Boise Linux Group April 17 Meeting Notes

We started a few minutes late, around 6:40 in that attendance was light with 8 in attendance. Then Jacob, a recent addition to our group, started his presentation on FLATPAK which turned out to be very developer focused on building your own flatpaks!  What follows is an outline taken from his presentation:

FLATPAK
Revolutionize the Desktop

AGENDA
Introduction
How it works
What’s in there?
Elements of a flatpak
Getting Started
SDKs and looking around
Building a flatpak
Demo
The sandbox

Introduction
Flatpak is a technology for building, distributing, installing and running applications

Flatpak has been designed and implemented with a number of goals:

Allow applications to be installed on any Linux distribution
Provide consistent environments for applications
Decouple applications from the operating system
Allow applications to bundle their own dependencies
Increase the security of the Linux desktop by isolating applications in sandboxes

How it all works
Runtime
Bundled libraries
SDKs
Extensions
Sandboxes

What’s in there?
The bubblewrap utility from Project Atomic, which allows unprivileged users to use kernel features such as:
Cgroups
Namespaces
Bind mounts
Seccomp rules
Systemd - to setup cgroups for sandboxes
OCI format - transport format for single-file bundles
D-Bus - to provide APIs for applications
OSTree - versioning and distributing filesystem trees
Appstream metadata - to allow flatpak applications to show up in software center applications

Elements of flatpak

Standard Application Elements: (allowed system resources)
AppData
Icons
D-Bus
Desktop Files
Pulseaudio
X11 or Wayland

Application Structure
metadata
/files
/files/bin
/exports

Example Metadata
[Application]
name=org.gnome.gedit
runtime=org.gnome.Platform/x86_64/3.22
sdk=org.gnome.Sdk/x86_64/3.22
command=gedit

[Context]
shared=ipc;network;
sockets=x11;wayland;pulseaudio;
devices=dri;
filesystems=host;

Let’s get started!
List flatpak repositories
$ flatpak remote-list
Add remote repository
$ flackpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
Search for Packages
$ flatpak remote-ls flathub | grep -i gimp
org.gimp.GIMP
Install flatpak
$ flatpak install flathub org.gimp.GIMP
Run flatpak
$ flatpak run org.gimp.GIMP

===============================================================================
Sample Flatpak Command Line Install Session:
$ flatpak remote-list

$ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
$ flatpak remote-list
Name    Options
flathub system
$ flatpak remote-ls flathub |grep -i epiphany
org.gnome.Epiphany                          
]$ flatpak install flathub org.gnome.Epiphany
Required runtime for org.gnome.Epiphany/x86_64/stable (org.gnome.Platform/x86_64/3.28) is not installed, searching...
Found in remote flathub, do you want to install it? [y/n]: y
Installing: org.gnome.Platform/x86_64/3.28 from flathub
[####################] 10 delta parts, 76 loose fetched; 213043 KiB transferred
Installing: org.freedesktop.Platform.VAAPI.Intel/x86_64/1.6 from flathub
[####################] 1 delta parts, 2 loose fetched; 2623 KiB transferred in 5
Installing: org.freedesktop.Platform.ffmpeg/x86_64/1.6 from flathub
[####################] 1 delta parts, 2 loose fetched; 2652 KiB transferred in 4
Installing: org.gnome.Platform.Locale/x86_64/3.28 from flathub
[####################] 5 delta parts, 120 loose fetched; 95173 KiB transferred i
Installing: org.gnome.Epiphany/x86_64/stable from flathub
[####################] 1 delta parts, 1 loose fetched; 2869 KiB transferred in 4
Installing: org.gnome.Epiphany.Locale/x86_64/stable from flathub
[####################] 1 delta parts, 1 loose fetched; 924 KiB transferred in 3
]$
Application was completely installed and available from the graphical Desktop menu!
===============================================================================

SDKs and just looking around
Install the SDK:
$ flatpak remote-add --from gnome https://sdk.gnome.org/gnome.flatpakrepo
$ flatpak install gnome org.gnome.Platform//3.26 org.gnome.Sdk//3.26
Add remote respository
$ flatpak remote-add --from gnome-apps https://sdk.gnome.org/gnome-apps.flatpakrepo
$ flatpak install gnome-apps org.gnome.gedit
Take a look around, application is under /app and the SDK is /usr:
$ flatpak run --devel --command=bash org.gnome.gedit

How do I build my own flatpak?
Install runtime and matching SDk:
$ flatpak remote-add --from flathub https://flathub.org/repo/flathub.flatpakrepo
$ flatpak install flathub org.freedesktop.Platform//1.6 org.freedesktop.Sdk//1.6Create the application:
#!/bin/sh
echo “Hello world, from a sandbox”
Example manifest:
{
    "app-id": "org.flatpak.Hello",
    "runtime": "org.freedesktop.Platform",
    "runtime-version": "1.6",
    "sdk": "org.freedesktop.Sdk",
    "command": "hello.sh",
    "modules": [
        {
            "name": "hello",
            "buildsystem": "simple",
            "build-commands": [
                "install -D hello.sh /app/bin/hello.sh"
            ],
            "sources": [
                {
                    "type": "file",
                    "path": "hello.sh"
                }
            ]
        }
    ]
}
Build the application:
$ flatpak-builder hello org.flatpak.Hello.json
Test the application:
$ flatpak-builder --run hello org.flatpak.Hello.json hello.sh
Add the application to a repo:
$ flatpak-builder --repo=repo --force-clean hello org.flatpak.Hello.json
Install the application:
$ flatpak remote-add --no-gpg-verify test-repo repo
$ flatpak install test-repo org.flatpak.Hello
Run the application:
$ flatpak run org.flatpak.Hello

Building simple applications
Prepare the build directory:
$ flatpak build-init weechat org.weechat.Weechat org.gnome.Sdk org.gnome.Platform 3.26
Build the application:
$ flatpak build ../weechat ./configure --prefix=/app
$ flatpak build ../weechat make
$ flatpak build ../weechat make install
Complete the build:
$ flatpak build-finish weechat --socket=x11 --share=network --command=weechat
$ flatpak build-export repo weechat
$ flatpak --user remote-add --no-gpg-verify --if-not-exists test-repo repo
$ flatpak --user install test-repo org.weechat.Weechat

Demo time!

Playing in the sandbox

A Flatpak has extremely limited access:
No access to any host files except the runtime, the app and ~/.var/app/$APPID
No access to the network
No access to any device nodes, except /dev/null
No access to processes outside the sandbox
Limited syscalls
Limited access to the session D-Bus instance
No access to host services like X, system D-Bus, or PulseAudio

Portals are how applications interact with the host
Inhibit the user session from ending, suspending, idling or getting switched away
Network status information
Notifications
Open a URI
Open files with a native file chooser dialog
Printing
Screenshots

THANK YOU
plus.google.com/+RedHat
linkedin/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHatNews

Links:
flathub.org
flatpak.org/setup
docs.flatpak.org/en/latest <= developer docs

Our thanks to Jacob for the excellent presetation and all the work he put into it in bringing to us!

Flatpak Build Environment - Fedora 27 Workstation: dnf list 'flatpak*'
Installed Packages
flatpak.x86_64                              0.10.4-1.fc27               @updates
flatpak-builder.x86_64                  0.10.9-1.fc27               @updates
flatpak-devel.x86_64                    0.10.4-1.fc27               @updates
flatpak-libs.x86_64                       0.10.4-1.fc27               @updates
flatpak-rpm-macros.noarch         27-4.fc27                     @fedora
flatpak-runtime-config.x86_64     27-5.fc27                     @fedora

New Ansible Meeting starting in Boise:
https://www.meetup.com/Ansible-Boise/
First meeting date to be determined!
Waiting on Ansible...
Currently 21 have registered for the group.

Clint was prepared to talk about the Beta releases of Ubuntu 18.04 LTS and Fedora 28 and expressed his concern about the bloat in the new releases and slowness to boot on hardware that had booted previous versions with minimum wait times.  Also the footprint has gotten big in terms of hard disk space required, generally at least 10 GB for just installation (forget about updating).  Even the "low requirement" ElementaryOS, a stripped down version for "newbies", requires 8.6 GB to install in spite of the "live DVD" version only running in 2 GB of space.  One distribution that impressed Clint was Neptune 5.1 Plasma, just release, built on Debian Stretch, was very fast to boot even in a VirtualBox environment on old hardware (13 year old Centrino Dual Core laptop with 4 GB of RAM).  In Clint's opinion, the Ubuntu 16.04.4 LTS will be around for sometime to come as it will be supported until April of 2021 by Ubuntu with free security and maintenance updates and it is still the foundation base for many distributions that are built on 16.04 LTS.

We wrapped up the meeting about 8:30 PM with no futher dicusssions.

Our next meeting will be May 16th, a Wednesday.  We are awaiting on confirmation of a presentation topic for the next meeting.