mirror of
https://github.com/flatpak/flatpak.git
synced 2026-03-27 19:33:06 -04:00
612 lines
27 KiB
XML
612 lines
27 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
|
|
|
<refentry id="flatpak-build-finish">
|
|
|
|
<refentryinfo>
|
|
<title>flatpak build-finish</title>
|
|
<productname>flatpak</productname>
|
|
|
|
<authorgroup>
|
|
<author>
|
|
<contrib>Developer</contrib>
|
|
<firstname>Alexander</firstname>
|
|
<surname>Larsson</surname>
|
|
<email>alexl@redhat.com</email>
|
|
</author>
|
|
</authorgroup>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>flatpak build-finish</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>flatpak-build-finish</refname>
|
|
<refpurpose>Finalize a build directory</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>flatpak build-finish</command>
|
|
<arg choice="opt" rep="repeat">OPTION</arg>
|
|
<arg choice="plain">DIRECTORY</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>
|
|
Finalizes a build directory, to prepare it for exporting.
|
|
<arg choice="plain">DIRECTORY</arg> is the name of the directory.
|
|
</para>
|
|
<para>
|
|
The result of this command is that desktop files, icons, D-Bus service
|
|
files, and AppStream metainfo files from the <filename>files</filename>
|
|
subdirectory are copied to a new <filename>export</filename> subdirectory.
|
|
In the <filename>metadata</filename> file, the command key is set in the
|
|
[Application] group, and the supported keys in the [Environment]
|
|
group are set according to the options.
|
|
</para>
|
|
<para>
|
|
As part of finalization you can also specify permissions that the
|
|
app needs, using the various options specified below. Additionally
|
|
during finalization the permissions from the runtime are inherited
|
|
into the app unless you specify <option>--no-inherit-permissions</option>
|
|
</para>
|
|
<para>
|
|
You should review the exported files and the application metadata
|
|
before creating and distributing an application bundle.
|
|
</para>
|
|
<para>
|
|
It is an error to run build-finish on a directory that has not
|
|
been initialized as a build directory, or has already been finalized.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Options</title>
|
|
|
|
<para>The following options are understood:</para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><option>-h</option></term>
|
|
<term><option>--help</option></term>
|
|
|
|
<listitem><para>
|
|
Show help options and exit.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--command=COMMAND</option></term>
|
|
|
|
<listitem><para>
|
|
The command to use. If this option is not specified,
|
|
the first executable found in <filename>files/bin</filename>
|
|
is used.
|
|
</para><para>
|
|
Note that the command is used when the application is run
|
|
via <command>flatpak run</command>, and does not affect what
|
|
gets executed when the application is run in other ways,
|
|
e.g. via the desktop file or D-Bus activation.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--require-version=MAJOR.MINOR.MICRO</option></term>
|
|
|
|
<listitem><para>
|
|
Require this version or later of flatpak to install/update to this build.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--share=SUBSYSTEM</option></term>
|
|
|
|
<listitem><para>
|
|
Share a subsystem with the host session. This updates
|
|
the [Context] group in the metadata.
|
|
SUBSYSTEM must be one of: network, ipc.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--unshare=SUBSYSTEM</option></term>
|
|
|
|
<listitem><para>
|
|
Don't share a subsystem with the host session. This updates
|
|
the [Context] group in the metadata.
|
|
SUBSYSTEM must be one of: network, ipc.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--socket=SOCKET</option></term>
|
|
|
|
<listitem><para>
|
|
Expose a well-known socket to the application. This updates
|
|
the [Context] group in the metadata.
|
|
SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
|
|
ssh-auth, pcsc, cups, gpg-agent, inherit-wayland-socket.
|
|
This option can be used multiple times.
|
|
</para><para>
|
|
The fallback-x11 option makes the X11 socket available only if
|
|
there is no Wayland socket. This option was introduced in 0.11.3.
|
|
To support older Flatpak releases, specify both x11 and fallback-x11.
|
|
The fallback-x11 option takes precedence when both are supported.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--nosocket=SOCKET</option></term>
|
|
|
|
<listitem><para>
|
|
Don't expose a well known socket to the application. This updates
|
|
the [Context] group in the metadata.
|
|
SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
|
|
ssh-auth, pcsc, cups, gpg-agent, inherit-wayland-socket.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--device=DEVICE</option></term>
|
|
|
|
<listitem><para>
|
|
Expose a device to the application. This updates
|
|
the [Context] group in the metadata.
