"Fossies" - the Fresh Open Source Software Archive

Member "flatpak-1.12.2/NEWS" (12 Oct 2021, 119756 Bytes) of package /linux/misc/flatpak-1.12.2.tar.xz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "NEWS": 1.12.1_vs_1.12.2.

    1 Changes in 1.12.2
    2 ~~~~~~~~~~~~~~~~~
    3 Released: 2021-10-12
    5  * Install translations referenced by LANG, LANGUAGE or LC_ALL
    6  * Fix error handling for the syscalls that are blocked when not using --devel
    7  * Improve diagnostic messages when seccomp rules cannot be applied
    8  * Update Polish translation
   10 Changes in 1.12.1
   11 ~~~~~~~~~~~~~~~~~
   12 Released: 2021-10-08
   14 The security fix in the 1.12.0 release failed when used with some
   15 older versions of libseccomp (that don't know about the new syscalls).
   17 More specifically, installing modules that use extra-data would fail, and so
   18 would running applications with the --allow=multiarch feature, such as Steam.
   19 This release fixes those regressions.
   21 Changes in 1.12.0
   22 ~~~~~~~~~~~~~~~~~
   23 Released: 2021-10-08
   25 This is the first stable release in the 1.12.x series. The major changes
   26 in this series is the support for better control of sub-sandboxes, as
   27 used by the Steam Flatpak app to run Windows games under Proton.
   29 In addition, this release fixes a security vulnerability in the portal
   30 support. Some recently added syscalls were not blocked by the seccomp rules
   31 which allowed the application to create sub-sandboxes which can confuse
   32 the sandboxing verification mechanisms of the portal. This has been
   33 fixed by extending the seccomp rules. (CVE-2021-41133)
   34 For details, see:
   35   https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
   37 Other changes in this version:
   38  * Some test fixes
   39  * Update translations
   40  * Support for specifying the flatpak binary to use during exports
   41  * Install translations for all languages in the locale, not just the ones in
   42    LC_MESSAGES.
   43  * Fix progress reporting in flatpak fsck
   44  * Handle cases where /var/tmp is a symlink
   45  * Expose /etc/gai.conf to the sandbox
   46  * Fix the parental control checks for root
   47  * Handle missing /etc/ld.so.cache (musl)
   49 Changes in 1.11.3
   50 ~~~~~~~~~~~~~~~~~
   51 Released: 2021-08-25
   53 Dependencies:
   55 * For Linux distributions that compile Flatpak to use a separate
   56     bubblewrap (bwrap) executable, updating to version 0.5.0 is recommended,
   57     but not required. The minimal version is still 0.4.0.
   59 Bug fixes:
   61 * Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox, fixing
   62   a regression introduced when CVE-2021-21261 was fixed in 1.8.5 and 1.10.0
   63 * Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
   64     - Better diagnostics when a --bind or other bind-mount fails
   65     - Create non-directories with safer permissions
   66     - Allow mounting an non-directory over an existing non-directory
   67     - Silence kernel messages for our bind-mounts
   68     - Improve ability to bind-mount directories on case-insensitive filesystems
   69 * Don't ask user which remote to download from if there is only one option
   70 * Improve robustness of autogen.sh
   72 Internal changes:
   74 * Improve test coverage
   75 * Spelling fixes
   77 Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
   79 Changes in 1.11.2
   80 ~~~~~~~~~~~~~~~~~
   81 Released: 2021-06-17
   83 Bug fixes:
   85 * Fix logic error when migrating AppStream XML
   86 * Improve error-checking
   87 * Fix various memory and file descriptor leaks, in particular with
   88   flatpak-spawn --env=...
   89 * Fix fd confusion in flatpak-spawn --env=... --forward-fd=..., which
   90   caused "Steam Linux Runtime" containers to fail to start
   91 * Avoid a crash when looking up summary for a ref without an arch
   92 * Improve handling of refs belonging to more than one architecture,
   93   e.g. for cross-compilation
   94 * Don't abort uninstall if deploy metadata is missing
   95 * Don't fail transaction if searching for dependencies fails in one remote
   96 * Fix test failure when running tests as root
   97 * Improve error message for 'sudo flatpak run'
   99 Internal changes:
  101 * Improve printf format string validation
  102 * Improve test coverage
  103 * Reduce risk of accidentally hard-coding x86 in the tests
  105 Translation updates: Danish, Indonesian, Russian
  107 Changes in 1.11.1
  108 ~~~~~~~~~~~~~~~~~
  109 Released: 2021-04-26
  111 This is the first unstable release in the series that will lead to 1.12.
  113 New features:
  115 * All instances of the same app-ID share their /tmp directory
  116 * All instances of the same app-ID share their $XDG_RUNTIME_DIR
  117 * Instances of the same app-ID can optionally share their /dev/shm directory
  118   (enabled by a new --allow flag, --allow=per-app-dev-shm)
  119 * Allow a subsandbox to have a different /usr and/or /app.
  120   Steam will use this to launch games with its own container runtime
  121   as /usr (the "Steam Linux Runtime" mechanism).
  122 * enter: Improve support for TUI programs like gdb
  123 * build-update-repo: Add a higher-performance reimplementation of
  124   `ostree prune` specialized for archive-mode repositories
  126 Bug fixes:
  128 * Fix deploys of local remotes in system-helper
  129 * Fix test failures on non-x86_64 systems
  130 * Fix two intermittent test failures
  131 * Make polkit queries non-interactive when operating in non-interactive mode
  132 * Use a local main-context when using libsoup in a thread
  133 * create-usb: Skip copying extra-data flatpaks
  134 * OCI: Switch to pax-format tar archives
  135 * history: Handle transaction log entries with empty REF field
  136 * portal: Fix flatpak-spawn --clear-env on OSs where flatpak is not on
  137   the fallback PATH, such as NixOS
  138 * Fix various issues detected by scan-build
  140 Internal changes:
  142 * Use GNU bison to build parse-datetime.y
  143 * Add information about security support and security vulnerability
  144   reporting (see `SECURITY.md`)
  145 * Move all git submodules into subprojects/ directory
  146 * Several sockets are now created in /run/flatpak in the sandbox, with
  147   symbolic links in $XDG_RUNTIME_DIR
  149 Changes in 1.10.2
  150 ~~~~~~~~~~~~~~~~~
  151 Released: 2021-03-10
  153 This is a security update which fixes a potential attack where
  154 a flatpak application could use custom formated .desktop files to
  155 gain access to files on the host system.
  157 Other changes:
  159 * Fix memory leaks
  160 * Some test fixes
  161 * Documentation updates
  162 * G_BEGIN/END_DECLS added to library headders for c++ use
  163 * Fix for X11 cookies on OpenSUSE
  164 * Spawn portal better handles non-utf8 filenames
  166 Changes in 1.10.1
  167 ~~~~~~~~~~~~~~~~~
  168 Released: 2021-01-21
  170  * Fix flatpak build on systems with setuid bwrap
  171  * Fix some compiler warnings
  172  * Add --enable-asan configure option
  173  * Fix crash on updating apps with no deploy data
  174  * Update translations
  176 Changes in 1.10.0
  177 ~~~~~~~~~~~~~~~~~
  178 Released: 2021-01-14
  180 This is the first stable release after the 1.9.x unstable series.
  181 The major new feature in this series compared to 1.8 is the support
  182 for the new repo format which should make updates faster and download
  183 less data.
  185 This release also contains the security fixes from 1.8.5, so everyone
  186 on the 1.9.x series should update immediately. (CVE-2021-21261)
  188 Other changes since 1.9.3:
  190  * The systemd generator snippets now call flatpak --print-updated-env
  191    in place of a bunch of shell for better login performance.
  192  * The .profile snippets now disable GVfs when calling flatpak to
  193    avoid spawning a gvfs daemon when logging in via ssh.
  194  * Build fixes for GCC 11.
  195  * Flatpak now finds the pulseaudio sockets better in uncommon
  196    configurations.
  197  * Sandboxes with network access it now also has access to the
  198    systemd-resolved socket to do dns lookups.
  199  * Flatpak supports unsetting env vars in the sandbox using --unset-env,
  200    and `--env=FOO=` now sets FOO to the empty string instead of
  201    unsetting it.
  202  * Similarly the spawn portal has an option to unset an env var.
  203  * The spawn portal now has an option to share the pid namespace
  204    with the sub-sandbox.
  206 Changes in 1.9.3
  207 ~~~~~~~~~~~~~~~~
  208 Released: 2020-12-22
  210 I expect this to be the final 1.9.x release, and we can expect 1.10.0
  211 early next year, containing basically whats in this release in terms
  212 of features.
  214 A minor change in the new indexed summary format in this release. The
  215 gpg signature of the summary index is now stored in a filename indexed
  216 by the checksum of the index rather than a static filename. This fixes
  217 an update race between clients accessing the two files during and update.
  218 It also helps in keeping mirrors and cached coherent. The old filename
  219 is still created/used for backwards compat with 1.9.1, but may go
  220 away in the future.
  222 Other changes:
  224  * --filesystem=host now exposed /var/usrlocal (as seen on ostree)
  225  * Better error messages in flatpak portal.
  226  * Rebases during update now install the new app before uninstalling
  227    the old, which means failure during the first doesn't leave the app
  228    uninstalled.
  229  * flatpak_installation_list_installed_refs_for_update() now handles
  230    some case better when apps in the user installation depends on
  231    runtimes in the system installation.
  232  * New version of the deploy files which guarantees the existance of
  233    a bit more data. This is useful for eol detection of apps that were
  234    installed with previous flatpak versions.
  235  * Some corner cases when installing an app with extra-data into a nonstandard
  236    installation were fixed.
  237  * Fixed crashed when killing and entering running instance that have
  238    was running a runtime, not an app.
  239  * The root user can now bypass parental controls.
  240  * Some fixes to library annotations.
  241  * Updated translations
  243 Changes in 1.9.2
  244 ~~~~~~~~~~~~~~~~
  245 Released: 2020-11-20
  247  * Some build fixes on non-x86-64 arches
  248  * Fix permission issue in endless installer
  249  * Fixed a bug where flatpak was accidentally clearing the summary cache
  250    during updates in the user installation.
  251  * Fix handling of the multiarch permission.,
  252  * Add back the commit timestamp to the summary file.
  254 Changes in 1.9.1
  255 ~~~~~~~~~~~~~~~~
  256 Released: 2020-11-19
  258 This is the first unstable release in the series that will lead to
  259 1.10. The main change in this version is a new format for the summary
  260 file used when accessing an OSTree repository on the network. For this
  261 reason we now require OSTree version 2020.8.
  263 The new format should make getting the initial metadata required for
  264 most flatpak operations much faster, and use less network
  265 bandwidth. This will allow repositories to scale to more apps and more
  266 architectures without affecting clients. The old format is still
  267 generated for compatibility with older clients.
  269 The new format also allows repositories to publish named subsets, and
  270 for clients to declare that they only want to see that subset. The
  271 goal here is to allow for example flathub to mark all FOSS apps, and
  272 make it possible for users to use a flathub-foss remote without
  273 flathub having to maintain two duplicated repositories. This is
  274 accessible by passing --subset=SUBSET to the build-commit-from and
  275 build-export commands.
  277 The new repo option `flatpak.summary-arches` controls which architectures
  278 are put in the old format summary. This can be used to avoid newly added
  279 architectures making old clients slower, at the cost of requiring a newer
  280 flatpak client version for the new architecture.
  282 Other major changes
  283  * There is a new `flatpak pin` command that lets you pin runtimes
  284    so that they are not considered unused. Also, we now by default pin
  285    runtimes that are installed explicitly (i.e. not as a dependency of an
  286    app).
  287  * During a regular update or uninstall of an app, if the operation
  288    makes a previously used runtime unused, and the runtime is marked
  289    as end-of-lifed, then the runtime is automatically uninstalled.
  290  * During `flatpak update` (i.e. with no specific app given) flatpak
  291    now automatically adds uninstall operations for end-of-life runtimes
  292    that are unused.
  293  * The end-of-life warnings in the flatpak CLI are now better, showing
  294    more useful details (like version and what apps are using the runtime)
  295    and less unuseful details.
  296  * Some changes was made in which dconf paths were considered "similar"
  297    to the app id, allowing for example `org.gnome.SoundJuicer` to
  298    migrate from `/org/gnome/sound-juicer`.
  299  * Flatpak run now implements the new standard for os-release in containers
  300    (https://www.freedesktop.org/software/systemd/man/os-release.html).
  301  * There is now a tcsh profile snippet
  302  * The origin remote for an app is now prioritized over other remotes with
  303    the same priority when looking for dependencies.
  304  * We now allow extra-data apply_extra processes to run multiarch code.
  305  * A new internal representation for ostree ref strings was added which
  306    is more efficient. This should not affect the behaviour of flatpak
  307    but the large amounts of changes to use this may have accidentally
  308    introduced regressions.
  309  * Some fixes to the in-memory summary cache make it more efficient.
  310  * --filesystem=/ is now explicitly forbidden as it doesn't work (and never
  311    did).
  312  * Flatpak install/update now only prints `(partial)` for an update that
  313    actually is partial (not just for all locales).
  314  * Flatpak remote-ls on a file: uri (for example a sideloaded repo) now
  315    correctly lists the refs in the repo.
  316  * New library APIS: flatpak_installation_list_pinned_refs,
  317    flatpak_transaction_set_disable_auto_pin,
  318    flatpak_transaction_set_include_unused_uninstall_ops,
  319    flatpak_transaction_operation_get_subpaths,
  320    flatpak_transaction_operation_get_requires_authentication.
  321  * flatpak_installation_list_installed_refs_for_update() now returns
  322    refs that have a end-of-life rebase that it could be updated to.
  323  * There is a new `ready-pre-auth` signal in FlatpakTransaction allowing
  324    clients new ways to handling authentication.
