Skip to content

zaclegarssure/flathub-rebuilder

Repository files navigation


Flathub-rebuilder
Flatpak Rebuilder

A CLI tool to verify a flatpak locally by using reproducible builds.

Key FeaturesInstallationUsage

Key Features

  • Recreate a flatpak from flathub just by it's name.
  • Support custom flatpak installation, to avoid breaking your main install.
  • Pipe the result to diffoscope and capture a few statistics, useful for analysis.

Installation

This program is built using the poetry python dependency management tool. Once installed you simply clone the repo and run the following:

# Install dependencies
$ poetry install

# Run
$ poetry run flatpak-rebuilder <remote> <package>

You can also use poetry shell to spawn a shell in the local install and run the commands without poetry run.

If you want to use a custom installation, here is how you can create one. Make sure this directory exist:

$ sudo mkdir -p /etc/flatpak/installations.d

Each custom installation has it's own config file ending in .conf in this directory. You need to create one with root privileges, for instance with the following content:

$ cat /etc/flatpak/installations.d/rebuilder.conf
[Installation "rebuilder"]
Path=/home/<username>/flatpak-rebuilder-install/
DisplayName=Flatpak rebuilder installation
StorageType=harddisk

The above installation will be located in ~/flatpak-rebuilder-install/. See the flatpak documentation or their tips and tricks page to learn more. One issue is that custom installations are system wide, meaning that you will be asked for root permission while running the script. By default it will use the user installation, which does not require any other privilege.

The script will setup the flathub and flathub-beta remotes for you, if not already set up.

Usage

It works in the same way flatpak install does, namely by providing the name of the package to rebuild. The following options are valid:

  • --commit=COMMIT The commit number of the package to rebuild, if you want to rebuild an older version.
  • --installation=INSTALLATION The name of the flatpak installation to use.
  • --interactive If set, will run the commands without the --noninteractive flag, which will ask you if you want to install the dependencies.

Here is an example:

$ flatpak-rebuilder org.gnome.Dictionary --installation=rebuilder --interactive

This will create the org.gnome.Dictionary directory, with build and repo sub-directories that contains the rebuild and an ostree repo of the rebuild, the original and rebuild version of the programs are both checkout in the same directory, at <package-name>.original and <package-name>.rebuild.

Be aware that this requires root privileges at certain moment in order to downgrade packages, except if you use the user install.

Security

Even though the build is run in a sandbox, it will still run basically arbitrary code, so make sure to check what's written in the manifest file of the program you are about to rebuild, to decide if it can be trusted or not. Or just run things in a Docker or a VM.

About

A tool to reproduce a flatpak from flathub

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages