Latest release

Release 0.8.1 (CVE-2017-5226)

@alexlarsson alexlarsson released this Jan 18, 2017 · 14 commits to master since this release

Major changes in 0.8.1

This is a bugfix and security update (CVE-2017-5226).

Flatpak now uses seccomp to disallow the TIOCSTI ioctl in the sandbox,
which works around the possibility to inject text on the controlling
tty (CVE-2017-5226).

This was previously fixed in bubblewrap in 0.1.6, but that change has
now been reverted as it introduced other problems for flatpak.

  • Update bundled bubblewrap to 0.1.7
  • Fix writing new file with O_EXCL in the document portal.
  • Allow appstream data that doesn't have .desktop in the component id,
    such as data for runtimes.
  • Drop json-glib dependency from 1.2 to 1.0
  • Builder: Fail if unable to read included file
  • OCI: Ensure exported layers are readable by everyone
  • Fix extra-data download in gnome-software
  • Fix update-mime-database trigger when installing via
    the system helper.
  • Updating an app by installing a newer bundle now works
  • Make /var/tmp not be on a tmpfs (it is now in
  • Documentation / translation updates
$ sha256sum flatpak-0.8.1.tar.xz 
9de103312b86f1033fa12768dc836525d6d9385defc80306e68691df66e7edaf  flatpak-0.8.1.tar.xz


Release 0.8.0

@alexlarsson alexlarsson released this Dec 20, 2016 · 52 commits to master since this release

Major changes in 0.8.0

This is the first release in a new series of stable releases called 0.8.x. New features will be added to 0.9.x, and only bugfixes will be backported to 0.8.x. The featureset of this release is a good base to
target if you're creating flatpaks that should be widely usable.

This release technically requires only OSTree 2016.14, and it build fine with this, but we recommend using OSTree 2016.15, because of the change in how it verifies the checksums of commits in delta files.

  • Flatpakrepo files now support a RuntimeRepo= key which points to
    a flatpakrepo file. This means the user don't have to manually
    configure a remote for the runtime, just reply to the prompt
    to automatically do this when installing the app.
  • We now support dependencies when installing bundles. This includes
    required runtimes, related refs, and the equivalent of RuntimeRepo.
  • The support for OCI in flatpak has been updated to the latest
    OCI spec version, and support has been added to directly install
    flatpak applications from an OCI image.
  • In flatpak install, the --from and --bundle options are now optional
    if the argument has the correct suffix (.flatpakref and .flatpak)
  • Flatpak install now supports -y to let you avoid interactive prompts.
  • build-finish: We now export mime type files with the right name.
  • build-finish: New --require-version option let you specify a particular
    version of flatpak, and older version of flatpak will not install
    or update to the new version.
  • build-sign: Allow signing all apps by omitting the id.
  • Fix regression in the document portal when adding named files.
  • build-import-bundle now signs the commit if you specify a gpg key.
  • Flatpak now reads configuration from /etc/flatpak/installations.d
    which lets you support multiple system-level installation paths.
    These can be accessed with new --installation=... arguments to
    most of the commands.
  • flatpak-builder: Support --jobs=N to limit parallel builds
  • flatpak-builder: Patch source got new options property that lets
    you pass arguments to patch.
  • flatpak-builder: New generic "buildsystem: type" option that
    replace the (now deprecated) "cmake: true" option. This
    supports "autotools", "cmake" and "meson".
$ sha256sum flatpak-0.8.0.tar.xz 
5b082065c9921308305845f99b0facbc9b85a93e3d7553fd238824190294aacd  flatpak-0.8.0.tar.xz


Release 0.6.14

@alexlarsson alexlarsson released this Nov 29, 2016 · 149 commits to master since this release

Major changes in 0.6.14

  • Update bundled bubblewrap to 0.1.4 which has some nice bugfixes.
    If you are using an external bubblewrap it is recommended, but
    not required to update.
  • Requires OSTree 2016.14, which allows us to drop some old
  • When installing an application system-wide, don't consider
    dependencies that are installed for the user only.
  • Flatpak install --from now tries to re-use existing remotes to
    avoid creating unnecessary origin remotes.
  • Using --filesystem=$dir when $dir is a symlink-to-directory now works.
  • Using --filesystem=$file to expose unix sockets to the app is now
  • By default all the directories in ~/.var/app (except the app), as
    well as ~/.local/share/flatpak are hidden in the sandbox.
  • New option --filesystem=$dir:create which will create the destination
    if it did not previously exist.
  • --filesystem= now supports for xdg-[config|cache|data]. This
    allows you access to the host versions of these xdg dirs. Additionally
    if you use these with a subdirectory, like:
    then that subdirectory on the host will be shared with the per-app
    instance of the xdg-dir.
  • Builder now correctly handles app-ids that have dashes in them.
    Previously this generated invalid ids for the debuginfo and locale
  • The experimental OCI file format support was changed from creating an
    OCI container to creating an OCI image.
  • Fix regression where "flatpak update --appstream remotename" broke
$ sha256sum flatpak-0.6.14.tar.xz 
137886b1de9d91f701a9d9cbc6bf52cc0f232d923a8f185977a892dcb7eb2430  flatpak-0.6.14.tar.xz


Flatpak 0.6.13

@alexlarsson alexlarsson released this Oct 25, 2016 · 228 commits to master since this release

Major changes in 0.6.13

  • The command line arguments for install/update/uninstall changed

    These used to take an application id and an optional branch name as
    two arguments. This meant you could not specify multiple apps
    to install in a single command. So, instead of having the branch
    as a separate argument we now support partial references.
    If you only specify an id we try to match the rest as best we
    can depending on what is installed/available, but if this
    matches multiple things you have to specify more details.

    For example you can use:

    • - Any compatible arch, stable branch
    • - x86-64, look for available branch
    • - exact reference

    This means install/update/uninstall can now install multiple apps
    in a single operation.

  • Application runtime depencenies are checked/downloaded

    Whenever you install or update an application we check that the
    required runtime is installed. If not, we check if it is available
    in any configured remote, and if found asks the user if/where to
    install it from. If it is not found, the install/update fails.

    You can mark remotes as --no-use-for-deps, which means flatpak will
    never search for runtime dependencies in such remotes. This makes
    the dependency search faster if you have app-only remotes.
    It is recommended that app-only .flatpakrepo file define this
    by specifying NoDeps=true.

  • remote-add and install --from now supports uris

    This means you can install flatpakrefs and flatpakrepos in a
    single command like so:

  • flatpak run can now launch a runtime directly

    For example, "flatpak run org.gnome.Platform//3.22" will launch a shell
    inside a sandbox with the gnome 3.22 runtime and an empty /app.
    This is useful for development and testing.

  • included bubblewrap was bumped to 0.1.3 which has a security fix

  • Support for defining the default branch per remote

  • remote-add/modify: --update-metadata pulls current title and default branch
    from remote summary file

  • Applications can now list a set of URIs that will be downloaded with the
    application. The app can then extract these and use as a part of the
    application data. This is useful for applications using freely downloadable
    parts that can't be redistributed elsewhere.

  • flatpak-builder: Support --finish-only and --allow-missing-runtimes

  • flatpak-builder: Support app layering

    An app can define a "base" application which is used for the initial
    content before the application is built. This way applications can
    be built in a layered fashion.

  • dbus proxy: The filtering has been tightened up

  • build-finish: Now exports icons for themes other than hicolor too

  • There is support in the app metadata for generic policies.

    These are read and propagated and supports overriding, but are
    not otherwise interpreted by flatpak. They can be used by other
    host services as static permissions for the application.