  325  * Fix bug where extension sources were sometimes auto-installed
  327 Changes in 1.8.3
  328 ~~~~~~~~~~~~~~~~
  329 Released: 2020-11-17
  331   * Fixed progress reporting for OCI and extra-data
  332   * The in-memory summary cache is more efficient
  333   * Fixed authentication getting stuck in a loop in some cases
  334   * Fixed authentication error reporting
  335   * We now extract OCI info for runtimes as well as apps
  336   * Fixed crash if anonymous authentication fails and -y is specified
  337   * flatpak info now only looks at the specified installation
  338     if one is specified
  339   * Better error reporting for server HTTP errors during download
  340   * Uninstall now removes applications before the runtime it depends on
  341   * Fixed test-suite to pass with the latest OSTree version
  342   * Fixed dbus environment variables in flatpak enter
  343   * Avoid updating metadata from the remote when uninstalling
  344   * Fixed error message handling in various places
  345   * FlatpakTransaction now verifies all passed in refs to avoid
  346     potential issues with invalid names
  347   * Updated translations
  349 Changes in 1.8.2
  350 ================
  352  * Added validation of collection id settins for remotes
  353  * Fix seccomp filters on s390
  354  * Robustness fixes to the spawn portal
  355  * Fix support for masking update in the system installation
  356  * Better support for distros with uncommon models of merged /usr
  357  * Cache responses from localed/AccoutService
  358  * Fix hangs in cases where xdg-dbus-proxy fails to start
  359  * Fix double-free in cups socket detection
  360  * OCI authenticator now doesn't ask for auth in case of http errors
  362 Changes in 1.8.1
  363 ================
  365  * Avoid calling authenticator in update if ref didn't change
  366  * Don't fail transaction if ref is already installed (after transaction start)
  367  * Fix flatpak run handling of userns in the --device=all case
  368  * Fix handling of extensions from different remotes
  369  * Fix flatpak run --no-session-bus
  370  * Updated translations
  372 Changes in 1.8.0
  373 ================
  375 New stable release series 1.8.
  377 Changes:
  378  * FlatpakTransaction has a new signal "install-authenticator" which clients can handle to
  379    install authenticators needed for the transaction. This is done in the CLI commands.
  380  * We now always expose the host timezone data, allowing us the expose the host /etc/localtime
  381    in a way that works better, fixing several apps that had timezone issues.
  382  * Fix flatpak enter which didn't work in some cases.
  383  * We now ship a systemd unit (not installed by default) to automatically detect plugged in
  384    usb sticks with sideload repos.
  385  * By default we no longer install the gdm env.d file, as the systemd generators work better
  386  * create-usb now exports partial commits by default
  387  * Fix handling of docker media types in oci remotes
  388  * Fix subjects in remote-info --log output
  390 Changes in 1.7.3
  391 ================
  393  * Allow direct ALSA device access if app has pulseaudio access.
  394  * Flatpak now ships a sysusers.d file for allowing systemd to create the required users.
  395  * Fix issue in remote-delete where it failed to delete system remotes if it had to uninstall
  396    something first.
  397  * New library calls flatpak_transaction_operation_get_related_to_ops(), flatpak_transaction_operation_get_is_skipped() and
  398    flatpak_transaction_set_no_interaction().
  399  * New options --[no-]follow-redirect in remote-add/modify
  400  * New spawn portal APIs to get real pid of launched app.
  401  * By default, all OCI remotes now use the flatpak-oci-authenticator.
  402  * Support flatpak remote-info and flatpak update --commit= to specific versions for OCI remotes.
  403  * Initial work in progress on using deltas for OCI remotes.
  404  * Fix race in the generation of ld.so.cache when starting copies of the same app at the same time.
  405  * Minor fix in what locales are installed on update.
  406  * Flatpak uninstall now doesn't fail if one ref (of many) was not installed.
  407  * Flatpak systemd transient units now have an app-prefix to match new XDG spec for
  408    cgroup names.
  409  * In some cases we previously downloaded the summary twice.
  410  * flatpak upgrade is now an alias for flatpak update.
  411  * Fix to selinux module to work without unconfined module.
  412  * Respect user XDG basedirs when finding users fonts and icons.
  413  * Fix issue where thread were sometimes initialized causing flatpak enter to fail.
  414  * Better error reporting when authentication goes wrong.
  416 Changes in 1.7.2
  417 ================
  419 This fixes some regressions in progress reporting in 1.7.1, where it would report > 100%.
  421 Other changes:
  422  * Completion support for fish shell
  423  * Properly handle migration of remotes with collection ids
  424  * The summary now has some extra-data download size info which can make downloads slightly more efficient
  426 Changes in 1.7.1
  427 ================
  429 This is the first release in the 1.7.x unstable release series.
  431 A major change is that the support for the ostree peer-to-peer installation has been
  432 simplified. Flatpak no longer supports installing from local network peers, and sideloading
  433 from local usb stick is no longer automatic. To enable sideloading you have to configure
  434 a sideload repository by creating a symlink to it from /var/lib/flatpak/sideload-repos or
  435 /run/flatpak/sideload-repos. Due to this the flatpak code has been simplified internally
  436 and the p2p support is more efficient.
  438 Other major changes
  439  * If an app has filesystem access, the host /lib is accessible as /run/host/lib, etc.
  440  * New filesystem permission "host-etc" and "host-os" give access to system /usr and /etc.
  441  * Flatpak now uses variant-schema-compiler to generate more efficient code for
  442    parsing GVariant files from ostreee.
  443  * libsystemd use is now optional in configure.
  444  * Journal sockets are mounted readonly
  445  * document-export now supports exporting directories (requires new portal version)
  446  * DConf migration now allows version numbers in object paths
  448 Changes in 1.6.3
  449 ================
  451 The main change in this version is a fix for a regression in the progress calculation
  452 for applications using extra-data. Additionally the bundled version of bubblewrap
  453 is updated to 0.4.1 which fixes a security issue in some cases. See
  454   https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj
  455 for details.
  457 Other changes:
  458  * Updated translations
  459  * Don't break if users primary gid is not in the nsswitch database
  460  * Fix crash in flatpak repair if no remotes are configured
  461  * Some updates to the oci authenticator
  462  * Retry downloads of extra data
  464 Changes in 1.6.2
  465 ================
  467 Due to a combination of some behaviour in flatpak and recent versions of ostree we at some
  468 point lost the use of deltas for the initial install case, instead always falling back
  469 to a full ostree operation which is a lot less efficient for pulls with many small files
  470 like a runtime. This caused some very slow installs from e.g. flathub, so I recommend
  471 everyone update to this version to get better install performance.
  473 Other changes are:
  474  * We now correctly handle TMPDIR env var overrides when bwrap is setuid
  475  * Disallow running "flatpak run" under sudo (as it doesn't work and causes issues)
  476  * Fix build with older versions of glib
  477  * Minor documentation updates
  478  * Updated translations
  480 Changes in 1.6.1
  481 ================
  483 This is a (mild) security update. Flatpak 1.6.0 added the ability for an application to request it to be
  484 updated, as long as the new version doesn't require new permissions. Unfortunately in some special cases,
  485 if an app had acces to the home directory, but not the rest of the filesystem it would still allow a
  486 self-update where the new version could access some files outside the home directory..
  488 This is fixed in this version, and all users of 1.6.0 are recommended to update.
  490 Other changes are:
  492  * New permission --device=shm giving access to host /dev/shm, as needed for jack.
  493  * Generated correct download size in build-commit-from
  494  * sub-sandbox now allows the child to share the gpu of the caller has full device access
  495  * Fix crash with disabled remotes
  496  * Fix builds with older versions of glib
  497  * Update translations
  499 Changes in 1.6.0
  500 ================
  502 This is the first stable release in the 1.6 series, main changes
  503 since 1.4 is the support for protected content and improvements
  504 in the self-sandboxing support.
  506 There is one change in the support for OCI remotes, we now
  507 only support the use of labels, not annotations, as labels
  508 work with more registries. This means pre-existing OCI flatpak
  509 registries (like fedora) may need some changes.
  511 Changes since 1.5.2:
  512  * New permissions --socket=cups for direct cups access
  513  * Fix some leaks
  514  * Fix reporting of progress with latest version of ostree
  515  * New no-interaction flag for authenticators
  516  * Support for auto-installing authenticators from a flatpak remote
  517  * Warn less about unset XDG_DATA_DIRS
  518  * Don't poll for updates in the portal when on a metered connection
  520 Changes in 1.5.2
  521 ================
  523 This version has further changes to the protocol and API for handing
  524 authentication, in order to make it more flexible and futureproof. The
  525 sample authenticator has been updated to the new APIs. Flatpak now
  526 ships with a OCI authenticator that can be used to access private OCI
  527 registries.
  529 FlatpakTransaction now also has a callback for simple user/password
  530 authentication for an authenticator (the basic-auth-start signal)
  531 modeled on HTTP basic authentication. This is handled in the flatpak
  532 CLI by interactive prompts on the terminal. This is needed by the OCI
  533 authenticator, but can also be used by other authenticators that have
  534 simple authentication requirements.
  536 There were also some fixes to the new self-sandboxing support of the
  537 flatpak spawn portal, allowing webkit to use it.
  539 Other changes:
  540  * Show background status in flatpak ps
  541  * Improved docs and help output
  542  * Fix support for fd forwarding and the allow_a11y flag in the sandboxing portal
  543  * Some improvements to the new permission-set command
  544  * New remote option that allows settting the default token type (mostly for debugging)
  548 Changes in 1.5.1
  549 ================
  551 The major new feature of this is the support for protected applications and the system
  552 around authenticting downloads to it. This is not considered stable yet, but this release
  553 has the initial work to make it possible for developers to play around with this. I
  554 will send out a separate mail about this later.
  556 Other changes:
  557  * Flatpak now bundles bubblewrap 0.4.0, and requires 0.4.0 to use the system bubblewrap.
  558  * Optional support for parental controls using libmalcontent.
  559  * Transaction now installs extensions before apps to ensure we have a working app immediately after install.
  560  * Changes in temporary file use makes flatpak run work better in low disk space situations.
  561  * flatpak enter now works without sudo, and works better in general.
  562  * New features for the flatpak portal:
  563    * Support starting a sub-sandbox with the child processes visible in the original sandbox.
  564    * Support adding some kinds of permissions to sub-sandboxes
  565  * New commands flatpak permission-set and permission-remove
  566  * flatpak install CLI now always shows what kind of operations everything is.
  567  * libflatpak now returns apps as updatable if doing so would auto-download missing extensions or runtimes.
  568  * new API: flatpak_transaction_get_no_(deploy|pull).
  569  * We can now store locale info in the extra-languages key (in addition to the country code).
  570  * remote-ls and list --app-runtime now only shows apps, no runtimes.
  571  * Stop using mirror refs and delete any useless mirror refs you might have in your repo.
  572  * Fix busy-loop regression in revokefs-fuse in 1.5.0
  574 Changes in 1.5.0
  575 ================
  577  * New options flatpak install --or-update operation.
  578  * New command flatpak mask allows pinning version and avoiding auto-downloads.
  579  * Support self-updates and update monitoring in the flatpak portal.
  580  * Fix updates of exported services with dbus-broken.
  581  * Don't show arch columns in terminal outout if all are the same.
  582  * Fix some cases where origin remotes were not properly removed.
  583  * flatpak-session-helper now links to more libraries.
  584  * OCI: Support images tagged with labels as well as annotations.
  585  * OCI: Alway generate a history for images.
  586  * OCI: Support docker mimetypes in addition to OCI mimetypes.
  587  * Uninstall now always work, even if the remote it came from was force removed.
  588  * New config key default-languages that allows additions to the system list
  589   instead of overriding it.
  590  * Various minor tweak to CLI behaviour and output.
  592 Changes in 1.4.3
  593 ================
  594  * Fix crash in revokefs.
  595  * Handle 'versions' extension key (in addition to 'version') when
  596    checking for local extensions, which was causing us to uninstall
  597    some actually used extensions with uninstall --unused.
  598  * The 'required-flatpak' metadata key now supports listing multiple
  599    versions to support backported features.
  600  * Fix crash with older versions of polkit.
  601  * Fix installation of bundles.
  602  * Fix crash on deploy error.
  603  * Support building bundles of apps installed from a remote.
  604  * OCI: Fix handling of locally cached icons.
  605  * Fix crash when listing unconfigured remotes.
  606  * Ignore differences in trailing slashes for repo uris.
  608 Changes in 1.4.2
  609 ================
  611  * Support extra_data in extensions.
  612  * Handle double slashes ("//")in XDG_DATA_DIRS.
  613  * Fix detection of local related refs.
  615 Changes in 1.4.1
  616 ================
  620 There was an accidental ABI break in libflatpak in 1.4.0 compared to
  621 the 1.2.x ABI which caused crashes in apps like gnome-software.
  623 This has been fixed in this release so it is now ABI compatible with
  624 1.2.x, but *NOT* compatible with 1.4.0. It is recommended that all
  625 distributions that shipped 1.4.0 update to 1.4.1 and rebuild all
  626 dependencies of libflatpak.
  628  * Make ABI compatible with 1.2.x
  629  * Update translations
  630  * Fix some potential crashes
  631  * Fix some corner case where it was impossible to remove a remote
  632  * Restore support for file: uris in the RuntimeRepo key in flatpakref files
  634 Changes in 1.4.0
  635 ================
  637 This is the new stable series, ending the 1.3.x series. The major changes
  638 since the 1.2.x is the improved I/O use for system-installed applications,
  639 and the new format for pre-configured remotes.
  641  * Recalculate download-size when moving between repos in
  642    build-commit-from.
  643  * New library error FLATPAK_ERROR_REF_NOT_FOUND returned instead of
  645  * Fix installed tests when running on a tty.
  646  * Fix a double-set of a GError.
  647  * Grant more permissions on the /run/host/monitor directory to
  648    work with e.g. toolbox on the host.
  650 Changes in 1.3.4
  651 ================
  653 This version changes how default remotes are configured. We still
  654 use files in /etc/flatpak/remotes.d, however instead of the old
  655 *.conf files we now use regular flatpakrepo files, and the first
  656 time you use flatpak these are automatically imported.
  658 The advantage of this new model is that the configuration is imported
  659 once, but then becomes writable and removable, just like a manually
  660 added remote. In the previous model the remote was always there and it
  661 was impossible to change or remove.
  663 However, this means that anyone currently shipping a .conf file with
  664 a distro needs to change this to a .flatpakrepo file.
  666  * Support for flatpakrepo files in /etc/flatpak/remotes.d
  667  * Support for client side filtering of a remote. This allows you
  668    to limit what apps are seen from a remote, using either a whitelist
  669    or a blacklist model.
  670  * Add library API to easily add remotes from flatpakref files.
  671  * Fix the dconf support.
  672  * Fix app updates in system-wide OCI remotes.
  673  * Fix CLI completion if G_MESSAGES_DEBUG is set
  674  * Add a docker seccomp profile for running flatpak inside a container.
  675  * Look for the new default dbus session socket at $XDG_RUNTIME_DIR/bus
  676  * Improve ability to pull from multiple p2p sources (needs latest ostree).
  678 Changes in 1.3.3
  679 ================
  681  * Fixed a crash in the system helper that made installation via
  682    the helper sometimes not work.
  683  * Fix build with older versions of glib
  684  * The list and remote-ls output is now less wide, not showing the
  685    appdata summary by default and only showing the archtecture and
  686    origin if necessary (i.e. not if its the same for all rows).
  687  * flatpak remote-ls now filters end-of-lifed apps by default.
  688  * flatpak permission-reset now supports --all
  689  * Flatpak now works will all set values of umask.
  690  * The flatpak profile.d snippet now works if flatpak is not installed
  691    (in case it gets left over after deletion).
  692  * Fixed flatpak install --noninteractive still asking questions in some cases.
