1FLATPAK BUILD-FINIS(1) flatpak build-finish FLATPAK BUILD-FINIS(1)
2
3
4
6 flatpak-build-finish - Finalize a build directory
7
9 flatpak build-finish [OPTION...] DIRECTORY
10
12 Finalizes a build directory, to prepare it for exporting. DIRECTORY is
13 the name of the directory.
14
15 The result of this command is that desktop files, icons and D-Bus
16 service files from the files subdirectory are copied to a new export
17 subdirectory. In the metadata file, the command key is set in the
18 [Application] group, and the supported keys in the [Environment] group
19 are set according to the options.
20
21 As part of finalization you can also specify permissions that the app
22 needs, using the various options specified below. Additionally during
23 finalization the permissions from the runtime are inherited into the
24 app unless you specify --no-inherit-permissions
25
26 You should review the exported files and the application metadata
27 before creating and distributing an application bundle.
28
29 It is an error to run build-finish on a directory that has not been
30 initialized as a build directory, or has already been finalized.
31
33 The following options are understood:
34
35 -h, --help
36 Show help options and exit.
37
38 --command=COMMAND
39 The command to use. If this option is not specified, the first
40 executable found in files/bin is used.
41
42 --require-version=MAJOR.MINOR.MICRO
43 Require this version of later of flatpak to install/update to this
44 build.
45
46 --share=SUBSYSTEM
47 Share a subsystem with the host session. This updates the [Context]
48 group in the metadata. SUBSYSTEM must be one of: network, ipc. This
49 option can be used multiple times.
50
51 --unshare=SUBSYSTEM
52 Don't share a subsystem with the host session. This updates the
53 [Context] group in the metadata. SUBSYSTEM must be one of: network,
54 ipc. This option can be used multiple times.
55
56 --socket=SOCKET
57 Expose a well-known socket to the application. This updates the
58 [Context] group in the metadata. SOCKET must be one of: x11,
59 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
60 ssh-auth. This option can be used multiple times.
61
62 The fallback-x11 option makes the X11 socket available only if
63 there is no Wayland socket. This option was introduced in 0.11.3.
64 To support older Flatpak releases, specify both x11 and
65 fallback-x11. The fallback-x11 option takes precedence when both
66 are supported.
67
68 --nosocket=SOCKET
69 Don't expose a well known socket to the application. This updates
70 the [Context] group in the metadata. SOCKET must be one of: x11,
71 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
72 ssh-auth. This option can be used multiple times.
73
74 --device=DEVICE
75 Expose a device to the application. This updates the [Context]
76 group in the metadata. DEVICE must be one of: dri, kvm, all. This
77 option can be used multiple times.
78
79 --nodevice=DEVICE
80 Don't expose a device to the application. This updates the
81 [Context] group in the metadata. DEVICE must be one of: dri, kvm,
82 all. This option can be used multiple times.
83
84 --allow=FEATURE
85 Allow access to a specific feature. This updates the [Context]
86 group in the metadata. FEATURE must be one of: devel, multiarch,
87 bluetooth, canbus. This option can be used multiple times.
88
89 The devel feature allows the application to access certain syscalls
90 such as ptrace(), and perf_event_open().
91
92 The multiarch feature allows the application to execute programs
93 compiled for an ABI other than the one supported natively by the
94 system. For example, for the x86_64 architecture, 32-bit x86
95 binaries will be allowed as well.
96
97 The bluetooth feature allows the application to use bluetooth
98 (AF_BLUETOOTH) sockets. Note, for bluetooth to fully work you must
99 also have network access.
100
101 The canbus feature allows the application to use canbus (AF_CAN)
102 sockets. Note, for this work you must also have network access.
103
104 --disallow=FEATURE
105 Disallow access to a specific feature. This updates the [Context]
106 group in the metadata. FEATURE must be one of: devel, multiarch,
107 bluetooth, canbus. This option can be used multiple times.
108
109 --filesystem=FS
110 Allow the application access to a subset of the filesystem. This
111 updates the [Context] group in the metadata. FS can be one of:
112 home, host, xdg-desktop, xdg-documents, xdg-download xdg-music,
113 xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, xdg-run,
114 xdg-config, xdg-cache, xdg-data, an absolute path, or a
115 homedir-relative path like ~/dir or paths relative to the xdg dirs,
116 like xdg-download/subdir. The optional :ro suffix indicates that
117 the location will be read-only. The optional :create suffix
118 indicates that the location will be read-write and created if it
119 doesn't exist. This option can be used multiple times.