|
|
DEVICE must be one of: dri, input, usb, kvm, shm, all.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--nodevice=DEVICE</option></term>
|
|
|
|
<listitem><para>
|
|
Don't expose a device to the application. This updates
|
|
the [Context] group in the metadata.
|
|
DEVICE must be one of: dri, input, usb, kvm, shm, all.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--allow=FEATURE</option></term>
|
|
|
|
<listitem><para>
|
|
Allow access to a specific feature. This updates
|
|
the [Context] group in the metadata.
|
|
FEATURE must be one of: devel, multiarch, bluetooth, canbus,
|
|
per-app-dev-shm.
|
|
This option can be used multiple times.
|
|
</para><para>
|
|
The <code>devel</code> feature allows the application to
|
|
access certain syscalls such as <code>ptrace()</code>, and
|
|
<code>perf_event_open()</code>.
|
|
</para><para>
|
|
The <code>multiarch</code> feature allows the application to
|
|
execute programs compiled for an ABI other than the one supported
|
|
natively by the system. For example, for the <code>x86_64</code>
|
|
architecture, 32-bit <code>x86</code> binaries will be allowed as
|
|
well.
|
|
</para><para>
|
|
The <code>bluetooth</code> feature allows the application to
|
|
use bluetooth (AF_BLUETOOTH) sockets. Note, for bluetooth to
|
|
fully work you must also have network access.
|
|
</para>
|
|
<para>
|
|
The <code>canbus</code> feature allows the application to
|
|
use canbus (AF_CAN) sockets.
|
|
Note, for this work you must also have network access.
|
|
</para>
|
|
<para>
|
|
The <code>per-app-dev-shm</code> feature shares a single
|
|
instance of <filename>/dev/shm</filename> between the
|
|
application, any unrestricted subsandboxes that it creates,
|
|
and any other instances of the application that are
|
|
launched while it is running.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--disallow=FEATURE</option></term>
|
|
|
|
<listitem><para>
|
|
Disallow access to a specific feature. This updates
|
|
the [Context] group in the metadata.
|
|
FEATURE must be one of: devel, multiarch, bluetooth, canbus,
|
|
per-app-dev-shm.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--filesystem=FS</option></term>
|
|
|
|
<listitem><para>
|
|
Allow the application access to a subset of the filesystem.
|
|
This updates the [Context] group in the metadata.
|
|
FS can be one of: home, host, host-os, host-etc, xdg-desktop, xdg-documents, xdg-download,
|
|
xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, xdg-run,
|
|
xdg-config, xdg-cache, xdg-data, an absolute path, or a homedir-relative
|
|
path like ~/dir or paths relative to the xdg dirs, like xdg-download/subdir.
|
|
The optional :ro suffix indicates that the location will be read-only.
|
|
The optional :create suffix indicates that the location will be read-write and created if it doesn't exist.
|
|
This option can be used multiple times.
|
|
See the "[Context] filesystems" list in
|
|
<citerefentry><refentrytitle>flatpak-metadata</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for details of the meanings of these filesystems.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--nofilesystem=FILESYSTEM</option></term>
|
|
|
|
<listitem><para>
|
|
Remove access to the specified subset of the filesystem from
|
|
the application. This overrides to the Context section from the
|
|
application metadata.
|
|
FILESYSTEM can be one of: home, host, host-os, host-etc, xdg-desktop, xdg-documents, xdg-download,
|
|
xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos,
|
|
an absolute path, or a homedir-relative path like ~/dir.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--add-policy=SUBSYSTEM.KEY=VALUE</option></term>
|
|
|
|
<listitem><para>
|
|
Add generic policy option. For example, "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would map to this metadata:
|
|
<programlisting>
|
|
[Policy subsystem]
|
|
key=v1;v2;
|
|
</programlisting>
|
|
</para><para>
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--remove-policy=SUBSYSTEM.KEY=VALUE</option></term>
|
|
|
|
<listitem><para>
|
|
Remove generic policy option. This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--usb=TYPE[:DATA]</option></term>
|
|
|
|
<listitem><para>
|
|
Makes USB devices matching the query visible to the
|
|
USB portal by adding the query to the application
|
|
metadata. This does not have any effect on the
|
|
devices exposed in /dev.
|
|
<arg choice="plain">TYPE</arg> must be one of: all, cls,
|
|
dev, vnd.