  693  * flatpak now returns a failure exit status if you abort the operation early.
  694  * flatpak remote-ls and remote-info now supports --cached to prefer
  695    using locally cached data.
  696  * libflatpak grew a FLATPAK_QUERY_FLAGS_ONLY_CACHED that allows you to
  697    get at locally cached data about remotes without doing network i/o.
  698  * Documentation updates
  700 Changes in 1.3.2
  701 ================
  703 This release contains a major change in how flatpak does system-wide
  704 installation as a user. We used to pull into a temporary user-owned
  705 directory and then ask the flatpak system-helper to import from this
  706 directory. Unfortunately, since we can't trust the user directory
  707 it had to copy these files as they were being imported, which caused
  708 unnecessary i/o, as well as temporarily using more diskspace.
  710 The new setup uses a new custom fuse filesystem which the user writes
  711 to, and then when this is done we can safely revoke any access to this
  712 from the user, meaning the files can be directly imported into the
  713 system repository without needing to make a copy.
  715 However, this makes packaging flatpak a bit more complex, as we now
  716 require flatpak to have a user. By default flatpak will look for a user
  717 called "flatpak", and for the new feature to work you need to create
  718 it in your package. If you want to use a different name you can specify
  719 that in configure as --with-system-helper-user=USERNAME.
  721 Additionally, the new code passed a unix socket over the system bus, which
  722 is prohibited by the default selinux policy. To work around this flatpak
  723 now ships with a custom selinux module (enable with --enable-selinux-module).
  724 For the new feature to work you need to install this module and ensure
  725 the flatpak-system-helper binary gets the proper selinux context.
  727 Other changes:
  729  * We now support specifying a rebasing version of end-of-life, where
  730    the clients will be asked if they want to use the new version. At
  731    runtime any old per-user application data will be migrated to the
  732    new name. Note: This works for the CLI app, but needs some changes
  733    for installers to take advantage of the automatic rebasing.
  734  * New permission --socket=pcsc for access to smart cards.
  735  * We now store the description, comment, icon and homepage fields from
  736    the flatpakrepo files in the remote confiuration and have new library
  737    APIs to read these back.
  738  * The fields above are now also settable in a repo and changes to these
  739    can propagate to clients.
  740  * run now tries the determine what branch to use when you run a runtime.
  741  * Print maximum icon size when icon-validator fails.
  742  * flatpak override can now disallow access to a dbus name.
  743  * flatpak list now has a new runtime column
  745 Changes in 1.3.1
  746 ================
  748 This release fixes CVE-2019-10063.
  750 It has been discovered that the previous fix for CVE-2017-5226, which uses
  751 seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
  752 was only incomplete on 64bit arches. This is now fixed.
  754  * seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
  755  * Fix the required runtime prompt during installation.
  756  * When installing, only check dependencies from the same installation.
  757  * flatpak list --arch now works correctly again.
  758  * Create origin symlinks in appstream branch for libappstream compat.
  760 Changes in 1.3.0
  761 ================
  763 This is the start of a new unstable series, targeting stable release
  764 as 1.4.0.
  766 Major changes:
  768  * Support systems with multiple nvidia devices
  769  * Checks are update output are green again
  770  * Fix support for systems like gentoo where /var/run is a symlink.
  771  * Initial support for sandboxed dconf support.
  772  * build-update-repo: New options --no-update-[summary,appstream] and
  773    --static-delta-ignore-ref=PATTERN.
  774  * Regenerating the appstream branch is now much faster for large
  775    repositories.
  776  * We no longer limit the size of svgs in the icon validator.
  778 Changes in 1.2.3
  779 ================
  781 This release fixes CVE-2019-8308.
  783 The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
  784 to modify the host side binary from the sandbox. This mostly does not
  785 affect flatpak since the flatpak sandbox is not run with root permissions.
  786 However, there is one case (running the apply_extra script for system
  787 installs) where this happens, so this release contains a fix for that.
  789  * Don't expose /proc in apply_extra script sandbox.
  791 Changes in 1.2.2
  792 ================
  794  * Reverted green checkbox as they caused table alignment issues
  795  * Fix a division by zero if the terminal reports a zero terminal
  796    width (which happens in the flathub build environment).
  798 Changes in 1.2.1
  799 ================
  801  * Ensure flatpak builds with older versions of glib and appstream-glib.
  802  * build-commit-from: Fix the new --extra-id option.
  803  * build-export: Allow disabling the sandboxing of the icon validator and
  804    do so during the tests.
  805  * profile: Don't break if debug logging is enabled.
  806  * Better handling of the appdata release attribute.
  807  * Don't install polkit agent when not needed, avoiding some unnecessary
  808    log lines in some cases.
  809  * Fix the output of the sandboxed icon validator not being visible.
  810  * builld-init: Allow specifying a full ref for the sdk, which is used to
  811    select the branch name when checking sdk extensions.
  812  * Make the ok checks in the output green
  814 Changes in 1.2
  815 ==============
  817  * Ensure DeployCollectionID works in flatpakrepo files in all cases.
  818  * Don't error out with empty installations in uninstall.
  819  * Add helper that validates icon files during export.
  820  * Don't allow root to modify the (non-root) per-user flatpak installation,
  821    as this risks causing problems later.
  822  * Remove some incorrect warnings from flatpak repair.
  823  * Allow multiple name segments after prefix when exporting files.
  824  * Allow specification of ellipsization in --colums options.
  825  * Handle dates as well as timestamps in appdata
  826  * Fixed a bug where flatpak remote-delete removed too many refs.
  827  * Now we use raw terminal mode during a transaction to a avoid problems with input
  828    during the operation causing problems with escape sequences.
  829  * Generate a fontconfig directory remapping snippet as will be needed
  830    for newer versions of fontconfig.
  831  * Support --extra-collection-id in build-commit-from to bind the commit
  832    to multiple collection ids. This is work in progress in ostree.
  834 Changes in 1.1.3
  835 ================
  837  * Various fixes to the CLI output changes
  838  * New flatpak --installations option to list all installations
  839  * Extract license info from appdata among with the other fields.
  840    This is shown in e.g. info and remote-info, and has library API.
  841  * install/update/uninstall now has --noninteractive option with less output
  842    that is useful when called from scripts, etc.
  843  * --devel is now properly forwarded to sub-sandboxes using the flatpak portal.
  844  * Drop dependency on libappstream-glib from libflatpak.
  845  * Initial support for exposing the system dconf defaults to the sandbox.
  846  * We now create deploy refs for the deployed commits to avoid a prune removing
  847    objects that are in use.
  848  * Ask about removing all refs when deleting a remote.
  849  * New environment generator that handles custom installations,
  850    replacing the old dbus service config file.
  851  * Documentation updates
  852  * More robust completion
  853  * Try to report out-of-space errors better.
  854  * Add more tests.
  855  * Various improvements to the repair command.
  857 Changes in 1.1.2
  858 ================
  860  * Refreshed the CLI output layout, in particular the install/update progress
  861    and application list/info commands.
  862  * The host XDG_{DATA,CONFIG,CACHE}_HOME env vars are now available as
  863    with the HOST_ prefix in the sandbox.
  864  * FLATPAK_ID is set to the app id in the sandbox (this previously
  865    only happened in flatpak build).
  866  * The spawn portal command now has a kill with parent option.
  867  * Flatpak shells now have custom prompts
  868  * New library APIs: Access to deployed appstream data, list unused refs.
  869  * Flatpak run now has --cwd option.
  870  * New option --static-delta-jobs to limit number of parallel delta
  871    generation jobs in build-update-repo.
  872  * Fixed critical warning with newer policykit versions.
  874 Changes in 1.1.1
  875 ================
  877  * New libflatpak function: flatpak_remote_get_main_ref()
  878  * Various changes to the policykit rules in order to cause less, and
  879    more understandable policykit authentication dialogs.
  880  * Give DRI apps access to more nvidia device nodes required for CUDA/OpenCL support.
  881  * search now doesn't search noenumerate remotes.
  882  * Renamed operations permission-list to permissions and document-list to
  883    documents. The old names are still supported as aliases.
  884  * New property 'non-interactive' for installations that allow frontends
  885    to do background updates without triggering policykit authentications.
  886  * New flag in HostCommand to allow killing the child process when
  887    the spawner exits the session bus.
  888  * Flatpak now authenticates on the terminal in case there is no desktop-wide
  889    policykit agent.
  890  * update with no arguments now updates all installations (i.e. also custom
  891    systemwide installations).
  892  * Use system helper to generate summary files for OCI remotes.
  893  * Better progress reporting for OCI downloads.
  894  * New conditional extension download feature, 'on-xdg-desktop-FOO'  which downloads
  895    when XDG_CURRENT_DESKTOP matches FOO.
  896  * More sockets are now mounted read-only in the sandbox
  897  * Updated docs, error messages and translations
  900 Changes in 1.1
  901 ==============
  903 This is the first release in the new unstable 1.1.x series, leading up to 1.2
  904 which is expected around the end of the year.
  906 Changes in this version:
  907  * New command flatpak kill to kill running flatpak instances.
  908  * The remote argument is now optional in the flatpak install in
  909    interactive installs. Instead you are prompted for which
  910    remote to install from.
  911  * All commands printing tables now support --columns option to specify
  912    exactly what to output.
  913  * flatpak uninstall now supports --delete-data to delete the application
  914    data directory in your homedirectory. If no application is specified
  915    it will remove data from all uninstalled apps.
  916  * flatpak list now supports filtering by runtime with:
  917    --app-runtime=org.gnome.Platform//3.24
  918  * flatpak remote-ls can now show the runtime used for each app.
  919  * flatpak repo now supports --info to show information
  920    about a repository, and it is the default operation
  921    for the flatpak repo.
  922  * flatpak repo now supports --commits to list commits in branch.
  923  * flatpak now logs transactions to the systemd journal if built
  924    against libsystemd.
  925  * libflatpak now exposed FlatpakInstance for a running instance.
  926  * Better error output if a flatpak command is misspelled
  927  * Drop support for migration from xdg-app (previous name for flatpak).
  928  * New library function flatpak_installation_get_min_free_space_bytes.
  929  * In interactive mode "yes" is now the default in most prompts.
  930  * Bumped ostree requirement to 2018.9
  931  * Cleanups and improvements to the test suite.
  932  * Improvements to documentation.
  933  * buildsystem support for coverage generation.
  935 Changes in 1.0.6
  936 ================
  938 This release fixes an issue that lets system-wide installed
  939 applications create setuid root files inside their app dir (somewhere
  940 in /var/lib/flatpak/app). Setuid support is disabled inside flatpaks,
  941 so such files are only a risk if the user runs them manually outside
  942 flatpak.
  944 Installing a flatpak system-wide is needs root access, so this isn't a
  945 privilege elevation for non-root users, and allowing root to install
  946 setuid files is something all traditional packaging systems
  947 allow. However flatpak tries to be better than that, in order to make
  948 it easier to trust third party repositories. Thus, it is recommended
  949 that all distros update to this version, or backport commit
  950 b98e09b20dfab896616b4a65e15c31f684a5f9f2.
  952 Changes in this version:
  953  * The permissions of the files created by the apply_extra script is
  954    canonicalized and the script itself is run without any capabilities.
  955  * Better matching of existing remotes when the local and remote configuration
  956    differs wrt collection ids.
  957  * New flatpakrepo DeployCollectionID replaces CollectionID, doing the
  958    same thing. It is recommended to use this instead because older versions
  959    of flatpak has bugs in the support of collection ids, and this key
  960    will only be respected in versions where it works.
  961  * The X11 socket is now mounted read-only.
  963 Changes in 1.0.5
  964 ================
  966 There was a sandbox bug in the previous version where parts of the runtime
  967 /etc was not mounted read-only. In case the runtime was installed as the
  968 user (not the default) this means that the app could modify files on the
  969 runtime. Nothing in the host uses the runtime files, so this is not a direct
  970 sandbox escape, but it is possible that an app can confuse a different app
  971 that has higher permissions and so gain privileges.
  973 So, it is recommended that everyone shipping flatpak to update to
  974 1.0.5, or at least backport the change in commit
  975 6711d7ae99c50a9dca8e4e2e9e9989a8fa6c3f06.
  977 Changes in this version:
  979  * Make the /etc -> /usr/etc bind-mounts read-only.
  980  * Make various app-specific configuration files read-only.
  981  * flatpak is more picky about remote names to avoid problems with storing weird
  982    names in the ostree config.
  983  * A segfault in libflatpak handling of bundles was fixed.
  984  * Updated translations
  985  * Fixed a regression in flatpak run that caused problems running user-installed
  986    apps when the system installation was broken.
  988 Changes in 1.0.4
  989 ================
  991  * Flatpak 0.99.1 removed the inheritance of permissions from the runtime due
  992    to concerns with dynamic app permissions. Due to popular requests, this
  993    version re-introduces such inheritance, but does it instead at build time.
  994    This solved the issues with dynamic permissions while still allowing runtimes
  995    to have default permissions. Apps can disable this by passing
  996    --no-inherit-permissions to build-finish.
  997  * The sandbox now always includes a /etc/timezone file, following the (old)
  998    debian standard for this. This is needed, because the more modern way
  999    of exposing the timezone name by having /etc/localtime be a symlink
 1000    into /usr/share/zoneinfo doesn't work when exposing the host timezone.
 1001  * All apps now have automatic permissions to own their own app id as a
 1002    subname of org.mpris.MediaPlayer2.
 1003  * We now properly re-load remote state in FlatpakTransaction if the
 1004    metadata was updated for the remote.
 1005  * The signature of the FlatpakTransaction::operation-done signal was wrong
 1006    in the header and has now been corrected to the signature that is actually
 1007    emitted.
 1008  * A crash was fixed when reading invalid .flatpakref files.
 1009  * A crash during updates when a local ref was unexpectedly missing was fixed.
 1010  * An error case on uninstalling was incorrectly returning success even
 1011    thought there was an error.
 1012  * flatpak_installation_modify_remote did not correctly save the nodeps state.
 1013  * flatpak_installation_load_app_overrides() was improperly returning freed
 1014    memory.
 1015  * The tarball now ships with an icon (flatpak.png).
 1017 Changes in 1.0.3
 1018 ================
 1020  * run: You can now use --system to run an app that otherwise would run the
 1021    user version.
 1022  * New permission --allow=canbus that filters out access to AF_CAN sockets.
 1023  * lib: New install flags FLATPAK_INSTALL_FLAGS_NO_TRIGGERS and new function
 1024    flatpak_installation_run_triggers()
 1025  * lib: Better error reporting, including some new error values that
 1026    replace the generic FAILED.
 1027  * uninstall --unused: Improve handling of which .Locale extensions are used
 1028  * run: Make flatpak run on systems where $XDG_RUNTIME_DIR contains a symlink
 1029    beneath /var (commonly /var/run -> /run).
