The flatpak-builder tool now supports passing secrets options to the
build system. These options are not printed during the build, nor
added to the resolved manifest after build, so they don't leak env
vars from CI.
Make secret variables part of the Flatpak workflow environment, like
the main workflow. Pass the various services hashes and clientids to
the build system using the new "secret-opts" key.
This reverts commit c370692773.
The PR that introduced this commit was opened before the browser plugin
was enabled, and when the browser was effectively enabled, this change
was already in place and didn't conflict, leaving us with both a
-DBUILD_BROWSER=ON *and* -DBUILD_BROWSER=OFF in place.
It is not possible to run host system executables like modinfo, pkexec,
and modprobe inside a Flatpak sandbox. However, Flatpak provides a way
to run command on the host system: the flatpak-spawn executable.
flatpak-spawn is a tiny helper that, when executed with the '--host'
parameter, talks to the org.freedesktop.Flatpak D-Bus interface to run
and retrieve the return value of the executable. This provides OBS Studio
a way to escape this sandbox limitation without opening large holes in
the sandbox.
Make v4l2's implementation of VirtualCam run system commands using
flatpak-spawn when inside a Flatpak sandbox. The detection of the sandbox
is done by checking the existence of the /.flatpak-info file, which is
created by Flatpak itself, and only exists inside the sandbox. If OBS
Studio is not running inside a Flatpak sandbox, run the exact same command
it used to run before this commit.
Add the permission to talk to the org.freedesktop.Flatpak D-Bus interface
to the Flatpak manifest, so we can run flatpak-spawn with the '--host'
parameter.
Notice that the same constraints apply with and without Flatpak: the host
system needs to have the v4l2loopback kernel module available for the v4l2
implementation of VirtualCam to work.
It seems that the browser source works inside a Flatpak sandbox and/or
Wayland with CEF 4280, so let's try and reenable it.
This reverts commit e64c61710f.
luajit developers ask people to use branches instead of tarballs, however,
Flatpak interprets having both 'commit' and 'branch' fields as 'use this
branch, and this commit should be at the top of the branch', which is not
really what we want.
Remove the specified commit from the Flatpak manifest.
- Update LuaJIT according to upstream recommendations (maintainers of
this project prefer that distributors use the git repository directly,
instead of archives. Do that, and also update the Lua path for swig.)
- Update ffmpeg and drop patch which is included in this updated release
now.
- Update x264
- Update nv-codec-headers
- Update mbedtls
The Chromium sandbox is conflicting with the Flatpak sandbox in a non-trivial,
non-workaroundable way. Until Chromium / CEF provides a way to unconditionally
disable the entire sandbox, let's not degrade the Flatpak experience.
