Flatpak and your distribution. Simon McVittie

Similar documents
Flatpak workshop. flatpak.org

Open Enterprise & Open Community opensuse & SLE Empowering Each Other. Richard Brown opensuse Chairman

Flatpak. Apps on the Linux desktop. Alexander Larsson Red Hat

How To Manually Install Driver Ubuntu Server On Virtualbox

Kernel driver maintenance : Upstream vs. Industry

Why and How I Switched to Flatpak for App Distribution and Development in Sandbox

Manual Of Virtualbox Additions Ubuntu Server 12.04

Why You Should Not Use Arch

Adding Applications to the GNOME Software Center

Contain your Desktop Applications with Flatpak

Problem With Windows Update Windows 7 Service Not Running

Managing build infrastructure of a Debian derivative

How to make your application into a Flatpak

Deploy Stuff, Run Stuff Jax Devops London Kris

I'm Andy Glover and this is the Java Technical Series of. the developerworks podcasts. My guest is Brian Jakovich. He is the

Structure and Config

How GNOME Obsoleted its Enable Accessibility Setting. Alejandro Piñeiro

Working with Ubuntu Linux. Track 2 Workshop June 2010 Pago Pago, American Samoa

Keeping Up With The Linux Kernel. Marc Dionne AFS and Kerberos Workshop Pittsburgh

How To Manually Install Software In Linux Mint 13 From Usb

FileWave 10 Webinar Q&A

Frédéric Crozat SUSE Linux Enterprise Release Manager

Install TeamViewer on latest Debian, Ubuntu, Fedora, CentOS Linux quick how to

How To Remove Windows Version Installer Virus With Linux

Solved How To Manually Remove Old Kernels From Ubuntu 12.04

Flatpak Documentation

Zoneminder Debian Installation Manual New. Releases >>>CLICK HERE<<<

Manually Mount Usb Device Linux Command Line Ubuntu 12.04

A Greybeard's Worst Nightmare

Drupal Command Line Instructions Windows 8.1 Setup >>>CLICK HERE<<<

Cucumber Linux Distribution

How To Install Java Manually Linux Mint 14 >>>CLICK HERE<<<

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

openqa Helping SUSE Linux Enterprise with Automated Testing Richard Brown openqa Technical Lead

Fedora Extended Life cycle Support

Using icloud's Mail rules to delete a message before you see it.

Full Stack on Wine. Create a Win-Win between Wine and thousands of Win32 open source projects. Qian Hong

How To Manually Install Software In Linux Mint 14 Alongside Windows 7

Be smart. Think open source.

Ubuntu Install Partition Server On. Virtualbox 4.3 >>>CLICK HERE<<<

Ubuntu Unleashed 2015 Updates, Installing, and Upgrading to Ubuntu 15.04

LINUX KERNEL UPDATES FOR AUTOMOTIVE: LESSONS LEARNED

Multi-Arch Layered Image Build System

Manual Install Package Rpm Linux Command Line

Who am I? I m a python developer who has been working on OpenStack since I currently work for Aptira, who do OpenStack, SDN, and orchestration

Alongside Windows 8.1

Remove Java Manual Mac Os X Lion Server Mountain

Lecture 1 Niyaz M. Salih

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

Flash Player Update Guide Windows 7 64 Bit Google Chrome

Adafruit's Raspberry Pi Lesson 1. Preparing an SD Card for your Raspberry Pi

UI, Graphics & EFL. Carsten Haitzler Principal Engineer Samsung Electronics Korea Founder/Leader Enlightenment / EFL

Introduction to Linux

Uninstalling And Manually Install Vmware Tools Ubuntu Guest

Understanding Browsers

ovirt and Docker Integration

Beyond Traditional Mobile Linux. by Carsten Stskeeps Munk, Mer project architect

Apache Manually Install Ubuntu On Windows 7 From Usb

The Embedded Linux Problem

CS197U: A Hands on Introduction to Unix

Download vm virtualbox in virtualbox.org/. How to Install OSX on Virtualbox.

Manual Update Java 7 25 Mac Windows Xp

Visual Studio 2008 Load Symbols Manually

Howto disable the iptables firewall in Linux

Introduction to Linux. Woo-Yeong Jeong Computer Systems Laboratory Sungkyunkwan University

Introduction to Linux

CLOUD COMPUTING ARTICLE. Submitted by: M. Rehan Asghar BSSE Faizan Ali Khan BSSE Ahmed Sharafat BSSE

Formal Methods of Software Design, Eric Hehner, segment 24 page 1 out of 5

Can t Believe It s Linux. a totally different and hypothetical linux distribution

Introduction to Linux

openqa Avoiding Disasters of Biblical Proportions Marita Werner QA Project Manager

P1_L3 Operating Systems Security Page 1

How does software accessibility work?

