remote-ls can now show the runtime used for each app.
* flatpak repo now supports --info to show information
about a repository, and it is the default operation
for the flatpak repo.
* flatpak repo now supports --commits to list commits in branch.
* flatpak now logs transactions to the systemd journal if built
against libsystemd.
* libflatpak now exposed FlatpakInstance for a running instance.
* Better error output if a flatpak command is misspelled
* Drop support for migration from xdg-app (previous name for flatpak).
* New library function flatpak_installation_get_min_free_space_bytes.
* In interactive mode "yes" is now the default in most prompts.
* Bumped ostree requirement to 2018.9
* Cleanups and improvements to the test suite.
* Improvements to documentation.
* buildsystem support for coverage generation.
Changes in 1.0.6
================
This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir (somewhere
in /var/lib/flatpak/app). Setuid support is disabled inside flatpaks,
so such files are only a risk if the user runs them manually outside
flatpak.
Installing a flatpak system-wide is needs root access, so this isn't a
privilege elevation for non-root users, and allowing root to install
setuid files is something all traditional packaging systems
allow. However flatpak tries to be better than that, in order to make
it easier to trust third party repositories. Thus, it is recommended
that all distros update to this version, or backport commit
b98e09b20dfab896616b4a65e15c31f684a5f9f2.
Changes in this version:
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
Changes in 1.0.5
================
There was a sandbox bug in the previous version where parts of the runtime
/etc was not mounted read-only. In case the runtime was installed as the
user (not the default) this means that the app could modify files on the
runtime. Nothing in the host uses the runtime files, so this is not a direct
sandbox escape, but it is possible that an app can confuse a different app
that has higher permissions and so gain privileges.
So, it is recommended that everyone shipping flatpak to update to
1.0.5, or at least backport the change in commit
6711d7ae99c50a9dca8e4e2e9e9989a8fa6c3f06.
Changes in this version:
* Make the /etc -> /usr/etc bind-mounts read-only.
* Make various app-specific configuration files read-only.
* flatpak is more picky about remote names to avoid problems with storing weird
names in the ostree config.
* A segfault in libflatpak handling of bundles was fixed.
* Updated translations
* Fixed a regression in flatpak run that caused problems running user-installed
apps when the system installation was broken.
Changes in 1.0.4
================
* Flatpak 0.99.1 removed the inheritance of permissions from the runtime due
to concerns with dynamic app permissions. Due to popular requests, this
version re-introduces such inheritance, but does it instead at build time.
This solved the issues with dynamic permissions while still allowing runtimes
to have default permissions. Apps can disable this by passing
--no-inherit-permissions to build-finish.
* The sandbox now always includes a /etc/timezone file, following the (old)
debian standard for this. This is needed, because the more modern way
of exposing the timezone name by having /etc/localtime be a symlink
into /usr/share/zoneinfo doesn't work when exposing the host timezone.
* All apps now have automatic permissions to own their own app id as a
subname of org.mpris.MediaPlayer2.
* We now properly re-load remote state in FlatpakTransaction if the
metadata was updated for the remote.
* The signature of the FlatpakTransaction::operation-done signal was wrong
in the header and has now been corrected to the signature that is actually
emitted.
* A crash was fixed when reading invalid .flatpakref files.
* A crash during updates when a local ref was unexpectedly missing was fixed.
* An error case on uninstalling was incorrectly returning success even
thought there was an error.
* flatpak_installation_modify_remote did not correctly save the nodeps state.
* flatpak_installation_load_app_overrides() was improperly returning freed
memory.
* The tarball now ships with an icon (flatpak.png).
Changes in 1.0.3
================
* run: You can now use --system to run an app that otherwise would run the
user version.
* New permission --allow=canbus that filters out access to AF_CAN sockets.
* lib: New install flags FLATPAK_INSTALL_FLAGS_NO_TRIGGERS and new function
flatpak_installation_run_triggers()
* lib: Better error reporting, including some new error values that
replace the generic FAILED.
* uninstall --unused: Improve handling of which .Locale extensions are used
* run: Make flatpak run on systems where $XDG_RUNTIME_DIR contains a symlink
beneath /var (commonly /var/run -> /run).
* Don't export any desktop/dbus/mimetype files in subdirectories.
