Adding plugins to a flatpak installed app?

Alec Leamas leamas.alec at gmail.com
Mon May 6 14:36:40 UTC 2019 

On 06/05/2019 13:31, Alexander Larsson wrote:
> On Sat, May 4, 2019 at 9:04 AM Alec Leamas <leamas.alec at gmail.com> wrote:
>>
>> On 03/05/2019 11:06, Alexander Larsson wrote:
>>> So, each installation (e.g. /var/lib/flatpak, and
>>> ~/.local/share/flatpak as well as other customly added ones) can have
>>> a subdirectory called "extension". In this directory you can create
>>> directories named $ref/$arch/$branch, and the contents of that will be
>>> directly visible as the content of the plugins (i.e. what would be in
>>> the "files" subdirectory of the deploy dir if you installed a packaged
>>> version of the plugins).
>>
>> Which, if I get it right, makes it possible to install plugins from outside the sandbox.
>>
>> But what if the application can download and install it's own plugins, like e. g. web browsers. More specifically, I'm working with opencpn (https://github.com/opencpn/opencpn) where the plan is to implement this.  This means the the application:
>>
>>    - Downloads and installs a tarball in user-writable paths.
>>    - dlopen the plugin dynamic library.
>>    - In some cases uses helper binary.
>>
>> What are the implications if trying to do this in the sandbox (besides an evil allow=devel override for the helper binary)?
> 
> There are two cases here.
> 
> If you download and run binaries and dlls to some directory that your
> app has access to (say ~/.var/app/$id/), then there are no real
> issues. If it works for you, it'll work for everyone, as the
> downloaded code links against the runtime ABI which is shared by all
> users. You have to be careful if you ever bump the runtime version
> your app uses, or changes ABI of any bundled libraries, as you could
> cause plugins to break, but that is expected.
> 
> If you want to download code and run outside the sandbox (using e.g.
> HostCommand), then you're in a world of hurt. There are zero
> guarantees that any ABI is stable over time or between users on the
> host. In fact, you can't even rely on something as simple as glibc to
> exists. For instance, a user could be using a musl based distro with
> flatpak in it.

Thanks for explanations which most likely have saved me a substantial
amount of manhours...

Cheers!
--alec

More information about the Flatpak mailing list