Install/Remove hooks
Frédéric Pierret
frederic.pierret at qubes-os.org
Fri May 24 15:32:23 UTC 2019
On 5/24/19 5:26 PM, Alexander Larsson wrote:
> On Fri, May 24, 2019 at 5:09 PM Frédéric Pierret
> <frederic.pierret at qubes-os.org> wrote:
>> Hi all,
>>
>> Is there a way of creating pre or post actions during install/remove of
>> a flatpak?
>>
>> As an example of what I mean, taking 'yum' or 'dnf', it is possible to
>> add plugins for doing some actions after a 'dnf install somepackage'.
>> That is very useful for us in QubesOS project and as we are integrating
>> Flatpak (and further Fedora Silverblue), we are wondering if such a
>> feature is/will be available for Flatpak.
> Flatpak ships with a set of triggers in /usr/share/flatpak/triggers
> that get run when things are installed/updated. However, these are run
That's good new! :)
> in very minimal sandboxes that only have write access to the limited
> area they should write. In general we don't want downloading apps to
> run arbitrary code, as that is not a great idea security wise. For
> example if the trigger reads some file that the app installed and it
> has a security hole then you could exploit such a trigger to run
> things on the host.
>
> Can you explain in a bit more detail what it is you want to achieve?
>
We would like to trigger nothing related to the app itself but rather
our own services. In this case, it is to notify that a new 'flatpak' as
been installed. So the trigger would be to run a Qubes specific command
only, more precisely, it's what we call a 'qrexec' service.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20190524/b591abbc/attachment-0001.sig>
More information about the Flatpak
mailing list