 1030  * Don't export any desktop/dbus/mimetype files in subdirectories.
 1031  * build-init: We now record the base ref (if used) in the metadata. Nothing
 1032    uses this atm, but it can be used by tools.
 1033  * We now respect the upstream ostree.deploy-collection-id instead of the
 1034    flatpak-specific xa.collection-id metadata key to decide whether to switch
 1035    to collection ids for a remote. This is useful, because if you use the
 1036    new one, only new clients (that support it better) will use it.
 1037  * create-usb: Fix assertion failure in some error cases
 1038  * create-usb: Always create archive-z2 repos
 1039  * create-usb: Don't create unnecessary summary in repo
 1040  * permissions: Avoid errors if there is no permissions table
 1041  * repo: Fix flatpak repo sometimes using the wrong ostree-metadata ref.
 1042  * Avoid fsync when updating $installation/.changed.
 1043  * Add the missing appstream2 ref to the xa.cache metadata
 1044  * The test-suite got some modifications to make it easier to maintain.
 1045  * Documentation updates
 1046  * Translation updates
 1048 Changes in 1.0.2
 1049 ================
 1051  * The dbus proxy is now available in a separate git module, xdg-dbus-portal,
 1052    which is imported into flatpak as a submodule. It is possible to build
 1053    flatpak against the system xdg-dbus-portal instead, but this is not currently
 1054    very useful as no other applications yet depend on xdg-dbus-portal.
 1055  * Build regressions with older versions of glib have been fixed.
 1056  * Flatpak ps now also tracks the pid the main process inside the sandbox.
 1057  * Added flatpak override --reset to reset overrides for an app.
 1058  * Added flatpak override --show to show overrides for an app.
 1059  * flatpak install now automatically pick user or system based on the remote
 1060    name given (unless the remote exists in both).
 1061  * flatpak uninstall --unused now does not remove SDKs if some installed app
 1062    refers to them.
 1063  * Fixed bug where flatpak uninstall --unused prompted for uninstall twice.
 1064  * Set IO class on the system helper to "idle", which should cause backgroun
 1065    updates to affect the system less.
 1066  * Fixed regression in flatpak uninstall --no-related.
 1067  * Better handling of empty collection ids in flatpak bundles.
 1068  * Cleaned up some error messages.
 1069  * Various documentation fixes and cleanups.
 1070  * Updated translations.
 1072 Changes in 1.0.1
 1073 ================
 1075 This fixes various build and test failures that were detected when
 1076 packaging 1.0, as well as translations and doc updates. It also
 1077 has some minor features, including a new subcommand "flatpak ps"
 1078 to list the running flatpak instances for your user.
 1080  * Print application tags in the prompt when installing/updating.
 1081  * Make sure we don't accidentally leak the host /proc into
 1082    the sandbox.
 1083  * Translation updates.
 1084  * Added a "flatpak ps" command that lists running flatpak instances.
 1085  * Improve error reporting when exporting documents.
 1086  * Improve detection of dynamic p2p remotes.
 1087  * Build fixes for older versions of glib.
 1088  * Fix threading issue in the OCI support that was causing the
 1089    installed tests to sometimes fail.
 1090  * Fix OCI AppStream support on 32bit architectures.
 1091  * Fix utf8 issue in the dbus API description.
 1092  * Some install fixes to make installed tests work
 1093  * Make the tests work with python3 (as well as python2)
 1094  * Improve introspection annotations in libflatpak
 1095  * Improve libflatpak API docs
 1097 Changes in 1.0
 1098 ==============
 1100 Flatpak 1.0 is the first version in a new stable release series. This
 1101 new 1.x series is the successor to the 0.10.x series, which was first
 1102 introduced in October 2017. 1.0 is the new standard Flatpak version,
 1103 and distributions are recommended to update to it as soon as possible.
 1105 The following release notes describe the major changes since
 1106 0.10.0. For a complete overview of Flatpak, please see
 1107 [docs.flatpak.org](http://docs.flatpak.org/en/latest/).
 1109 ## For users, app developers and distributors
 1111 Flatpak 1.0 marks a significant improvement in performance and
 1112 reliability, and includes a big collection of bug fixes. 1.0 also
 1113 includes a collection of new features, including:
 1115  * Faster installation and updates.
 1116  * Applications can now be marked as end-of-life. App centers and
 1117    desktops can use this information to warn users who have an end-of-life
 1118    version installed.
 1119  * Permissions now use an up-front verification model: users are
 1120    asked to confirm app permissions at install time, if an update
 1121    requires additional permissions, the user must also confirm.
 1122  * A [new portal](https://flatpak.github.io/xdg-desktop-portal/portal-docs.html#gdbus-org.freedesktop.portal.Flatpak)
 1123    allows apps to create sandboxes and restart themselves. This allows
 1124    applications to restart themselves after they have been updated (to
 1125    start using the new version), and to increase sandboxing for parts
 1126    of the application.
 1127  * `flatpak-spawn` is a new tool for running host commands (if
 1128    permissions allow) and creating new sandboxes from an app (this
 1129    uses the above portals APIs).
 1130  * Apps can now export D-Bus services for all the D-Bus names they are
 1131    privileged to own (rather than just the application ID).
 1132  * Flatpak's support for OCI bundles has been updated to the latest
 1133    specification. Also, AppData can now be distributed through OCI
 1134    repositories.
 1135  * Host TLS certificates are now exposed to applications, using
 1136    p11-kit-server. This removes a point of friction when accessing
 1137    network services in some environments.
 1138  * Apps can now request access the host SSH agent to securely access
 1139    remote servers or Git repositories.
 1140  * A new application permission can be used to grant access to
 1141    Bluetooth devices.
 1142  * A new `fallback-x11` permission grants X11 access, but only if the
 1143    user is running in a X11 session. For applications that support
 1144    both Wayland and X11, this can be used to ensure that the app
 1145    doesn't have unnecessary X11 access while in Wayland, but still
 1146    works in an X11 session.
 1147  * Peer-to-peer installation (via USB sticks or local network) is now
 1148    enabled and supported by default in all builds.
 1150 The Flatpak command line also introduces new commands and options, including:
 1152  * `uninstall --unused` automatically removes unused runtimes and
 1153    extensions (if you've removed all apps that depend on a runtime, or
 1154    all the apps you had depending on it have upgraded to a newer
 1155    version).
 1156  * New `info` options, including `--show-permissions`,
 1157    `--file-access`, `--show-location`, `--show-runtime`, `--show-sdk`.
 1158  * `repair` - fixes broken installs by scanning for errors, removing
 1159    invalid objects and reinstalling anything that's missing.
 1160  * `permission-*` - allows interaction with the portals permissions
 1161    store. This is useful for testing and for getting back to a clean
 1162    state.
 1163  * `create-usb` - can be used to prepare an repository to be used as a
 1164    local updates source.
 1166 Finally, the command line has a collection of other improvements, such as:
 1168  * If `--system` or `--user` aren't specified, one is automatically
 1169    picked if it is obvious (or it will ask if the correct option isn't
 1170    obvious).
 1171  * The `install`, `update` and `uninstall` commands now ask for
 1172    confirmation of changes before proceeding, in order to prevent
 1173    mistakes, and to show the required application permissions.
 1174  * The `uninstall` command now does not allow you to remove a runtime
 1175    if some installed application requires it.
 1176  * `flatpak remove` is now an alias for `flatpak uninstall`.
 1178 ## For Linux distributors, OS and platform developers
 1180  * Flatpak no longer requires a filesystem that supports `xattr`.
 1181  * Portals are now more cleanly separated from Flatpak, thanks to the
 1182    document portal and permission store having been moved to
 1183    `xdg-desktop-portal`. It is recommended that the flatpak package has
 1184    a weak dependency on `xdg-desktop-portal`.
 1185  * `libflatpak` now has a transaction API for install, update and
 1186    uninstall operations. This means that it is much easier to use as
 1187    the basis of app centers and other graphical app management
 1188    software.
 1189  * Flatpak now sets several HTTP headers when installing applications,
 1190    which make it easier for Flatpak repositories to log things like
 1191    app download statistics and Flatpak versions in use.
 1192  * It is now recommended that Flatpak packages add a dependency on
 1193    p11-kit-server, as this allows apps to access host
 1194    certificates. However, this does not need to be a hard dependency.
 1195  * Requires bubblewrap 0.2.1 or later, and comes bundled with 0.3.0.
 1196  * Requires OSTree 2018.7.
 1198 Major changes in 0.99.3
 1199 =======================
 1201  * Fixed case where system install would sometimes fail
 1202    due to the system-helper idle exiting.
 1203  * Support installing flatpakref files in FlatpakTransaction,
 1204    including a new signal add-new-remote for when remotes
 1205    might be added.
 1206  * Added some new FlatpakError codes.
 1207  * We now support .flatpakrepo files with no gpg signatures
 1208  * Fix crash in system-helper when updating appstream
 1209  * New command create-usb which can be used to prepare
 1210    an repo for offline updates.
 1211  * Fix some non-handled cases of the CLI not working when
 1212    /var/lib/flatpak doesn't exist.
 1213  * Fix crash when running with a gid that is not in
 1214    /etc/groups.
 1215  * Add new permission-* commands to interact with the
 1216    permissions store from the portals.
 1217  * Include appdata in OCI bundle.
 1219 Major changes in 0.99.2
 1220 =======================
 1222  * Fix race condition on instance id allocation
 1223  * Translation updates
 1224  * Build fixes for new glibc versions
 1225  * Build fixes for new libsoup versions
 1226  * Build fixes for old glib versions
 1228 Major changes in 0.99.1
 1229 =======================
 1231 This is the first pre-release before flatpak 1.0. This is considered
 1232 feature-complete and we expect no features or major changes before
 1233 1.0, only bugfixes.
 1235 Note: There were some (minor) API changes in the FlatpakTransaction
 1236 APIs that were added in 0.11.8, so please don't use the old
 1237 version. (Note: I know of no user of this API).
 1239 Changes since last minor release:
 1240  * Ostree 2018.6 is required, and with this, the p2p code in
 1241    flatpak is made non-optional.
 1242  * flatpak install/update/ininstall now lists all the operations
 1243    that it will do and asks for confirmation before starting.
 1244  * In the above confirmation the permissions (new permissions
 1245    for updates) are shown for all applications.
 1246  * The FlatpakTranscation API has a new ::ready signal that
 1247    allows users to do similar confirmation prompts.
 1248  * P2P updates are more efficient
 1249  * system-wide installation uses less fsync calls so should
 1250    installation should be faster.
 1251  * New ssh agent permissions allows granting an app
 1252    ssh access.
 1254 Major changes in
 1255 =========================
 1257  * Fix a 25 second timeout on startup if using p11-kit < 0.23.10
 1258  * Minor change in dbus proxy default filter, now broadcasts are
 1259    not accepted from portals.
 1261 Major changes in
 1262 =========================
 1264  * Fix crash when building some apps
 1265  * Allow multiple appstream components per app
 1266  * Fix handling of gl drivers in uninstall --unused
 1267  * Don't prompt if nothing changed in uninstall --unused
 1268  * Longer timeouts in test suite
 1269  * Updated translations
 1271 Major changes in
 1272 =========================
 1274  * Fixed regression running apps with --own=* permissions
 1276 Major changes in 0.11.8
 1277 =======================
 1279  * Flatpak uninstall now accepts --all to remove everything and --unused to remove unused
 1280    runtimes.
 1281  * New command "flatpak repair" allows checking and repairing a flatpak installation.
 1282  * New permission --allow=bluetooth allows use of AF_BLUETOOTH sockets
 1283  * If p11-kit-server is installed on the host, this is now used to forward the host
 1284    certificate trust store to the sandboxed app.
 1285  * New transaction API in libflatpak that makes it much easier to implement
 1286   installation and updates in frontends.
 1287  * Flatpak uninstall now does not allow you to remove a runtime if some installed app requires it.
 1288  * We now have tab-completion for zsh.
 1289  * New installations of flatpak now defaults to bare-user-only repos, which means
 1290    that it works with filesystems that don't support xattrs.
 1291  * New flatpak info options: --show-location, --show-runtime, --show-sdk
 1292  * New flatpak remote-info options: --show-runtime, --show-sdk
 1293  * p2p operations now work when offline.
 1294  * Work around hanging on app startup on blocking autofs mounts.
 1295  * The dbus proxy filtering now works matches the new dbus containers filtering API.
 1296  * Various optimizations make installation and updates faster. In particular
 1297    operations like running triggers and pruning only happens once per
 1298    install/update operation.
 1299  * We now respect multiple extension versions matches when auto-downloading extensions.
 1300  * New http header Flatpak-Upgrade-From sent when upgrading.
 1301  * Commands like "flatpak info/list/remotes/search" now work properly if /var/lib/flatpak doesn't exist.
 1302  * The bubblewrap version required for system-bwrap is now 0.2.1.
 1304 Major changes in 0.11.7
 1305 =======================
 1307  * Fix regression in installing .flatpak bundles
 1309 Major changes in 0.11.6
 1310 =======================
 1312  * Further work on the export filename regression, now also fixes the
 1313    same issue as in 0.11.5 but in flatpak build-finish.
 1314  * Fix segfault when installing from .flatpakref in gnome-software
 1315  * Build yacc parser from source.
 1316  * Don't tab-complete Sources/Locale/Debug extension by default.
 1317  * Fix tests on debian.
 1319 Major changes in 0.11.5
 1320 =======================
 1322  * Fix a regression which caused installation of epiphany and
 1323    other apps that export multiple .service files to fail.
 1324  * Fix appstream updates in p2p mode.
 1325  * Don't distribute generated gdbus code with tarball.
 1326  * Add documentation for the flatpak portal
 1328 Major changes in 0.11.4
 1329 =======================
 1331  * flatpak remove is now an alias for flatpak uninstall.
 1332  * flatpak uninstall now picks system or user automatically if not specified
 1333  * New appstream branch format which is more efficient to distribute,
 1334    the old is still generated for backwards compat.
 1335  * Appstream data now contains compatible arches (for applications
 1336    that doesn't exist for the primary arch). For example, an
 1337    i386-only app is now listed in the x86-64 appstream.
 1338  * The flatpak version is included in the user agent when downloading.
 1339  * The Flatpak-Ref http header is set to the currently installing ref when
 1340    downloading.
 1341  * New argument --timestamp in build-commit-from.
 1342  * When updating many apps we now only prune the local repo when all
 1343    updates are done, making multi-app updates faster.
 1344  * flatpak build now always allows multiarch use.
 1345  * flatpak build now mounts app extensions during build.
 1346  * flatpak build-init now supports --extension to add extension points earlier
 1347    than build-finish. Also build-finish now supports --remove-extension.
 1348  * New flatpak portal allows applications to sandbox themselves and restart a
 1349    newer version of themselves.
 1350  * New flatpak run options: --no-a11y-bus, --no-documents-portal.