|
|
</para><variablelist>
|
|
<varlistentry>
|
|
<term><option>all</option></term>
|
|
|
|
<listitem><para>
|
|
Match all devices.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>cls</option></term>
|
|
|
|
<listitem><para>
|
|
A device class and subclass query. <arg choice="plain">DATA</arg>
|
|
must be in the form of <arg choice="plain">CLASS:SUBCLASS</arg> where
|
|
both <arg choice="plain">CLASS</arg> and <arg choice="plain">SUBCLASS</arg>
|
|
must valid 2-digit hexadecimal class id numbers. Alternatively,
|
|
<arg choice="plain">SUBCLASS</arg> may be <literal>*</literal> to match
|
|
all subclasses.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>dev</option></term>
|
|
|
|
<listitem><para>
|
|
A device product id query. <arg choice="plain">DATA</arg>
|
|
must be a valid 4-character hexadecimal product id
|
|
number, for example <option>0a1b</option>. It
|
|
requires a <option>vnd</option> filter in the query.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>vnd</option></term>
|
|
|
|
<listitem><para>
|
|
A device vendor id query. <arg choice="plain">DATA</arg>
|
|
must be a valid 4-character hexadecimal vendor id number
|
|
greater than zero, for example <option>0fab</option>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist><para>
|
|
It is possible to compose multiple device queries together
|
|
with the <literal>+</literal> sign, for example
|
|
<option>--usb=vnd:0123+dev:4567</option>. The <arg choice="plain">dev</arg>
|
|
filter requires a <arg choice="plain">vnd</arg>.
|
|
Available since 1.15.11.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--nousb=TYPE[:DATA]</option></term>
|
|
|
|
<listitem><para>
|
|
Hides USB devices matching the query from the USB portal by
|
|
adding the query to the application metadata. Queries hiding
|
|
devices take precedence over queries making devices visible
|
|
(see <option>--usb</option>). The syntax is exactly equal to
|
|
<option>--usb</option>. This does not have any effect on the
|
|
devices exposed in /dev. Available since 1.15.11.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--usb-list-file=FILENAME</option></term>
|
|
|
|
<listitem><para>
|
|
Adds USB device queries to the application metadata from the file
|
|
<arg choice="plain">FILE_NAME</arg>. The line syntax is exactly
|
|
equal to <option>--usb</option>. Additionally, if it starts
|
|
with ! then the query is like for <option>--nousb</option>.
|
|
Lines sthat starts with <literal>#</literal> are ignored,
|
|
like a comment. Comments will not be persisted.
|
|
Available since 1.15.11.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--usb-list=LIST</option></term>
|
|
|
|
<listitem><para>
|
|
Adds USB device queries to the application metadata from
|
|
<arg choice="plain">LIST</arg>. The syntax is exactly equal to
|
|
<option>--usb</option> with queries separated by
|
|
<literal>;</literal>. Additionally, if the query starts with
|
|
<literal>!</literal> then the query is like for
|
|
<option>--nousb</option>. Available since 1.15.11.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--env=VAR=VALUE</option></term>
|
|
|
|
<listitem><para>
|
|
Set an environment variable in the application.
|
|
This updates the [Environment] group in the metadata.
|
|
This overrides to the Context section from the application metadata.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--unset-env=VAR</option></term>
|
|
|
|
<listitem><para>
|
|
Unset an environment variable in the application.
|
|
This updates the unset-environment entry in the [Context]
|
|
group of the metadata.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--env-fd=<replaceable>FD</replaceable></option></term>
|
|
|
|
<listitem><para>
|
|
Read environment variables from the file descriptor
|
|
<replaceable>FD</replaceable>, and set them as if
|
|
via <option>--env</option>. This can be used to avoid
|
|
environment variables and their values becoming visible
|
|
to other users.
|
|
</para><para>
|
|
Each environment variable is in the form
|
|
<replaceable>VAR</replaceable>=<replaceable>VALUE</replaceable>
|
|
followed by a zero byte. This is the same format used by
|
|
<literal>env -0</literal> and
|
|
<filename>/proc/*/environ</filename>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--own-name=NAME</option></term>
|
|
|
|
<listitem><para>
|
|
Allow the application to own the well known name <arg choice="plain">NAME</arg> on the session bus.
|
|
If <arg choice="plain">NAME</arg> ends with .*, it allows the application to own all matching names.
