Flatpak integration with desktop systems

The Future of Flatpak

© Lead Image © Viktor Gmyria. 123RF.com

© Lead Image © Viktor Gmyria. 123RF.com

Article from Issue 230/2020

Flatpak's development may have been prompted by container development, but its future depends on the desktop.

Alternative systems for distributing software are on the rise. In 2018, everyone was talking about Flatpak and Snap. In addition, AppImage, which does not require any basic installation, offers completely self-sufficient packages.

Flatpak [1], developed by Fedora under the leadership of Alexander Larsson, is compatible with desktop applications. It lets you package software so that the same package works on all distributions. The only requirement is a matching Flatpak runtime environment.


Flatpak, which reached version 1.0 in mid-2018, is now considered mature enough for production use. The current version is 1.50. The origin of the format dates back to 2007, when Red Hat employee Larsson was experimenting with klik [2], AppImage's predecessor. However, he did not like some of the technical details. In the same year, he released Glick, which was based on FUSE [3], due to the lack of container APIs, which had not yet been invented.

Glick 2 relied on the newly introduced kernel namespaces in 2011, which again aroused Larsson's interest in alternative packaging. Larsson published a long article on his blog explaining why he did not consider the existing packaging systems to be ideal and why he preferred bundling software. This early article already outlined the basics of OSTree [4], Atomic Host [5], and Silverblue [6].

Around 2013, kernel support for containers evolved, and Docker was launched. Larsson's task was to get Red Hat Enterprise Linux (RHEL) ready for Docker. At a Gnome hackfest in the same year, more concrete ideas on runtime, sandboxing, and the modules known as portals for controlled access to the actual system's resources were developed.

Lennart Poettering and Greg Kroah-Hartman joined Larsson in the discussion, which led to a manifesto [7], resulting in the birth of Flatpak (whose name derives from IKEA's method of flattening DIY furniture).

The project initially was dubbed xdg-app before being renamed Flatpak. This forerunner already used OSTree to download, store, and deduplicate applications. Kernel namespaces were also used to execute unprivileged containers.

Container DNA

Flatpak uses the same building blocks and mechanisms that are used in container systems such as Docker or LXC. This includes the previously mentioned function of kernel namespaces. However, the basis for Flatpaks is one or more runtime environments that provide basic functions for the Flatpaks via libraries and interpreters. In contrast to the container formats mentioned earlier, Flatpak sandboxes are unprivileged; they do not need root.

Bubblewrap [8] is used to run Flatpak applications in the user context. In principle, the software works like a chroot [9], but relies on unprivileged user namespaces [10]. A process flag also prevents the software from being granted new privileges that might allow it to break out of the sandbox.

On top of this, the developers secure the sandbox with seccomp [11]. In this way, they try to prevent potentially risky system calls from reaching the outside world. By default, the application in the sandbox is only able to write to some of the home directory's subdirectories.

Installing Software

Flatpak is now preinstalled on many distributions, with the exception of Ubuntu, which uses Snap to propagate its own variant of an alternative package system. Flatpaks are well integrated from the user's point of view: In addition to tools for the command line (Figure 1), there are now management applications for desktop environments. Software can be installed in this way in the user or system context (Figure 2).

Figure 1: In addition to Firefox installed via the filesystem, you can install a nightly build of the browser that uses its own profile. It is installed in the user context here.
Figure 2: Apps installed in the user context are connected to the system via the hidden .var/app/ folder in the home directory.

This is at least true of Gnome (Figure 3) and KDE (Figure 4). Applications for package management such as Gnome Software or Plasma Discover integrate Flatpaks and automatically display existing updates. However, there is still room for improvement here.

Figure 3: In Gnome Software, Fedora offers several apps in native format and as Flatpaks. For example, Gnome tags the Polari Flatpak as 3rd party.
Figure 4: In addition to Flatpak apps, Plasma Discover offers the basic Flatpak components for installation.

Flathub [12] is a central repository with currently more than 400 packages. Developers can post their apps here, and users can install them with a single click (Figure 5).

Figure 5: Flathub now offers over 400 applications.

Since the principle of repositories is already anchored in Flatpak's source code, creating and offering your own archives in this format requires very little overhead [13].

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Flatpak and Snap

    The new container-inspired package formats Flatpak and Snap have landed in the territory occupied by conventional Linux package systems such as RPM and Dpkg.

  • Systemd Flatpak Updates

    You can automate Flatpak updates without a package manager using systemd's services and timers.

  • Ubuntu Flatpak Remix Adds Flatpak Support Preinstalled

    If you're looking for a version of Ubuntu that includes Flatpak support out of the box, there's one clear option.

  • Parcel Service

    The traditional package management systems on Linux are now somewhat outdated, but AppImage, Flatpak, and Snap see some interesting new management systems enter the fray.

  • unsnap

    If you want to move away from Ubuntu's Snap package format, the unsnap script removes snaps from your computer and replaces them with Flatpaks where possible.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More