Flatpak on Slackware

A while ago, someone e-mailed me with a request to add Flatpak to my repository. At the time, I had no interest in Flatpak, had not actually bothered to investigate it, so I said “sorry, no” and dismissed it.

Still, my curiosity was piqued, because I have been having long-time struggles getting our company version of MS Teams up and running on my Slackware desktop, and Flatpak could offer resolution. I am an advocate of running natively compiled code on your Slackware OS, and the software that I am using regularly is all available in my repository as packages that have been compiled on Slackware from source. But Open Source is all about choice, and more power to you, right?
I am realistic enough to see how self-contained binary software distributions can have an appeal to people. These days, more and more new software releases are made available as AppImages, Snaps or Flatpaks. The developers won’t have to worry about maintaining friendly relationships with distro packagers who may or may not do the packaging work for them every release. In fact, distribution mechanisms like Flatpak finally place niche distros like Slackware on the same level as their more widely used brethren like Ubuntu or Mint. The Flatpak app will run on all of them, unmodified.
The downside of course, is that this bundling of a program plus all its dependencies will increase the size of the on-disk installation. A natively-compiled package relies on dynamic linking to the libraries which are provided by the OS, but the Flatpak needs to bundle its own compatible copies of all those libraries. Lean versus bloat. Convenience has its own sacrifices.
For me as a Slackware packager and coreteam member, it is more important to offer options than to be a zealot. If a tool like Flatpak brings you more joy using Slackware on your computer, who am I to deny it to you?

Bringing it to Slackware

So I dove into the available Flatpak documentation (it is very extensive!) and also I went through the Flatpak submission on SlackBuilds.org to see if there were Slackware-related challenges to be overcome. Seems like the only hairy topic may be that of getting sound out of the Flatpak and into your speakers, but so far I have not messed with audio. On first glance audio works out of the box on Slackware64-current in a Plasma5 desktop session, where I tested an Internet radio player.
I will update this article once I understand the concepts better and can share proper and fool-proof instructions.

The versions of flatpak and its dependencies found on SBo are limited by the versions of libraries in Slackware 15.0, hence you won’t find the latest version of Flatpak there. For Flatpak 1.14.0 you really need to be running Slackware-current.

It’s not just about Slackware’s own provided libraries; the external dependency requirements also changed between Flatpak 1.12 and 1.14. I use both Slackware 15.0 and -current, therefore I have built two parallel sets of packages; one for Slackware 15.0 and another for -current.
On Slackware 15.0 you’ll get appstream-glib, bubblewrap, gcab, libostree and xdg-desktop-portal-gtk to support Flatpak 1.12.0. For Slackware-current I can offer Flatpak 1.14.0 (latest release) and because it switched from requiring appstream-glib to appstream, the supporting packages on -current are: appstream, bubblewrap, libostree and xdg-desktop-portal-gtk.

Note that my ‘libostree‘ package is called ‘ostree‘ on SlackBuilds.org, but the software changed its name and I am using the new name here.

My Flatpak package registers the FlatHub repository as a system-wide remote upon installation. It also creates a ‘flatpak‘ user (with the same UID and GID numbers as reserved but not yet used by SBo). Flatpak uses this as a system helper account.

Why Flatpak at all

All the rage nowadays is to containerize applications and distribute them in a “build once, run everywhere” fashion, pretty much isolated from the host Operating System and using kernel capabilities to interact with that OS.

One example of this is Docker. I have been providing Docker packages for a while and have written an article series about setting up your private cloud server using Docker. Docker is a framework to deliver server applications via containers and it does so quite well.

But to ‘containerize’ graphical desktop applications that interact with your Slackware desktop environment – adding a desktop menu item, allowing access to your local files, and play audio? That is a whole different ball-game. For this, you have the aforementioned solutions like Flatpak, Snap or AppImage. They all are conceptually similar but have different architectural design considerations.
I have no preference for either. Prior to researching Flatpak I had not used any of them. Picking Flatpak was driven by Slackware user request, simple as that.

Flatpak runs its apps in a secure virtual ‘sandbox’ which does not require root privileges. This mitigates potential security threats.
Like with AppImage or Snap, this sandbox environment contains everything that is required to run the software. This makes it possible to build a self-contained Flatpak application and then run it on any distro transparently.