* build-init: We now record the base ref (if used) in the metadata. Nothing
uses this atm, but it can be used by tools.
* We now respect the upstream ostree.deploy-collection-id instead of the
flatpak-specific xa.collection-id metadata key to decide whether to switch
to collection ids for a remote. This is useful, because if you use the
new one, only new clients (that support it better) will use it.
* create-usb: Fix assertion failure in some error cases
* create-usb: Always create archive-z2 repos
* create-usb: Don't create unnecessary summary in repo
* permissions: Avoid errors if there is no permissions table
* repo: Fix flatpak repo sometimes using the wrong ostree-metadata ref.
* Avoid fsync when updating $installation/.changed.
* Add the missing appstream2 ref to the xa.cache metadata
* The test-suite got some modifications to make it easier to maintain.
* Documentation updates
* Translation updates
Changes in 1.0.2
================
* The dbus proxy is now available in a separate git module, xdg-dbus-portal,
which is imported into flatpak as a submodule. It is possible to build
flatpak against the system xdg-dbus-portal instead, but this is not currently
very useful as no other applications yet depend on xdg-dbus-portal.
* Build regressions with older versions of glib have been fixed.
* Flatpak ps now also tracks the pid the main process inside the sandbox.
* Added flatpak override --reset to reset overrides for an app.
* Added flatpak override --show to show overrides for an app.
* flatpak install now automatically pick user or system based on the remote
name given (unless the remote exists in both).
* flatpak uninstall --unused now does not remove SDKs if some installed app
refers to them.
* Fixed bug where flatpak uninstall --unused prompted for uninstall twice.
* Set IO class on the system helper to "idle", which should cause backgroun
updates to affect the system less.
* Fixed regression in flatpak uninstall --no-related.
* Better handling of empty collection ids in flatpak bundles.
* Cleaned up some error messages.
* Various documentation fixes and cleanups.
* Updated translations.
Changes in 1.0.1
================
This fixes various build and test failures that were detected when
packaging 1.0, as well as translations and doc updates. It also
has some minor features, including a new subcommand "flatpak ps"
to list the running flatpak instances for your user.
* Print application tags in the prompt when installing/updating.
* Make sure we don't accidentally leak the host /proc into
the sandbox.
* Translation updates.
* Added a "flatpak ps" command that lists running flatpak instances.
* Improve error reporting when exporting documents.
* Improve detection of dynamic p2p remotes.
* Build fixes for older versions of glib.
* Fix threading issue in the OCI support that was causing the
installed tests to sometimes fail.
* Fix OCI AppStream support on 32bit architectures.
* Fix utf8 issue in the dbus API description.
* Some install fixes to make installed tests work
* Make the tests work with python3 (as well as python2)
* Improve introspection annotations in libflatpak
* Improve libflatpak API docs
Changes in 1.0
==============
Flatpak 1.0 is the first version in a new stable release series. This
new 1.x series is the successor to the 0.10.x series, which was first
introduced in October 2017. 1.0 is the new standard Flatpak version,
and distributions are recommended to update to it as soon as possible.
The following release notes describe the major changes since
0.10.0. For a complete overview of Flatpak, please see
[docs.flatpak.org](http://docs.flatpak.org/en/latest/).
## For users, app developers and distributors
Flatpak 1.0 marks a significant improvement in performance and
reliability, and includes a big collection of bug fixes. 1.0 also
includes a collection of new features, including:
* Faster installation and updates.
* Applications can now be marked as end-of-life. App centers and
desktops can use this information to warn users who have an end-of-life
version installed.
* Permissions now use an up-front verification model: users are
asked to confirm app permissions at install time, if an update
requires additional permissions, the user must also confirm.
* A [new portal](https://flatpak.github.io/xdg-desktop-portal/portal-docs.html#gdbus-org.freedesktop.portal.Flatpak)
allows apps to create sandboxes and restart themselves. This allows
applications to restart themselves after they have been updated (to
start using the new version), and to increase sandboxing for parts
of the application.
* `flatpak-spawn` is a new tool for running host commands (if
permissions allow) and creating new sandboxes from an app (this
uses the above portals APIs).
* Apps can now export D-Bus services for all the D-Bus names they are
privileged to own (rather than just the application ID).
* Flatpak's support for OCI bundles has been updated to the latest
specification. Also, AppData can now be distributed through OCI
repositories.
* Host TLS certificates are now exposed to applications, using
p11-kit-server. This removes a point of friction when accessing
network services in some environments.
* Apps can now request access the host SSH agent to securely access
remote servers or Git repositories.
* A new application permission can be used to grant access to
Bluetooth devices.
* A new `fallback-x11` permission grants X11 access, but only if the
user is running in a X11 session. For applications that support
both Wayland and X11, this can be used to ensure that the app
doesn't have unnecessary X11 access while in Wayland, but still
works in an X11 session.
* Peer-to-peer installation (via USB sticks or local network) is now
enabled and supported by default in all builds.
The Flatpak command line also introduces new commands and options, including:
* `uninstall --unused` automatically removes unused runtimes and
extensions (if you've removed all apps that depend on a runtime, or
all the apps you had depending on it have upgraded to a newer
version).
* New `info` options, including `--show-permissions`,
`--file-access`, `--show-location`, `--show-runtime`, `--show-sdk`.
* `repair` - fixes broken installs by scanning for errors, removing
invalid objects and reinstalling anything that's missing.
* `permission-*` - allows interaction with the portals permissions
store. This is useful for testing and for getting back to a clean
state.
* `create-usb` - can be used to prepare an repository to be used as a
local updates source.
Finally, the command line has a collection of other improvements, such as:
* If `--system` or `--user` aren't specified, one is automatically
picked if it is obvious (or it will ask if the correct option isn't
obvious).
* The `install`, `update` and `uninstall` commands now ask for
confirmation of changes before proceeding, in order to prevent
mistakes, and to show the required application permissions.
* The `uninstall` command now does not allow you to remove a runtime
if some installed application requires it.
* `flatpak remove` is now an alias for `flatpak uninstall`.
## For Linux distributors, OS and platform developers
* Flatpak no longer requires a filesystem that supports `xattr`.
* Portals are now more cleanly separated from Flatpak, thanks to the
document portal and permission store having been moved to
`xdg-desktop-portal`. It is recommended that the flatpak package has
a weak dependency on `xdg-desktop-portal`.
* `libflatpak` now has a transaction API for install, update and
uninstall operations. This means that it is much easier to use as
the basis of app centers and other graphical app management
software.
* Flatpak now sets several HTTP headers when installing applications,
which make it easier for Flatpak repositories to log things like
app download statistics and Flatpak versions in use.
* It is now recommended that Flatpak packages add a dependency on
p11-kit-server, as this allows apps to access host
certificates. However, this does not need to be a hard dependency.
* Requires bubblewrap 0.2.1 or later, and comes bundled with 0.3.0.
* Requires OSTree 2018.7.
Major changes in 0.99.3
=======================
* Fixed case where system install would sometimes fail
due to the system-helper idle exiting.
* Support installing flatpakref files in FlatpakTransaction,
including a new signal add-new-remote for when remotes
might be added.
* Added some new FlatpakError codes.
* We now support .flatpakrepo files with no gpg signatures
* Fix crash in system-helper when updating appstream
* New command create-usb which can be used to prepare
an repo for offline updates.
* Fix some non-handled cases of the CLI not working when
/var/lib/flatpak doesn't exist.
* Fix crash when running with a gid that is not in
/etc/groups.
* Add new permission-* commands to interact with the
permissions store from the portals.
* Include appdata in OCI bundle.
Major changes in 0.99.2
=======================
* Fix race condition on instance id allocation
* Translation updates
* Build fixes for new glibc versions
* Build fixes for new libsoup versions
* Build fixes for old glib versions
Major changes in 0.99.1
=======================
This is the first pre-release before flatpak 1.0. This is considered
feature-complete and we expect no features or major changes before
1.0, only bugfixes.
Note: There were some (minor) API changes in the FlatpakTransaction
APIs that were added in 0.11.8, so please don't use the old
version. (Note: I know of no user of this API).
Changes since last minor release:
* Ostree 2018.6 is required, and with this, the p2p code in
flatpak is made non-optional.
* flatpak install/update/ininstall now lists all the operations