Tags: Linux »»»» Linux application distribution »»»» Flatpak
For time immemorial, on Linux we've used "packages" for distributing software. This boils down to, we're installing DEB or RPM packages, and that's how it's been for a couple decades at least. But that model is flawed, and Flatpak aims to fix a number of problems while improving system security.
The typical Linux tutorial tells you the apt-get
and yum
commands required to install the required software. Maybe instead of the command line, the reader is directed to the Ubuntu Software application, or its equivalent on other distributions. But, I just said that model is flawed, so what are the flaws?
- During installation, the installer script has full root access to your system. What could go wrong?
- Getting a package to be handled by a distribution can be a very long process. Hence, the distributions are a bottleneck/gatekeeper to fluid application distribution.
- The distributions also intervene in bug reporting and support requests with the original application developer.
- The distributions control the timing of updates to the application.
- The application developer must work out how to build packages for every supported distribution, for every operating system release, and for every CPU architecture.
- There are technical compatibility issues with system libraries - because of difficulties with having multiple versions of the same library.
There's a lot more issues, some of which are focused on the application developer. But if an application developer has a high overhead to supporting a new Linux distribution, they probably won't do it. Hence, many applications support Ubuntu and nothing else.
For Linux to be more widely used by regular folks, one thing that's required is a well stocked application store. These users don't want to go to the command line - and apt-get
/ apt-cache
are a horrible way to find packages to install.
Instead, the Apple App Store is an excellent example of how this should work. Each application is categorized, with descriptions and screen shots supplied by the developer. There is a direct relationship between the developer and the user. By contrast, in the traditional Linux model, the user has a hard time reporting bugs directly to the developer, the developer doesn't get a clear bug report and has a hard time reaching the original complainant.
What does Flatpak do to fix these problems with Linux application distribution?
Linux application distribution has problems, in other words. What does Flatpak offer instead?
- Flatpak bundles everything required into a portable container, and is inherently executable on any Linux
- Flatpak therefore supports all Linux distributions, amplifying the reach of applications, and therefore increasing the value of the Linux ecosystem
- Users and Developers are in direct relationship with each other
- Flathub is a graphical user interface to the Flatpak system
Safer - All apps available for all Linux distros - etc - I like this.
Getting started with Flatpak
Start at https://flatpak.org/
Scroll down, and you'll find a button marked Get Set Up
Since I'm using Ubuntu, I clicked on the icon in the upper left. Basically, click on the icon matching the version of Linux you're using.
For Ubuntu, the instructions are this:
$ sudo apt install flatpak
$ sudo apt install gnome-software-plugin-flatpak
The first installs the Flatpack system, and the second adds a plugin to the GNOME Software application. However, many of the applications you'll find there are Snap packages. I dislike Snap packages, and intend to avoid them at all cost.
Instead, there is Flathub, which is a common hub for distributing Flatpak packages. We add Flathub to our system using this command:
$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
The next step is heading to Flathub: https://flathub.org/home -- There we find an online catalog of applications packaged with Flatpak.
We're told to reboot the system after adding Flathub.
Installing our first Flatpack application
To get some experience, I wanted to try installing an application. I first thought of Gitkraken, but on its listing there was a message that the Flatpak for Gitkraken is not officially supported by the app developer. So, I did a search for "Git" and came across this, which is roughly the same idea as Gitkraken.
You see at the top the search box. Then the main body of the web page -- this is running in a web browser -- is a description of the application. It looks good to me, so I click the Install button. That downloads a flatpakref
file like so:
Double-clicking that file opens the GNOME Software application, which then handles application installation.
Then after actually rebooting, the Gitg application is available in the system menus. Even though the Flatpak setup instructions said to reboot, I did not initially do so. Not strictly following the instructions did not stop me from locating and installing an application. And now I'm good to go.
Let's try another installation, this time by looking in the GNOME Software tool directly. On Flathub I find Foliate which is billed as a modern EPUB E-Book reader. Searching for Foliate in GNOME Software, I find this:
Clicking on the Install button quickly installs the application, and it is immediately usable.
How are Flatpak applications sandboxed?
The security advantage for Flatpak is that applications are automatically sandboxed. This hides the application within a container that shields it from the operating system. This container in part interpolates between the host operating system and the application. But it also creates a security bubble around the application.
Running Foliate, then running ps -auxf
, we see these processes:
bwrap --args 32 com.github.johnfactotum.Foliate --library
bwrap --args 32 com.github.johnfactotum.Foliate --library
/usr/bin/gjs /app/bin/com.github.johnfactotum.Foliate --library
So.. what is bwrap
? See:
https://github.com/containers/bubblewrap
So, bwrap
means Bubble Wrap, and is a general purpose sandboxing tool for containers. It's very low level and we wouldn't use it directly, but instead use it indirectly like with Flatpak. We don't need to go deep into this, but it's interesting to read about.
When the Flatpak people say they're running applications sandboxed into a Container, they do not mean what Docker means by Container. This is a little distinction to keep in mind.
Summary
At first I was leery of Flatpak. I've been using Ubuntu for 15 years or more, and Snap's had left a bad taste in my mouth. But, I'm in the middle of switching from using macOS as my primary environment, plus considering shifting my girlfriend from Windows to Linux/Ubuntu.
Having now watched a couple videos and taken Flatpak for a spin, I'm in support of the idea.
That the application is hidden inside a container is absolutely excellent. It means the system is shielded from any potential security holes. Plus, it is what enables Flatpak to amplify how software is distributed on Linux. Widespread adoption of Flatpak should be very very good for Linux.
FLATPAK is the FUTURE of LINUX application distribution: This video is what sold me on Flatpack. It goes over the rationale in much greater depth than I did above.
Flatpak, an introduction (Lightning Talk) - Alexander Larsson: Is an in-depth developer-oriented discussion of why developers should adopt Flatpak.