diff --git a/0001-revokefs-Use-FUSE-version-3-if-possible.patch b/0001-revokefs-Use-FUSE-version-3-if-possible.patch new file mode 100644 index 0000000000000000000000000000000000000000..2e949ceda56a8ab016c42bd700b36136c8306b11 --- /dev/null +++ b/0001-revokefs-Use-FUSE-version-3-if-possible.patch @@ -0,0 +1,351 @@ +From b0b77029b05e9fa3a6b230657c701f558db9db3f Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Thu, 17 Jun 2021 23:20:25 +0100 +Subject: [PATCH 2/2] revokefs: Use FUSE version 3 if possible +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Based on a change contributed by Léo Stefanesco; but instead of +unconditionally using FUSE 3, leave a fallback code path for FUSE 2 for +older distros. + +Signed-off-by: Simon McVittie + +diff --git a/configure.ac b/configure.ac +index ec05d454..5f20ef6b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -299,7 +299,14 @@ AC_ARG_ENABLE([auto-sideloading], + [enable_auto_sideloading=no]) + AM_CONDITIONAL(BUILD_AUTO_SIDELOADING, test x$enable_auto_sideloading = xyes) + +-PKG_CHECK_MODULES(FUSE, fuse >= 2.9.2) ++PKG_CHECK_MODULES([FUSE3], [fuse3 >= 3.1.1], ++ [ ++ FUSE_USE_VERSION=31 ++ FUSE_CFLAGS="$FUSE3_CFLAGS" ++ FUSE_LIBS="$FUSE3_LIBS" ++ ], ++ [PKG_CHECK_MODULES([FUSE], [fuse >= 2.9.2], [FUSE_USE_VERSION=26])]) ++AC_DEFINE_UNQUOTED([FUSE_USE_VERSION], [$FUSE_USE_VERSION], [Define to the FUSE API version]) + + AC_ARG_ENABLE([xauth], + AC_HELP_STRING([--disable-xauth], +diff --git a/revokefs/main.c b/revokefs/main.c +index f0808f15..7aa1e44f 100644 +--- a/revokefs/main.c ++++ b/revokefs/main.c +@@ -20,7 +20,9 @@ + * Boston, MA 02111-1307, USA. + */ + +-#define FUSE_USE_VERSION 26 ++#ifndef FUSE_USE_VERSION ++#error config.h needs to define FUSE_USE_VERSION ++#endif + + #include + #include +@@ -60,7 +62,11 @@ ENSURE_RELPATH (const char *path) + } + + static int ++#if FUSE_USE_VERSION >= 31 ++callback_getattr (const char *path, struct stat *st_data, struct fuse_file_info *finfo) ++#else + callback_getattr (const char *path, struct stat *st_data) ++#endif + { + path = ENSURE_RELPATH (path); + if (!*path) +@@ -94,8 +100,13 @@ callback_readlink (const char *path, char *buf, size_t size) + } + + static int ++#if FUSE_USE_VERSION >= 31 ++callback_readdir (const char *path, void *buf, fuse_fill_dir_t filler, ++ off_t offset, struct fuse_file_info *fi, enum fuse_readdir_flags flags) ++#else + callback_readdir (const char *path, void *buf, fuse_fill_dir_t filler, + off_t offset, struct fuse_file_info *fi) ++#endif + { + DIR *dp; + struct dirent *de; +@@ -128,8 +139,14 @@ callback_readdir (const char *path, void *buf, fuse_fill_dir_t filler, + memset (&st, 0, sizeof (st)); + st.st_ino = de->d_ino; + st.st_mode = de->d_type << 12; ++ ++#if FUSE_USE_VERSION >= 31 ++ if (filler (buf, de->d_name, &st, 0, 0)) ++ break; ++#else + if (filler (buf, de->d_name, &st, 0)) + break; ++#endif + } + + (void) closedir (dp); +@@ -185,12 +202,20 @@ callback_symlink (const char *from, const char *to) + } + + static int ++#if FUSE_USE_VERSION >= 31 ++callback_rename (const char *from, const char *to, unsigned int flags) ++#else + callback_rename (const char *from, const char *to) ++#endif + { ++#if FUSE_USE_VERSION < 31 ++ unsigned int flags = 0; ++#endif ++ + from = ENSURE_RELPATH (from); + to = ENSURE_RELPATH (to); + +- return request_rename (writer_socket, from, to); ++ return request_rename (writer_socket, from, to, flags); + } + + static int +@@ -203,28 +228,44 @@ callback_link (const char *from, const char *to) + } + + static int ++#if FUSE_USE_VERSION >= 31 ++callback_chmod (const char *path, mode_t mode, struct fuse_file_info *finfo) ++#else + callback_chmod (const char *path, mode_t mode) ++#endif + { + path = ENSURE_RELPATH (path); + return request_chmod (writer_socket, path, mode); + } + + static int ++#if FUSE_USE_VERSION >= 31 ++callback_chown (const char *path, uid_t uid, gid_t gid, struct fuse_file_info *finfo) ++#else + callback_chown (const char *path, uid_t uid, gid_t gid) ++#endif + { + path = ENSURE_RELPATH (path); + return request_chown (writer_socket, path, uid, gid); + } + + static int ++#if FUSE_USE_VERSION >= 31 ++callback_truncate (const char *path, off_t size, struct fuse_file_info *finfo) ++#else + callback_truncate (const char *path, off_t size) ++#endif + { + path = ENSURE_RELPATH (path); + return request_truncate (writer_socket, path, size); + } + + static int ++#if FUSE_USE_VERSION >= 31 ++callback_utimens (const char *path, const struct timespec tv[2], struct fuse_file_info *finfo) ++#else + callback_utimens (const char *path, const struct timespec tv[2]) ++#endif + { + path = ENSURE_RELPATH (path); + +diff --git a/revokefs/writer.c b/revokefs/writer.c +index 3e821d9f..cb48b35a 100644 +--- a/revokefs/writer.c ++++ b/revokefs/writer.c +@@ -19,6 +19,10 @@ + * Boston, MA 02111-1307, USA. + */ + ++#ifndef FUSE_USE_VERSION ++#error config.h needs to define FUSE_USE_VERSION ++#endif ++ + #include + #include + #include +@@ -166,7 +170,7 @@ request_path (int writer_socket, RevokefsOps op, const char *path) + + static int + request_path_data (int writer_socket, RevokefsOps op, const char *path, +- const char *data, size_t data_len) ++ const char *data, size_t data_len, guint64 flags) + { + RevokefsRequest request = { op }; + RevokefsResponse response; +@@ -177,7 +181,8 @@ request_path_data (int writer_socket, RevokefsOps op, const char *path, + if (total_len > MAX_DATA_SIZE) + return -ENAMETOOLONG; + +- request.arg1 = strlen(path); ++ request.arg1 = path_len; ++ request.arg2 = flags; + + response_data_len = do_request (writer_socket, &request, path, path_len, data, data_len, + &response, NULL, 0); +@@ -190,7 +195,7 @@ request_path_data (int writer_socket, RevokefsOps op, const char *path, + static int + request_path_path (int writer_socket, RevokefsOps op, const char *path1, const char *path2) + { +- return request_path_data (writer_socket, op, path1, path2, strlen(path2)); ++ return request_path_data (writer_socket, op, path1, path2, strlen(path2), 0); + } + + static gboolean +@@ -392,10 +397,12 @@ handle_rename (RevokefsRequest *request, + { + g_autofree char *from = NULL; + g_autofree char *to = NULL; ++ unsigned int flags; + + get_valid_2path (request, data_size, &from, &to); ++ flags = (unsigned int)request->arg2; + +- if (renameat (basefd, from, basefd, to) == -1) ++ if (renameat2 (basefd, from, basefd, to, flags) == -1) + response->result = -errno; + else + response->result = 0; +@@ -404,9 +411,12 @@ handle_rename (RevokefsRequest *request, + } + + int +-request_rename (int writer_socket, const char *from, const char *to) ++request_rename (int writer_socket, ++ const char *from, ++ const char *to, ++ unsigned int flags) + { +- return request_path_path (writer_socket, REVOKE_FS_RENAME, from, to); ++ return request_path_data (writer_socket, REVOKE_FS_RENAME, from, to, strlen (to), flags); + } + + static ssize_t +@@ -515,7 +525,7 @@ int + request_utimens (int writer_socket, const char *path, const struct timespec tv[2]) + { + return request_path_data (writer_socket, REVOKE_FS_UTIMENS, path, +- (const char *)tv, sizeof (struct timespec) * 2); ++ (const