1FLATPAK BUILD-FINIS(1) flatpak build-finish FLATPAK BUILD-FINIS(1)
2
6 flatpak-build-finish - Finalize a build directory
7
9 flatpak build-finish [OPTION...] DIRECTORY
10
12 Finalizes a build directory, to prepare it for exporting. DIRECTORY is
13 the name of the directory.
14 The result of this command is that desktop files, icons and D-Bus
16 service files from the files subdirectory are copied to a new export
17 subdirectory. In the metadata file, the command key is set in the
18 [Application] group, and the supported keys in the [Environment] group
19 are set according to the options.
20 As part of finalization you can also specify permissions that the app
22 needs, using the various options specified below. Additionally during
23 finalization the permissions from the runtime are inherited into the
24 app unless you specify --no-inherit-permissions
25 You should review the exported files and the application metadata
27 before creating and distributing an application bundle.
28 It is an error to run build-finish on a directory that has not been
30 initialized as a build directory, or has already been finalized.
31
33 The following options are understood:
34 -h, --help
36 Show help options and exit.
37 --command=COMMAND
39 The command to use. If this option is not specified, the first
40 executable found in files/bin is used.
41 Note that the command is used when the application is run via
43 flatpak run, and does not affect what gets executed when the
44 application is run in other ways, e.g. via the desktop file or
45 D-Bus activation.
46 --require-version=MAJOR.MINOR.MICRO
48 Require this version or later of flatpak to install/update to this
49 build.
50 --share=SUBSYSTEM
52 Share a subsystem with the host session. This updates the [Context]
53 group in the metadata. SUBSYSTEM must be one of: network, ipc. This
54 option can be used multiple times.
55 --unshare=SUBSYSTEM
57 Don't share a subsystem with the host session. This updates the
58 [Context] group in the metadata. SUBSYSTEM must be one of: network,
59 ipc. This option can be used multiple times.
60 --socket=SOCKET
62 Expose a well-known socket to the application. This updates the
63 [Context] group in the metadata. SOCKET must be one of: x11,
64 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
65 ssh-auth, pcsc, cups. This option can be used multiple times.
66 The fallback-x11 option makes the X11 socket available only if
68 there is no Wayland socket. This option was introduced in 0.11.3.
69 To support older Flatpak releases, specify both x11 and
70 fallback-x11. The fallback-x11 option takes precedence when both
71 are supported.
72 --nosocket=SOCKET
74 Don't expose a well known socket to the application. This updates
75 the [Context] group in the metadata. SOCKET must be one of: x11,
76 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
77 ssh-auth, pcsc, cups. This option can be used multiple times.
78 --device=DEVICE
80 Expose a device to the application. This updates the [Context]
81 group in the metadata. DEVICE must be one of: dri, kvm, shm, all.
82 This option can be used multiple times.
83 --nodevice=DEVICE
85 Don't expose a device to the application. This updates the
86 [Context] group in the metadata. DEVICE must be one of: dri, kvm,
87 shm, all. This option can be used multiple times.
88 --allow=FEATURE
90 Allow access to a specific feature. This updates the [Context]
91 group in the metadata. FEATURE must be one of: devel, multiarch,
92 bluetooth, canbus. This option can be used multiple times.
93 The devel feature allows the application to access certain syscalls
95 such as ptrace(), and perf_event_open().
96 The multiarch feature allows the application to execute programs
98 compiled for an ABI other than the one supported natively by the
99 system. For example, for the x86_64 architecture, 32-bit x86
100 binaries will be allowed as well.
101 The bluetooth feature allows the application to use bluetooth
103 (AF_BLUETOOTH) sockets. Note, for bluetooth to fully work you must
104 also have network access.
105 The canbus feature allows the application to use canbus (AF_CAN)
107 sockets. Note, for this work you must also have network access.
108 --disallow=FEATURE
110 Disallow access to a specific feature. This updates the [Context]
111 group in the metadata. FEATURE must be one of: devel, multiarch,
112 bluetooth, canbus. This option can be used multiple times.
113 --filesystem=FS
115 Allow the application access to a subset of the filesystem. This
116 updates the [Context] group in the metadata. FS can be one of:
117 home, host, host-os, host-etc, xdg-desktop, xdg-documents,
118 xdg-download, xdg-music, xdg-pictures, xdg-public-share,
119 xdg-templates, xdg-videos, xdg-run, xdg-config, xdg-cache,
120 xdg-data, an absolute path, or a homedir-relative path like ~/dir
121 or paths relative to the xdg dirs, like xdg-download/subdir. The
122 optional :ro suffix indicates that the location will be read-only.
