application into a Flatpak

Slides:

Advertisements

Similar presentations

Microsoft Windows NT Embedded 4.0

Advertisements

Linux Operating System Linux is a free open-source operating system based on Unix. Linux was originally created by Linus Torvalds with the assistance of.

Fedora Linux Fedora: the (somewhat) new Linux distribution on the block. To switch or not to switch? Moreover, why use it at all? And, what is its target?

Overview Basic functions Features Installation: Windows host and Linux host.

Downloading & Installing Software Chapter 13. Maintaining the System Yum Pirut BitTiorrent Rpm Keeping Software Up To Date Up2date Red Hat Network Wget.

Linux GUI Chapter 5. Graphical User Interface GUI vs. CLI Easier and more intuitive More popular and advanced Needed for graphics, web browsing Linux.

Linux Operations and Administration

Introduction to the Atlas Platform Mobile & Pervasive Computing Laboratory Department of Computer and Information Sciences and Engineering University of.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.

Model a Container Runtime environment on Your Mac with VMware AppCatalyst VMworld Fabio Rapposelli

Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.

October, Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.

Introduction to Cloud Computing

Working with Ubuntu Linux Track 2 Workshop June 2010 Pago Pago, American Samoa.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

INFSOM-RI Juelich, 10 June 2008 ETICS - Maven From competition, to collaboration.

Installation and Development Tools National Center for Supercomputing Applications University of Illinois at Urbana-Champaign The SEASR project and its.

Linux Introduction What is Linux? How do you use it?

Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.

IT320 OPERATING SYSTEM CONCEPTS Unit 3: Welcome to Linux June 2011 Kaplan University 1.

IT320 OPERATING SYSTEM CONCEPTS Unit 3: Welcome to Linux September 2012 Kaplan University 1.

Linux Overview Why Linux ? Not-so-ancient history –Torvalds, Linus Torvalds, 002 the Helsinki University, as a student, low budget, work home –rapid and.

Docker and Container Technology

A Technical Overview Bill Branan DuraCloud Technical Lead.

Isecur1ty training center Presented by : Eng. Mohammad Khreesha.

Gorman, Stubbs, & CEP Inc. 1 Introduction to Operating Systems Lesson 8 Linux.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses. ©Copyright Network Development Group Module 01 Introduction.

Alfresco deployment with Docker Andrea Agili Software Engineer – Dr Wolf srl Tommaso Visconti DevOps – Dr Wolf srl.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Institutional Install of Red Hat Enterprise Linux From One CD In.

Course : PGClass : MCA Subject: Operating SystemSub.Code : 3CT11 Staff Name : S.SomasundaramYear & Sem : II nd & III rd.

All about Eugene Teo Linux Users' Group (Singapore) April 2006 Meeting Core 5.

Introducing Fedora Core 5 Codename: Xxxxxxxx March 18, 2006 Robert 'Bob' Jensen Fedora Ambassador Release Notes Editor-in-Chief.

Into Fedora RPM packages Lubomir Rintel Presented by Fedora Package Maintainer Creative Commons Attribution-ShareAlike license applies. Packaging Gems.

Canadian Bioinformatics Workshops

The Basics of Android App Development Sankarshan Mridha Satadal Sengupta.

Computer Technology Project

IT320 Operating System Concepts

Agenda:- DevOps Tools Chef Jenkins Puppet Apache Ant Apache Maven Logstash Docker New Relic Gradle Git.

Containers as a Service with Docker to Extend an Open Platform

Development Environment

Installation of MySQL Objectives Contents Practical Summary

What is Apertis? Apertis is a versatile open source infrastructure tailored to the automotive needs and fit for a wide variety of electronic devices.

Application Sandboxes

Where we are, where we’re goin’

Chapter 1: Introducing Linux

Rebuilding Modules and Containers

Changing the Default Updates Model

Application images and atomic updates

... Why, where we are, and how to get involved

Gnome SDK A better way to ship apps Alexander Larsson Red Hat, Inc

Drivers and the kernel UNIX system has three layers: Kernel

Containers and Virtualisation

Structure of Unix OS.

Atomic Gerard Braad FUDCon Phnom Penh 2016

Bibisect on Demand Bjoern Michaelsen

Spacewalk and Koji at Fermilab

Andrew Pruski SQL Server & Containers

More Scripting & Chapter 11

The Visible Computer Chapter 3.

Haiyan Meng and Douglas Thain

Lab #1 Install Linux & How to Build Live CD

University of Texas Rio Grande Valley Systems Administration CSCI 6175

IS3440 Linux Security Unit 4 Securing the Linux Filesystem

Chapter 2: System Structures

Innovating Out in the Open

CSE 303 Lecture 1 introduction to Linux/Unix environment

Chapter 2: The Linux System Part 1

OPS235: Lab 2 Virtual Machines – Part I

Outline Chapter 2 (cont) OS Design OS structure

Shared Hosting Workshop

Presentation transcript:

application into a Flatpak How to make your application into a Flatpak Owen Taylor Red Hat Flock 2017 August 29, 2017

The Flatpak Model

OS Init System Display Server Kernel Libraries

OS Applications as OS packages Problems: Tied update cycles Distribution specific packages No security Init System Display Server Kernel Libraries GIMP tuxkart

OS App App Init System Display Server Kernel GIMP Libraries tuxkart

OS App App Runtime Avoids duplication on disk and in memory Init System Display Server Kernel GIMP Libraries tuxkart Libraries Libraries Runtime Libraries Avoids duplication on disk and in memory Security updates in one place