  • Support for extensions directories

    In addition to using a runtime as an extension, Flatpak apps can now use regular directories in
    ~/.local/share/flatpak/extension and /var/lib/flatpak/extension For example, if you create a
    directory called org.freedesktop.Platform.GStreamer.MyPlugins/x86_64/1.4
    there it will be used as a source for gstreamer plugins for all
    runtimes based on the freedesktop 1.4 runtime.

$ sha256sum flatpak-0.6.13.tar.xz 
3729102e979ed4ceded3d9fe5dd96ee77d83e1daf8d0dcda3bb61d64f94d0106  flatpak-0.6.13.tar.xz


Flatpak 0.6.12

@alexlarsson alexlarsson released this Oct 6, 2016 · 313 commits to master since this release

Major changes in 0.6.12

  • Partial revert in application id rules. Application ids
    can now only have dashes in the last element. This allows
    apps to export files such as which
    was used by the libreoffice builds.
  • By default the kernel keyring is not accessable, as it is
    not containable.
  • Some robustness fixes for build-commit-from
  • Better error messages
  • flatpak update --appstream now updates for all remotes
  • Made flatpak enter work, and you can now use any pid in the sandbox.
    However, it requires root permissions.
  • Support for --device=kvm for /dev/kvm access
  • Support for --allow=multiarch to support non-primary arch support.
    For example running i686 code in an x86_64 app.
  • Add new default-branch setting for the remote configuration
$ sha256sum flatpak-0.6.12.tar.xz 
2a96022fd5ce195b9715746175b20882793ec3ac1080acecf81b4dc48bee5545  flatpak-0.6.12.tar.xz


Flatpak 0.6.11

@alexlarsson alexlarsson released this Sep 20, 2016 · 365 commits to master since this release

Major changes in 0.6.11

  • Dashes are now allowed in application ids. However, to still work with
    symbolic icon names, they may not end with "-symbolic".
  • HostCommand now handles ptys correctly
  • Various documentation updates
  • New FLATPAK_CHECK_VERSION macro in libflatpak
  • HostCommand now returns the real PID rather than a fake one.
  • Fix regression in flatpak update --appstream
  • Fix regression installing bundles without origin urls
  • New flatpak-builder option --show-deps lists all the files
    the manifest depends on.
$sha256sum flatpak-0.6.11.tar.xz 
38be61039ced4b7c77a0b7e71622f32a9720558ad28e17bc4db634ffedb697b4  flatpak-0.6.11.tar.xz


Flatpak 0.6.10

@alexlarsson alexlarsson released this Sep 12, 2016 · 414 commits to master since this release

Major changes in 0.6.10

  • Dropped requirement for systemd --user.
    The way we detect if an process we're talking to is sandboxed, and
    what application id it has doesn't use cgroups anymore, which means
    that the dependency on systemd in the user session is now optional.
    This also means the --no-desktop argument is not needed any more.
    (It is still accepted but does nothing.)
  • Initial support has been added for .flatpakref files. These are simple key
    value files similar to .flatpakrepo files, however they specify an application
    to install in addition to the repo information. For example, gedit can be
    installed by downloading and running:
    flatpak install --from gedit.flatpakref
    There is also library support for this so it can be added to graphical
    installers (such as gnome-software).
  • Requires OSTree 2016.10. The change in how OSTree handles mtimes in
    checkouts that was introduced in 2016.7 has been reverted, and
    the required changes in Flatpak has been made. This means that
    flatpak now depends on OSTree 2016.10.
  • Requires Bubblewrap 0.1.2 for builds using the system bubblewrap.
    Builds using the included copy need no changes.
  • The $XDG_RUNTIME_DIR/flatpak-info file has added information
    about the running application, and is now also securely available
    for a running application from the host as "/proc/$fd/root/.flatpak-info".
    This is what is used to identify remote apps instead of the cgroup
  • A new run permission --allow=devel has been added. An application with
    this permission is allowed to use ptrace and perf. This was previously
    only available during "flatpak build" and "flatpak run -d". This
    is useful if you're packaging e.g. an IDE.
  • When an application is updated or removed a /app/.updated or /app/.removed
    file is created for running instances. This can be used by applications to
    trigger e.g. a restart for the new version.
  • A new dbus request "HostCommand" has been added to org.freedesktop.Flatpak.
    This lets you run any command on the host, and is therefore clearly not
    sandboxed, so access to this should be limited. However, it is very useful
    if you're using flatpak mainly as a distribution mechanism, for a non-sandboxed
  • flatpak-builder now supports running from inside a flatpak, by auto-detecting
    this and using the HostCommand service to run recursive flatpaks.
  • Consecutive calls to flatpak build-update-repo has been speed up.
  • The document portal now allows sandboxed applications to create references
    to files in /app and /usr (in the app/runtime).
  • The update process noew doesn't stop at the first failure.
$ sha256sum flatpak-0.6.10.tar.xz 
bc16df27b6efef087c1f527c4cc1ad75973fe06fd51053503c1157e702475aa9  flatpak-0.6.10.tar.xz