Reproducible Builds. Valerie Young (spectranaut) Linux Conf Australia 2016

Open Build Service in Debian It is impressive how much time and resources a team can save

Linked Lists. What is a Linked List?

Quality Assurance Eng., Red Hat. OpenJDK & IcedTea Pavel Tišnovský

Quality Assurance Eng., Red Hat. OpenJDK & IcedTea Pavel Tišnovský

Manual Update Ubuntu To Using Iso

Need To Find Manually Fix Package Cydia Error You Might Meaning

Q&A Session for Connect with Remedy - CMDB Best Practices Coffee Break

Genealogy Software. Table of Contents

The tools used in the development of Life Is Strange

Automatic Dependency Management for Scientific Applications on Clusters. Ben Tovar*, Nicholas Hazekamp, Nathaniel Kremer-Herman, Douglas Thain

Red Hat? Linux? 6 Server Download Free (EPUB, PDF)

Putting the open in opensuse: Community-driven KDE Development. Will Stephenson

Unikernels? Thomas [Twitter]

Ubuntu Manual Fsck Must Performed Debian

Panel discussion on Legacy codes in astrophysics

Bioshadock. O. Sallou - IRISA Nettab 2016 CC BY-CA 3.0

Linux Desktop Pocket Guide Download Free (EPUB, PDF)

Support Lifecycle Policy

Bash Shell Manually For Windows 7 Updates Sp1

Introduction to CVS. Sivan Toledo Tel-Aviv University

How To Manually Install Software In Linux Mint 14 Cinnamon Edition

============================================================================

Ubuntu Practice and Configuration Post Installation Exercises interlab at AIT Bangkok, Thailand

Itunes Manually Uninstall Windows 7 Programs From Listed

Introduction to Linux

Apache Manually Install Ubuntu Alongside Windows 8

Transcription:

Flatpak and your distribution Simon McVittie smcv@{collabora.com,debian.org} 2018-02-04

Introduction to Flatpak tl;dr edition A sandboxed app framework for desktop Linux GUI, desktop apps, as in /usr/share/applications, AppStream, app stores Sandboxed to mitigate badness 2 Portals provide user-controlled interfaces to the outside world, to keep the app useful Using the same Linux kernel entry points as OS/server/daemon containers Apps run on runtimes

Runtimes tl;dr edition Give app authors a stable platform to work on Update when they're ready A library stack with known contents and versions Updated with security/micro releases Not updated with incompatible changes A support lifetime Hey, that sounds familiar 3

Runtimes Distros devroom edition A small Linux distribution, without all the parts that app containers don't need No kernel, init, boot process No sysadmin things No dev tools (in the version users see) No apt/dpkg/rpm/ 4

What can Flatpak do for you? 5 Fig.1. Flatpack ready to be deployed Photo: 51% Studios, 2012. CC-BY-SA-2.0

New software on an old distribution For some distributions, long term stability is a virtue Debian, Ubuntu LTS, SUSE Linux Enterprise, Red Hat Enterprise Linux Users want predictability Except for the subset that they want to be newer Upstreams need to choose what they target New libraries: hard to install on older base Old libraries: app can't benefit from a newer base 6

Backports Rebuild selected software from a newer branch for an older release But then you have to choose: do you want this library to be predictable, or up to date? AbiWord uses GTK+, but so does all of GNOME GNOME uses GLib, but so does thermald 7

Flatpak for backports Build each app against the stack its maintainer recommends GNOME Builder needs latest shinies? Choose a fast-moving runtime Inkscape less so? Choose a stable runtime Apps upgrade at their own pace (within reason) There's some duplication if apps choose differently But perhaps less than you might think 8

Old software on a new distribution Some interesting software depends on obsolete libraries GNOME 2 stack SDL 1 Qt 3 or 4 Distributions don't have enough resources to maintain those libraries forever They were usually deprecated for a reason! 9

Steam games on a new distribution Valve aim to avoid dependency hell for Linux Steam games Steam Runtime: Ubuntu 12.04 library stack with selected backports No graphics stack: use the host's All Linux Steam games run in the Steam Runtime to get a somewhat predictable environment Currently a long LD_LIBRARY_PATH 10