If you want to know the internals of how Flatpak works, there is a nice article here: https://docs.flatpak.org/en/latest/under-the-hood.html . Main takeaways are that Flatpak relies on OSTree as a system for versioning and distributing filesystem trees (inspired by how git maintains a repository of source code but then for binaries); Bubblewrap to allow unprivileged users to set up and run containers, using kernel features such as namespaces, bind mounts and seccomp rules, and Appstream to provide the infrastructure that allows application installers to interact with the OS in a well-defined manner.

Getting to know the commandline

Let’s play a bit with the commandline tool straight after installation and a logoff/login (or running ‘source /etc/profile.d/flatpack.sh‘.

To get details of the already configured remote repositories, run the following command:
$ flatpak remotes -d
Name    Title   URL                          Collection ID Subset Filter Priority Options … … Homepage Icon
flathub Flathub https://dl.flathub.org/repo/ -             -      -      1        system  … … https://flathub.org/ https://dl.flathub.org/repo/logo.svg
List available packages in a remote repository:
$ flatpak remote-ls | less
AuthPass    app.authpass.AuthPass       stable x86_64
BlueBubbles app.bluebubbles.BlueBubbles stable x86_64
Blurble     app.drey.Blurble            stable x86_64
Dialect     app.drey.Dialect            stable x86_64
EarTag      app.drey.EarTag             stable x86_64
KeyRack     app.drey.KeyRack            stable x86_64
Warp        app.drey.Warp               stable x86_64
Space       app.getspace.Space          stable x86_64
Lith        app.lith.Lith               stable x86_64
Will I get the same listing for my own user?
$ flatpak remote-ls --user

Actually, this command comes back empty. This is because Flatpak works in two modes: the default mode is to manage packages system-wide; but alternatively you can manage apps in your own homedirectory as well.
For Flatpak apps that are downloaded into your homedirectory location ‘~/.local/share/flatpak‘, you do not need any special privileges, you just need to add the commandline parameter “--user” to any flatpak command-line that you use.
For system-wide package installations which go into ‘/var/lib/flatpak/‘ you either run the flatpak commands as root, or else you will get a prompt to enter the root password prior to the actual download and installation.
The above listing is empty because I still need to enable the FlatHub repository for my own user (remember, the package registers that repository system-wide only).

Using flatpak as regular non-root user:

Let’s add the Flathub repository to your own user account so you can install and manage applications without the need for root’s password:

$ flatpak --user remote-add --if-not-exists flathub /etc/flatpak/remotes.d/flathub.flatpakrepo
Search for a package:
$ flatpak search minetest
Name   Description Application     ID                     Version Branch Remotes
Minet… Multiplayer infinite-world… net.minetest.Minetest  5.6.1   stable flathub
libre… a opensource tile game eng… ….celleron56.libretile 2.5     stable flathub

Sometimes when your terminal is not wide enough, it’s more readable to list only a subset of columns:

$ flatpak search minetest --columns=name,application
Name      Application ID
Minetest  net.minetest.Minetest
libretile io.gitlab.celleron56.libretile
Install a package from the flathub repository:

FlatHub is the default repo so you can omit the keyword ‘flathub‘ here, but suppose you have defined more than one repo…

$ flatpak list
  <empty>
$ flatpak install flathub Minetest
  <lots of activity...>
net.minetest.Minetest permissions:
    network     pulseaudio     x11    devices

$ flatpak list
Name        Application ID                 Version     Branch Installation
Minetest    net.minetest.Minetest          5.6.1       stable system
Freedesktop Pl… org.freedesktop.Platform   22.08.2.1   22.08  system
Mesa        …eedesktop.Platform.GL.default mesa-22.1.7 22.08  system
openh264    …freedesktop.Platform.openh264 2.1.0       2.2.0  system

As you see, not just Minetest got installed, but additionally some dependencies that were missing from my local Flatpak repository. One of the benefits of the underlying OSTree filesystem management is that a dependency which is requested by multiple apps, will only be downloaded and installed once.
Also worth pointing out that at the end of the ‘flatpak install‘ command, you’ll be notified about the permissions the app will require from your local OS and desktop environment. Minetest will want to use your network, play audio, run as a X11 graphical application and enumerate your peripherals. Remember that this is a sandboxed application, which will request these permissions outside the sandbox through kernel capabilities.

Where to go from here?

There are still kinks I have to resolve, which is why I uploaded the packages and wrote this blog article. I need your help.