|
|
|
|
This updates the [Session Bus Policy] group in the metadata.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--talk-name=NAME</option></term>
|
|
|
|
<listitem><para>
|
|
Allow the application to talk to the well known name <arg choice="plain">NAME</arg> on the session bus.
|
|
If <arg choice="plain">NAME</arg> ends with .*, it allows the application to talk to all matching names.
|
|
This updates the [Session Bus Policy] group in the metadata.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--system-own-name=NAME</option></term>
|
|
|
|
<listitem><para>
|
|
Allow the application to own the well known name <arg choice="plain">NAME</arg> on the system bus.
|
|
If <arg choice="plain">NAME</arg> ends with .*, it allows the application to own all matching names.
|
|
This updates the [System Bus Policy] group in the metadata.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--system-talk-name=NAME</option></term>
|
|
|
|
<listitem><para>
|
|
Allow the application to talk to the well known name <arg choice="plain">NAME</arg> on the system bus.
|
|
If <arg choice="plain">NAME</arg> ends with .*, it allows the application to talk to all matching names.
|
|
This updates the [System Bus Policy] group in the metadata.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--persist=FILENAME</option></term>
|
|
|
|
<listitem><para>
|
|
If the application doesn't have access to the real homedir, make the (homedir-relative) path
|
|
<arg choice="plain">FILENAME</arg> a bind mount to the corresponding path in the per-application directory,
|
|
allowing that location to be used for persistent data.
|
|
This updates the [Context] group in the metadata.
|
|
This option can be used multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--runtime=RUNTIME</option></term>
|
|
<term><option>--sdk=SDK</option></term>
|
|
|
|
<listitem><para>
|
|
Change the runtime or sdk used by the app to the specified partial ref. Unspecified parts
|
|
of the ref are taken from the old values or defaults.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--metadata=GROUP=KEY[=VALUE]</option></term>
|
|
|
|
<listitem><para>
|
|
Set a generic key in the metadata file. If value is left out it will
|
|
be set to "true".
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--extension=NAME=VARIABLE[=VALUE]</option></term>
|
|
|
|
<listitem><para>
|
|
Add extension point info.
|
|
See the documentation for
|
|
<citerefentry>
|
|
<refentrytitle>flatpak-metadata</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</citerefentry>
|
|
for the possible values of
|
|
<replaceable>VARIABLE</replaceable> and <replaceable>VALUE</replaceable>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--remove-extension=NAME</option></term>
|
|
|
|
<listitem><para>
|
|
Remove extension point info.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--extension-priority=VALUE</option></term>
|
|
|
|
<listitem><para>
|
|
Set the priority (library override order) of the extension point.
|
|
Only useful for extensions. 0 is the default, and higher value means higher
|
|
priority.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--extra-data=NAME:SHA256:DOWNLOAD-SIZE:INSTALL-SIZE:URL</option></term>
|
|
|
|
<listitem><para>
|
|
Adds information about extra data uris to the app. These will be downloaded
|
|
and verified by the client when the app is installed and placed in the
|
|
<filename>/app/extra</filename> directory. You can also supply an <filename>/app/bin/apply_extra</filename> script
|
|
that will be run after the files are downloaded.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--no-exports</option></term>
|
|
|
|
<listitem><para>
|
|
Don't look for exports in the build.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--no-inherit-permissions</option></term>
|
|
|
|
<listitem><para>
|
|
Don't inherit runtime permissions in the app.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-v</option></term>
|
|
<term><option>--verbose</option></term>
|
|
|
|
<listitem><para>
|
|
Print debug information during command processing.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--ostree-verbose</option></term>
|
|
|
|
<listitem><para>
|
|
Print OSTree debug information during command processing.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Examples</title>
|
|
|
|
<para>
|
|
<command>$ flatpak build-finish /build/my-app --socket=x11 --share=ipc --usb=vnd:0fd9</command>
|
|
</para>
|
|
<programlisting>
|
|
Exporting share/applications/gnome-calculator.desktop
|
|
Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
|
|
More than one executable
|
|
Using gcalccmd as command
|
|
Please review the exported files and the metadata
|
|
</programlisting>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See also</title>
|
|
|
|
<para>
|
|
<citerefentry><refentrytitle>flatpak</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>flatpak-build-init</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>flatpak-build</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>flatpak-build-export</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
</refentry>
|