1FLATPAK BUILD-FINIS(1)       flatpak build-finish       FLATPAK BUILD-FINIS(1)
2
3
4

NAME

6       flatpak-build-finish - Finalize a build directory
7

SYNOPSIS

9       flatpak build-finish [OPTION...] DIRECTORY
10

DESCRIPTION

12       Finalizes a build directory, to prepare it for exporting.  DIRECTORY is
13       the name of the directory.
14
15       The result of this command is that desktop files, icons and D-Bus
16       service files from the files subdirectory are copied to a new export
17       subdirectory. In the metadata file, the command key is set in the
18       [Application] group, and the supported keys in the [Environment] group
19       are set according to the options.
20
21       As part of finalization you can also specify permissions that the app
22       needs, using the various options specified below. Additionally during
23       finalization the permissions from the runtime are inherited into the
24       app unless you specify --no-inherit-permissions
25
26       You should review the exported files and the application metadata
27       before creating and distributing an application bundle.
28
29       It is an error to run build-finish on a directory that has not been
30       initialized as a build directory, or has already been finalized.
31

OPTIONS

33       The following options are understood:
34
35       -h, --help
36           Show help options and exit.
37
38       --command=COMMAND
39           The command to use. If this option is not specified, the first
40           executable found in files/bin is used.
41
42       --require-version=MAJOR.MINOR.MICRO
43           Require this version of later of flatpak to install/update to this
44           build.
45
46       --share=SUBSYSTEM
47           Share a subsystem with the host session. This updates the [Context]
48           group in the metadata. SUBSYSTEM must be one of: network, ipc. This
49           option can be used multiple times.
50
51       --unshare=SUBSYSTEM
52           Don't share a subsystem with the host session. This updates the
53           [Context] group in the metadata. SUBSYSTEM must be one of: network,
54           ipc. This option can be used multiple times.
55
56       --socket=SOCKET
57           Expose a well-known socket to the application. This updates the
58           [Context] group in the metadata. SOCKET must be one of: x11,
59           wayland, fallback-x11, pulseaudio, system-bus, session-bus,
60           ssh-auth. This option can be used multiple times.
61
62           The fallback-x11 option makes the X11 socket available only if
63           there is no Wayland socket. This option was introduced in 0.11.3.
64           To support older Flatpak releases, specify both x11 and
65           fallback-x11. The fallback-x11 option takes precedence when both
66           are supported.
67
68       --nosocket=SOCKET
69           Don't expose a well known socket to the application. This updates
70           the [Context] group in the metadata. SOCKET must be one of: x11,
71           wayland, fallback-x11, pulseaudio, system-bus, session-bus,
72           ssh-auth. This option can be used multiple times.
73
74       --device=DEVICE
75           Expose a device to the application. This updates the [Context]
76           group in the metadata. DEVICE must be one of: dri, kvm, all. This
77           option can be used multiple times.
78
79       --nodevice=DEVICE
80           Don't expose a device to the application. This updates the
81           [Context] group in the metadata. DEVICE must be one of: dri, kvm,
82           all. This option can be used multiple times.
83
84       --allow=FEATURE
85           Allow access to a specific feature. This updates the [Context]
86           group in the metadata. FEATURE must be one of: devel, multiarch,
87           bluetooth, canbus. This option can be used multiple times.
88
89           The devel feature allows the application to access certain syscalls
90           such as ptrace(), and perf_event_open().
91
92           The multiarch feature allows the application to execute programs
93           compiled for an ABI other than the one supported natively by the
94           system. For example, for the x86_64 architecture, 32-bit x86
95           binaries will be allowed as well.
96
97           The bluetooth feature allows the application to use bluetooth
98           (AF_BLUETOOTH) sockets. Note, for bluetooth to fully work you must
99           also have network access.
100
101           The canbus feature allows the application to use canbus (AF_CAN)
102           sockets. Note, for this work you must also have network access.
103
104       --disallow=FEATURE
105           Disallow access to a specific feature. This updates the [Context]
106           group in the metadata. FEATURE must be one of: devel, multiarch,
107           bluetooth, canbus. This option can be used multiple times.
108
109       --filesystem=FS
110           Allow the application access to a subset of the filesystem. This
111           updates the [Context] group in the metadata. FS can be one of:
112           home, host, xdg-desktop, xdg-documents, xdg-download xdg-music,
113           xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, xdg-run,
114           xdg-config, xdg-cache, xdg-data, an absolute path, or a
115           homedir-relative path like ~/dir or paths relative to the xdg dirs,
116           like xdg-download/subdir. The optional :ro suffix indicates that