120
121 --nofilesystem=FILESYSTEM
122 Remove access to the specified subset of the filesystem from the
123 application. This overrides to the Context section from the
124 application metadata. FILESYSTEM can be one of: home, host,
125 xdg-desktop, xdg-documents, xdg-download xdg-music, xdg-pictures,
126 xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a
127 homedir-relative path like ~/dir. This option can be used multiple
128 times.
129
130 --add-policy=SUBSYSTEM.KEY=VALUE
131 Add generic policy option. For example,
132 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
133 map to this metadata:
134
135 [Policy subsystem]
136 key=v1;v2;
137
138
139 This option can be used multiple times.
140
141 --remove-policy=SUBSYSTEM.KEY=VALUE
142 Remove generic policy option. This option can be used multiple
143 times.
144
145 --env=VAR=VALUE
146 Set an environment variable in the application. This updates the
147 [Environment] group in the metadata. This overrides to the Context
148 section from the application metadata. This option can be used
149 multiple times.
150
151 --own-name=NAME
152 Allow the application to own the well known name NAME on the
153 session bus. If NAME ends with .*, it allows the application to own
154 all matching names. This updates the [Session Bus Policy] group in
155 the metadata. This option can be used multiple times.
156
157 --talk-name=NAME
158 Allow the application to talk to the well known name NAME on the
159 session bus. If NAME ends with .*, it allows the application to
160 talk to all matching names. This updates the [Session Bus Policy]
161 group in the metadata. This option can be used multiple times.
162
163 --system-own-name=NAME
164 Allow the application to own the well known name NAME on the system
165 bus. If NAME ends with .*, it allows the application to own all
166 matching names. This updates the [System Bus Policy] group in the
167 metadata. This option can be used multiple times.
168
169 --system-talk-name=NAME
170 Allow the application to talk to the well known name NAME on the
171 system bus. If NAME ends with .*, it allows the application to talk
172 to all matching names. This updates the [System Bus Policy] group
173 in the metadata. This option can be used multiple times.
174
175 --persist=FILENAME
176 If the application doesn't have access to the real homedir, make
177 the (homedir-relative) path FILENAME a bind mount to the
178 corresponding path in the per-application directory, allowing that
179 location to be used for persistent data. This updates the [Context]
180 group in the metadata. This option can be used multiple times.
181
182 --runtime=RUNTIME, --sdk=SDK
183 Change the runtime or sdk used by the app to the specified partial
184 ref. Unspecified parts of the ref are taken from the old values or
185 defaults.
186
187 --metadata=GROUP=KEY[=VALUE]
188 Set a generic key in the metadata file. If value is left out it
189 will be set to "true".
190
191 --extension=NAME=VARIABLE[=VALUE]
192 Add extension point info. See the documentation for flatpak-
193 metadata(5) for the possible values of VARIABLE and VALUE.
194
195 --remove-extension=NAME
196 Remove extension point info.
197
198 --extension-priority=VALUE
199 Set the priority (library override order) of the extension point.
200 Only useful for extensions. 0 is the default, and higher value
201 means higher priority.
202
203 --extra-data=NAME:SHA256:DOWNLOAD-SIZE:INSTALL-SIZE:URL
204 Adds information about extra data uris to the app. These will be
205 downloaded and verified by the client when the app is installed and
206 placed in the /app/extra directory. You can also supply an
207 /app/bin/apply_extra script that will be run after the files are
208 downloaded.
209
210 --no-exports
211 Don't look for exports in the build.
212
213 --no-inherit-permissions
214 Don't inherit runtime permissions in the app.
215
216 -v, --verbose
217 Print debug information during command processing.
218
219 --ostree-verbose
220 Print OSTree debug information during command processing.
221
223 $ flatpak build-finish /build/my-app --socket=x11 --share=ipc
224
225 Exporting share/applications/gnome-calculator.desktop
226 Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
227 More than one executable
228 Using gcalccmd as command
229 Please review the exported files and the metadata
230
232 flatpak(1), flatpak-build-init(1), flatpak-build(1), flatpak-build-
233 export(1)
234
235
236
237flatpak FLATPAK BUILD-FINIS(1)