1FLATPAK BUILD-FINIS(1) flatpak build-finish FLATPAK BUILD-FINIS(1)
2
6 flatpak-build-finish - Finalize a build directory
7
9 flatpak build-finish [OPTION...] DIRECTORY
10
12 Finalizes a build directory, to prepare it for exporting. DIRECTORY is
13 the name of the directory.
14 The result of this command is that desktop files, icons and D-Bus
16 service files from the files subdirectory are copied to a new export
17 subdirectory. In the metadata file, the command key is set in the
18 [Application] group, and the supported keys in the [Environment] group
19 are set according to the options.
20 As part of finalization you can also specify permissions that the app
22 needs, using the various options specified below. Additionally during
23 finalization the permissions from the runtime are inherited into the
24 app unless you specify --no-inherit-permissions
25 You should review the exported files and the application metadata
27 before creating and distributing an application bundle.
28 It is an error to run build-finish on a directory that has not been
30 initialized as a build directory, or has already been finalized.
31
33 The following options are understood:
34 -h, --help
36 Show help options and exit.
37 --command=COMMAND
39 The command to use. If this option is not specified, the first
40 executable found in files/bin is used.
41 Note that the command is used when the application is run via
43 flatpak run, and does not affect what gets executed when the
44 application is run in other ways, e.g. via the desktop file or
45 D-Bus activation.
46 --require-version=MAJOR.MINOR.MICRO
48 Require this version or later of flatpak to install/update to this
49 build.
50 --share=SUBSYSTEM
52 Share a subsystem with the host session. This updates the [Context]
53 group in the metadata. SUBSYSTEM must be one of: network, ipc. This
54 option can be used multiple times.
55 --unshare=SUBSYSTEM
57 Don't share a subsystem with the host session. This updates the
58 [Context] group in the metadata. SUBSYSTEM must be one of: network,
59 ipc. This option can be used multiple times.
60 --socket=SOCKET
62 Expose a well-known socket to the application. This updates the
63 [Context] group in the metadata. SOCKET must be one of: x11,
64 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
65 ssh-auth, pcsc, cups. This option can be used multiple times.
66 The fallback-x11 option makes the X11 socket available only if
68 there is no Wayland socket. This option was introduced in 0.11.3.
69 To support older Flatpak releases, specify both x11 and
70 fallback-x11. The fallback-x11 option takes precedence when both
71 are supported.
72 --nosocket=SOCKET
74 Don't expose a well known socket to the application. This updates
75 the [Context] group in the metadata. SOCKET must be one of: x11,
76 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
77 ssh-auth, pcsc, cups. This option can be used multiple times.
78 --device=DEVICE
80 Expose a device to the application. This updates the [Context]
81 group in the metadata. DEVICE must be one of: dri, kvm, shm, all.
82 This option can be used multiple times.
83 --nodevice=DEVICE
85 Don't expose a device to the application. This updates the
86 [Context] group in the metadata. DEVICE must be one of: dri, kvm,
87 shm, all. This option can be used multiple times.
88 --allow=FEATURE
90 Allow access to a specific feature. This updates the [Context]
91 group in the metadata. FEATURE must be one of: devel, multiarch,
92 bluetooth, canbus. This option can be used multiple times.
93 The devel feature allows the application to access certain syscalls
95 such as ptrace(), and perf_event_open().
96 The multiarch feature allows the application to execute programs
98 compiled for an ABI other than the one supported natively by the
99 system. For example, for the x86_64 architecture, 32-bit x86
100 binaries will be allowed as well.
101 The bluetooth feature allows the application to use bluetooth
103 (AF_BLUETOOTH) sockets. Note, for bluetooth to fully work you must
104 also have network access.
105 The canbus feature allows the application to use canbus (AF_CAN)
107 sockets. Note, for this work you must also have network access.
108 --disallow=FEATURE
110 Disallow access to a specific feature. This updates the [Context]
111 group in the metadata. FEATURE must be one of: devel, multiarch,
112 bluetooth, canbus. This option can be used multiple times.