I ran the above installation as my regular user and got more than 10 ‘policykit‘ popups prompting me for the root password. This is bad, and I need to find out how I can reduce this to only getting prompted once.

I can not find Minetest in my XFCE desktop menu, even though I see the file “/var/lib/flatpak/exports/share/applications/net.minetest.Minetest.desktop“. The question is: as far as I understand, appstream-glib is responsible for the desktop integration but it seems to fail. Or perhaps XFCE is not supported? In KDE Plasma5 on my slackware-current laptop an installed Flatpak app nicely integrates into the desktop menu.

And on my Slackware 15.0 machine I could not start Minetest as my regular user, and had to run it as root because of this error:

$ flatpak run net.minetest.Minetest
bwrap: Can't mount proc on /newroot/proc: Operation not permitted
error: ldconfig failed, exit status 256

There’s an old post on LQ.org which suggests that my NFS mounts or a running RPC server could cause this, but I cannot stop NFS here. Other posts suggest that user namespaces are required to get rid of the error, but Slackware already has those enabled by default:

$ zcat /proc/config.gz | grep CONFIG_USER_NS
CONFIG_USER_NS=y

When first becoming root using ‘sudo -i‘ and then running “flatpak run net.minetest.Minetest” I can get the app to start properly except for this audio related error:

ERROR[Main]: Audio: Global Initialization: Failed to open device

Any insights are welcome of course. Please post them below in the comments section and if any changes need to be made to the SlackBuilds, that’s what I will do.

Discover on KDE Plasma

For users of the Plasma desktop environment, I have added discover to my repository. Discover is a software package management tool that is part of KDE Plasma, but Slackware does not ship the application because it has no support for Slackware repositories. However it does support Flatpak, if it is compiled while Flatpak is available on the system.
So that is what I did: I built a discover package with Flatpak support.

This is how Discover presents itself after already having installed Minetest via the commandline:

There is one thing which I think is worth investigating. Flatpak’s package management is not compatible with the Slackware tools like slackpkg or pkgtools. It would be nice to manage all your software centrally, and what do you know… Discover supports not only Flatpak as backend but also PackageKit. I wonder how well PackageKit’s own Slackware backend works these days, but finding out is very low on my TODO. I leave the exercise to you, the reader.

Happy hacking, and I love to hear your usage stories!
Eric

 

26 thoughts on “Flatpak on Slackware

  1. As it happens, flatpak 1.12.7 is included in Slint 15.0 so I just installed minetest, and was asked the password every time a component was installed.

    Then “flatpak list” reported:
    Name Application ID Version Branch Installation
    Minetest net.minetest.Minetest 5.6.1 stable system
    Freedesktop Platform org.freedesktop.Platform 22.08.2.1 22.08 system
    Mesa org.freedesktop.Platform.GL.default mesa-22.1.7 22.08 system
    Intel org.freedesktop.Platform.VAAPI.Intel 22.08 system
    openh264 org.freedesktop.Platform.openh264 2.1.0 2.2.0 system

    Then as regular user:
    flatpak run net.minetest.Minetest
    Which gave:
    F: Can’t get document portal: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying
    __. __. __.
    _____ |__| ____ _____ / |_ _____ _____ / |_
    / \| |/ \ / __ \ _\/ __ \/ __> _\
    | Y Y \ | | \ ___/| | | ___/\___ \| |
    |__|_| / |___| /\______> | \______>_____/| |
    \/ \/ \/ \/ \/
    2022-10-23 20:48:27: ACTION[Main]: World at [/home/didier/.minetest/worlds/Ici]
    2022-10-23 20:48:27: ACTION[Main]: Server for gameid=”minetest” listening on 0.0.0.0:59475.
    2022-10-23 20:48:30: ACTION[Server]: singleplayer [127.0.0.1] joins game. List of players: singleplayer
    2022-10-23 20:48:52: ACTION[Server]: singleplayer activates

    So minetest started, but I dont’ get soud although no message such the one you got (sound volume @ 100£ in the minetest GUI.

    However the paucontrol sees the playback stream from minetest it it could be another issue.

