Adding plugins to a flatpak installed app?

Alexander Larsson alexl at redhat.com
Mon May 6 11:31:11 UTC 2019 

On Sat, May 4, 2019 at 9:04 AM Alec Leamas <leamas.alec at gmail.com> wrote:
>
> On 03/05/2019 11:06, Alexander Larsson wrote:
> > So, each installation (e.g. /var/lib/flatpak, and
> > ~/.local/share/flatpak as well as other customly added ones) can have
> > a subdirectory called "extension". In this directory you can create
> > directories named $ref/$arch/$branch, and the contents of that will be
> > directly visible as the content of the plugins (i.e. what would be in
> > the "files" subdirectory of the deploy dir if you installed a packaged
> > version of the plugins).
>
> Which, if I get it right, makes it possible to install plugins from outside the sandbox.
>
> But what if the application can download and install it's own plugins, like e. g. web browsers. More specifically, I'm working with opencpn (https://github.com/opencpn/opencpn) where the plan is to implement this.  This means the the application:
>
>    - Downloads and installs a tarball in user-writable paths.
>    - dlopen the plugin dynamic library.
>    - In some cases uses helper binary.
>
> What are the implications if trying to do this in the sandbox (besides an evil allow=devel override for the helper binary)?

There are two cases here.

If you download and run binaries and dlls to some directory that your
app has access to (say ~/.var/app/$id/), then there are no real
issues. If it works for you, it'll work for everyone, as the
downloaded code links against the runtime ABI which is shared by all
users. You have to be careful if you ever bump the runtime version
your app uses, or changes ABI of any bundled libraries, as you could
cause plugins to break, but that is expected.

If you want to download code and run outside the sandbox (using e.g.
HostCommand), then you're in a world of hurt. There are zero
guarantees that any ABI is stable over time or between users on the
host. In fact, you can't even rely on something as simple as glibc to
exists. For instance, a user could be using a musl based distro with
flatpak in it.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                Red Hat, Inc
       alexl at redhat.com         alexander.larsson at gmail.com

More information about the Flatpak mailing list