I did a presentation during the virtual Hacktoberfest Mauritius on Friday night, 23 October 2020. I had the freedom to choose a topic. So, I decided to talk about setting up Flatpak on openSUSE.

What is Flatpak?

Flatpak is a system for building, distributing, and running sandboxed desktop applications. It was developed in 2015 by Alex Larsson and is currently maintained by an independent community of developers. It is written in C and its source code is available on GitHub.

Installation process is straightforward using zypper.

zypper in flatpak

The flatpak utility can then be used at the command line to add a repository. In our case, we are going to add the flathub repository.

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

We specify the option remote-add to indicate that we wish to add a repository, --if-not-exists to execute the command only if the repo does not exist on the system already, then followed by a name for the repo. We named the repo flathub but we could have called it something else as well, e.g myfavoriterepo. Lastly, we specify the url of the repository.

Next, we check whether the repo has been added.

ish@coffee-bar:~> flatpak remotes
Name    Options
flathub system

We can now start searching and installing apps from the flathub repo.

ish@coffee-bar:~> flatpak search postman
Name             Description                                                 Application ID                  Version          Branch         Remotes
Postman          Postman is a complete API development environment.          com.getpostman.Postman          7.31.0           stable         flathub

We install the application by specifying the Application ID.

flatpak install com.getpostman.Postman

The necessary icons and application shorcuts will be created as the installation completes. Therefore, launching the application from the desktop will follow the usual steps.

However, if you wish to run the application from the command line, e.g Postman, you cannot do so by simply typing postman at the terminal prompt. It should be run as follows:

flatpak run com.getpostman.Postman

Sandbox

With Flatpak, each application is built and run in an isolated environment. By default, the application can only 'see' itself and its runtime. Access to user files, network, graphics sockets, subsystems on the bus and devices have to be explicitly granted.

Diagram source: flatpak.org
Diagram source: flatpak.org

Under the hood

Flatpak uses a number of pre-existing technologies. It generally isn’t necessary to be familiar with these in order to use Flatpak, although in some cases it might be useful. They include:

  • The bubblewrap utility from Project Atomic, which lets unprivileged users set up and run containers, using kernel features such as:
    - Cgroups
    - Namespaces
    - Bind mounts
    - Seccomp rules
  • systemd to set up cgroups for sandboxes
  • The OSTree system for versioning and distributing filesystem trees