    I will look at how you packaged flatpak, certainly better that I did.
    Cheers,
    Didier


  2. Pingback: Links 23/10/2022: 4MLinux 40.1 and Kirigami Addons 0.5 | Techrights

  3. Interesting stuff Eric
    Thanks for sharing.
    It’s not high on my ToDo List for not but I’ll keep it in mind because I am sure I’ll need Flatpak sooner or later.
    — kjh



  4. “I am an advocate of running natively compiled code on your Slackware OS, and the software that I am using regularly is all available in my repository as packages that have been compiled on Slackware from source. But Open Source is all about choice, and more power to you, right?”

    I agree with your comment above. Slackware is an excellent distribution of Linux. Started using Linux in mid 1990’s and I still have some the early discs of Slackware and RedHat. I have also used as a daily driver and played around with Gentoo and completed one install of LFS (Linux from scratch) which is a pretty time consuming project.

    I enjoying reading about your projects!

    🙂


  5. Flatpaks not integrating into menus and such is centered in all of the xdg-desktop-* libraries and installations. During our testing of gnome and flatpaks we ran into these same problems, and I was determined to have them fixed and working for our gnome-based things. We ran into issues with locale not being properly honored and set through GDM which in turn, followed suit into the gnome desktop once logged in. 0xBOBF ported over http://slackbuilds.org/repository/15.0/system/blocaled/ from LFS for our purposes and installation of that fixed our locale issue and just so happened to fix flatpaks showing up in desktop environments all around. I don’t have a explanation as to the why, but we believe it all stems from one thing…. systemd.


    1. Yeah, all of the ‘issues’ that I experienced are only in my XFCE environment.
      When I use Flatpak on Plasma5, everything works: no admin password pop-ups, desktop menu item are being created; sound works out of the box. But KDE properly integrates Appstream functionality into their desktop environment (https://techbase.kde.org/MetaInfo).
      I guess that for XFCE there’s a lot that still needs to be done. I will look at that blocaled for sure, thanks Jay.



  6. Hi Eric,

    I share your reluctance of using Flatpack, but I am also happy that it is in Slackware now. I used it to install RedNotebook, a great diary app that is not updated from Slackware 14.2 to 15.0 at Slackbuilds.org.

    Thanks!

    Karl


  7. Thank you, for all the good work you’ve been doing over the years. You seem to have a knack for finding the next thing that will make Slackware a more desirable distro for the masses. I think Flatpack and Discover will contribute to that.



  8. I like the combination of distro (or community) provided + locally built + self-contained binary software. Usually I compile most of the programs that are not provided by Slackware, if they are not available at a 3rdparty repository, like the ones from Eric. For the rest of them, I use self-contained binaries for those that are too time consuming too build, especially the ones that tend to fall in a dependency hell. In addition, I also install some python stuff through pip, but just because of the Spyder, which is a “good” example of a software that falls in that de(e)p-hell when trying to build it from sources.


  9. Thanks for doing this! I used it to install Lutris. I was falling into dependency hell trying to get all the Gnome-related stuff installed. Much easier this way.



  10. I sat down today with intentions to build up the latest csb files and before doing so, had cleaned my system bringing it back to a stock (-current) install. After I got xfce installed and running in a new user account, I decided to install flatpak to see if I could get apps to show up in the menus. In the end I had re-installed 9 packages related to flatpak of my custom installation (appstream, avahi, bubblewrap, flatpak, libostree, libstemmer, libxmlb, malcontent, xdg-dbus-proxy). I have flatpak setup for user accounts (because of space constraints) but after installing my test app “ungoogled-chromium”, it popped right up in the “Internet” menu of XFCE. I’m writing this message from that very app right now! My flatpak script differs from yours (I had tried yours out previously and it broke flatpak menu items for myself). My script is different from yours and the SBo one (slightly) but overall I think “xdg-dbus-proxy” is the missing piece. malcontent is a optional dep for parental controls, but xdg-dbus-proxy is needed by flatpak to operate correctly, and I noticed you don’t have it listed as a dep. My previous message mentioned blocaled, and I think that had fixed another issue in gnome, but was really unreleated to flatpak in general. I hope this helps your quest with flatpak and if you would like to scour through my (though not all written by me) scripts, they are up on github https://github.com/mac-a-r0ni/gnome_core-slackbuilds/, along with my hacks to your liveslak script to make the gnome iso I’ve been doing. I hope this information is helpful, good sir.