Flatpak for forward-ports? Collabora are experimenting with running Steam games in containers flatdeb: Runtimes from Debian/Ubuntu packages (in this case the Steam Runtime) libcapsule: Decoupling graphics library dependencies from game dependencies Future goal: Run old games in the old Steam Runtime and newer games in a less-old Steam Runtime 11

Problems with forward-ports Putting libraries in a runtime doesn't make them less unmaintained Who's going to fix security vulnerabilities? Ubuntu 12.04 is EOL; LTS isn't that long Mitigation: sandboxing helps to protect you Still better than a static binary Still better than wget old-library_2012_i386.deb 12

Software not yet in your distro, on your distro We can't package everything although Debian tries The perfect is the enemy of the good? 13

At our best, maintainers matter Sometimes we do better than upstreams Security updates Avoiding regressions Being open source Not infringing copyright Sometimes a gatekeeper role is good: protecting our users from defective software 14

At our worst, maintainers get in the way Sometimes we're not adding any value to what upstream do Sometimes a gatekeeper role is harmful: restricting our users' choices for no good reason 15

Software outside your distro's scope, on your distro 16 I said Debian tries to package everything, but that was a lie Some distributions don't want to touch proprietary software Some users need proprietary software anyway We can't debug it, fix it, or know that it has your best interests in mind, so we should protect the rest of the system from it Sandboxing!

Software outside your distro's scope, on your distro Not just about freedom Some software is obscure (but maybe you need it) Some software is awful (but maybe you need it) Even if your distro won't package it, someone can (maybe you) But maybe they'll get it wrong Sandboxing mitigates accidents too 17

Flathub a reference app-store for Flatpak Reference runtimes: freedesktop.org, GNOME, KDE Upstream software, provided by upstreams Proprietary software, packaged by its author or the community Tagged with license information, so you can avoid it if you want to Downloaded on-demand if redistribution isn't allowed (extra data scripts) 18

What can you do for Flatpak? 19 Fig.2. A curated distribution of flatpack ready for download Photo: themightycondorman, 2012. CC-BY-2.0

Ship Flatpak (and friends) All this won't do your users much good if they can't install Flatpak Portals won't work very well if your users can't install them Follow upstream stable branches, or backport the latest to older distribution branches Other components are picking up Flatpak/portal support: dbus-daemon (WIP), dconf (future) 20

Runtimes this is Unix, I know this A stable library stack Versions chosen to work together Security updates applied Destabilising changes avoided Distributions have had a lot of practice at this 21

License compliance Distributions have had a lot of practice at this too flatpak-builder knows how to bundle corresponding source code Distributions can push back to upstreams, so everyone wins 22

Apps curation and QA At our best, we're domain experts on leaf packages We fix their bugs even if upstreams don't We fix their security vulnerabilities even if upstreams don't Distributions: a ready-made source of high-quality Flatpak apps? Fedora think so! 23

Fixing apps Distributions fix apps where upstreams won't or can't Don't keep it to yourself Send bug fixes upstream Send AppStream upstream (try saying that 10 times fast) If your upstream is uncooperative, try coordinating with other downstreams 24

Where shouldn't I use Flatpak? 25 Fig.3. Flatpack is unsuitable for this use-case Photo: Kinshuk Sunil, 2009. CC-BY-2.0

The OS layer Flatpak doesn't try to package OS-level services Kernel, initrd and boot init and daemons Sysadmin and privileged tools Alternatives include: Traditional package managers (dpkg, rpm) libostree 26

The desktop platform Flatpak doesn't try to package non-app software Desktop shell (GNOME Shell, Plasma) Compositor, window manager, other chrome (but not Chrome) Per-user services: dbus, dconf, portals, Flatpak Use the same mechanisms as the OS layer 27

Unix CLI tools Flatpak isn't really intended for CLI tools coreutils, sed, tar, rsync, ssh gcc, make, strace Alternatives include: Put it in the OS layer Put it in a Platform runtime Put it in an SDK runtime 28

Servers Servers aren't generally apps Web, mail, databases, continuous integration, Alternatives include: Put them in the OS layer Use a more service-oriented container technology: Docker, LXC, systemd-nspawn Put them in the cloud and hope they're somebody else's problem :-) 29

Flatpak and your distribution col.la/fosdem18flatpak Questions? We're hiring: col.la/careers

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback