Flatpak - Complete Guide

Table of Contents

• What is Flatpak?
• Key Features
• Installation
• Basic Usage
• Application Management
• Security & Sandboxing
• Permission Management
• Advanced Features
• Troubleshooting
• Best Practices

What is Flatpak?

Flatpak is a universal package management system for Linux distributions that provides a sandboxed environment for running desktop applications. It was developed as an open-source project with strong ties to GNOME and Red Hat, offering a modern approach to software distribution that solves many traditional Linux packaging problems.

Core Concepts

• Distribution-agnostic: Works across different Linux distributions
• Sandboxed execution: Applications run in isolated environments
• Runtime dependencies: Shared libraries are bundled as runtimes
• Decentralized: Multiple repositories can be used simultaneously

Key Features

🔒 Security & Isolation

• Applications run in sandboxed environments
• Limited access to host system resources
• Granular permission control
• Protection against malicious software

📦 Universal Packaging

• Single package format works across distributions
• No dependency conflicts
• Self-contained applications with bundled dependencies
• Forward and backward compatibility

🔄 Easy Updates

• Atomic updates and rollbacks
• Delta updates for efficient bandwidth usage
• Automatic update capabilities
• Version management and downgrade support

🌐 Multiple Sources

• Flathub: Primary repository with thousands of applications
• Third-party repositories supported
• Easy addition of new software sources

Installation

Ubuntu/Debian

# Update system packages
sudo apt update && sudo apt upgrade

# Install Flatpak
sudo apt install flatpak

# Install GNOME Software plugin (optional)
sudo apt install gnome-software-plugin-flatpak

# Add Flathub repository
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

# Restart system to complete setup
sudo reboot

Fedora

# Flatpak is pre-installed on Fedora
# Add Flathub repository
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

Arch Linux

# Install Flatpak
sudo pacman -S flatpak

# Add Flathub repository
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

openSUSE

# Install Flatpak
sudo zypper install flatpak

# Add Flathub repository
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

Basic Usage

Installing Applications

From Flathub Repository

# Install an application
flatpak install flathub com.visualstudio.code

# Install with confirmation prompt
flatpak install flathub org.gimp.GIMP

# Install from URL
flatpak install https://dl.flathub.org/repo/appstream/com.spotify.Client.flatpakref

From Local Files

# Install local .flatpak or .flatpakref file
flatpak install /path/to/application.flatpakref

# Install with drag and drop to terminal
flatpak install [drag-file-here]

Running Applications

# Run an installed application
flatpak run com.visualstudio.code

# Run with additional options
flatpak run --verbose com.example.app

# Run with custom permissions
flatpak run --filesystem=home com.example.app

Listing Applications

# List all installed applications
flatpak list

# List only applications (not runtimes)
flatpak list --app

# List with detailed information
flatpak list --columns=name,application,version,branch,origin

Application Management

Searching for Applications

# Search in configured repositories
flatpak search "text editor"

# Search with specific terms
flatpak search gimp

# Show detailed information about an app
flatpak info com.visualstudio.code

Updating Applications

# Update all applications
flatpak update

# Update specific application
flatpak update com.visualstudio.code

# Check for available updates without installing
flatpak update --no-deploy

Removing Applications

# Uninstall an application
flatpak uninstall com.visualstudio.code

# Uninstall and remove user data
flatpak uninstall --delete-data com.visualstudio.code

# Remove unused runtimes and dependencies
flatpak uninstall --unused

# Force removal (use with caution)
flatpak uninstall --force-remove com.example.app

Managing Repositories

# List configured repositories
flatpak remotes

# Add a new repository
flatpak remote-add --if-not-exists myrepo https://example.com/repo.flatpakrepo

# Remove a repository
flatpak remote-delete myrepo

# Show repository information
flatpak remote-info flathub com.visualstudio.code

Security & Sandboxing

Default Sandbox Restrictions

Flatpak applications run with limited access by default:

• File System: Only access to runtime, app directory, ~/.var/app/$FLATPAK_ID, and $XDG_RUNTIME_DIR/app/$FLATPAK_ID
• Network: No network access by default
• Devices: No access to device nodes (except /dev/null, etc.)
• Processes: Cannot access processes outside the sandbox
• System: Limited system integration

Sandbox Override (Temporary)

# Grant additional filesystem access
flatpak run --filesystem=home com.example.app

# Allow network access
flatpak run --share=network com.example.app

# Allow access to host filesystem
flatpak run --filesystem=host com.example.app

# Multiple permissions
flatpak run --filesystem=home --share=network --device=dri com.example.app

Permanent Permission Changes

# Override application permissions permanently
flatpak override --filesystem=home com.example.app

# Reset permissions to default
flatpak override --reset com.example.app

# Show current overrides
flatpak override --show com.example.app

Permission Management

Using Flatseal (Graphical Tool)

Install Flatseal for easy permission management:

flatpak install flathub com.github.tchx84.Flatseal

Features:

• Visual interface for permission management
• Real-time permission changes
• Backup and restore permission sets
• Application-specific overrides

Common Permission Categories

Filesystem Access

# Home directory access
--filesystem=home

# Specific directory access
--filesystem=/path/to/directory

# Read-only access
--filesystem=/path/to/directory:ro

# Create directory if it doesn't exist
--filesystem=/path/to/directory:create

Network & Communication

# Network access
--share=network

# Inter-process communication
--share=ipc

# Session bus access
--socket=session-bus

# System bus access
--socket=system-bus

Hardware Access

# Audio system
--socket=pulseaudio

# Graphics acceleration
--device=dri

# Camera access
--device=camera

# All devices (use carefully)
--device=all

Desktop Integration

# Desktop notifications
--talk-name=org.freedesktop.Notifications

# File manager integration
--talk-name=org.freedesktop.FileManager1

# System tray access
--talk-name=org.kde.StatusNotifierWatcher

Advanced Features

Multiple Installations

# Install specific version/branch
flatpak install flathub org.gimp.GIMP//beta

# Install from different architecture
flatpak install --arch=i386 flathub com.example.app

# Install user-specific (no sudo required)
flatpak install --user flathub com.example.app

Runtime Management

# List installed runtimes
flatpak list --runtime

# Install specific runtime
flatpak install flathub org.freedesktop.Platform//22.08

# Remove unused runtimes
flatpak uninstall --unused

Application Data Management

# Show application data location
echo ~/.var/app/com.example.app

# Backup application data
tar -czf backup.tar.gz ~/.var/app/com.example.app

# Clear application data
rm -rf ~/.var/app/com.example.app

Creating Desktop Shortcuts

# Export desktop file to user directory
flatpak run --command=sh com.example.app -c 'cp /app/share/applications/*.desktop ~/.local/share/applications/'

# Create custom launcher
cat > ~/.local/share/applications/custom-app.desktop << EOF
[Desktop Entry]
Name=Custom App
Exec=flatpak run com.example.app
Icon=com.example.app
Type=Application
EOF

Troubleshooting

Common Issues & Solutions

Application Won't Start

# Run with verbose output
flatpak run --verbose com.example.app

# Check application info
flatpak info com.example.app

# Verify installation
flatpak list | grep com.example.app

Permission Denied Errors

# Check current permissions
flatpak info --show-permissions com.example.app

# Add necessary permissions
flatpak override --filesystem=home com.example.app

# Reset and reconfigure permissions
flatpak override --reset com.example.app

Storage Issues

# Check disk usage
flatpak list --columns=name,installed-size

# Clean up unused data
flatpak uninstall --unused

# Repair installation
flatpak repair

Repository Problems

# Update repository metadata
flatpak update --appstream

# Re-add problematic repository
flatpak remote-delete flathub
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

Debugging Commands

# Show detailed system information
flatpak --version && flatpak list --runtime

# Check repository status
flatpak remotes -v

# Verify application integrity
flatpak repair --dry-run

Best Practices

🔐 Security

• Review permissions: Regularly audit application permissions using Flatseal
• Minimal permissions: Grant only necessary permissions
• Trust repositories: Only add repositories from trusted sources
• Regular updates: Keep applications and runtimes updated

📁 Storage Management

• Clean unused runtimes: Regularly run flatpak uninstall --unused
• Monitor disk usage: Check application sizes before installation
• Backup user data: Important data is stored in ~/.var/app/

⚡ Performance

• Shared runtimes: Prefer applications using common runtimes
• Hardware acceleration: Enable DRI for graphics-intensive applications
• Memory consideration: Flatpak apps may use more memory due to bundled dependencies

🔧 System Integration

• Desktop environment compatibility: Some features may vary across DEs
• Theme integration: Install appropriate theme packages for consistent appearance
• Font configuration: Ensure proper font access for applications

📊 Monitoring

# Regular maintenance commands
flatpak update && flatpak uninstall --unused

# Check system health
flatpak repair --dry-run

# Monitor repository status
flatpak remotes -v

Useful Tools & Extensions

Warehouse - Flatpak Management Tool

flatpak install flathub io.github.flattool.Warehouse

• Manage installed applications
• Handle leftovers and cleanup
• Downgrade applications
• Mass operations

GNOME Software Integration

sudo apt install gnome-software gnome-software-plugin-flatpak

• Graphical app store interface
• Easy installation and removal
• Automatic updates
• User-friendly application discovery