1FLATPAK BUILD-FINIS(1) flatpak build-finish FLATPAK BUILD-FINIS(1)
2
6 flatpak-build-finish - Finalize a build directory
7
9 flatpak build-finish [OPTION...] DIRECTORY
10
12 Finalizes a build directory, to prepare it for exporting. DIRECTORY is
13 the name of the directory.
14 The result of this command is that desktop files, icons and D-Bus
16 service files from the files subdirectory are copied to a new export
17 subdirectory. In the metadata file, the command key is set in the
18 [Application] group, and the supported keys in the [Environment] group
19 are set according to the options.
20 As part of finalization you can also specify permissions that the app
22 needs, using the various options specified below. Additionally during
23 finalization the permissions from the runtime are inherited into the
24 app unless you specify --no-inherit-permissions
25 You should review the exported files and the application metadata
27 before creating and distributing an application bundle.
28 It is an error to run build-finish on a directory that has not been
30 initialized as a build directory, or has already been finalized.
31
33 The following options are understood:
34 -h, --help
36 Show help options and exit.
37 --command=COMMAND
39 The command to use. If this option is not specified, the first
40 executable found in files/bin is used.
41 Note that the command is used when the application is run via
43 flatpak run, and does not affect what gets executed when the
44 application is run in other ways, e.g. via the desktop file or
45 D-Bus activation.
46 --require-version=MAJOR.MINOR.MICRO
48 Require this version or later of flatpak to install/update to this
49 build.
50 --share=SUBSYSTEM
52 Share a subsystem with the host session. This updates the [Context]
53 group in the metadata. SUBSYSTEM must be one of: network, ipc. This
54 option can be used multiple times.
55 --unshare=SUBSYSTEM
57 Don't share a subsystem with the host session. This updates the
58 [Context] group in the metadata. SUBSYSTEM must be one of: network,
59 ipc. This option can be used multiple times.
60 --socket=SOCKET
62 Expose a well-known socket to the application. This updates the
63 [Context] group in the metadata. SOCKET must be one of: x11,
64 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
65 ssh-auth, pcsc, cups. This option can be used multiple times.
66 The fallback-x11 option makes the X11 socket available only if
68 there is no Wayland socket. This option was introduced in 0.11.3.
69 To support older Flatpak releases, specify both x11 and
70 fallback-x11. The fallback-x11 option takes precedence when both
71 are supported.
72 --nosocket=SOCKET
74 Don't expose a well known socket to the application. This updates
75 the [Context] group in the metadata. SOCKET must be one of: x11,
76 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
77 ssh-auth, pcsc, cups. This option can be used multiple times.
78 --device=DEVICE
80 Expose a device to the application. This updates the [Context]
81 group in the metadata. DEVICE must be one of: dri, kvm, shm, all.
82 This option can be used multiple times.
83 --nodevice=DEVICE
85 Don't expose a device to the application. This updates the
86 [Context] group in the metadata. DEVICE must be one of: dri, kvm,
87 shm, all. This option can be used multiple times.
88 --allow=FEATURE
90 Allow access to a specific feature. This updates the [Context]
91 group in the metadata. FEATURE must be one of: devel, multiarch,
92 bluetooth, canbus, per-app-dev-shm. This option can be used
93 multiple times.
94 The devel feature allows the application to access certain syscalls
96 such as ptrace(), and perf_event_open().
97 The multiarch feature allows the application to execute programs
99 compiled for an ABI other than the one supported natively by the
100 system. For example, for the x86_64 architecture, 32-bit x86
101 binaries will be allowed as well.
102 The bluetooth feature allows the application to use bluetooth
104 (AF_BLUETOOTH) sockets. Note, for bluetooth to fully work you must
105 also have network access.
106 The canbus feature allows the application to use canbus (AF_CAN)
108 sockets. Note, for this work you must also have network access.
109 The per-app-dev-shm feature shares a single instance of /dev/shm
111 between the application, any unrestricted subsandboxes that it
112 creates, and any other instances of the application that are
113 launched while it is running.
