flatpak in debian BoF sat august 12 2017 introduction to flatpak (1' version of earlier talk, see slides/video): sandbox app framework, apps ~=: leaf packages, user facing guis, like smartphone apps. apps are installable system-wide or per-user (and app doesn't know). apps are sandboxed and have limited view of filesystem. portals are a mechanism to let apps escalate privileges (eg. gui app can use a portal to make the environment show an "open file" dialogue, and only the opened file is made available). flatpak has a concept of runtimes. the app sees its own runtime (which eg. contains a gtk), which is chosen by the app. runtime is similar to a copy of /usr. example runtimes are the freedesktop.org reference runtime (small-ish functionality for simple apps), others are the gnome runtime. There are 3 layers: The host environment, the runtime (/usr), and the app (/app). The runtimes don't have own dependencies; the gnome runtime appears to fully duplicate the freedesktop runtime, but libostree helps deduplicate those (so runtimes can save the 150MB of space from fdo). Security updates trigger updates in "both" runtimes. Application: Steam. Tricky part: Want to use the host system's 3D drivers (beause they might be needed to support new hardware, or old one because support was dropped or has regressions). So kernel driver, X driver and libgl should be in lockstep (which is required for nvidia). (workaround: libcapsule) Ad flatpak in Debian: How can we make this usable to Debian users with Debian properties (DFSG, security support, architecture coverage)? We could enable flathub (but not built by us, not DFSG checked, contains tagged nonfree software, which might not line up with DFSG). This would delegate both freeness checking and library packaging, and is not self-contained. "It's a better backports than backports". Does not need an upgrade path, does not need to be a package is suitable for the next stable release, is unaffected by transitions, and even if it needs backported libraries like GTK, they don't destabilize the desktop environment. Can and/or should we build flatpaks on buildd infrastructure? Probably not - not everything is shaped like a package (we don't build live-CD images or Docker images on buildds either).