An buga wani sabon reshe mai tsayayye na kayan aikin Flatpak 1.12, wanda ke ba da tsarin gina fakitin da ba a haɗa su da takamaiman rarraba Linux ba kuma suna gudana a cikin akwati na musamman wanda ke ware aikace-aikacen daga sauran tsarin. Ana ba da tallafi don gudanar da fakitin Flatpak don Arch Linux, CentOS, Debian, Fedora, Gentoo, Mageia, Linux Mint, Alt Linux da Ubuntu. An haɗa fakitin Flatpak a cikin ma'ajiyar Fedora kuma mai sarrafa aikace-aikacen GNOME na asali yana samun goyan bayansa.
Maɓallin sabbin abubuwa a cikin reshen Flatpak 1.12:
- Ingantattun sarrafa mahalli na akwatin sandbox da aka yi amfani da su a cikin fakitin flatpak tare da abokin ciniki don sabis na isar da wasan Steam. A cikin akwatunan yashi na gida, an ba da izinin ƙirƙirar manyan kundayen adireshi na / usr da / app, waɗanda ake amfani da su a cikin Steam don ƙaddamar da wasanni a cikin wani akwati daban tare da ɓangaren sa / usr, keɓe daga yanayi tare da abokin ciniki Steam.
- Duk misalan fakitin tare da mai gano aikace-aikacen iri ɗaya (app-ID) suna raba kundayen adireshi /tmp da $XDG_RUNTIME_DIR. Optionally, ta amfani da tutar “--allow=per-app-dev-shm”, zaku iya ba da damar amfani da kundin adireshi na /dev/shm.
- Ingantattun tallafi don aikace-aikacen Interface User User (TUI) kamar gdb.
- An ƙara aiwatar da saurin aiwatar da umarnin "ostree prune" zuwa ginin-sabuntawa-repo mai amfani, wanda aka inganta don aiki tare da ma'ajiyar kayayyaki a cikin yanayin adana bayanai.
- Rashin lahani CVE-2021-41133 a cikin aiwatar da hanyar hanyar sadarwa, wanda ke da alaƙa da rashin toshe sabon tsarin kiran tsarin da ke da alaƙa da haɓaka juzu'i a cikin ƙa'idodin seccomp, an daidaita shi. Rashin lahani ya ba da izinin aikace-aikacen don ƙirƙirar akwatin yashi na gida don ketare hanyoyin tabbatarwa na “portal” waɗanda ake amfani da su don tsara damar samun albarkatu a wajen kwantena.
Sakamakon haka, maharin, ta hanyar yin kiraye-kirayen da ke da alaƙa da hawa, zai iya ƙetare hanyar keɓewar akwatin sandbox kuma ya sami cikakkiyar dama ga abubuwan da ke cikin mahallin masauki. Za a iya yin amfani da raunin kawai a cikin fakitin da ke ba da aikace-aikace tare da damar kai tsaye zuwa AF_UNIX soket, kamar waɗanda Wayland, Pipewire, da pipewire-pulse ke amfani da su. A cikin saki 1.12.0, ba a kawar da rashin lafiyar gaba ɗaya ba, don haka an sake sabunta 1.12.1 da zafi a kan dugadugansa.
Bari mu tunatar da ku cewa Flatpak yana ba masu haɓaka aikace-aikacen damar sauƙaƙe rarraba shirye-shiryen su waɗanda ba a haɗa su cikin daidaitattun ma'ajin rarraba ta hanyar shirya akwati ɗaya na duniya ba tare da ƙirƙirar taruka daban-daban don kowane rarraba ba. Ga masu amfani da tsaro, Flatpak yana ba ku damar gudanar da aikace-aikacen da ake tambaya a cikin akwati, yana ba da dama ga ayyukan cibiyar sadarwa da fayilolin mai amfani da ke da alaƙa da aikace-aikacen. Ga masu amfani da ke da sha'awar sabbin samfura, Flatpak yana ba ku damar shigar da sabuwar gwaji da kwanciyar hankali na aikace-aikacen ba tare da buƙatar yin canje-canje ga tsarin ba. Misali, an gina fakitin Flatpak don LibreOffice, Midori, GIMP, Inkscape, Kdenlive, Steam, 0 AD, Visual Studio Code, VLC, Slack, Skype, Desktop Telegram, Android Studio, da sauransu.
