Igatsha elisha elizinzile lekhithi yamathuluzi ye-Flatpak 1.12 selishicilelwe, elihlinzeka ngohlelo lokwakha amaphakheji azimele angaboshiwe ekusatshalalisweni kwe-Linux ethile futhi asebenza esitsheni esikhethekile esihlukanisa uhlelo lokusebenza kulo lonke uhlelo. Ukusekelwa kokusebenza kwamaphakheji e-Flatpak kunikezwa i-Arch Linux, CentOS, Debian, Fedora, Gentoo, Mageia, Linux Mint, Alt Linux kanye no-Ubuntu. Amaphakheji e-Flatpak afakiwe endaweni yokugcina ye-Fedora futhi asekelwa umphathi wohlelo lokusebenza lwe-GNOME lwendabuko.
Izinto ezintsha ezibalulekile egatsheni leFlatpak 1.12:
- Ukuphathwa okuthuthukisiwe kwezindawo zebhokisi lesihlabathi esidleke ezisetshenziswa kuphakheji ye-flatpak neklayenti lesevisi yokulethwa kwegeyimu ye-Steam. Kuma-sandbox afakwe esidlekeni, ukwakhiwa kwezigaba ezihlukene zenkomba ye-/usr kanye/yohlelo lokusebenza kuvunyelwe, esetshenziswa ku-Steam ukwethula imidlalo esitsheni esihlukile esinokwahlukanisa kwaso / kwe-usr, okuhlukanisiwe nemvelo neklayenti le-Steam.
- Zonke izimo zephakheji ezinezihlonzi zohlelo lokusebenza ezifanayo (i-ID yohlelo lokusebenza) zabelana ngohla lwemibhalo lwe-/tmp kanye ne-$XDG_RUNTIME_DIR. Ongakukhetha, usebenzisa ifulegi elithi “--allow=per-app-dev-shm”, ungavumela ukusetshenziswa kohlu lwemibhalo olwabiwe lwe-/dev/shm.
- Ukusekelwa okuthuthukisiwe kwezinhlelo zokusebenza ze-Text User Interface (TUI) njenge-gdb.
- Ukuqaliswa okusheshayo komyalo we-"ostree prune" kungeziwe ku-build-update-repo utility, elungiselelwe ukusebenza nezinqolobane kumodi yokugcinwa kwengobo yomlando.
- Ukuba sengozini kwe-CVE-2021-41133 ekusetshenzisweni kwendlela yephothali, okuhlobene nokushoda kokuvinjwa kwezingcingo zesistimu entsha ezihlobene nokukhuphuka kwezingxenye emithethweni ye-seccomp, sekulungisiwe. Ukuba sengozini kuvumele uhlelo lokusebenza ukuthi ludale ibhokisi lesihlabathi elifakwe isidleke ukuze lidlule izindlela zokuqinisekisa “zephothali” ezisetshenziselwa ukuhlela ukufinyelela kuzinsiza ezingaphandle kwesiqukathi.
Njengomphumela walokho, umhlaseli, ngokwenza amakholi esistimu ahlobene nokukhwezwa, angadlula indlela yokuhlukanisa i-sandbox futhi athole ukufinyelela okugcwele kokuqukethwe kwendawo yokusingatha. Ukuba sengozini kungasetshenziswa kuphela kumaphakheji anikeza izinhlelo zokusebenza ukufinyelela okuqondile kumasokhethi e-AF_UNIX, njengalawo asetshenziswa i-Wayland, i-Pipewire, ne-pipewire-pulse. Ekukhululweni kwe-1.12.0, ubungozi abuzange buqedwe ngokuphelele, ngakho-ke isibuyekezo esingu-1.12.1 sikhishwe kushisa ezithendeni zayo.
Ake sikukhumbuze ukuthi i-Flatpak ivumela abathuthukisi bohlelo lokusebenza ukuthi benze lula ukusatshalaliswa kwezinhlelo zabo ezingafakiwe kumakhosombe okusabalalisa ajwayelekile ngokulungiselela isiqukathi esisodwa sendawo yonke ngaphandle kokudala imihlangano ehlukene yokusabalalisa ngakunye. Kubasebenzisi abaqaphela ukuphepha, i-Flatpak ikuvumela ukuthi usebenzise uhlelo lokusebenza olungabazekayo esitsheni, enikeza ukufinyelela kuphela emisebenzini yenethiwekhi namafayela omsebenzisi ahlobene nohlelo lokusebenza. Kubasebenzisi abanentshisekelo emikhiqizweni emisha, i-Flatpak ikuvumela ukuthi ufake ukuhlolwa kwakamuva nokukhishwa okuzinzile kwezinhlelo zokusebenza ngaphandle kwesidingo sokwenza izinguquko ohlelweni. Isibonelo, amaphakheji e-Flatpak akhelwe i-LibreOffice, Midori, GIMP, Inkscape, Kdenlive, Steam, 0 AD, Visual Studio Code, VLC, Slack, Skype, Telegram Desktop, Android Studio, njll.