117           the location will be read-only. The optional :create suffix
118           indicates that the location will be read-write and created if it
119           doesn't exist. This option can be used multiple times.
120
121       --nofilesystem=FILESYSTEM
122           Remove access to the specified subset of the filesystem from the
123           application. This overrides to the Context section from the
124           application metadata. FILESYSTEM can be one of: home, host,
125           xdg-desktop, xdg-documents, xdg-download xdg-music, xdg-pictures,
126           xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a
127           homedir-relative path like ~/dir. This option can be used multiple
128           times.
129
130       --add-policy=SUBSYSTEM.KEY=VALUE
131           Add generic policy option. For example,
132           "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
133           map to this metadata:
134
135               [Policy subsystem]
136               key=v1;v2;
137
138
139           This option can be used multiple times.
140
141       --remove-policy=SUBSYSTEM.KEY=VALUE
142           Remove generic policy option. This option can be used multiple
143           times.
144
145       --env=VAR=VALUE
146           Set an environment variable in the application. This updates the
147           [Environment] group in the metadata. This overrides to the Context
148           section from the application metadata. This option can be used
149           multiple times.
150
151       --own-name=NAME
152           Allow the application to own the well known name NAME on the
153           session bus. If NAME ends with .*, it allows the application to own
154           all matching names. This updates the [Session Bus Policy] group in
155           the metadata. This option can be used multiple times.
156
157       --talk-name=NAME
158           Allow the application to talk to the well known name NAME on the
159           session bus. If NAME ends with .*, it allows the application to
160           talk to all matching names. This updates the [Session Bus Policy]
161           group in the metadata. This option can be used multiple times.
162
163       --system-own-name=NAME
164           Allow the application to own the well known name NAME on the system
165           bus. If NAME ends with .*, it allows the application to own all
166           matching names. This updates the [System Bus Policy] group in the
167           metadata. This option can be used multiple times.
168
169       --system-talk-name=NAME
170           Allow the application to talk to the well known name NAME on the
171           system bus. If NAME ends with .*, it allows the application to talk
172           to all matching names. This updates the [System Bus Policy] group
173           in the metadata. This option can be used multiple times.
174
175       --persist=FILENAME
176           If the application doesn't have access to the real homedir, make
177           the (homedir-relative) path FILENAME a bind mount to the
178           corresponding path in the per-application directory, allowing that
179           location to be used for persistent data. This updates the [Context]
180           group in the metadata. This option can be used multiple times.
181
182       --runtime=RUNTIME, --sdk=SDK
183           Change the runtime or sdk used by the app to the specified partial
184           ref. Unspecified parts of the ref are taken from the old values or
185           defaults.
186
187       --metadata=GROUP=KEY[=VALUE]
188           Set a generic key in the metadata file. If value is left out it
189           will be set to "true".
190
191       --extension=NAME=VARIABLE[=VALUE]
192           Add extension point info. See the documentation for flatpak-
193           metadata(5) for the possible values of VARIABLE and VALUE.
194
195       --remove-extension=NAME
196           Remove extension point info.
197
198       --extension-priority=VALUE
199           Set the priority (library override order) of the extension point.
200           Only useful for extensions. 0 is the default, and higher value
201           means higher priority.
202
203       --extra-data=NAME:SHA256:DOWNLOAD-SIZE:INSTALL-SIZE:URL
204           Adds information about extra data uris to the app. These will be
205           downloaded and verified by the client when the app is installed and
206           placed in the /app/extra directory. You can also supply an
207           /app/bin/apply_extra script that will be run after the files are
208           downloaded.
209
210       --no-exports
211           Don't look for exports in the build.
212
213       --no-inherit-permissions
214           Don't inherit runtime permissions in the app.
215
216       -v, --verbose
217           Print debug information during command processing.
218
219       --ostree-verbose
220           Print OSTree debug information during command processing.
221

EXAMPLES

223       $ flatpak build-finish /build/my-app --socket=x11 --share=ipc
224
225           Exporting share/applications/gnome-calculator.desktop
226           Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
227           More than one executable
228           Using gcalccmd as command
229           Please review the exported files and the metadata
230

SEE ALSO

232       flatpak(1), flatpak-build-init(1), flatpak-build(1), flatpak-build-
233       export(1)
234
235
236
237flatpak                                                 FLATPAK BUILD-FINIS(1)
Impressum