The Linux app sandboxing tool Flatpak 1.0 (previously known as XDG-App) has been released as their new stable release series. Flatpak packages GNOME in the main runtime, and is advocated for by at least 16 different Linux distributions.
One of the main differences between Flatpak and similar tools like Snap is that Flatpak is entirely decentralized from, for example, the Canonical store, and also Flatpak utilizes a collection of oneshot applications that perform their task and exit, instead of a daemon that runs in the background.
Flatpak is also heavily pioneering the portal design where all system access is done through a portal application that lives outside of the sandbox, something that Snap seems to be working towards support of as well.
Flatpak 1.0 is delivering faster app installations and updates and performance improvements, as well as the concept of end-of-life apps, permission improvements, and a new portal that allows apps to create sandboxes and restart themselves. Also includes is OCI bundle support enhancements, apps being able to request host SSH agent access, Bluetooth device access support, and just a whole handful of other improvements.
Here is a summary of the most notable changes in this Flatpak 1.0 release:
- Faster installation and updates.
- Applications can now be marked as end-of-life. App centers and
desktops can use this information to warn users who have an end-of-life
- Permissions now use an up-front verification model: users are
asked to confirm app permissions at install time, if an update
requires additional permissions, the user must also confirm.
- A new portal
allows apps to create sandboxes and restart themselves. This allows
applications to restart themselves after they have been updated (to
start using the new version), and to increase sandboxing for parts
of the application.
- flatpak-spawn is a new tool for running host commands (if
permissions allow) and creating new sandboxes from an app (this
uses the above portals APIs).
- Apps can now export D-Bus services for all the D-Bus names they are
privileged to own (rather than just the application ID).
- Flatpak’s support for OCI bundles has been updated to the latest
specification. Also, AppData can now be distributed through OCI
- Host TLS certificates are now exposed to applications, using
p11-kit-server. This removes a point of friction when accessing
network services in some environments.
- Apps can now request access the host SSH agent to securely access
remote servers or Git repositories.
- A new application permission can be used to grant access to
- A new fallback-x11 permission grants X11 access, but only if the
user is running in a X11 session. For applications that support
both Wayland and X11, this can be used to ensure that the app
doesn’t have unnecessary X11 access while in Wayland, but still
works in an X11 session.
- Peer-to-peer installation (via USB sticks or local network) is now
enabled and supported by default in all builds.
The Flatpak command line also introduces new commands and options, including:
- uninstall –unused automatically removes unused runtimes and
extensions (if you’ve removed all apps that depend on a runtime, or
all the apps you had depending on it have upgraded to a newer
- New info options, including –show-permissions,
–file-access, –show-location, –show-runtime, –show-sdk.
- repair – fixes broken installs by scanning for errors, removing
invalid objects and reinstalling anything that’s missing.
- permission-* – allows interaction with the portals permissions
store. This is useful for testing and for getting back to a clean
- create-usb – can be used to prepare an repository to be used as a
local updates source.
Finally, the command line has a collection of other improvements, such as:
- If –system or –user aren’t specified, one is automatically
picked if it is obvious (or it will ask if the correct option isn’t
- The install, update and uninstall commands now ask for
confirmation of changes before proceeding, in order to prevent
mistakes, and to show the required application permissions.
- The uninstall command now does not allow you to remove a runtime
if some installed application requires it.
- flatpak remove is now an alias for flatpak uninstall.
- Flatpak no longer requires a filesystem that supports xattr.
- Portals are now more cleanly separated from Flatpak, thanks to the
document portal and permission store having been moved to
xdg-desktop-portal. It is recommended that the flatpak package has
a weak dependency on xdg-desktop-portal.
- libflatpak now has a transaction API for install, update and
uninstall operations. This means that it is much easier to use as
the basis of app centers and other graphical app management
- Flatpak now sets several HTTP headers when installing applications,
which make it easier for Flatpak repositories to log things like
app download statistics and Flatpak versions in use.
- It is now recommended that Flatpak packages add a dependency on
p11-kit-server, as this allows apps to access host
certificates. However, this does not need to be a hard dependency.
- Requires bubblewrap 0.2.1 or later, and comes bundled with 0.3.0.
- Requires OSTree 2018.7.