Flatpak 0.6.9

@alexlarsson alexlarsson released this Aug 25, 2016 · 512 commits to master since this release

Major changes in 0.6.9

  • Dropped dependency on libgsystem
  • Allow passing partial refs whenever a CLI command takes
    an app or runtime name.
  • New command build-commit-from creates a new commit based
    on the contents of another commit (optionally from another
    local repo).
  • The sandbox now contains $XDG_RUNTIME_DIR/app/$APPID from the
    host (and the directory is created if needed).
  • update: Better output, and faster for the no updates case
  • build-export: Don't make most validation errors fail, instead
    just print a warning.
  • builder: Support local path references for git sources
  • builder: Better handling of recursive git submodules
  • builder: Fixed issues with the .pyc mtime rewriting
  • builder: Handle symbolic icons for rename-icon
  • builder: Add --stop-at=$module to do partial builds
  • builder: Add --sandbox flag to disable the build from escaping
    from the sandbox via build-args.
sha256sum flatpak-0.6.9.tar.xz 
3214f00d4d44a4515a05145c791adac334f37ade2e58318ddcceb944085a3330  flatpak-0.6.9.tar.xz


Flatpak 0.6.8

@alexlarsson alexlarsson released this Jul 30, 2016 · 598 commits to master since this release

Major changes in 0.6.8

  • Requires OSTree 2016.7, allowing us to enable use of static delta
    for system downloads again.
  • Support --no-desktop which allows you to run a flatpak app outside
    a desktop, with some loss of functionallity (for example, there
    will be no systemd --user scope created for the app)..
  • More documentation.
  • Memory leak fixes.
  • Initial support for rpms as flatpak-builder archive sources.
  • Start work on translating the CLI.
  • Install systemd config snippet to set the right XDG_DATA_DIRS path.
  • Support --arch in flatpak list.
  • Support access() in the document portal.
  • Validate exported desktop files.
$ sha256sum flatpak-0.6.8.tar.xz 
c58bd81db6f917f1b30165e262978129b636d05629a47028674ca51b036cd451  flatpak-0.6.8.tar.xz


Flatpak 0.6.7

@alexlarsson alexlarsson released this Jul 8, 2016 · 672 commits to master since this release

Major changes in 0.6.7

  • Automatically download and update related references such
    as locales when using the CLI.
  • lib: Support for getting related references
  • Document metadata format
  • Support build using system-installed bwrap
  • Allow access to the journal socket in the sandbox
  • builder: Support applying patches with git (useful for binary diffs)
  • Requires ostree 2016.6
$ sha256sum flatpak-0.6.7.tar.xz 
a3695279c22df439927ef8cc776d8bf56e331935b5d87446e53a7825c71b955b  flatpak-0.6.7.tar.xz