Linux Application Sandboxing And Distribution Framework Flatpak Reaches Version 1.0 Stable
Flatpak, the Linux application sandboxing and distribution framework, has reached version 1.0 stable. Compared to the previous stable series (0.10.x), the new version should have faster installation and updates, it allows marking applications as end-of-life, and it asks the user to confirm app permissions at install time, among other improvements.
Flatpak is a software utility for software deployment, package management, and application virtualization for Linux. Applications built with Flatpak can run on almost any Linux distribution. Flatpak applications run in a sandbox environment in which the applications are isolated from the rest of the system, and require permission from the user to access the user's files or access hardware devices.
With Flatpak 1.0, users are asked to confirm application permissions at install time. When an update requires additional permissions, they must be confirmed by the user before performing the update. I should note that currently there's no GUI tool as far as I'm aware for managing Flatpak permissions, so until GUI tools can take advantage of this feature, it only applies to the command line
Another important change is the addition of a new portal that allows applications to create sandboxes and restart themselves, useful to automatically restart an application after it is updated, to run the new version and avoid running into issues.
What's more, Flatpak 1.0 allows marking applications as end-of-life. This is useful because app centers like Gnome Software can make use of this to warn users that they have an end-of-life version installed.
Other changes in Flatpak 1.0 since the 0.10.x series include:
- Peer-to-peer installation (via USB sticks or local network) is now enabled and supported by default in all builds.
- Apps can now request access the host SSH agent to securely access remote servers or Git repositories.
- A new application permission can be used to grant access to Bluetooth devices.
- Host TLS certificates are now exposed to applications using p11-kit-server.
- Command line:
- The install, update and uninstall commands now ask for confirmation of changes before proceeding, in order to prevent mistakes, and to show the required application permissions.
- New command to automatically remove unused runtimes and extensions (useful to remove any leftovers from applications you've removed):
uninstall --unused
- New
info
options, including--show-permissions
,--file-access
,--show-location
,--show-runtime
,--show-sdk
. repair
- fixes broken installs by scanning for errors, removing invalid objects and reinstalling anything that's missing.
You may want to consult the complete Flatpak 1.0 release notes.
This is Flatpak version 0.11.7 (the version available in the Ubuntu 18.04) used to install GIMP from FlatHub - notice it doesn't list permissions nor does it ask the user if it should proceed with the installation:
Flatpak 1.0 (used to install GIMP from FlatHub) lists permissions, file access and dbus access and asks the user if they want to proceed with the installation:
With the Flatpak 1.0 release, the Flatpak developers no longer consider the FlatHub (a central store for distributing Flatpak applications) service as being in beta. Also, the main Freedesktop runtime, used by most Flatpak applications, was also updated with a new lifecycle policy, "which includes a regular release schedule and guarantees for support periods and security updates".
Getting Flatpak 1.0
For how to setup Flatpak on your Linux distribution, visit its quick setup guide.
Depending on the Linux distribution you're using, it may take a while until Flatpak 1.0 is available in the official repositories. If you want to use Flatpak 1.0 right away, you can search for it in third-party repositories or build it from source.
On Ubuntu 18.04 and 16.04, Flatpak 1.0 is already available in its official PPA, so you can use these commands to install it:
sudo add-apt-repository ppa:alexlarsson/flatpak
sudo apt update
sudo apt install flatpak
If you use Gnome Software, you may also want to install the Software Flatpak plugin:
sudo apt install gnome-software-plugin-flatpak