char *)tv, sizeof (struct timespec) * 2, 0); + } + + static ssize_t +diff --git a/revokefs/writer.h b/revokefs/writer.h +index 0131eaa4..7096b58f 100644 +--- a/revokefs/writer.h ++++ b/revokefs/writer.h +@@ -27,7 +27,7 @@ int request_rmdir (int writer_socket, const char *path); + int request_unlink (int writer_socket, const char *path); + int request_symlink (int writer_socket, const char *from, const char *to); + int request_link (int writer_socket, const char *from, const char *to); +-int request_rename (int writer_socket, const char *from, const char *to); ++int request_rename (int writer_socket, const char *from, const char *to, unsigned int flags); + int request_chmod(int writer_socket, const char *path, mode_t mode); + int request_chown(int writer_socket, const char *path, uid_t uid, gid_t gid); + int request_truncate (int writer_socket, const char *path, off_t size); +diff --git a/tests/Makefile.am.inc b/tests/Makefile.am.inc +index 45612fd6..3e20d863 100644 +--- a/tests/Makefile.am.inc ++++ b/tests/Makefile.am.inc +@@ -42,6 +42,8 @@ testlibrary_CFLAGS = \ + $(BASE_CFLAGS) \ + $(FUSE_CFLAGS) \ + $(OSTREE_CFLAGS) \ ++ -D_GNU_SOURCE \ ++ -D_FILE_OFFSET_BITS=64 \ + -DFLATPAK_COMPILATION \ + $(NULL) + testlibrary_LDADD = \ +diff --git a/tests/can-use-fuse.c b/tests/can-use-fuse.c +index 25f3936e..31a31995 100644 +--- a/tests/can-use-fuse.c ++++ b/tests/can-use-fuse.c +@@ -13,8 +13,15 @@ + + #include "libglnx/libglnx.h" + +-#define FUSE_USE_VERSION 26 ++#ifndef FUSE_USE_VERSION ++#error config.h needs to define FUSE_USE_VERSION ++#endif ++ ++#if FUSE_USE_VERSION >= 31 ++#include ++#else + #include ++#endif + + gchar *cannot_use_fuse = NULL; + +@@ -26,10 +33,15 @@ check_fuse (void) + { + g_autofree gchar *fusermount = NULL; + g_autofree gchar *path = NULL; +- char *argv[] = { "flatpak-fuse-test" }; +- struct fuse_args args = FUSE_ARGS_INIT (G_N_ELEMENTS (argv), argv); +- struct fuse_chan *chan = NULL; ++ char *argv[] = { "flatpak-fuse-test", NULL }; ++ struct fuse_args args = FUSE_ARGS_INIT (G_N_ELEMENTS (argv) - 1, argv); + g_autoptr(GError) error = NULL; ++#if FUSE_USE_VERSION >= 31 ++ struct fuse *fuse = NULL; ++ const struct fuse_operations ops = { NULL }; ++#else ++ struct fuse_chan *chan = NULL; ++#endif + + if (cannot_use_fuse != NULL) + return FALSE; +@@ -64,6 +76,26 @@ check_fuse (void) + path = g_dir_make_tmp ("flatpak-test.XXXXXX", &error); + g_assert_no_error (error); + ++#if FUSE_USE_VERSION >= 31 ++ fuse = fuse_new (&args, &ops, sizeof (ops), NULL); ++ ++ if (fuse == NULL) ++ { ++ fuse_opt_free_args (&args); ++ cannot_use_fuse = g_strdup_printf ("fuse_new: %s", ++ g_strerror (errno)); ++ return FALSE; ++ } ++ ++ if (fuse_mount (fuse, path) != 0) ++ { ++ fuse_destroy (fuse); ++ fuse_opt_free_args (&args); ++ cannot_use_fuse = g_strdup_printf ("fuse_mount: %s", ++ g_strerror (errno)); ++ return FALSE; ++ } ++#else + chan = fuse_mount (path, &args); + + if (chan == NULL) +@@ -73,10 +105,16 @@ check_fuse (void) + g_strerror (errno)); + return FALSE; + } ++#endif + + g_test_message ("Successfully set up test FUSE fs on %s", path); + ++#if FUSE_USE_VERSION >= 31 ++ fuse_unmount (fuse); ++ fuse_destroy (fuse); ++#else + fuse_unmount (path, chan); ++#endif + + if (g_rmdir (path) != 0) + g_error ("rmdir %s: %s", path, g_strerror (errno)); +-- +2.35.1 + diff --git a/flatpak-1.13.2.tar.xz b/flatpak-1.13.2.