    1. So, looking at my flatpak packages, they have “flatpak-dbus-proxy” executable included. The xdg-dbus-proxy standalone program used to be part of flatpak code and it is still getting built into flatpak unless you would specifically disable that.
      So I was wondering why adding a separate xdg-dbus-proxy package helped you when my flatpak package already has flatpak-dbus-proxy. Then I looked at your repository and noticed this line in the flatpak.SlackBuild script: “–with-system-dbus-proxy”.
      So you are actually *not* using my flatpak package and your own build options do indeed require a separate xdg-dbus-proxy installation.
      My flatpak package does not need this.


      1. No, my apologies if I didn’t make it clear, I’m not using your package as your package actually broke flatpaks from showing up in menus (on a clean liveslak) when I tried to migrate to using it previously. So I incorporated some of your script changes into mine that I hadn’t had in there before (pre-installing repos and some other bits) and noticed that package wasn’t there. I should of looked closer at first, the slipped right past me. I just diff-ed the sources from both projects, and they turned out to be 100% identical, so you’re right after all, that likely has nothing to do with it. Still, one has to wonder. Apologies for my wild goose-chases that turn up empty-handed. Some things you just can’t explain, it seems.



  11. Hi Eric,

    I installed Flatpak this morning, made sure all dependencies were installed….Discovery works well too, I do have the issue of installed items are not placed on Menu’s. Also, installed applications don’t start at CLI or in Plasma….I must be missing something.

    Anyway, I thought I would drop a note to let you know.




    1. I just tested here (I am not a flatpak user myself) on Slackware64-current with my flatpak packages.
      I used Plasma Discover to search for and install Sauerbraten, a Quake-like first-person shooter.
      It installed, it added a menu item as well in the “Games” section.
      Flatpak apps can not simply be started from the command prompt with their own application name, you have to use flatpak for that. I needed to know what the flatpak name is for Sauerbraten, so I ran “flatpak list” and found that the command to start it from commandline would be “flatpak run org.sauerbraten.Sauerbraten”.
      If you look at the desktop menu item which gets installed into “/var/lib/flatpak/app/org.sauerbraten.Sauerbraten/current/active/export/share/applications/org.sauerbraten.Sauerbraten.desktop” you’ll see a similar commandline in that desktp file: “Exec=/usr/bin/flatpak run –branch=stable –arch=x86_64 –command=sauerbraten org.sauerbraten.Sauerbraten”.
      Sauerbraten starts here both using the desktop menu and from the commandline, it has sound (and is fun).
      Is this different for you? If so, where do your experiences diverge?


  12. Hey Eric,

    I installed Filezilla, I can run it from the command line using flatpak run org.filezillaproject.Filezilla
    But I can not find the application anywhere on the Plasma Menu, I do see it in Discover. I even tried clicking on Launch button to run the app in Discover, but nothing happens

    I see the path for the desktop menu:

    /var/lib/flatpak/app/org.filezillaproject.Filezilla/current/active/export/share/applications/org.filezillaproject.Filezilla.desktop

    File contents:
    [Desktop Entry]
    Name=FileZilla
    GenericName=FTP client
    GenericName[da]=FTP-klient
    GenericName[de]=FTP-Client
    GenericName[fr]=Client FTP
    Comment=Download and upload files via FTP, FTPS and SFTP
    Comment[da]=Download og upload filer via FTP, FTPS og SFTP
    Comment[de]=Dateien über FTP, FTPS und SFTP übertragen
    Comment[fr]=Transférer des fichiers via FTP, FTPS et SFTP
    Exec=/usr/bin/flatpak run –branch=stable –arch=x86_64 –command=filezilla org.filezillaproject.Filezilla
    Terminal=false
    Icon=org.filezillaproject.Filezilla
    Type=Application
    Categories=Network;FileTransfer;
    Version=1.0
    MimeType=x-scheme-handler/ftp;x-scheme-handler/sftp;x-scheme-handler/ftps;
    X-Flatpak-RenamedFrom=filezilla.desktop;
    X-Flatpak=org.filezillaproject.Filezilla

    Owen


  13. Hi Again,

    Well, after all that, I realized I installed and tried to run the app using Kernel 6.09 – that failed, but Filezilla does show up on the Plasma Menu and runs using Kernel 5.19.17
    And now we know the rest of the story.
    Owen


    1. I rebooted back into Kernel 6.09, and now the Menu item Filezilla shows up under the Internet Category, how inetersting.
      I went back and forth booting both Kernels, it works now for both.

      Owen


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.