Flatpak: A Containerized Approach to Developing Linux Applications
Containers are becoming increasingly popular in the enterprise world, which has come to realize that containers not only solve many problems, but also bring agility, scalability, and other benefits to the IT infrastructure. This idea is now trickling down to the desktop world.
Canonical gets much of the credit for creating buzz around a container-like approach toward apps with the announcement of Click, which later evolved into Snap. But the fact is there have been many efforts to bring such a solution to the desktop world. Projects like Klik (which evolved into AppImage in 2014), for example, have been around for more than 12 years now. Alexander Larsson, a Red Hat developer, has been playing with the idea of a distro-agnostic, self-contained application packaging and delivery solution since 2007.
It’s interesting that none of these technologies gained any traction or mindset in their early days. They largely remained unnoticed. Thanks to the success of Docker containers; however, there is a renewed interest in such technologies.
Allan Day and Alexander Larsson, who are involved with Flatpak, said in an interview, “The way we see it, Docker exploded because it solved real, fundamental issues with the way that server technologies are developed and deployed.”
The co-founder of CoreOS, Brandon Philips, once told me in an interview that containers are the future of apps on Linux. And, while the enterprise world has embraced containers, companies like Google are bringing it to the consumer world. Google is using Linux containers to run Android apps to Chrome OS. It’s already here, the desktop Linux world has to catch up with it.
“With Flatpak, we are aiming to do the same thing for desktop applications. The interest we've seen in Flatpak hopefully shows that we're on the right track: app developers are interested because Flatpak solves real problems that they're facing,” Day and Larsson said.
The primary goal of Flatpak is ease of distribution for apps and more control for application developers. “We want the Linux desktop to be a single platform that developers can easily target and we want them to be able to build and release their apps the way they want, according to their schedule and not someone else's. And if we solve that problem, we think it will mean a lot more desktop apps being available,” they said.
Flatpak allows developers to look at Linux as “one” platform, not only among different distributions that use different package formats but also among different versions of the same distributions.
With Flatpak, developers can package their app to run on “any” Linux distribution. Flatpak removes the distro as a middleman. In the current state of affairs, developers must go through the mechanism that distributions have set up to get their apps to users. This causes delays because, unless the apps are tested against the distributions, app maintainers won’t make them available to users.
Another problem to solve is that of dependencies. Developers can’t use the latest libraries or frameworks to make their app more efficient or add new features if those libraries or dependencies are not available for the current version of the distro. Flatpak allows developers to use latest packages to build their apps and run on any distro without having to worry about underneath layers.
The way Flatpak solves these problem is by using shared platforms, which are called runtimes. “These contain a lot of the libraries required by apps and they are produced by the major desktop platforms, so you get GNOME runtime and KDE runtimes, for example. One of the key things about runtimes is that they can be installed in parallel, so the GNOME 3.18 runtime can coexist with the GNOME 3.20 runtime, and you can have different apps on your system using different runtimes,” said the developers.
This also offers forward compatibility: an app will never break because something changed in your distro, and app developers get to choose when to change their dependencies, rather than having those changes forced on them by distributions.
The other main concept is bundling. “If an app wants to use a library that isn't provided by the runtime it's using, or if it wants to use a different version of the library, or a even modified version, then it can be included as a part of the app. The point of this is to give complete freedom and control to app developers: they get to use whatever dependencies they want, when they want, and they can be confident that their app will always work. That's a massive change from the current Linux distribution model,” said Day/Larsson.
The developers added that although Flatpak allows apps to bundle their own dependencies, a lot of dependencies are also provided by platforms that are separate from the apps. “As a result it dramatically reduces the number of libraries that application developers have to bundle. This means less work for app developers and it also results in smaller apps,” they said.
Day and Larsson said this approach not only makes makes developers' lives easier but also results in more secure apps, because the libraries are maintained by specialists who are experienced at doing that.
Secure by design
Security is central to Flatpak, the developers explained. “It's something that has been designed into it from the very beginning.” Some pieces are missing to complete the security picture, however, the developers are working on it. X.org, for example, has known security issues, so unless Wayland becomes mainstream, even Flatpak won’t offer the kind of security you would expect from Linux systems. “Under X.org, Flatpak still gives you greater security compared to without it, and Flatpak apps have access to less stuff on your system whether you're using X.org or Wayland.”
Sandboxing apps is not a piece of cake. While you have to isolate your app from the rest of the system, you also need to access data created or stored by other apps. You also need access to hardware components. “We should also mention that sandboxing requires other changes down the stack,” said Day and Larsson. “There needs to be a video stream processing system for accessing webcam devices, and there needs to be a way for sandboxed apps to store passwords, for example. It's a major effort that we are driving forward, which other projects will be able to benefit from.”
The Flatpak developers are not approaching the solution in complete isolation. According to them, they are taking the best aspects of the distribution model, which have been tried and tested and which they know to work, and they are combining them with bundling and containerization.
Flatpak vs. Snap
There is a healthy competition between the two projects and, according to Day/Larsson, “There are obviously technological differences, each of which have pros and cons. The ones I'd pick up on is de-duplication of identical files and delta updates, which means that download sizes are smaller and disk space is used more efficiently.”
Aside from those technical details, there are two major differences. The first is cross-distro support. “[Flatpak] only uses generic technologies that are generally available in all distributions. It doesn't require any changes to distros. Anyone can use Flatpak to set up a repository or build an app center. Snappy is different. It uses AppArmor, which isn't used universally. It requires changes to the distro; SELinux must be disabled, for example. Each app is required to bundle parts of Ubuntu. There's no concept of an upstream platforms that apps can use.” according to the developers.
Michael Hall of Canonical said there are some components of Snaps that are tied to Ubuntu, but they are working on decoupling Snap from Ubuntu to achieve full cross-distro support. They have already decoupled many components.
The second major difference is the idea of having runtimes that are maintained by platform developers and aren't bundled as a part of apps, said the Flatpak developers. “This cuts down on the size of apps, reduces the amount of work for app developers, and ensures that security updates happen faster and more reliably. In Snappy everything has to be bundled as a part of the app.”
The wider adoption
There are many projects aiming for a similar solution, but Flatpak and Snap seem to be the ones that are gaining mindshare. Fedora has already put its weight behind Flatpak, and Snap has Ubuntu backing.
Which of the two will get wider adoption depends on two factors: technological and political. “One important point to make here is that Flatpak doesn't require changes to the underlying distribution,” said Day/Larsson. “There's no special configuration or lots of dependencies: all a distro needs to do to adopt Flatpak is include the package. Cross-distro support was a design goal from the very beginning, and it shows.”
In the real world, some projects like LibreOffice and Pitivi are already offering Flatpak for their apps. But the developers are realistic. “There's a lot of excitement and community interest, but it's probably fair to say that Flatpak isn't quite at the point of being a complete solution. We're not far away though, and once we pass that mark we're confident that we'll see things pick up even further,” they said.
With realism comes optimism. “As far as adoption is concerned, we believe that Flatpak is extremely compelling: it's solving basic problems the Linux desktop has had since the very beginning. The basic value proposition is there. The goal now is to make it as easy to access and use as possible. That means great tooling for app developers, great documentation, great integration into the desktop. We already have a lot of that. Once it's all in place, we're hopeful that we'll start to see more apps and, resulting from that, distro adoption,” Day and Larsson said.