 1351  * Initial support for end-of-life:ing applications.
 1352  * New option X-Flatpak-RunOptions in exported desktop/files allow you to specify
 1353    no-a11y-bus and no-documents-portal.
 1354  * Support for tagged extension points, which is useful if you want to use
 1355    the same extension id (but maybe different versions) multiple times in an app.
 1356  * We now export .service files for names that the app is allowed to own on
 1357    the session bus.
 1358  * libflatpak got new methods for listing remotes by type.
 1359  * libflatpak now has support in FlatpakRemoteRef for getting remote metadata
 1360    such as end-of-life, download size, metadata etc.
 1361  * There was some internal restructuring on how installs/updates are done
 1362    which should improve performance and maintainability.
 1364 Major changes in 0.11.3
 1365 =======================
 1367  * Fix "open with" and flatpak run --file-forwarding crash
 1368  * Fix build with glibc 2.27
 1370 Major changes in 0.11.2
 1371 =======================
 1373  * Remove fuse dependency, since we don't ship document portal anymore
 1374  * Fix various issues with /home being a symlink to /var/home (atomic)
 1375  * Allow downgrades when using collection ids
 1376  * Search on all supported architectures
 1378 Major changes in 0.11.1
 1379 =======================
 1381 This release removes the document portal and the permission store as they
 1382 have been added to xdg-desktop-portal 0.10. Packagers need to update
 1383 these two in lock-step. Flatpak technically doesn't depend on
 1384 xdg-desktop-portal, but it is recommended that the flatpak package
 1385 depends on xdg-desktop-portal in some way, because most flatpaks will
 1386 want it.
 1388  * Remove document portal and permission store
 1389  * Add --socket=fallback-x11 permission
 1390  * Fix dbus proxy vulnerability in authentication phase
 1391  * Allow personality syscall in devel mode
 1392  * commit-from: Migrate static deltas with commit
 1393  * Add "network" storage type for installations
 1394  * Add flatpak info --show-permissions
 1395  * Add flatpak info --file-access
 1396  * search: Update appstream (if stale) before searching
 1397  * Make libflatpak work when /var/lib/flatpak is empty
 1398  * build-bundle: Add --from-commit option
 1399  * Allow appstream ids that don't end in .desktop
 1400  * Make permission handling ignore unknown permissions for forwards
 1401    compatibility
 1402  * Removed incorrect error message in update --appdata when there
 1403    was no updates
 1404  * Fix handling of abort in the duplicate remote prompt
 1405  * Fix division by zero in progress calculation
 1406  * Fix flatpak remote-info --show-metadata
 1407  * Fixed crash when installing some flatpak bundle files
 1408  * Fix installation of telegram
 1409  * remote-ls -u only considers app from the origin remote
 1410  * Fix assertion error in extra-data progress reporting
 1411  * Report nicer errors when trying to downgrade as non-root
 1412  * pulseaudio: Try to find pulseaudio socket better
 1413  * Fixed some warnings reported by coverity
 1414  * Cleaned up code by splitting up some large source files
 1416 Major changes in 0.10.2
 1417 =======================
 1419  * Flatpak now requires OSTree 2017.14
 1420  * flatpak update now updates from both system and user installations
 1421    by default.
 1422  * flatpak update is less noisy when updating appstream info.
 1423  * All the remote-* commands now by default automatically decide to use
 1424    --user or --system based on the given remote name.
 1425  * flatpak remote-ls with no remote lists the content of all remotes
 1426  * Fixed regression that made xdg-user-dirs and theme selection
 1427    for kde apps break.
 1428  * flatpak override with no argument now overrides globally, i.e. for
 1429    all apps.
 1430  * flatpak override now supports --nofilesystem properly. For example
 1431    flatpak override --nofilesystem=~/.ssh hides the ssh dir for all
 1432    apps, even those who have homedir access.
 1433  * flatpak install now takes a --reinstall argument which uninstalls
 1434    a previously installed version if necessary. This is very useful
 1435    when you want to install a new version from a different source.
 1436  * flatpak install now allows you to pass an absolute pathname as
 1437    remote name, which will create a temporary remote and install
 1438    from that. The remote will be removed when the app is uninstalled.
 1439    This is very useful during development and testing.
 1440  * Flatpak now creates CLI wrappers for all installed apps, so if you
 1441    add /var/lib/flatpak/exports/bin or ~/.local/share/flatpak/exports/bin
 1442    to your PATH you can easily  start flatpak apps by their application id.
 1444 Major changes in 0.10.1
 1445 =======================
 1447  * New command "flatpak remote-info" shows information about applications
 1448    in a remote. In particular the --log operation shows the history and
 1449    can be used in combination with flatpak update --commit=XYZ to roll
 1450    back to a previous version.
 1451  * New command "flatpak search" which allows you to search the appstream
 1452    data from the commandline.
 1453  * flatpak update now updates appstream data for all confured remotes, which
 1454    is important for search to work.
 1455  * Allow automatic installation of gtk themes matching the active theme.
 1456  * Handle the case when /etc/resolv.conf is a symlink
 1457  * /usr an /etc are now expose in /run/host in the app if the app has
 1458    full filesystem access.
 1459  * flatpak remote-add now works as a user when /var/lib/flatpak is empty,
 1460    allowing flatpak to work on stateless systems.
 1461  * Add support for flatpak build --log-session/system-bus, similar to
 1462    what flatpak run already does.
 1463  * flatpak build --readonly runs with the target directory (normally /app)
 1464    mounted read-only.
 1465  * Fall back to LD_LIBRARY_PATH if a runtime doesn't have /usr/bin/ldconfig.
 1466  * Updated the support for OCI remotes. This is work in progress and still
 1467    disabled by default though.
 1469 Major changes in 0.10
 1470 =====================
 1472 This is the first release in a new series of stable releases called
 1473 0.10.x. New features will be added to 0.11.x, and bugfixes will be
 1474 backported to 0.10.x. During the early phase of the 0.10.x series we
 1475 may also backport minor features, but we guarantee backwards
 1476 compatibility.
 1478 Changes since 0.9.99
 1479  * Added the flatpak config option which can set the language settings
 1480  * Fix issue where sometimes ld.so.conf were not generated
 1481  * /dev/mali0 is added to --device=dri
 1482  * Work around ostree static delta issues in some cases
 1484 Major changes in 0.9.99
 1485 =======================
 1487  * Requires ostree 2017.12 for important pull stability fix
 1488  * New libflatpak API: flatpak_dir_cleanup_undeployed_refs, flatpak_installation_prune_local_repo,
 1489     flatpak_installation_remove_local_ref_sync, flatpak_installation_cleanup_local_refs_sync
 1490  * build: FLATPAK_ID and FLATPAK_ARCH are now set in the environment when building
 1491  * update: Don't fail the entire update if some remote fails to update its metadata
 1492  * run: /.flatpak-info now lists exact commits and extensions in use
 1493  * run: We now use a per-app ld.so.cache file whenn running. This should speed things up,
 1494    and allows ldconfig to report the correct results.
 1495  * The verbose mode was changed into two levels, use -vv to show the more detailed info, which
 1496    currently only contains the full bubblewrap argument lists.
 1497  * run: Some common problematic host environment variables are now unset in the sandbox
 1499  * run: Fixed failure when a higher prio extensions depended on a lower prio one.
 1500  * run: The extension ld path order is now: app extensions, app, runtime extension, runtime.
 1501    This was previously incorrect in that the app could override app extensions.
 1502  * Extensions are now not downloaded if a matching unmaintained extension is already installed
 1503  * Preemptive changes to handle new bubblewrap change which doesn't user /newroot
 1504  * document portal: Disable debug spew that was accidentally enabled
 1505  * build-finish: New --extension-priority option
 1506  * run: Fix regression in --persist in 0.9.98
 1507  * run: Use sealed memfds (instead of just temporary files) when passing data to bubblewrap
 1509 Major changes in
 1510 =========================
 1512  * Fix permission denied when using the system-helper
 1514 Major changes in
 1515 =========================
 1517  * run: Fix homedir access if the app has --filesystem=host access
 1518  * build-update: Fix appstream update in case one arch didn't change
 1520 Major changes in 0.9.98
 1521 =======================
 1523  * libflatpak now correctly finds metadata for subset installations (like locale data)
 1524  * flatpak build now supports --appdir which exposes the per-app directory in the
 1525    user homedir. This is useful when testing builds.
 1526  * The host fontconfig caches are exposed to the sandbox, next to the fonts in /run/host.
 1527    This will (pending fontconfig work) allow sharing host fontconfig caches, allowing
 1528    much faster initial startup for flatpak apps.
 1529  * flatpak install now supports --no-pull
 1530  * Added new extension property "locale-subset", which makes the extension point
 1531    act like a locale extension (i.e. only install the subset configured by the
 1532    locale).
 1533  * flatpak remote-add --oci is disabled for now, as this is not up to date with
 1534    the latest OCI work, and we don't want to break existing deployments if this
 1535    has to change when this lands.
 1536  * Parallel installation/updates are now safe because we take a filesystem lock
 1537    whenever we prune the local ostree repo.
 1538  * Flatpak run now works when important paths like $HOME, etc, are symlinks.
 1539  * The ostree min-free-space property is is set to zero by default for the
 1540    flatpak repos. This was causing a lot of problems for people, but the feature
 1541    is still there if you manually enable it.
 1543 Major changes in 0.9.12
 1544 =======================
 1546  * Fixed a regression in extra-data installation
 1547  * Don't expose the a11y bus in flatpak build
 1549 Major changes in 0.9.11
 1550 =======================
 1552  * You can now show all outstanding updates with: flatpak remote-ls --updates
 1553  * The dbus filter "org.name.*" now means all subnames of org.name, not just
 1554    the first level. This matches how dbus arg0namespace works, and how the
 1555    coming dbus container support will work.
 1556  * Fixed segfault on update
 1557  * Better commandline tab completion
 1558  * Flatpak now exposes host icons readonly as /run/host/share/icons to the sandbox.
 1560 Major changes in 0.9.10
 1561 =======================
 1563  Fix regression in dbus proxy that causes some apps to not
 1564  work in 0.9.9.
 1566 Major changes in 0.9.9
 1567 ======================
 1569 flatpak-builder was split out into its own module:
 1570   https://github.com/flatpak/flatpak-builder
 1572  * When downloading to a temporary directory for later install to the
 1573    system repo we now write to /var/tmp instead of $HOME. This is more
 1574    likely to be the same filesystem as /var/lib/flatpak, and thus will
 1575    not run into issues with e.g. filesystem full.
 1576  * We now get the default language list from AccountService if possible.
 1577  * A regression that made --devel crash was fixed.
 1578  * New feature for flatpakrefs, SuggestRemoteName=remotename will cause
 1579    flatpak to ask if you want to create a generic (not app specific)
 1580    remote for the repo url.
 1581  * flatpak build now does not die with the parent by default, you have
 1582    to pass --die-with-parent. This was done because die-with-parent
 1583    uses PR_SET_PDEATHSIG which does not work well if the parent is
 1584    threaded, like e.g. gnome-software is.
 1585  * We now always re-set the personality in the sandboxed process
 1586    in order to avoid inheriting weird settings.
 1587  * We now share a single dbus proxy instance for all proxies for a sandbox.
 1588  * dbus-proxy now properly disallows old-style eavesdropping.
 1589  * We now support accessibility by starting a customized dbus proxy for the
 1590    a11y bus.
 1592 Major changes in 0.9.8
 1593 ======================
 1595 Core:
 1597  * Experimental support for peer2peer installation, enable with --enable-p2p
 1598  * Add default language setting to flatpak config. Defaults to all locales for
 1599    system installs and the users locale for per-user installs.
 1600  * build-update-repo: Now always keeps the *two* latest deltas around to avoid
 1601    race conditions with outstanding downloads at the time or running the update.
 1602  * Support loading extra data from local lookaside cache.
 1604 Flatpak-builder:
 1606  * Set terminal title to the currently building module
 1607  * Added ability to specify http url for sources mirror with --extra-sources-url.
 1608  * --install-deps-from=REMOTE installs the dependencies needed for the
 1609    manifest.
 1610  * New option --delete-build-dirs to always delete build directories,
 1611    even on a failed build.
 1612  * New property "add-extension" makes it nicer to create extension points.
 1614 Major changes in 0.9.7
 1615 ======================
 1617  * Don't re-download git repo when bundling sources
 1618  * Build modules with no source if buildsystem is "simple"
 1619  * Build cleanups
 1621 Major changes in 0.9.6
 1622 ======================
 1624 This version requires the latest ostree version (2017.7) because it
 1625 uses a new feature that hardens the security of flatpak. Previously,
 1626 if you installed to a system-wide repository, the files created for an
 1627 application were as specified by the remote repo, but owned by root,
 1628 which could include problematic permissions like setuid or
 1629 world-writable. We now never create such problematic files or
 1630 directories on disk. Flatpak export was also changed to never
 1631 create problematic files in new apps.
 1633 Related to this, newly created flatpak installations also use the
 1634 new "bare-user-only" mode for the repositories, which means you
 1635 can now install applications even if your filesystem does not
 1636 support extended attributes.
 1638 Other changes:
 1640  * flatpak info --show-metadata now only shows the metadata, in
 1641    a machine parseable way.
 1642  * build-export now records the flatpak version in the commit message
 1643  * builder: The .pyc timestamp fixer now allows .pyc files with no
 1644    corresponding .py file.
 1645  * builder: New feature 'inherit-extensions' lets you copy extension
 1646    info from the parent runtime.
 1647  * builder: Set ExtensionOf in auto-created extensions (like Locale
 1648    and Debug)
 1649  * builder: Setting CPPFLAGS now works
 1651 Major changes in 0.9.5
 1652 ======================
 1654  Changes in flatpak:
 1656  * Fix installation of installed tests
 1657  * Don't show an error when updating if a remote is disabled
 1658  * Store the app id in the X-Flatpak key when exporting a
 1659    desktop file.
 1660  * flatpak run: Handle paths when rewriting %u urls during
 1661    file forwarding.
 1662  * builder: Always assume separate builddir when using meson, as
 1663    meson only works with this.
 1664  * document-portal: The app-specific directory is always accessible
 1665    to the app, take this into consideration for AddFull.
 1666  * builder: Don't warn for unknown keys if they start with x-
 1667  * Fix a race condition when restarting the document portal
 1668  * build-update-repo: Don't list removed deltas in the summary
 1669  * list: Don't show .Locale/.Debug/.Sources by default. Show with -a.
 1670  * remote-ls: Don't show .Locale/.Debug/.Sources, or non-primary
 1671    arches (unless the primary does not exist) by default.
 1672    Show with -a.
 1673  * dbus-portal: Fix handling of NameHasOwner
 1674  * builder: Add --export-only to export a previous build.
 1675  * run: Allow regular files for --filesystem=xdg-config/path
 1676  * run: Allow --filesystem=xdg-config/subdir:ro (previously
 1677    it needed to be writable).
 1678  * build-commit-from: Properly handle xa.ref when rewriting
 1679    refnames.
 1681 Major changes in 0.9.4
 1682 ======================
 1684  Changes in flatpak:
 1686  * Now requires ostree 2017.6 and bubblewrap 0.1.8
 1687  * Better progress reporting in CLI and UI
 1688  * Improved output from commands info, list, remotes,
 1689    remote-ls: More detail, colors, nicer table formatting.
 1690  * New command flatpak repo that lets you show information
 1691    about local repositories.
 1692  * When launching exported desktop files, the paths
 1693    passed to it are automatically created as documents
 1694    to allow access to the arguments, if needed.
 1695  * Flatpak install of an already installed application is
 1696    now a warning, not an error.
 1697  * flatpak build now kills all the processes in the
 1698    sandbox when it exits.
 1699  * flatpak update --subpath=... now updates the app event
 1700    if there is no new upstream version, but the subpath is
 1701    different from what is currently installed.
 1702  * Exports are now whitelisted, and the only thing you can
 1703    export are:
 1704      desktop files, icons, dbus services, mime definitions, and
 1705      gnome-shell search providers
 1706  * Exported gnome-shell search providers are automatically
 1707    disabled by default.
 1708  * Exported mimetypes are rewritten to only allow globs, and to
 1709    make the globs have a low priority vs system mime info.
 1710  * A remote can now redirect to a new URL and/or a new GPG key, by
 1711    using build-update-repo --redirect-url=URL --gpg-import=FILE.
 1712    When clients see this they permanently change the local configuration.
 1713    This is very useful when migrating official repositories.
 1714  * flatpak caches in the homedir are now stored in ~/.cache
 1715    (or $XDG_CACHE_HOME) instead of ~/.local/share/flatpak/system-cache.
 1716  * Added version field to all exported dbus interfaces.
 1717  * New AddFull method in the Document Portal, which allows
 1718    exporting multiple files, as-needed by a particular target
 1719    app. This is useful for implementations of dbus activation
 1720    for desktop files.
 1721  * New flag --no-static-deltas for install/update without
 1722    using static deltas. Mostly useful for debugging.
 1723  * TMPDIR is now unset in the sandbox, if set on the
 1724    host. Each sandbox has a personal /tmp that is used.
 1725  * Flatpak run now works if /tmp is a symlink on the
 1726    host.
 1727  * /etc/hosts and /etc/hosts.conf from the host are now exposed
 1728    in the sandbox in addition to /etc/resolv.conf.
 1729  * Titles and default branches are now automatically updated from
 1730    the remote unless they are explicitly set. You no longer have
 1731    to run flatpak remote-modify --update.
 1732  * Some performance inprovements when installing apps.
 1733  * When exporting a build, the commit objects now always include
 1734    the branchname, the metadata and install/download size.
 1735    The sizes are reused for faster summary building, and the
 1736    others changes are for future use. The fields are verified
 1737    against the deployed metadata during installation, so it
 1738    is trusted.
 1739  * Fixed minor race condition in portal application identification.
 1740  * lib: New  flatpak_installation_update_appstream_full_sync method
 1741    that allows progress reporting.
 1742  * bash-completion: Fix out-of-bounds read that could produce
 1743    weird completion at times.
 1745  Changes in flatpak-builder:
 1747  * Added support for appdata screenshot mirroring.
 1748  * New property "install-rule" lets you change what Makefile rule to
 1749    use in the install phase.
 1750  * The git "commit" property can now specify both a tag object and the
 1751    commit object it refers to.
 1752  * New cppflags property, similar to e.g. cflags.
 1753  * The "env" property now overrides the cflags/cxxflags/ldflags
 1754    properties, to allow these to be reset.
 1755  * Initial checkout of git/bzr to a temporary directory so that errors
 1756    during checkout do not persist.
 1757  * Properly take the "buildsystem" field into account when calculating
 1758    cache freshness.
 1759  * Don't crash if appstream-compose fails.
 1760  * "ldflags" property now works  correctly.
 1762 Major changes in 0.9.3
 1763 ======================
 1764  Changes in flatpak-builder:
 1766  * "rename-icon" renames in translated icons too
 1767  * Moved manifest format docs to own manpage, "flatpak-manifest".
 1768  * "bootstrap.sh" is now recognized as an autogen.sh alternative
 1769  * Fall back to not using rofiles-fuse if it is not available.
 1770  * Make sure flatpak-builder --run grants the app access to dbus.
 1771  * Make paths paths for module includes and module dependencies
 1772    relative to the included module rather than the "base" json file.
 1773  * When cross-compiling 32bit apps on 64bit arches (like i386 on x86-64)
 1774    then we automatically set a linux32 personallity.
 1775  * Print warnings for unhandled json properties.
 1776  * Make sure flatpak-builder --run works if --extra-data is in the
 1777    finish args.
 1778  * Take build-commands into consideration when considering if the
 1779    build cache is stale.
 1780  * Support for --extra-sources= to pre-seed downloaded sources.
 1781  * Support for --bundle-sources which creates a runtime with the sources
 1782    that were used to build the app.
 1783  * Handle trailing whitespace in git submodule uris
 1784  * Progress reporting while downloading files.
 1786  Other changes:
 1787  * build-export now always exports directories as readable and executable.
 1788  * build-update-repo --generate-static-deltas now fork the work process
 1789    rather than using threads, which avoids problems with this using
 1790    a lot of memory in a single process in some cases.
 1791  * Report flatpak version in HTTP request user agent.
 1792  * New "flatpak repo" command added that has some options for maintaining
 1793    a repository.
 1794  * flatpak info can now report more information and handles multiple
 1795    installed branches better.
 1796  * Support non-default WAYLAND_DISPLAY environment var.
 1797  * Handle application ids that end with .desktop when generating
 1798    appstream data.
 1799  * Documentation updates
 1801 Major changes in 0.9.2
 1802 ======================
 1804  * Fixed a use-after-free and some leaks in the dbus-proxy. This
 1805    is not currently believed to be exploitable, but the proxy is a
 1806    security boundary, so we still  recommend to update.
 1807  * Regular updates now never allow updates to an older version
 1808    than what is currently installed (unless you explicitly specify
 1809    an old commit id). This closes a hole where a MITM attacker can
 1810    force clients to downgrade to an earlier (gpg-signed) version of
 1811    the application.
 1812  * The automatic detection of --from in flatpak install now detects
 1813    flatpakref extensions even in URIs that end in a query string such as
 1814    https://git.gnome.org/browse/gnome-apps-nightly/plain/gedit.flatpakref?h=stable
 1815  * OCI support now supports GPG signatures
 1816  * OCI support now works with the system-helper for unprivileged systemwide
 1817    installation.
 1818  * Experimental support for the new ostree bare-user-only repo mode that
 1819    allows flatpak to run on filesystems without xattrs. Set
 1820    FLATPAK_OSTREE_REPO_MODE=user-only in the environment to use this.
 1821  * builder: New property disable-fsckobjects for git sources
 1822  * builder: New property commit for git sources. This lets you specify
 1823    both a tag (for readability) and a commit id (to ensure the tag doesn't
 1824    change).
 1825  * builder: The manifest file format docs have been split out into its
 1826    own manpage.
 1827  * builder: App manifests now support specifying sdk-extensions that has
 1828    to be installed for the app to build.
 1829  * builder: When creating the platform, remove all sdk-specific extensions,
 1830    allowing creation of sdk-specific extensions.
 1831  * builder: Correctly handle absolute pathnames in the specified
 1832    command.
 1833  * builder: Support --default-branch which defined the branch to build in
 1834    case the manifest doesn't specify one.
 1835  * When exporting builds to ostree we now use the canonical permissions
 1836    for bare-user files, which means the resulting builds can safely
 1837    be used with the new ostree bare-user-only repository type.
 1838  * The detection of "unmaintained" system extensions was broken, and
 1839    in some cases these extensions were not found. This now always
 1840    works.
 1841  * Flatpak now builds with latest OSTree. This required some fixing for
 1842    multiple definitions of the g_auto* macros as OSTree now exports
 1843    those.
 1844  * We no longer rely on ostree trivial-httpd for the tests, because
 1845    this is optional in later versions of ostree. Instead we use
 1846    they python SimpleHTTPServer.
 1847  * The minimum glib version has been corrected to 2.44.
 1848  * The minimum automake version has been increased to 1.13.4
 1849    because some older version didn't work.
 1851 Major changes in 0.9.1
 1852 ======================
 1854 This release mostly has changes to flatpak-builder and the build
 1855 machinery. All flatpaks built with this version can run
 1856 on flatpak 0.8.x, but there has been additions and minor
 1857 changes in flatpak-builder that may require minor changes
 1858 to existing builder manifests, see below.
 1860 The flatpak-builder build cache now uses an ostree feature called
 1861 rofiles-fuse. This allows the build to work directly against
 1862 hardlinked checkouts of the cache, because rofiles-fuse disallows
 1863 writes to the hardlinked files (but allows replacing them). This makes
 1864 cache commits and checkouts much faster. However, it also means that
 1865 installation cannot do in-place modification of files in the
 1866 installation directory. There is a new per-module property called
 1867 "ensure-writable" that takes a list of patterns and ensures all files
 1868 matching them are writable (by manually breaking the hardlinks). This
 1869 may need to be added to some manifests to keep them building in the new
 1870 version.
 1872 The cflags and cxxflags module properties now work by appending,
 1873 rather that replacing, when there are multiple values specified. For
 1874 instance, the per-arch or per-module cflags will be appended to the
 1875 base cflags. This may cause old json files do duplicate cflags in
 1876 some cases. Normally compiler flags are repeatable without problems
 1877 though, so it is unlikely to cause problems.
 1879 Here are a short summary of the rest of the flatpak-builder changes:
 1881  * The build cache was changed so that it is not invalidated if
 1882    the installed version of the SDK changed. This means that the app
 1883    will not rebuilt if you updated the SDK. This is generally the right
 1884    thing to do, as SDKs are meant to be compatible.  If you want
 1885    to avoid this (for instance when building against an unstable sdk)
 1886    you can use the --rebuild-on-sdk-change argument.
 1887  * The build cache is now per-arch, so building on one arch doesn't
 1888    invalidate the cache for another arch.
 1889  * New buildsystem "cmake-ninja" which works like "cmake", but builds
 1890    using ninja, rather than make.
 1891  * New buildsystem "simple" which doesn't use configure or make, it
 1892    just runs a set of shell commands specified in the "build-commands"
 1893    property. Note: build-commands is also available to other buildsystems
 1894    and are run between make and make install.
 1895  * flatpak-builder now has build-runtime and build-extension properties that
 1896    makes it easier to build runtimes and extensions.
 1897  * FLATPAK_DEST is set in the build environment to the installation
 1898    destination (i.e. typically /app). It is particularly useful when
 1899    building an extension where the destination is more complex.
 1900  * flatpak-builder now supports --from-git=URL which pulls the
 1901    json manifest and related files directly from a git repo.
 1902  * modules have a new no-make-install property which skips
 1903    the make install step.
 1904  * Modules and sources have only-arches and skip-arches properties,
 1905    which lets you enable/disable them based on the build architecture.
 1906  * build-options has a new property ldflags, which is similar
 1907    to cflags and cxxflags.
 1908  * flatpak build (and thus flatpak-builder --run) now supports
 1909     dbus proxies when needed.
 1910  * All git repos are cloned with fsckObjects=true, which means
 1911    we verify that the repos are valid.
 1912  * New flatpak-builder argument --build-shell=MODULE extracts and
 1913    prepares the sources for a specified module and then starts
 1914    a build sandbox inside it.
 1916 There are also some other changes:
 1918  * build-export: Now supports --timestamp=ISO-8601-TIMESTAMP, which
 1919    allows you to create reproducible commits.
 1920  * The OCI support has been updated to the latest version of the
 1921    OCI image specification format.
 1922  * There is a new flatpak-bisect script that can be used to bisect
 1923    flatpak applications, looking for regressions.
 1924  * flatpak list got a revamp. It now shows more information, and
 1925    shows both apps and runtimes by default.
 1926  * flatpak remote-list was renamed flatpak remotes in order
 1927    to minimize confusion with flatpak remote-ls. The old name
 1928    is deprecated but still works.
 1930 Major changes in 0.8.4
 1931 ======================
 1933 In addition to the regular list of bugfixes this stable release
 1934 include backports of one more feature required for making OpenGL work
 1935 well. Now extra-data using extensions (such as the nvidia driver) can
 1936 specify that it doesn't need a runtime to run its apply script. We use
 1937 this in the nvidia driver by making the script a static binary, which
 1938 lets us use the nvidia driver for multiple runtimes without requering
 1939 that a particular one is installed. We also support an extension point
 1940 supporting multiple versions, which will be use for sharing the
 1941 nvidia driver between different runtime versions.
 1943 Additional fixes:
 1944  * Documentation fixes
 1945  * Crash fixes
 1946  * Fix xauth propagation in some cases
 1947  * Don't remove origin remotes on uninstall if some other app
 1948    is installed from it.
 1949  * Don't reset what locales are installed when updating a locale
 1950    extension
 1951  * Disable splice for the documentation portal as it seems
 1952    to be broken in fuse
 1953  * Append, don't override XDG_DATA_DIRS in profile script
 1954  * Fix progress reporting in libflatpak to go from 0 to
 1955    100% once, merging the various phases.
 1957 Major changes in 0.8.3
 1958 ======================
 1960 In addition to the regular list of bugfixes this stable release
 1961 include backports of a the updated OpenGL support from master.  This,
 1962 in combination with the work in the runtime allows flatpak to work out
 1963 of the box with out-of-tree OpenGL drivers, including the nvidia
 1964 driver.
 1966 Additionally, due to some complicated issues wrt ptrace and user
 1967 namespaces this version disables the use of user namespaces if
 1968 bubblewrap is setuid, as it cause problems for the way flatpak
 1969 portals identifies applications. (See issue #557 for details)
 1971  * Better handling of errors for extra-data
 1972  * Handle extra-data properly for runtimes (as well as apps)
 1973  * Respect required version for runtimes (as well as apps)
 1974  * flatpak list: Don't break if some local ref is not deployed
 1975  * builder: Look for appstream data in /app/share/metadata also
 1976  * builder: Fix buildsystem=cmake builds
 1977  * Add progress reporting to extra-data download
 1978  * Fix uid/gid for directories in document portal
 1980 Major changes in 0.8.2
 1981 ======================
 1983 This is a bugfix and security update.
 1985 Some of the bind-mounts that flatpak sets up were not read-only as
 1986 they should have. This includes: extensions, system fonts,
 1987 resolv.conf, localtime and machine-id. Many of thse are typically only
 1988 writable by root, but some, like the user-specific fonts and
 1989 user-installed extensions could be modified from the sandbox.
 1991 Everyone using 0.8.x is recommended to update to this version.
 1993 Other fixes:
 1995  * There are new configure options for where to install dbus configuration
 1996  * Broken symlinks in the root directory no longer break flatpak run
 1997  * flatpak run with HOME in /var now works
 1998  * dri access now also handles mali devices
 1999  * install handles --arch when installing flatpakrefs
 2000  * system-helper activation fixed on systemd-less setups
 2001  * dbus-proxy now works without /run
 2002  * During installation, failing to update a dependency is now not
 2003    fatal.
 2004  * /etc is now fully writable when building runtimes
 2005  * --filesystem=xdg-config/foo now sets up the bind-mount from the host dir
 2006    even when not using :create.
 2008 Major changes in 0.8.1
 2009 ======================
 2011 This is a bugfix and security update (CVE-2017-5226).
 2013 Flatpak now uses seccomp to disallow the TIOCSTI ioctl in the sandbox,
 2014 which works around the possibility to inject text on the controlling
 2015 tty (CVE-2017-5226).
 2017 This was previously fixed in bubblewrap in 0.1.6, but that change has
 2018 now been reverted as it introduced other problems for flatpak.
 2020  * Update bundled bubblewrap to 0.1.7
 2021  * Fix writing new file with O_EXCL in the document portal.
 2022  * Allow appstream data that doesn't have .desktop in the component id,
 2023    such as data for runtimes.
 2024  * Drop json-glib dependency from 1.2 to 1.0
 2025  * Builder: Fail if unable to read included file
 2026  * OCI: Ensure exported layers are readable by everyone
 2027  * Fix extra-data download in gnome-software
 2028  * Fix update-mime-database trigger when installing via
 2029    the system helper.
 2030  * Updating an app by installing a newer bundle now works
 2031    again.
 2032  * Make /var/tmp not be on a tmpfs (it is now in
 2033    ~/.var/app/$appid/cache/tmp).
 2034  * Documentation / translation updates
 2036 Major changes in 0.8.0
 2037 ======================
 2039 This is the first release in a new series of stable releases called
 2040 0.8.x. New features will be added to 0.9.x, and only bugfixes will be
 2041 backported to 0.8.x. The featureset of this release is a good base to
 2042 target if you're creating flatpaks that should be widely usable.
 2044 This release technically requires only OSTree 2016.14, and it build
 2045 fine with this, but we recommend using OSTree 2016.15, because of the
 2046 change in how it verifies the checksums of commits in delta files.
 2048  * Flatpakrepo files now support a RuntimeRepo= key which points to
 2049    a flatpakrepo file. This means the user don't have to manually
 2050    configure a remote for the runtime, just reply to the prompt
 2051    to automatically do this when installing the app.
 2052  * We now support dependencies when installing bundles. This includes
 2053    required runtimes, related refs, and the equivalent of RuntimeRepo.
 2054  * The support for OCI in flatpak has been updated to the latest
 2055    OCI spec version, and support has been added to directly install
 2056    flatpak applications from an OCI image.
 2057  * In flatpak install, the --from and --bundle options are now optional
 2058    if the argument has the correct suffix (.flatpakref and .flatpak)
 2059  * Flatpak install now supports -y to let you avoid interactive prompts.
 2060  * build-finish: We now export mime type files with the right name.
 2061  * build-finish: New --require-version option let you specify a particular
 2062    version of flatpak, and older version of flatpak will not install
 2063    or update to the new version.
 2064  * build-sign: Allow signing all apps by omitting the id.
 2065  * Fix regression in the document portal when adding named files.
 2066  * build-import-bundle now signs the commit if you specify a gpg key.
 2067  * Flatpak now reads configuration from /etc/flatpak/installations.d
 2068    which lets you support multiple system-level installation paths.
 2069    These can be accessed with new --installation=... arguments to
 2070    most of the commands.
 2071  * flatpak-builder: Support --jobs=N to limit parallel builds
 2072  * flatpak-builder: Patch source got new options property that lets
 2073    you pass arguments to patch.
 2074  * flatpak-builder: New generic "buildsystem: type" option that
 2075    replace the (now deprecated) "cmake: true" option. This
 2076    supports "autotools", "cmake" and "meson".
 2078 Major changes in 0.6.14
 2079 =======================
 2080  * Update bundled bubblewrap to 0.1.4 which has some nice bugfixes.
 2081    If you are using an external bubblewrap it is recommended, but
 2082    not required to update.
 2083  * Requires OSTree 2016.14, which allows us to drop some old
 2084    workarounds.
 2085  * When installing an application system-wide, don't consider
 2086    dependencies that are installed for the user only.
 2087  * Flatpak install --from now tries to re-use existing remotes to
 2088    avoid creating unnecessary origin remotes.
 2089  * Using --filesystem=$dir when $dir is a symlink-to-directory now works.
 2090  * Using --filesystem=$file to expose unix sockets to the app is now
 2091    allowed.
 2092  * By default all the directories in ~/.var/app (except the app), as
 2093    well as ~/.local/share/flatpak are hidden in the sandbox.
 2094  * New option --filesystem=$dir:create which will create the destination
 2095    if it did not previously exist.
 2096  * --filesystem= now supports for xdg-[config|cache|data]. This
 2097    allows you access to the host versions of these xdg dirs. Additionally
 2098    if you use these with a subdirectory, like:
 2099      --filesystem=xdg-config/subdir
 2100    then that subdirectory on the host will be shared with the per-app
 2101    instance of the xdg-dir.
 2102  * Builder now correctly handles app-ids that have dashes in them.
 2103    Previously this generated invalid ids for the debuginfo and locale
 2104    extensions.
 2105  * The experimental OCI file format support was changed from creating an
 2106    OCI container to creating an OCI image.
 2107  * Fix regression where "flatpak update --appstream remotename" broke
 2109 Major changes in 0.6.13
 2110 =======================
 2111  * The command line arguments for install/update/uninstall changed
 2113    These used to take an application id and an optional branch name as
 2114    two arguments. This meant you could not specify multiple apps
 2115    to install in a single command. So, instead of having the branch
 2116    as a separate argument we now support partial references.
 2117    If you only specify an id we try to match the rest as best we
 2118    can depending on what is installed/available, but if this
 2119    matches multiple things you have to specify more details.
 2121    For example you can use:
 2122      * org.my.App//stable - Any compatible arch, stable branch
 2123      * org.my.App/x86_64 - x86-64, look for available branch
 2124      * org.my.App/x86_64/stable - exact reference
 2126    This means install/update/uninstall can now install multiple apps
 2127    in a single operation.
 2129  * Application runtime depencenies are checked/downloaded
 2131    Whenever you install or update an application we check that the
 2132    required runtime is installed. If not, we check if it is available
 2133    in any configured remote, and if found asks the user if/where to
 2134    install it from. If it is not found, the install/update fails.
 2136    You can mark remotes as --no-use-for-deps, which means flatpak will
 2137    never search for runtime dependencies in such remotes. This makes
 2138    the dependency search faster if you have app-only remotes.
 2139    It is recommended that app-only .flatpakrepo file define this
 2140    by specifying NoDeps=true.
 2142  * remote-add and install --from now supports uris
 2144    This means you can install flatpakrefs and flatpakrepos in a
 2145    single command like so:
 2147     * flatpak remote-add --from gnome https://sdk.gnome.org/gnome.flatpakrepo
 2148     * flatpak install --from https://sdk.gnome.org/gedit.flatpakref
 2150  * flatpak run can now launch a runtime directly
 2152    For example, "flatpak run org.gnome.Platform//3.22" will launch a shell
 2153    inside a sandboxy with the gnome 3.22 runtime and an empty /app.
 2154    This is useful for development and testing.
 2156  * included bubblewrap was bumped to 0.1.3 which has a security fix
 2157  * Support for defining the default branch per remote
 2158  * remote-add/modify: --update-metadata pulls current title and default branch
 2159    from remote summary file
 2160  * Applications can now list a set of URIs that will be downloaded with the
 2161    application. The app can then extract these and use as a part of the
 2162    application data. This is useful for applications using freely downloadable
 2163    parts that can't be redistributed elsewhere.
 2164  * flatpak-builder: Support --finish-only and --allow-missing-runtimes
 2165  * flatpak-builder: Support app layering
 2167    An app can define a "base" application which is used for the initial
 2168    content before the application is built. This way applications can
 2169    be built in a layered fashion.
 2171  * dbus proxy: The filtering has been tightened up
 2172  * build-finish: Now exports icons for themes other than hicolor too
 2173  * There is support in the app metadata for generic policies.
 2175    These are read and propagated and supports overriding, but are
 2176    not otherwise interpreted by flatpak. They can be used by other
 2177    host services as static permissions for the application.
 2179  * Support for extensions directories
 2181    In addition to using flatpak maintained runtime as an extensions
 2182    flatpak can now use raw directories in ~/.local/share/flatpak/extension
 2183    and /var/lib/flatpak/extension. For example, if you create a
 2184    directory called org.freedesktop.Platform.GStreamer.MyPlugins/x86_64/1.4
 2185    there it will be used as a source for gstreamer plugins for all
 2186    runtimes based on the freedesktop 1.4 runtime.
 2188 Major changes in 0.6.12
 2189 =======================
 2190  * Partial revert in application id rules. Application ids
 2191    can now only have dashes in the last element. This allows
 2192    apps to export files such as org.my.App-extra.desktop which
 2193    was used by the libreoffice builds.
 2194  * By default the kernel keyring is not accessible, as it is
 2195    not containable.
 2196  * Some robustness fixes for build-commit-from
 2197  * Better error messages
 2198  * flatpak update --appstream now updates for all remotes
 2199  * Made flatpak enter work, and you can now use any pid in the sandbox.
 2200    However, it requires root permissions.
 2201  * Support for --device=kvm for /dev/kvm access
 2202  * Support for --allow=multiarch to support non-primary arch support.
 2203    For example running i686 code in an x86_64 app.
 2204  * Add new default-branch setting for the remote configuration
 2206 Major changes in 0.6.11
 2207 =======================
 2209  * Dashes are now allowed in application ids. However, to still work  with
 2210    symbolic icon names, they may not end with "-symbolic".
 2211  * HostCommand now handles ptys correctly
 2212  * Various documentation updates
 2213  * New FLATPAK_CHECK_VERSION macro in libflatpak
 2214  * HostCommand now returns the real PID rather than a fake one.
 2215  * Fix regression in flatpak update --appstream
 2216  * Fix regression installing bundles without origin urls
 2217  * New flatpak-builder option --show-deps lists all the files
 2218    the manifest depends on.
 2220 Major changes in 0.6.10
 2221 =======================
 2223  * Dropped requirement for systemd --user.
 2224    The way we detect if an process we're talking to is sandboxed, and
 2225    what application id it has doesn't use cgroups anymore, which means
 2226    that the dependency on systemd in the user session is now optional.
 2227    This also means the --no-desktop argument is not needed any more.
 2228    (It is still accepted but does nothing.)
 2229  * Initial support has been added for .flatpakref files. These are simple key
 2230    value files similar to .flatpakrepo files, however they specify an application
 2231    to install in addition to the repo information. For example, gedit can be
 2232    installed by downloading https://sdk.gnome.org/gedit.flatpakref and running:
 2233      flatpak install --from gedit.flatpakref
 2234    There is also library support for this so it can be added to graphical
 2235    installers (such as gnome-software).
 2236  * Requires OSTree 2016.10. The change in how OSTree handles mtimes in
 2237    checkouts that was introduced in 2016.7 has been reverted, and
 2238    the required changes in Flatpak has been made. This means that
 2239    flatpak now depends on OSTree 2016.10.
 2240  * Requires Bubblewrap 0.1.2 for builds using the system bubblewrap.
 2241    Builds using the included copy need no changes.
 2242  * The $XDG_RUNTIME_DIR/flatpak-info file has added information
 2243    about the running application, and is now also securely available
 2244    for a running application from the host as "/proc/$fd/root/.flatpak-info".
 2245    This is what is used to identify remote apps instead of the cgroup
 2246    info.
 2247  * A new run permission --allow=devel has been added. An application with
 2248    this permission is allowed to use ptrace and perf. This was previously
 2249    only available during "flatpak build" and "flatpak run -d". This
 2250    is useful if you're packaging e.g. an IDE.
 2251  * When an application is updated or removed a /app/.updated or /app/.removed
 2252    file is created for running instances. This can be used by applications to
 2253    trigger e.g. a restart for the new version.
 2254  * A new dbus request "HostCommand" has been added to org.freedesktop.Flatpak.
 2255    This lets you run any command on the host, and is therefore clearly not
 2256    sandboxed, so access to this should be limited. However, it is very useful
 2257    if you're using flatpak mainly as a distribution mechanism, for a non-sandboxed
 2258    application.
 2259  * flatpak-builder now supports running from inside a flatpak, by auto-detecting
 2260    this and using the HostCommand service to run recursive flatpaks.
 2261  * Consecutive calls to flatpak build-update-repo has been speed up.
 2262  * The document portal now allows sandboxed applications to create references
 2263    to files in /app and /usr (in the app/runtime).
 2264  * The update process noew doesn't stop at the first failure.
 2266 Major changes in 0.6.9
 2267 ======================
 2269  * Dropped dependency on libgsystem
 2270  * Allow passing partial refs whenever a CLI command takes
 2271    an app or runtime name.
 2272  * New command build-commit-from creates a new commit based
 2273    on the contents of another commit (optionally from another
 2274    local repo).
 2275  * The sandbox now contains $XDG_RUNTIME_DIR/app/$APPID from the
 2276    host (and the directory is created if needed).
 2277  * update: Better output, and faster for the no updates case
 2278  * build-export: Don't make most validation errors fail, instead
 2279    just print a warning.
 2280  * builder: Support local path references for git sources
 2281  * builder: Better handling of recursive git submodules
 2282  * builder: Fixed issues with the .pyc mtime rewriting
 2283  * builder: Handle symbolic icons for rename-icon
 2284  * builder: Add --stop-at=$module to do partial builds
 2285  * builder: Add --sandbox flag to disable the build from escaping
 2286    from the sandbox via build-args.
 2288 Major changes in 0.6.8
 2289 ======================
 2291  * Requires OSTree 2016.7, allowing us to enable use of static delta
 2292    for system downloads again.
 2293  * Support --no-desktop which allows you to run a flatpak app outside
 2294    a desktop, with some loss of functionality (for example, there
 2295    will be no systemd --user scope created for the app)..
 2296  * More documentation.
 2297  * Memory leak fixes.
 2298  * Initial support for rpms as flatpak-builder archive sources.
 2299  * Start work on translating the CLI.
 2300  * Install systemd config snippet to set the right XDG_DATA_DIRS path.
 2301  * Support --arch in flatpak list.
 2302  * Support access() in the document portal.
