Provide a Flatpak package.

[RokeJulianLockhart]

What should be modified?

Please package this software for flatpak.

Why is this desirable?

Flatpak packages operate in a containerized environment. This means that minute differences in package standards across Linux distributions are eliminated by the container. Flatpak provides a basic (albeit significantly defeatable) sandbox in order to facilitate the aforementioned and provide Android/i(Pad)OS/Windows 10/11-like permission control support.

However, I implore you to read https://github.com/flatpak/flatpak-docs/blob/fa338cd763e1e50b2d8120d857f4135ef7fb935b/docs/introduction.rst#reasons-to-use-flatpak:~:text=Reasons%20to%20use%20Flatpak if you want to know why I believe that you should support this:

Reasons to use Flatpak ---------------------- Flatpak has some major advantages over most system package managers: - **Universality**: Flatpak allows applications to be installed and run on virtually any Linux distribution. This includes non-GNU distributions, systemd-free distributions, distributions with a read-only operating system (OS), and various architectures without the developer needing the relevant hardware on hand. - **Space for innovations**: Flatpak facilitates distribution maintainers to focus on their goals to innovate their distribution. - **Stability**: breakage in a Flatpak application will not risk the system from breaking. This is because Flatpak applications and runtimes are contained to not interfere with the system altogether. - **Rootless install**: elevated privileges are not required when installing a Flatpak application or a runtime. - **Sandboxed applications**: one of Flatpak's main goals is to increase the security of desktop systems by isolating applications from one another. This is achieved using sandboxing and means that, by default, applications that are run with Flatpak have limited access to the host environment. Flatpak has some major advantages over other universal approaches to distributing applications on Linux: - **Decentralized by design**: while Flatpak does provide a centralized service for distributing applications, it also allows decentralized hosting and distribution, so that application developers or downstreams can host their own applications and application repositories. - **Desktop integration**: Flatpak also offers native integration for the main Linux desktops, so that users can easily browse, install, run and use Flatpak applications through their existing desktop environment and tools. - **Space efficiency**: Flatpak deduplicates libraries and other files used by multiple applications to save megabytes or even gigabytes worth of storage depending on the amount of applications installed. - **Delta updates**: only changed files are downloaded for updates. Other benefits for developers include: - **Forward-compatibility**: the same Flatpak application can be run on different versions of the same distribution, including versions that haven't been released yet. This doesn't require any changes or management by application developers. - **Bundling**: this allows application developers to ship almost any dependency or library as part of their application. This gives complete control over which software is used to build applications. - **Consistent application environments**: because these are the same across devices, applications perform as intended. This also makes it easier to identify bugs and to do testing. - **Branches**: this allows developers to ship applications from different branches, e.g. ``stable``, ``beta``, etc. while retaining the same name. - **Maintained platforms**: called runtimes, these contain collections of dependencies, which can be used by applications, and which can take a lot of the work out of application development. In general Flatpak is best suited for desktop applications and while command line applications also work, it may not be suited in some cases: - Applications needs to elevate priviledges using ``su, sudo, pkexec`` etc. Flatpak cannot run in SUID binaries inside the sandbox. - Application needs to read ``/proc`` from host or have unfiltered access to processes. This is not allowed as Flatpak has a private proc. - Application uses a syscall that is blocklisted by Flatpak's seccomp filter. For example, Flatpak won't allow spawning sub-namespaces in the sandbox. - Kernel modules or drivers are non application packages and won't work inside a Flatpak.

I am thankful for any assistance.

[ppacher]

Hi again @BEEDELLROKEJULIANLOCKHART ,

as mentioned in #44 we are currently lacking the resources to manage multiple package repositories. We do provide installers for Debian based distros (.deb), Arch-Linux (PKGBUILD) and Windows. Flatpak is definitely something we will look into but there are also other package repos we need to check out.

[RokeJulianLockhart]

https://github.com/safing/portmaster-packaging/issues/43#issuecomment-892608263

However, @ppacher, certainly maintenance of a flatpak-packaged version shall be less work if the container is not too prohibitive. If it is too prohibitive, snap may be a useful competitor, because as is demonstrated by the instruction for installation of PowerShell at the PowerShell Snap (which is sudo snap install powershell --classic), snap-packaged software is able to be installed “classically”, as this official article describes. I have created an additional issue for packaging as snap-packages at https://github.com/safing/portmaster-packaging/issues/45#issue-961633238.

I am thankful for any assistance.

[github-actions[bot]]

This issue has been automatically marked as inactive because it has not had activity in the past two months.

If no further activity occurs, this issue will be automatically closed in one week in order to increase our focus on active topics.

[soredake]

Not stale.

[S7venLights]

I heard that Flatpaks sandbox has improved a lot and it seems to be the favoured packaging format for many distros now, certainly for immutable distros. It is also compatible with all distros, so realistically, you could only support flatpak and no further packages and be done with it.

For those with immutable Fedora OS trying to install, let me know, I can link to a script that allows Portmaster to install in a useable directory. *Edit, here's the script

[andersrh]

I heard that Flatpaks sandbox has improved a lot and it seems to be the favoured packaging format for many distros now, certainly for immutable distros. It is also compatible with all distros, so realistically, you could only support flatpak and no further packages and be done with it.

For those with immutable Fedora OS trying to install, let me know, I can link to a script that allows Portmaster to install in a useable directory.

I'm on Fedora immutable OS and would love to get a link to that script you are mentioning.

[S7venLights]

I'm on Fedora immutable OS and would love to get a link to that script you are mentioning.

Mentioned in #56 but here's a direct link