123 The optional :create suffix indicates that the location will be
124 read-write and created if it doesn't exist. This option can be used
125 multiple times. See the "[Context] filesystems" list in flatpak-
126 metadata(5) for details of the meanings of these filesystems.
127 --nofilesystem=FILESYSTEM
129 Remove access to the specified subset of the filesystem from the
130 application. This overrides to the Context section from the
131 application metadata. FILESYSTEM can be one of: home, host,
132 host-os, host-etc, xdg-desktop, xdg-documents, xdg-download,
133 xdg-music, xdg-pictures, xdg-public-share, xdg-templates,
134 xdg-videos, an absolute path, or a homedir-relative path like
135 ~/dir. This option can be used multiple times.
136 --add-policy=SUBSYSTEM.KEY=VALUE
138 Add generic policy option. For example,
139 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
140 map to this metadata:
141 [Policy subsystem]
143 key=v1;v2;
144 This option can be used multiple times.
147 --remove-policy=SUBSYSTEM.KEY=VALUE
149 Remove generic policy option. This option can be used multiple
150 times.
151 --env=VAR=VALUE
153 Set an environment variable in the application. This updates the
154 [Environment] group in the metadata. This overrides to the Context
155 section from the application metadata. This option can be used
156 multiple times.
157 --unset-env=VAR
159 Unset an environment variable in the application. This updates the
160 unset-environment entry in the [Context] group of the metadata.
161 This option can be used multiple times.
162 --env-fd=FD
164 Read environment variables from the file descriptor FD, and set
165 them as if via --env. This can be used to avoid environment
166 variables and their values becoming visible to other users.
167 Each environment variable is in the form VAR=VALUE followed by a
169 zero byte. This is the same format used by env -0 and
170 /proc/*/environ.
171 --own-name=NAME
173 Allow the application to own the well known name NAME on the
174 session bus. If NAME ends with .*, it allows the application to own
175 all matching names. This updates the [Session Bus Policy] group in
176 the metadata. This option can be used multiple times.
177 --talk-name=NAME
179 Allow the application to talk to the well known name NAME on the
180 session bus. If NAME ends with .*, it allows the application to
181 talk to all matching names. This updates the [Session Bus Policy]
182 group in the metadata. This option can be used multiple times.
183 --system-own-name=NAME
185 Allow the application to own the well known name NAME on the system
186 bus. If NAME ends with .*, it allows the application to own all
187 matching names. This updates the [System Bus Policy] group in the
188 metadata. This option can be used multiple times.
189 --system-talk-name=NAME
191 Allow the application to talk to the well known name NAME on the
192 system bus. If NAME ends with .*, it allows the application to talk
193 to all matching names. This updates the [System Bus Policy] group
194 in the metadata. This option can be used multiple times.
195 --persist=FILENAME
197 If the application doesn't have access to the real homedir, make
198 the (homedir-relative) path FILENAME a bind mount to the
199 corresponding path in the per-application directory, allowing that
200 location to be used for persistent data. This updates the [Context]
201 group in the metadata. This option can be used multiple times.
202 --runtime=RUNTIME, --sdk=SDK
204 Change the runtime or sdk used by the app to the specified partial
205 ref. Unspecified parts of the ref are taken from the old values or
206 defaults.
207 --metadata=GROUP=KEY[=VALUE]
209 Set a generic key in the metadata file. If value is left out it
210 will be set to "true".
211 --extension=NAME=VARIABLE[=VALUE]
213 Add extension point info. See the documentation for flatpak-
214 metadata(5) for the possible values of VARIABLE and VALUE.
215 --remove-extension=NAME
217 Remove extension point info.
218 --extension-priority=VALUE
220 Set the priority (library override order) of the extension point.
221 Only useful for extensions. 0 is the default, and higher value
222 means higher priority.
223 --extra-data=NAME:SHA256:DOWNLOAD-SIZE:INSTALL-SIZE:URL
225 Adds information about extra data uris to the app. These will be
226 downloaded and verified by the client when the app is installed and
227 placed in the /app/extra directory. You can also supply an
228 /app/bin/apply_extra script that will be run after the files are
229 downloaded.
230 --no-exports
232 Don't look for exports in the build.
233 --no-inherit-permissions
235 Don't inherit runtime permissions in the app.
236 -v, --verbose
238 Print debug information during command processing.
239 --ostree-verbose
241 Print OSTree debug information during command processing.
242
244 $ flatpak build-finish /build/my-app --socket=x11 --share=ipc
245 Exporting share/applications/gnome-calculator.desktop
247 Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
248 More than one executable
249 Using gcalccmd as command
250 Please review the exported files and the metadata
251
253 flatpak(1), flatpak-build-init(1), flatpak-build(1), flatpak-build-
254 export(1)
255flatpak FLATPAK BUILD-FINIS(1)