Nthambi yatsopano yokhazikika ya Flatpak 1.12 toolkit yasindikizidwa, yomwe imapereka njira yopangira mapepala odzipangira okha omwe samamangiriridwa ku magawo ena a Linux ndikuyendetsa mu chidebe chapadera chomwe chimalekanitsa ntchito ndi dongosolo lonse. Thandizo loyendetsa phukusi la Flatpak limaperekedwa kwa Arch Linux, CentOS, Debian, Fedora, Gentoo, Mageia, Linux Mint, Alt Linux ndi Ubuntu. Maphukusi a Flatpak akuphatikizidwa m'nkhokwe ya Fedora ndipo amathandizidwa ndi woyang'anira ntchito wa GNOME.
Zatsopano zazikulu munthambi ya Flatpak 1.12:
- Kuwongolera bwino kwa malo okhala ndi sandbox omwe amagwiritsidwa ntchito mu phukusi la flatpak ndi kasitomala wa ntchito yobweretsera masewera a Steam. M'mabokosi a mchenga omwe ali ndi zisa, kupanga magawo osiyana a / usr ndi / app akalozera amaloledwa, omwe amagwiritsidwa ntchito mu Steam kuyambitsa masewera mu chidebe chosiyana ndi gawo lake / usr, otalikirana ndi chilengedwe ndi kasitomala wa Steam.
- Nthawi zonse phukusi lomwe lili ndi chizindikiritso chofanana cha pulogalamu (ID ya pulogalamu) imagawana /tmp ndi $XDG_RUNTIME_DIR. Mwachidziwitso, pogwiritsa ntchito mbendera ya "--allow=per-app-dev-shm", mutha kugwiritsa ntchito /dev/shm chikwatu chogawana.
- Thandizo lowongolera pamapulogalamu a Text User Interface (TUI) monga gdb.
- Kukhazikitsa mwachangu kwa lamulo la "ostree prune" kwawonjezedwa ku build-update-repo utility, wokometsedwa kuti azigwira ntchito ndi nkhokwe mumayendedwe osungira.
- Chiwopsezo cha CVE-2021-41133 pakukhazikitsa njira yama portal, yolumikizidwa ndi kusowa kwa kutsekeka kwa mafoni atsopano okhudzana ndi kuyika magawo mu malamulo a seccomp, yakhazikitsidwa. Kusatetezeka kudapangitsa kuti pulogalamuyo ipange mchenga wokhala ndi zisa kuti idutse njira zotsimikizira za "portal" zomwe zimagwiritsidwa ntchito kukonza zofikira kunja kwa chidebecho.
Zotsatira zake, wowukira, poyimba mafoni okhudzana ndi kukwera, amatha kudutsa njira yodzipatula ya sandbox ndikupeza zonse zomwe zili m'malo omwe akulandila. Chiwopsezochi chitha kugwiritsidwa ntchito m'maphukusi omwe amapatsa mapulogalamu mwayi wofikira mwachindunji kumasoketi a AF_UNIX, monga omwe amagwiritsidwa ntchito ndi Wayland, Pipewire, ndi pipewire-pulse. Potulutsidwa 1.12.0, chiwopsezocho sichinathetsedwe kwathunthu, kotero kusintha kwa 1.12.1 kunatulutsidwa kutentha pazidendene zake.
Tikukumbutseni kuti Flatpak imalola opanga mapulogalamu kuti achepetse kugawa kwa mapulogalamu awo omwe sanaphatikizidwe muzosungirako zogawira pokonzekera chidebe chimodzi chapadziko lonse lapansi popanda kupanga misonkhano yosiyana pakugawa kulikonse. Kwa ogwiritsa ntchito chitetezo, Flatpak imakulolani kuti mugwiritse ntchito pulogalamu yokayikitsa m'chidebe, ndikupatseni mwayi wogwiritsa ntchito maukonde ndi mafayilo ogwiritsira ntchito omwe amagwirizana ndi pulogalamuyi. Kwa ogwiritsa ntchito omwe ali ndi chidwi ndi zatsopano, Flatpak imakulolani kuti muyike mayesero atsopano ndi kutulutsa kokhazikika kwa mapulogalamu popanda kufunikira kosintha dongosolo. Mwachitsanzo, mapaketi a Flatpak amapangidwira LibreOffice, Midori, GIMP, Inkscape, Kdenlive, Steam, 0 AD, Visual Studio Code, VLC, Slack, Skype, Telegraph Desktop, Android Studio, etc.
Kuti muchepetse kukula kwa phukusi, kumangotengera kudalira kwapadera kwa ntchito, ndipo makina oyambira ndi malaibulale azithunzi (GTK, Qt, GNOME ndi malaibulale a KDE, ndi zina zotero) adapangidwa ngati malo ogwiritsira ntchito plug-in. Kusiyana kwakukulu pakati pa Flatpak ndi Snap ndikuti Snap imagwiritsa ntchito zigawo za malo akuluakulu a dongosolo ndi kudzipatula pogwiritsa ntchito mafoni a machitidwe, pamene Flatpak imapanga chidebe chosiyana ndi dongosolo ndipo imagwira ntchito ndi seti yaikulu ya nthawi yothamanga, osapereka phukusi monga kudalira, koma muyezo. madera ena (mwachitsanzo, malaibulale onse ofunikira kuti agwiritse ntchito mapulogalamu a GNOME kapena KDE).
Kuphatikiza pa chilengedwe chadongosolo (nthawi yothamanga), yoyikidwa kudzera m'malo apadera, zowonjezera zowonjezera (mtolo) zomwe zimafunikira kuti zigwiritsidwe ntchito zimaperekedwa. Pazonse, nthawi yothamanga ndi mtolo zimapanga kudzazidwa kwa chidebecho, ngakhale kuti nthawi yothamanga imayikidwa padera ndikumangiriridwa kuzinthu zingapo nthawi imodzi, zomwe zimakupatsani mwayi wopewa kubwereza mafayilo amachitidwe omwe amafanana ndi zotengera. Dongosolo limodzi litha kukhala ndi nthawi zingapo zoyikira (GNOME, KDE) kapena mitundu ingapo ya nthawi yomweyo (GNOME 3.40, GNOME 3.42). Chidebe chokhala ndi pulogalamu ngati chodalira chimagwiritsa ntchito kumangirira ku nthawi yeniyeni, osaganizira za phukusi lomwe limapanga nthawi yothamanga. Zinthu zonse zomwe zikusowa zimayikidwa mwachindunji ndi pulogalamuyi. Chidebe chikapangidwa, zomwe zili mu nthawi yothamanga zimayikidwa ngati gawo la / usr, ndipo mtolo umayikidwa mu / app directory.
Zida zogwiritsira ntchito ndi zogwiritsira ntchito zimamangidwa pogwiritsa ntchito teknoloji ya OSTree, momwe chithunzicho chimasinthidwa ndi atomiki kuchokera kumalo osungiramo zinthu monga Git, zomwe zimalola njira zowonetsera kuti zigwiritsidwe ntchito pazigawo zogawa (mwachitsanzo, mukhoza kubwezeretsa mwamsanga dongosolo ku atomiki). dziko lakale). Maphukusi a RPM amamasuliridwa kumalo osungirako a OSTree pogwiritsa ntchito rpm-ostree wosanjikiza wapadera. Kuyika kosiyana ndi kusinthidwa kwa phukusi mkati mwa malo ogwira ntchito sikuthandizidwa; dongosololi limasinthidwa osati pamlingo wa zigawo za munthu, koma zonse, kusintha mkhalidwe wake. Amapereka zida zogwiritsira ntchito zosintha mochulukira, ndikuchotsa kufunika kosinthiratu chithunzicho ndikusintha kulikonse.
Malo odzipatula omwe amapangidwa amakhala odziyimira pawokha pazagawidwe zomwe zimagwiritsidwa ntchito ndipo, ndi makonzedwe oyenera a phukusi, alibe mwayi wopeza mafayilo ndi njira za wogwiritsa ntchito kapena dongosolo lalikulu, sangathe kulumikiza zidazo, kupatula zotuluka kudzera pa DRI, ndi kuyimbira ku network subsystem. Kutulutsa ndi kuyika kwazithunzi kumayendetsedwa pogwiritsa ntchito protocol ya Wayland kapena kudzera pa X11 socket forwarding. Kuyanjana ndi chilengedwe chakunja kumachokera ku mauthenga a DBus ndi ma Portals API apadera.
Podzipatula, mawonekedwe a Bubblewrap ndi matekinoloje achikhalidwe a Linux amagwiritsidwa ntchito, kutengera kugwiritsa ntchito magulu, malo a mayina, Seccomp ndi SELinux. PulseAudio imagwiritsidwa ntchito kutulutsa mawu. Pankhaniyi, kudzipatula kumatha kulemala, komwe kumagwiritsidwa ntchito ndi omwe amapanga maphukusi ambiri otchuka kuti apeze mwayi wokwanira wamafayilo ndi zida zonse m'dongosolo. Mwachitsanzo, GIMP, VSCodium, PyCharm, Octave, Inkscape, Audacity, ndi VLC zimabwera ndi njira yodzipatula yocheperako yomwe imasiya mwayi wofikira ku bukhu lanyumba.
Ngati ma phukusi okhala ndi chikwatu chakunyumba asokonezedwa, ngakhale pali zilembo za "sandboxed" pofotokozera phukusi, wowukirayo angofunika kusintha ~/.bashrc wapamwamba kuti agwiritse ntchito code yake. Nkhani yosiyana ndi kulamulira kwa kusintha kwa phukusi ndi kudalira omanga phukusi, omwe nthawi zambiri samagwirizanitsidwa ndi polojekiti yaikulu kapena magawo.
Source: opennet.ru