OS App App Runtime App App Runtime Init System Display Server Kernel GIMP Libraries tuxkart Libraries Init System Display Server Kernel Runtime Libraries Libraries App App Scribus Libraries Chrome Libraries Runtime Libraries

Desktop Applications ✔LibreOffice ✔GIMP ✔tuxkart ✔Eclipse ✔Google Chrome ✗MariaDB ✗Wordpress ✗vi

Where do you get Flatpaks From application creators Open source projects Companies Or from Linux distributors Decentralized

Where do you get Runtimes “Upstream” runtimes org.freedesktop.Platform org.gnome.Platform org.kde.Platform Distribution runtimes org.fedoraproject.Platform

Distribution advantages Packaging of older applications Existing build recipes Security updates mechanism

Security and Permissions

Application Environment

Permissions Application Environment Network Display Server (Wayland)

(not effectively sandboxed) Application Environment (not effectively sandboxed) Network Display Server (X11) Filesystem access

Permissions Portals Application Environment Network Display Server (Wayland) File Portal Print Portal Portals Filesystem access Printing system

Portals Simple, inherently secure system services (D-Bus) Safe via user interaction Available portals File, Print, Show URI, Network Status, HTTP Proxy Config GNOME and KDE backends

Portal Demo

Flatpak Implementation Each application has it’s own Filesystem namespace Runtime is available at /usr Application and bundled libraries at /app Other kernel security features PID and UID namespaces seccomp

OSTree “git for binaries” Deduplication On disk In memory On the network Atomic updates

OCI Images Alternate way to distribute a Flatpak From Open Container Initiative (https://www.opencontainers.org/) Evolution of the Docker format Advantages: avoids lots of small files allows distribution alongside server containers

OSTree Repository OSTree Repository Docker/OCI Registry Flatpak GNOME Software

Flatpaks from Fedora Packages

Why Flatpak if you can RPM? Sandboxing Reliable upgrades without rebooting Ability to try out applications from newer/older Fedora Installation on top of Atomic Workstation

Flatpak = A module packaged into a container image

Flatpak = A (particular sort of) module packaged into a (particular sort of) container image

The big picture Modules: flatpak-runtime module One module per Flatpak application Built into OCI Images by the Fedora Layered Image Build Service Distributed via registry.fedoraproject.org

Why modules Natural way to do rebuilds of packages with – prefix=/app Increased packager flexibility Alignment with general modularity efforts No extra new infrastructure components

Fedora Infrastructure Module Build Service (MBS) – manages module builds in Koji Product Definition Center (PDC) – stores information about module builds On Demand Compose Service (ODCS) – creates yum repositories for module builds Fedora Layered Image Build Service (FLIBS) – builds containers and now flatpaks registry.fedoraproject.org – stores containers and now flatpaks

An example Flatpak Eye of GNOME Image Viewer

eog.yaml Module metadata file Describes what packages should be built And what those packages depend upon

eog.yaml document: modulemd version: 1 data: summary: Eye of GNOME Application Module description: The Eye of GNOME image viewer (eog) is the official image viewer for the GNOME desktop [...] license: module: [ MIT ] dependencies: buildrequires: flatpak-runtime: f26 base-runtime: f26 perl: f26 common-build-dependencies: f26 shared-userspace: f26 requires: profiles: default: rpms: - eog eog.yaml

eog.yaml components: rpms: eog: rationale: Core application ref: f26 buildorder: 3 exempi: rationale: Dependency buildorder: 2 libexif: glade: rationale: Build dependency for libpeas buildorder: 1 libpeas: eog.yaml

Creating eog.yaml https://pagure.io/flatpak-module-tools https://github.com/fedora-modularity/depchase Future common module tools $ flatpak-module create-modulemd \ --from-package eog -o eog.yaml

flatpak.json Has flatpak-specific metadata Describes the runtime environment

flatpak.json man flatpak-build-finish { "id": "org.gnome.eog", "runtime": "org.fedoraproject.Platform", "runtime-version": "26", "command": "eog", "tags": ["Viewer"], "finish-args": ["--filesystem=host", "--share=ipc", "--socket=x11", "--socket=wayland", "--socket=session-bus", "--filesystem=~/.config/dconf:ro", "--filesystem=xdg-run/dconf", "--talk-name=ca.desrt.dconf", "--env=DCONF_USER_CONFIG_DIR=.config/dconf"] } flatpak.json man flatpak-build-finish

Local build $ mbs-build local $ flatpak-module create-flatpak -l eog:f26 \ --module eog --info flatpak.json [ prints path to org.gnome.eog.flatpak ] $ flatpak-install --user <path_to_bundle> $ flatpak run org.gnome.eog

Koji Build (in progress) $ fedpkg clone module/eog && cd eog $ mbs-build submit $ koji-containerbuild flatpak-build candidate \ git://pkgs.fedoraproject.org/module/eog#origin/master \ --git-branch=master –module=eog:master $ flatpak remote-add –registry \ fedora-candidate candidate-registry.fedoraproject.org $ flatpak install fedora-candidate org.gnome.eog $ flatpak run org.gnome.org

Project status Building modules with prefix=/app Layered Image Build Service support for Flatpak atomic-reactor osbs-client koji-containerbuild OCI Support in docker registry (existing patch) Exporting browsing info from docker registry Installing flatpaks from a docker registry Working Working, unmerged Needs to be written

Questions? https://flatpak.org @FlatpakApps irc.freenode.net:#flatpak https://fedoraproject.org/wiki/Workstation/Flatp aks https://flatpak.org @FlatpakApps irc.freenode.net:#flatpak irc.freenode.net:#fedora-workstation