Ukuze kuncishiswe usayizi wephakheji, kuhlanganisa kuphela ukuncika okuqondene nohlelo lokusebenza, futhi isistimu eyisisekelo namalabhulali ezithombe (imitapo yolwazi ye-GTK, Qt, GNOME ne-KDE, njll.) yakhelwe njengezimo ezijwayelekile ze-plug-in zesikhathi sokusebenza. Umehluko oyinhloko phakathi kwe-Flatpak ne-Snap yukuthi i-Snap isebenzisa izingxenye zemvelo yesistimu eyinhloko kanye nokuzihlukanisa ngokusekelwe kumakholi wesistimu yokuhlunga, kuyilapho i-Flatpak idala isitsha esihlukile ohlelweni futhi isebenza ngamasethi amakhulu wesikhathi sokusebenza, inganikezeli amaphakheji njengokuncika, kodwa okujwayelekile. izindawo zesistimu (isibonelo, yonke imitapo yolwazi edingekayo ekusebenzeni kwezinhlelo ze-GNOME noma ze-KDE).
Ngaphezu kwemvelo evamile yesistimu (isikhathi sokusebenza), efakwe ngenqolobane ekhethekile, ukuncika okwengeziwe (inqwaba) okudingekayo ekusebenzeni kohlelo lokusebenza kuhlinzekwa. Sekukonke, isikhathi sokusebenza kanye nenqwaba kwenza ukugcwaliswa kwesiqukathi, naphezu kokuthi isikhathi sokusebenza sifakwe ngokwehlukana futhi siboshelwe ezitsheni eziningana ngesikhathi esisodwa, okukuvumela ukuthi ugweme ukuphindaphinda amafayela wesistimu ajwayelekile ezitsheni. Isistimu eyodwa ingaba nezikhathi zokugijima eziningana ezifakiwe (i-GNOME, i-KDE) noma izinguqulo ezimbalwa zesikhathi sokusebenza esifanayo (GNOME 3.40, GNOME 3.42). Isiqukathi esinohlelo lokusebenza njengokuncika sisebenzisa ukubophezela kuphela esikhathini esithile sokusebenza, ngaphandle kokucabangela amaphakheji angawodwana akha isikhathi sokusebenza. Zonke izici ezingekho zipakishwa ngokuqondile nohlelo lokusebenza. Uma isiqukathi sakhiwe, okuqukethwe kwesikhathi sokusebenza kuyakhwezwa njengengxenye ye/usr, futhi inqwaba ikhwezwa kumkhombandlela wohlelo lokusebenza.
Iziqukathi zesikhathi sokusebenza nezokusebenza zakhiwe kusetshenziswa ubuchwepheshe be-OStree, lapho isithombe sibuyekezwa khona nge-athomu sisuka endaweni yokugcina efana ne-Git, evumela izindlela zokulawula inguqulo ukuthi zisetshenziswe ezingxenyeni zokusabalalisa (isibonelo, ungakwazi ukuhlehlisa ngokushesha uhlelo ku- isimo sangaphambilini). Amaphakheji e-RPM ahunyushelwa endaweni ye-OStree kusetshenziswa isendlalelo esikhethekile se-rpm-ostree. Ukufakwa okuhlukene nokuvuselelwa kwamaphakheji ngaphakathi kwendawo yokusebenza akusekelwe; isistimu ibuyekezwa hhayi ezingeni lezingxenye ngazinye, kodwa iyonke, ishintsha isimo sayo nge-athomu. Ihlinzeka ngamathuluzi okufaka izibuyekezo ngokuqhubekayo, isusa isidingo sokushintsha ngokuphelele isithombe ngesibuyekezo ngasinye.
Indawo ehlukanisiwe ekhiqiziwe izimele ngokuphelele ekusabalaliseni okusetshenzisiwe futhi, ngezilungiselelo ezifanele zephakheji, ayinakho ukufinyelela kumafayela nezinqubo zomsebenzisi noma uhlelo oluyinhloko, ayikwazi ukufinyelela ngokuqondile okokusebenza, ngaphandle kokuphumayo nge-DRI, kanye nezingcingo eziya kusistimu engaphansi yenethiwekhi. Okuphumayo kwezithombe nokuhlelwa kokufakwayo kusetshenziswa iphrothokholi ye-Wayland noma nge-X11 socket forwarding. Ukusebenzisana nemvelo yangaphandle kusekelwe ohlelweni lwemiyalezo ye-DBus kanye ne-Portals API ekhethekile.
Ukuze uzihlukanise, kusetshenziswa ungqimba lwe-Bubblewrap kanye nobuchwepheshe be-virtualization besitsha se-Linux bendabuko kusetshenziswa, ngokusekelwe ekusetshenzisweni kwamaqoqo, izindawo zamagama, i-Seccomp ne-SELinux. I-PulseAudio isetshenziselwa ukukhipha umsindo. Kulesi simo, ukuhlukaniswa kungakhutshazwa, okusetshenziselwa abathuthukisi bamaphakheji amaningi athandwayo ukuze bathole ukufinyelela okugcwele ohlelweni lwefayela kanye nawo wonke amadivayisi ohlelweni. Isibonelo, i-GIMP, i-VSCodium, i-PyCharm, i-Octave, i-Inkscape, i-Audacity, ne-VLC iza nemodi yokuhlukanisa elinganiselwe eshiya ukufinyelela okugcwele kumkhombandlela wasekhaya.
Uma amaphakheji anokufinyelela kuhla lwemibhalo lwasekhaya esengozini, naphezu kokuba khona kwelebula ethi “sandboxed” encazelweni yephakheji, umhlaseli udinga kuphela ukushintsha ifayela elithi ~/.bashrc ukuze asebenzise ikhodi yakhe. Inkinga ehlukile ukulawula izinguquko kumaphakheji kanye nokwethemba abakhi bamaphakheji, abavame ukungahlotshaniswa nephrojekthi enkulu noma ukusatshalaliswa.
Source: opennet.ru