Don rage girman fakitin, ya haɗa da ƙayyadaddun abubuwan dogaro na aikace-aikacen kawai, kuma tsarin asali da ɗakunan karatu na hoto (GTK, Qt, GNOME da ɗakunan karatu na KDE, da sauransu) an tsara su azaman madaidaitan yanayin lokacin aiki. Babban bambanci tsakanin Flatpak da Snap shine Snap yana amfani da sassan babban yanayin tsarin da keɓewa dangane da kiran tsarin tacewa, yayin da Flatpak ke ƙirƙirar akwati daban da tsarin kuma yana aiki tare da manyan saiti na lokaci, yana ba da fakiti a matsayin abin dogaro, amma daidaitaccen tsari. mahallin tsarin (misali, duk ɗakunan karatu da ake buƙata don gudanar da shirye-shiryen GNOME ko KDE).
Baya ga daidaitaccen yanayin tsarin (lokacin aiki), wanda aka shigar ta wurin ajiya na musamman, ana ba da ƙarin abubuwan dogaro (dam) da ake buƙata don aikin aikace-aikacen. Gabaɗaya, lokacin aiki da damfara suna samar da cika akwati, duk da cewa an shigar da lokacin aiki daban kuma an ɗaure shi da kwantena da yawa a lokaci ɗaya, wanda ke ba ku damar guje wa kwafin fayilolin tsarin gama gari ga kwantena. Tsari ɗaya na iya shigar da lokutan gudu daban-daban (GNOME, KDE) ko nau'ikan nau'ikan lokaci guda ɗaya (GNOME 3.40, GNOME 3.42). Kwantena tare da aikace-aikace azaman abin dogaro yana amfani da ɗaure kawai zuwa takamaiman lokacin aiki, ba tare da la'akari da fakiti ɗaya waɗanda suka haɗa lokacin aiki ba. Duk abubuwan da suka ɓace ana tattara su kai tsaye tare da aikace-aikacen. Lokacin da aka ƙirƙiri akwati, ana ɗora abubuwan da ke cikin lokacin aiki azaman ɓangaren /usr, kuma an ɗora gunkin a cikin littafin /app directory.
An gina lokacin aiki da kwantena na aikace-aikacen ta amfani da fasahar OSTree, wanda aka sabunta hoton ta atomatik daga wurin ajiyar Git-kamar, wanda ke ba da damar yin amfani da hanyoyin sarrafa sigar zuwa abubuwan rarraba (misali, zaku iya sauri mirgine tsarin zuwa ga jihar da ta gabata). Ana fassara fakitin RPM zuwa maajiyar OSTree ta amfani da Layer rpm-ostree na musamman. Ba a tallafawa shigarwa daban da sabuntawa na fakiti a cikin yanayin aiki; ba a sabunta tsarin ba a matakin ɗayan abubuwan da aka gyara ba, amma gaba ɗaya, yana canza yanayin sa ta atomatik. Yana ba da kayan aikin don amfani da sabuntawa akai-akai, yana kawar da buƙatar gaba ɗaya maye gurbin hoton tare da kowane sabuntawa.
Wurin da aka keɓe wanda aka keɓance ya kasance gaba ɗaya mai zaman kansa na rarraba da aka yi amfani da shi kuma, tare da saitunan da suka dace na kunshin, ba shi da damar yin amfani da fayiloli da matakai na mai amfani ko babban tsarin, ba zai iya samun damar kai tsaye ga kayan aiki ba, ban da fitarwa ta hanyar DRI, da kira zuwa tsarin cibiyar sadarwa. Ana aiwatar da fitarwar zane da ƙungiyar shigarwa ta amfani da ka'idar Wayland ko ta hanyar tura soket na X11. Yin hulɗa tare da yanayin waje yana dogara ne akan tsarin saƙon DBus da API na Portals na musamman.
Don keɓewa, ana amfani da bubblewrap Layer da fasahar sarrafa gandun daji na Linux na gargajiya, dangane da amfani da ƙungiyoyi, wuraren suna, Seccomp da SELinux. Ana amfani da PulseAudio don fitar da sauti. A wannan yanayin, ana iya kashe warewa, wanda masu haɓaka manyan fakitin da yawa ke amfani da su don samun cikakkiyar damar shiga tsarin fayil da duk na'urorin da ke cikin tsarin. Misali, GIMP, VSCodium, PyCharm, Octave, Inkscape, Audacity, da VLC sun zo tare da iyakancewar yanayin keɓewa wanda ke barin cikakken damar shiga kundin adireshi.
Idan fakitin da ke da damar shiga kundin adireshi na gida sun lalace, duk da kasancewar alamar "sandboxed" a cikin bayanin kunshin, maharin kawai yana buƙatar canza fayil ~/.bashrc don aiwatar da lambar sa. Wani batu na daban shine sarrafa canje-canje zuwa fakiti da kuma dogara ga masu ginin kunshin, waɗanda galibi ba su da alaƙa da babban aikin ko rarrabawa.
source: budenet.ru