 2303  * Validate exported desktop files.
 2305 Major changes in 0.6.7
 2306 ======================
 2308  * Automatically download and update related references such
 2309    as locales when using the CLI.
 2310  * lib: Support for getting related references
 2311  * Document metadata format
 2312  * Support build using system-installed bwrap
 2313  * Allow access to the journal socket in the sandbox
 2314  * builder: Support applying patches with git (useful for binary diffs)
 2315  * Require ostree 2016.6
 2317 Major changes in 0.6.6
 2318 ======================
 2320  * Better support for multi-arch (for instance, will automatically install
 2321    i386-only app on x86_64 without user having to specify --arch).
 2322  * Support --device=all to access the full host /dev
 2323  * More command line support for managing exported documents
 2324  * Extended API for the document portal: Lookup, Info, List
 2325  * flatpak-builder: Support initializing /var from a runtime
 2326    extension.
 2327  * Disable static deltas when updating via the system helper to
 2328    work around bug in ostree.
 2330 Major changes in 0.6.5
 2331 ======================
 2333  * Documentation improvements
 2334  * builder: Check that the specified command exists after build is done
 2335  * builder: Fix up mtime in headers for python precompiled files
 2336  * builder: Allow submodules and including modules from other json files
 2337  * system-helper builds are optional (--disable-system-helper)
 2338  * system-helper: Support installing from local remotes and bundles
 2339  * Improved support for --subpath installs, including libflatpak support
 2340  * Improved command line completion
 2342 Major changes in 0.6.4
 2343 ======================
 2345  * Fix an issue where flatpak sometimes created empty "repo"
 2346    directories in the CWD
 2348 Major changes in 0.6.3
 2349 ======================
 2351  * Fix resolv.conf regression in `flatpak build`
 2352  * Fix LD_LIBRARY_PATH override support in `flatpak build`
 2353  * Support forwarding app permissions in `flatpak-builder --run`
 2354  * Flatpak is now smarter about the default branch to use in most operations
 2355  * update will not fail on the first error if updating several things
 2356  * New much more complete bash completion system
 2357  * Faster installations
 2358  * Support new keyfile format for remote-add --from=file
 2360 Major changes in 0.6.2
 2361 ======================
 2363  * Fixed no-network support regression in setuid mode.
 2364  * Fixed creation of root-owned file in home dir when using sudo in some cases
 2365  * New --with-privileged-group configure option
 2367 Major changes in 0.6.1
 2368 ======================
 2370  * Fixed support for systems without user namespaces (default for Arch) or
 2371    unprivileged support for user namespaces (default for Debian).
 2372  * Fix memory leak during install/update.
 2373  * update: Fix support for --arch.
 2374  * Set the right location for the system directory in the environment.
 2375  * system-helper: Support updating without deploying (needed for
 2376    gnome-software support).
 2377  * lib: Fix support for updates
 2379 Major changes in 0.6.0
 2380 ======================
 2382 Renamed from xdg-app to Flatpak.  Existing repositories should keep
 2383 working, and locally user installed apps/runtime will be migrated
 2384 automatically. However, there are some things that you have to be
 2385 aware of:
 2386  * The command names are now flatpak/flatpak-builder
 2387  * System-wide installed apps/runtimes need to be reinstalled
 2388  * flatpak-builder uses a ".flatpak-builder" subdirectory instead
 2389    of ".xdg-app-builder".
 2390  * The bus name and interface name for the permission
 2391    store is changed, it was in org.freedesktop.XdgApp, but is
 2392    now in org.freedesktop.impl.portal.DesktopPortal.
 2393  * The installation migration is a one-time operation so you can't
 2394    go back to xdg-app after updating.
 2395  * The library API (and name) changed due to the rename.
 2397 Other changes:
 2398  * Flatpak now hard-requires ostree 2016.5
 2399  * Switch from using xdg-app-helper to an included version of bubblewrap:
 2400    https://github.com/projectatomic/bubblewrap
 2401  * Added a policykit-based system helper that allows you to authenticate
 2402    via polkit to install into the system repository.
 2403  * Added an experimental command to export/import applications and runtimes
 2404    as an OCI tarball.
 2405  * builder: Fix creation of locale extensions if there was no locale data in the
 2406    build.
 2407  * It is now possible to disable/enable configured remotes.
 2408  * A lot of new tests where added, and we now support installed tests.
 2409  * builder now has an optional --arch argument for multiarch building.
 2410  * Builder modules can be disabled with "disabled": true.
 2411  * Using --filesystem=/tmp now hides the system X11 sockets.
 2414 Major changes in 0.5.2
 2415 ======================
 2417 * The way locale extensions work has changed. Now we build a single extension
 2418   for all locales, but we allow you to specify a subset of it during installation
 2419   and update time using the --subpath commandline flag.
 2420   The main reason for this is that the many extensions didn't scale, both in
 2421   technical terms (large ostree summary file size), but also in terms of the
 2422   UI listing hundreds of uninteresting things.
 2423 * We no longer use sizes in the commit objects to get installed and download size,
 2424   instead we store some extra metadata in the summary file. This allows us
 2425   to get much faster access to these, as with recent ostree versions we can
 2426   cache the summary file.
 2427 * New command xdg-app build-sign that lets you sign a commit at any time.
 2428 * New argument xdg-app build --force-clean that removes pre-existing build dirs.
 2429 * xdg-app run now uses the "current" version as the default if you specify no
 2430   branch or arch. It used to default to the "master" branch. This will default
 2431   to the last installed version, but can be changed with xdg-app make-current.
 2432 * Added config-opts to the build-options in xdg-app-builder. This allows you
 2433   to extend the configure flags in an arch dependent way.
 2434 * Documentation updates
 2436 Major changes in 0.5.1
 2437 =======================
 2438 * Make xdg-app-builder --build-only not export the results
 2439 * Create all-in-one Locale extension that combines all the locale extensions
 2440 * Extract icons for all appdata nodes when creating appstream
 2441 * Documentation updates
 2442 * Better handling of metadata in xdg-app-builder cache
 2443 * Respect the specified branch when exporting in xdg-app-builder
 2444 * Fix support for multi-arch with i386 userspace and 64bit kernel
 2445 * Avoid deprecated 32bit capabilities syscalls
 2447 Major changes in 0.5.0
 2448 =======================
 2449 * Some libxdg-app API additions for handling bundles
 2450 * Default to /bin/sh as user shell in sandbox
 2451 * Fix detection of which apps are in use during uninstall
 2452 * New implementation of fuse filesystem for document portal.
 2453   It is now cleaner and works on 32bit.
 2454 * Honor the noenumerate flag on remotes in CLI and libxdg-app.
 2455 * Add change notification for permissions store
 2456 * Require signed summaries for gpg-signed remotes
 2457 * Fix summary signatures of deltas in xdg-app build-update.
 2459 Major changes in 0.4.13
 2460 =======================
 2461 * Fix misgeneration of appdata xml in some cases
 2462 * Various improvements to bundles, and support in libxdgapp
 2463 * Add sources to Debug extensions created by xdg-app-builder
 2464 * Allow specifying subdirs of xdg-* dirs, for instance:
 2465    --filesystem=xdg-download/some-dir
 2466 * Add support for --filesystem=xdg-run/subdir which means
 2467   XDG_RUNTIME_DIR dir, rather than xdg-user-dirs.
 2468 * Add --generate-static-deltas option to build-update-repo.
 2470 Major changes in 0.4.12
 2471 =======================
 2472 * Fix crashes.
 2473 * Update exports when removing apps.
 2474 * Remove appstream and repo refs when removing a remote.
 2475 * Add some build options to make libxdg-app usable inside a sandbox.
 2476 * xdg-app-builder builds are now in the .xdg-app-builder/build subdir.
 2477 * Make system repo bare-user to avoid creating any setuid binaries.
 2478 * Add xdg-app-builder --run operation that runs a command with the
 2479   build environment set up.
 2480 * Support creating locale extensions with xdg-app-builder.
 2481 * Add support for tags to metadata.
 2482 * Put runtime info and tags in the appstream data
 2484 Major changes in 0.4.11
 2485 =======================
 2486 * Fix assertion when installing runtime
 2488 Major changes in 0.4.10
 2489 =======================
 2490 * App desktop files and icons were not being exported to the desktop
 2492 Major changes in 0.4.9
 2493 ======================
 2494 * Fix crash at end of runtime install.
 2495 * xdg-app-builder has a new source type "shell" which lets you run arbitrary
 2496   shell commands.
 2497 * Allow apps with writable homedir access to modify the xdg-app repos.
 2498 * New xdg-app info command gives you status of an installed app or runtime.
 2499 * The xdg-app-builder cache now contains the sdk commit id, so that a new
 2500   version of the sdk invalidates the cache.
 2501 * Fixed a regression in the xdg-app install-app backwards compatibility
 2502   handling.
 2503 * xdg-app now gives the application access to the deployment path, which can
 2504   be used to give host-side services access to app files (such as help
 2505   documents).
 2506 * build-export no longer exports appstream files, and when generating appstream
 2507   files we don't need them to be.
 2508 * The default architecture tag used by xdg-app is now made canonical when needed
 2509   (i.e. on arm/x86/mips).
 2511 Major changes in 0.4.8
 2512 ======================
 2513 * Changed global installation directory to /var/lib/xdg-app (not /var/xdg-app).
 2514 * Add support for a dbus filtering on the system bus.
 2515 * Choosing user namespaces or setuid is now a runtime option, not build time.
 2516 * Fix xml-escaping in the appstream generation.
 2517 * Various build fixes.
 2518 * Added some more documentation for the library.
 2519 * Disable support for running apps on systems without a systemd user session.
 2520 * Fix uninitialized memory read in xdg-app-builder during git checkouts.
 2521 * Correctly handle disabled git submodules in xdg-app-builder
 2522 * Fix hiding of non-exported symbols in libxdgapp
 2524 Major changes in 0.4.7
 2525 ======================
 2526 * Enabled build of libxdg-app by default, now the API is stable
 2527   enough for e.g. gnome-software to use it.
 2528 * Restructured the command line interface to xdg-app, it is now
 2529   more streamlined and easy to use. For instance, to install
 2530   both apps or runtimes, now use "xdg-app install $name".
 2531   The old commands still work, but are deprecated and not
 2532   in the docs.
 2533 * xdg-app-builder has gotten a bunch of new features that
 2534   makes it easier to build apps, and some initial work to
 2535   make it possible to create runtimes using it
 2536 * build-export now finds and export any app-info installed by
 2537   the app, and build-update-repo collects all such exports
 2538   into a per-repo branch for appstream and icons.
 2539 * The client (and libs) support for locally mirroring the appstream
 2540   branch for each remote. This allows use to create graphical appstores
 2541   with user-readable information and icons.
 2542 * On the client side one can now specify priorities for each
 2543   remote.
 2545 Major changes in 0.4.6
 2546 ======================
 2547 * Added an initial version of libxdg-app, a highlevel library
 2548   intended to be used by user interface frontends to xdg-app.
 2549   It is not yet API stable, so it is disabled by default.
 2550   Enable with --enable-libxdgapp
 2551 * Added xdg-app-builder, a separate tool that makes it easier to build
 2552   applications with external dependencies.
 2553 * Add support for single-file bundles, which can be a useful way
 2554   to distribute apps on e.g. a usb stick. Only works with the
 2555   latest version of ostree.
 2556 * Always allow apps to talk to the built-in portals
 2557 * Support granting read-only access to the filesystem with e.g. --filesystem=host:ro
 2558 * Add /run/user/$uid/xdg-app-info file that contains the current permissions of the app
 2559 * Add --writable-sdk option to xdg-app build-init
 2560 * Add file locking to better handle concurrent xdg-app operations like update and install
 2561 * Various fixes
 2563 Major changes in 0.4.5
 2564 ======================
 2565 * Support signing commits in build-export
 2566 * Correctly handle symlinks in host root when app has host-fs access
 2567 * Always regenerate summary after build-export
 2568 * Make uninstall a bit more robust
 2569 * Install the dbus introspection files
 2570 * Add human readable size to build-export report
 2571 * Add /dev/ptmx symlink in app
 2572 * Fix apps not getting SIGCHILD
 2573 * Only expose minimal /etc/[passwd|group] in app
 2575 Major changes in 0.4.4
 2576 ======================
 2577 * Fix race condition in fuse fs
 2578 * Don't save uid/gid/xattrs in build-export
 2579 * run: Handle existing mounts with spaces in them
 2580 * propagate xauth cookies to sandbox
 2582 Major changes in 0.4.3
 2583 ======================
 2584 * Build with older ostree
 2585 * Add --nofilesystem flag to e.g. xdg-app run
 2586 * Add xdg-app dump-runtime command
 2588 Major changes in
 2589 ======================
 2590 * Fix dbus proxy
 2592 Major changes in 0.4.2
 2593 ======================
 2594 * Fix build with older versions of glib
 2595 * Fix regression in filesystem access configuration
 2596 * Make seccomp use optional (for arches without it)
 2597 * Add xdg-app enter command to enter a running sandbox
 2598 * Fix /var/cache being readonly
 2599 * Add /var/data and /var/config shortcuts for per-app data
 2600 * Minor fixes to bash completion
 2602 Major changes in 0.4.1
 2603 ======================
 2604 * Fixed a parallel build issue
 2605 * Fixed a build issue where openat() didn't get a mode passed
 2606 * Don't block ptrace and perf in debug and build runs
 2607 * Put nvidia drivers in sandbox if DRI allowed
 2608 * Support specifying a version for runtime extensions
 2610 Major changes in 0.4.0
 2611 ======================
 2612 * A new permissions store was added to the dbus api.
 2613   This can be used by portal implementations that want to store
 2614   per-app permissions for objects.
 2615 * The document portal was added. This is a dbus api
 2616   which you can use to create document ids and assign
 2617   apps permissions to see these documents. The documents
 2618   themselves are accessed via a custom fuse filesystem.
 2619 * perf and strace are now blocked via the seccomp filters
 2620 * You can now override application metadata on a system
 2621   and per-user level, giving apps more or less access
 2622   than what they request.
 2623 * New command modify-remote added which lets you change
 2624   configuration of a remote after it has been added with
 2625   add-remote.
 2626 * Support for adding trusted gpg keys on a per-remote basis
 2627   has been added to add-remote and modify-remote.
 2628 * The repo-contents command has been renamed to ls-remote
 2629   to better match the other commands.
 2630 * The list-remotes command can now show more information
 2631   about the remotes.
 2632 * The bash completion implementation has been improved.
 2634 Major changes in 0.3.6
 2635 ======================
 2637 * Fix a typo in the socket seccomp rules that made ipv6 not work
 2638 * Export the users fonts (~/.local/share/fonts or ~/.fonts) in the sandbox
 2639 * Fix seccomp rules to work on i386
 2640 * Make exposing xdg user dirs work right