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..7fe82847348df883b8efe84adfac7e883a98b242 Binary files /dev/null and b/flatpak-1.13.2.tar.xz differ diff --git a/flatpak-selinux-permissions.patch b/flatpak-selinux-permissions.patch new file mode 100644 index 0000000000000000000000000000000000000000..1234a97346698e16e5aeeeb93974865c65516e96 --- /dev/null +++ b/flatpak-selinux-permissions.patch @@ -0,0 +1,105 @@ +From b20c074fb225ed3e54337bd50dc18452a3dc3196 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 12 Apr 2022 20:28:29 +0200 +Subject: [PATCH 1/3] selinux: Let the system helper have read access to + /etc/passwd + +The system-helper (ie., the `flatpak-system-helper` process) is +labelled with flatpak_helper_exec_t and runs in the flatpak_helper_t +domain, and needs to be able to read /etc/passwd. This explicitly +permits it to do so to avoid running into SELinux denials. + +https://bugzilla.redhat.com/show_bug.cgi?id=2070350 +--- + selinux/flatpak.te | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/selinux/flatpak.te b/selinux/flatpak.te +index 2bcc507b725a..871ffa2906cc 100644 +--- a/selinux/flatpak.te ++++ b/selinux/flatpak.te +@@ -12,6 +12,8 @@ type flatpak_helper_t; + type flatpak_helper_exec_t; + init_daemon_domain(flatpak_helper_t, flatpak_helper_exec_t) + ++auth_read_passwd(flatpak_helper_t) ++ + optional_policy(` + dbus_stub() + dbus_system_domain(flatpak_helper_t, flatpak_helper_exec_t) +-- +2.35.1 + + +From d6743d58bbd0293a4f6992fee9b5e7363892ebe7 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 12 Apr 2022 20:56:06 +0200 +Subject: [PATCH 2/3] selinux: Let the system helper watch files inside + $libexecdir + +The system-helper (ie., the `flatpak-system-helper` process) is +labelled with flatpak_helper_exec_t and runs in the flatpak_helper_t +domain, and tries to set up an inotify(7) watch on it's own binary so +that it can exit when the binary is replaced. This explicitly permits +it to do so to avoid running into SELinux denials. + +The corecmd_watch_bin_dirs SELinux interface is a recent addition [1], +and is therefore used conditionally when defined. + +[1] https://github.com/fedora-selinux/selinux-policy/commit/88072fd293 + https://github.com/fedora-selinux/selinux-policy/pull/1133 + +https://bugzilla.redhat.com/show_bug.cgi?id=2053634 +--- + selinux/flatpak.te | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/selinux/flatpak.te b/selinux/flatpak.te +index 871ffa2906cc..0bb776314ddb 100644 +--- a/selinux/flatpak.te ++++ b/selinux/flatpak.te +@@ -14,6 +14,10 @@ init_daemon_domain(flatpak_helper_t, flatpak_helper_exec_t) + + auth_read_passwd(flatpak_helper_t) + ++ifdef(`corecmd_watch_bin_dirs',` ++ corecmd_watch_bin_dirs(flatpak_helper_t) ++') ++ + optional_policy(` + dbus_stub() + dbus_system_domain(flatpak_helper_t, flatpak_helper_exec_t) +-- +2.35.1 + + +From 04524cb3b79bb777d62f743b1fb4037816c6a3f2 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 12 Apr 2022 22:33:11 +0200 +Subject: [PATCH 3/3] selinux: Permit read access to /var/lib/flatpak + +It's clearly quite important to have read access to /var/lib/flatpak +and it's contents. This explicitly permits that to avoid running +into SELinux denials. + +https://bugzilla.redhat.com/show_bug.cgi?id=2070741 +--- + selinux/flatpak.te | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/selinux/flatpak.te b/selinux/flatpak.te +index 0bb776314ddb..e1fd4377373f 100644 +--- a/selinux/flatpak.te ++++ b/selinux/flatpak.te +@@ -13,6 +13,8 @@ type flatpak_helper_exec_t; + init_daemon_domain(flatpak_helper_t, flatpak_helper_exec_t) + + auth_read_passwd(flatpak_helper_t) ++files_list_var_lib(flatpak_helper_t) ++files_read_var_lib_files(flatpak_helper_t) + + ifdef(`corecmd_watch_bin_dirs',` + corecmd_watch_bin_dirs(flatpak_helper_t) +-- +2.35.1 + diff --git a/flatpak.spec b/flatpak.spec new file mode 100644 index 0000000000000000000000000000000000000000..3b289ada9f4a8b53b3560b9bb1f4d055abbc4cf9 --- /dev/null +++ b/flatpak.spec @@ -0,0 +1,231 @@ +%global bubblewrap_version 0.4.0 +%global ostree_version 2020.8 + +Name: flatpak +Version: 1.13.2 +Release: 2%{?dist} +Summary: Application deployment framework for desktop apps + +License: LGPLv2+ +URL: http://flatpak.org/ +Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz + +Patch0: flatpak-selinux-permissions.patch +Patch1: 0001-revokefs-Use-FUSE-version-3-if-possible.patch + +BuildRequires: appstream, appstream-devel, fuse, fuse-devel +BuildRequires: pkgconfig(appstream-glib) +BuildRequires: pkgconfig(dconf) +BuildRequires: pkgconfig(fuse3) +BuildRequires: pkgconfig(gdk-pixbuf-2.0) +BuildRequires: pkgconfig(gio-unix-2.0) +BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0 +BuildRequires: pkgconfig(json-glib-1.0) +BuildRequires: pkgconfig(libarchive) >= 2.8.0 +BuildRequires: pkgconfig(libseccomp) +BuildRequires: pkgconfig(libsoup-2.4) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(libxml-2.0) >= 2.4 +BuildRequires: pkgconfig(libzstd) >= 0.8.1 +BuildRequires: pkgconfig(malcontent-0) +BuildRequires: pkgconfig(ostree-1) >= %{ostree_version} +BuildRequires: pkgconfig(polkit-gobject-1) +BuildRequires: pkgconfig(xau) +BuildRequires: bison +BuildRequires: bubblewrap >= %{bubblewrap_version} +BuildRequires: docbook-dtds +BuildRequires: docbook-style-xsl +BuildRequires: gettext +BuildRequires: gpgme-devel +BuildRequires: libcap-devel +BuildRequires: python3-pyparsing +BuildRequires: systemd +BuildRequires: /usr/bin/xdg-dbus-proxy +BuildRequires: /usr/bin/xmlto +BuildRequires: /usr/bin/xsltproc + +Requires: bubblewrap >= %{bubblewrap_version} +Requires: librsvg2%{?_isa} +Requires: ostree-libs%{?_isa} >= %{ostree_version} +Requires: /usr/bin/xdg-dbus-proxy +Requires: (flatpak-selinux = %{?epoch:%{epoch}:}%{version}-%{release} if selinux-policy-targeted) +Requires: %{name}-session-helper%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} +Recommends: p11-kit-server + +Recommends: xdg-desktop-portal > 0.10 + +%description +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +%package devel +Summary: Development files for %{name} +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +This package contains the pkg-config file and development headers for %{name}. + +%package libs +Summary: Libraries for %{name} +License: LGPLv2+ +Requires: bubblewrap >= %{bubblewrap_version} +Requires: ostree%{?_isa} >= %{ostree_version} +Requires(pre): /usr/sbin/useradd + +%description libs +This package contains libflatpak. + +%package selinux +Summary: SELinux policy module for %{name} +License: LGPLv2+ +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +BuildRequires: make +BuildArch: noarch +%{?selinux_requires} + +%description selinux +This package contains the SELinux policy module for %{name}. + +%package session-helper +Summary: User D-Bus service used by %{name} and others +License: LGPLv2+ +Conflicts: flatpak < 1.4.1 +Requires: systemd + +%description session-helper +This package contains the org.freedesktop.Flatpak user D-Bus service +that's used by %{name} and other packages. + +%package tests +Summary: Tests for %{name} +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-session-helper%{?_isa} = %{version}-%{release} +Requires: bubblewrap >= %{bubblewrap_version} +Requires: ostree%{?