113 --filesystem=FS
115 Allow the application access to a subset of the filesystem. This
116 updates the [Context] group in the metadata. FS can be one of:
117 home, host, xdg-desktop, xdg-documents, xdg-download, xdg-music,
118 xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, xdg-run,
119 xdg-config, xdg-cache, xdg-data, an absolute path, or a
120 homedir-relative path like ~/dir or paths relative to the xdg dirs,
121 like xdg-download/subdir. The optional :ro suffix indicates that
122 the location will be read-only. The optional :create suffix
123 indicates that the location will be read-write and created if it
124 doesn't exist. This option can be used multiple times. See the
125 "[Context] filesystems" list in flatpak-metadata(5) for details of
126 the meanings of these filesystems.
127 --nofilesystem=FILESYSTEM
129 Remove access to the specified subset of the filesystem from the
130 application. This overrides to the Context section from the
131 application metadata. FILESYSTEM can be one of: home, host,
132 xdg-desktop, xdg-documents, xdg-download, xdg-music, xdg-pictures,
133 xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a
134 homedir-relative path like ~/dir. This option can be used multiple
135 times.
136 --add-policy=SUBSYSTEM.KEY=VALUE
138 Add generic policy option. For example,
139 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
140 map to this metadata:
141 [Policy subsystem]
143 key=v1;v2;
144 This option can be used multiple times.
147 --remove-policy=SUBSYSTEM.KEY=VALUE
149 Remove generic policy option. This option can be used multiple
150 times.
151 --env=VAR=VALUE
153 Set an environment variable in the application. This updates the
154 [Environment] group in the metadata. This overrides to the Context
155 section from the application metadata. This option can be used
156 multiple times.
157 --own-name=NAME
159 Allow the application to own the well known name NAME on the
160 session bus. If NAME ends with .*, it allows the application to own
161 all matching names. This updates the [Session Bus Policy] group in
162 the metadata. This option can be used multiple times.
163 --talk-name=NAME
165 Allow the application to talk to the well known name NAME on the
166 session bus. If NAME ends with .*, it allows the application to
167 talk to all matching names. This updates the [Session Bus Policy]
168 group in the metadata. This option can be used multiple times.
169 --system-own-name=NAME
171 Allow the application to own the well known name NAME on the system
172 bus. If NAME ends with .*, it allows the application to own all
173 matching names. This updates the [System Bus Policy] group in the
174 metadata. This option can be used multiple times.
175 --system-talk-name=NAME
177 Allow the application to talk to the well known name NAME on the
178 system bus. If NAME ends with .*, it allows the application to talk
179 to all matching names. This updates the [System Bus Policy] group
180 in the metadata. This option can be used multiple times.
181 --persist=FILENAME
183 If the application doesn't have access to the real homedir, make
184 the (homedir-relative) path FILENAME a bind mount to the
185 corresponding path in the per-application directory, allowing that
186 location to be used for persistent data. This updates the [Context]
187 group in the metadata. This option can be used multiple times.
188 --runtime=RUNTIME, --sdk=SDK
190 Change the runtime or sdk used by the app to the specified partial
191 ref. Unspecified parts of the ref are taken from the old values or
192 defaults.
193 --metadata=GROUP=KEY[=VALUE]
195 Set a generic key in the metadata file. If value is left out it
196 will be set to "true".
197 --extension=NAME=VARIABLE[=VALUE]
199 Add extension point info. See the documentation for flatpak-
200 metadata(5) for the possible values of VARIABLE and VALUE.
201 --remove-extension=NAME
203 Remove extension point info.
204 --extension-priority=VALUE
206 Set the priority (library override order) of the extension point.
207 Only useful for extensions. 0 is the default, and higher value
208 means higher priority.
209 --extra-data=NAME:SHA256:DOWNLOAD-SIZE:INSTALL-SIZE:URL
211 Adds information about extra data uris to the app. These will be
212 downloaded and verified by the client when the app is installed and
213 placed in the /app/extra directory. You can also supply an
214 /app/bin/apply_extra script that will be run after the files are
215 downloaded.
216 --no-exports
218 Don't look for exports in the build.
219 --no-inherit-permissions
221 Don't inherit runtime permissions in the app.
222 -v, --verbose
224 Print debug information during command processing.
225 --ostree-verbose
227 Print OSTree debug information during command processing.
228
230 $ flatpak build-finish /build/my-app --socket=x11 --share=ipc
231 Exporting share/applications/gnome-calculator.desktop
233 Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
234 More than one executable
235 Using gcalccmd as command
236 Please review the exported files and the metadata
237
239 flatpak(1), flatpak-build-init(1), flatpak-build(1), flatpak-build-
240 export(1)
241flatpak FLATPAK BUILD-FINIS(1)