_isa} >= %{ostree_version} + +%description tests +This package contains installed tests for %{name}. + + +%prep +%autosetup -p1 + + +%build +(if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; CONFIGFLAGS=--enable-gtk-doc; fi; +autoreconf + export XMLTO_FLAGS="--stringparam generate.consistent.ids=1" + %configure \ + --enable-docbook-docs \ + --enable-installed-tests \ + --enable-selinux-module \ + --with-priv-mode=none \ + --with-system-bubblewrap \ + --with-system-dbus-proxy \ + $CONFIGFLAGS) +%make_build V=1 + + +%install +%make_install +install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir} +# The system repo is not installed by the flatpak build system. +install -d %{buildroot}%{_localstatedir}/lib/flatpak +install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d +rm -f %{buildroot}%{_libdir}/libflatpak.la + +%find_lang %{name} + +%pre +getent group flatpak >/dev/null || groupadd -r flatpak +getent passwd flatpak >/dev/null || \ + useradd -r -g flatpak -d / -s /sbin/nologin \ + -c "User for flatpak system helper" flatpak +exit 0 + +%post selinux +%selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2 + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2 +fi + + +%files -f %{name}.lang +%license COPYING +# Comply with the packaging guidelines about not mixing relative and absolute +# paths in doc. +%doc %{_pkgdocdir} +%{_bindir}/flatpak +%{_bindir}/flatpak-bisect +%{_bindir}/flatpak-coredumpctl +%{_datadir}/bash-completion +%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml +%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml +%{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service +%{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service +%{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service +%{_datadir}/fish/ +%{_datadir}/%{name} +%{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy +%{_datadir}/polkit-1/rules.d/org.freedesktop.Flatpak.rules +%{_datadir}/zsh/site-functions +%{_libexecdir}/flatpak-oci-authenticator +%{_libexecdir}/flatpak-portal +%{_libexecdir}/flatpak-system-helper +%{_libexecdir}/flatpak-validate-icon +%{_libexecdir}/revokefs-fuse +%dir %{_localstatedir}/lib/flatpak +%{_mandir}/man1/%{name}*.1* +%{_mandir}/man5/%{name}-metadata.5* +%{_mandir}/man5/flatpak-flatpakref.5* +%{_mandir}/man5/flatpak-flatpakrepo.5* +%{_mandir}/man5/flatpak-installation.5* +%{_mandir}/man5/flatpak-remote.5* +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf +%{_sysconfdir}/flatpak/remotes.d +%{_sysconfdir}/profile.d/flatpak.sh +%{_sysusersdir}/flatpak.conf +%{_unitdir}/flatpak-system-helper.service +%{_userunitdir}/flatpak-oci-authenticator.service +%{_userunitdir}/flatpak-portal.service +%{_systemd_system_env_generator_dir}/60-flatpak-system-only +%{_systemd_user_env_generator_dir}/60-flatpak + +%files devel +%{_datadir}/gir-1.0/Flatpak-1.0.gir +%{_datadir}/gtk-doc/ +%{_includedir}/%{name}/ +%{_libdir}/libflatpak.so +%{_libdir}/pkgconfig/%{name}.pc + +%files libs +%license COPYING +%{_libdir}/girepository-1.0/Flatpak-1.0.typelib +%{_libdir}/libflatpak.so.* + +%files selinux +%{_datadir}/selinux/packages/flatpak.pp.bz2 +%{_datadir}/selinux/devel/include/contrib/flatpak.if + +%files session-helper +%license COPYING +%{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml +%{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service +%{_libexecdir}/flatpak-session-helper +%{_userunitdir}/flatpak-session-helper.service + +%files tests +%{_datadir}/installed-tests +%{_libexecdir}/installed-tests + +%changelog +* Mon Apr 25 2022 Zhongling He 1.13.2 +- Init package from upstream v1.13.2 \ No newline at end of file