114 --disallow=FEATURE
116 Disallow access to a specific feature. This updates the [Context]
117 group in the metadata. FEATURE must be one of: devel, multiarch,
118 bluetooth, canbus, per-app-dev-shm. This option can be used
119 multiple times.
120 --filesystem=FS
122 Allow the application access to a subset of the filesystem. This
123 updates the [Context] group in the metadata. FS can be one of:
124 home, host, host-os, host-etc, xdg-desktop, xdg-documents,
125 xdg-download, xdg-music, xdg-pictures, xdg-public-share,
126 xdg-templates, xdg-videos, xdg-run, xdg-config, xdg-cache,
127 xdg-data, an absolute path, or a homedir-relative path like ~/dir
128 or paths relative to the xdg dirs, like xdg-download/subdir. The
129 optional :ro suffix indicates that the location will be read-only.
130 The optional :create suffix indicates that the location will be
131 read-write and created if it doesn't exist. This option can be used
132 multiple times. See the "[Context] filesystems" list in flatpak-
133 metadata(5) for details of the meanings of these filesystems.
134 --nofilesystem=FILESYSTEM
136 Remove access to the specified subset of the filesystem from the
137 application. This overrides to the Context section from the
138 application metadata. FILESYSTEM can be one of: home, host,
139 host-os, host-etc, xdg-desktop, xdg-documents, xdg-download,
140 xdg-music, xdg-pictures, xdg-public-share, xdg-templates,
141 xdg-videos, an absolute path, or a homedir-relative path like
142 ~/dir. This option can be used multiple times.
143 --add-policy=SUBSYSTEM.KEY=VALUE
145 Add generic policy option. For example,
146 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
147 map to this metadata:
148 [Policy subsystem]
150 key=v1;v2;
151 This option can be used multiple times.
154 --remove-policy=SUBSYSTEM.KEY=VALUE
156 Remove generic policy option. This option can be used multiple
157 times.
158 --env=VAR=VALUE
160 Set an environment variable in the application. This updates the
161 [Environment] group in the metadata. This overrides to the Context
162 section from the application metadata. This option can be used
163 multiple times.
164 --unset-env=VAR
166 Unset an environment variable in the application. This updates the
167 unset-environment entry in the [Context] group of the metadata.
168 This option can be used multiple times.
169 --env-fd=FD
171 Read environment variables from the file descriptor FD, and set
172 them as if via --env. This can be used to avoid environment
173 variables and their values becoming visible to other users.
174 Each environment variable is in the form VAR=VALUE followed by a
176 zero byte. This is the same format used by env -0 and
177 /proc/*/environ.
178 --own-name=NAME
180 Allow the application to own the well known name NAME on the
181 session bus. If NAME ends with .*, it allows the application to own
182 all matching names. This updates the [Session Bus Policy] group in
183 the metadata. This option can be used multiple times.
184 --talk-name=NAME
186 Allow the application to talk to the well known name NAME on the
187 session bus. If NAME ends with .*, it allows the application to
188 talk to all matching names. This updates the [Session Bus Policy]
189 group in the metadata. This option can be used multiple times.
190 --system-own-name=NAME
192 Allow the application to own the well known name NAME on the system
193 bus. If NAME ends with .*, it allows the application to own all
194 matching names. This updates the [System Bus Policy] group in the
195 metadata. This option can be used multiple times.
196 --system-talk-name=NAME
198 Allow the application to talk to the well known name NAME on the
199 system bus. If NAME ends with .*, it allows the application to talk
200 to all matching names. This updates the [System Bus Policy] group
201 in the metadata. This option can be used multiple times.
202 --persist=FILENAME
204 If the application doesn't have access to the real homedir, make
205 the (homedir-relative) path FILENAME a bind mount to the
206 corresponding path in the per-application directory, allowing that
207 location to be used for persistent data. This updates the [Context]
208 group in the metadata. This option can be used multiple times.
209 --runtime=RUNTIME, --sdk=SDK
211 Change the runtime or sdk used by the app to the specified partial
212 ref. Unspecified parts of the ref are taken from the old values or
213 defaults.
214 --metadata=GROUP=KEY[=VALUE]
216 Set a generic key in the metadata file. If value is left out it
217 will be set to "true".
218 --extension=NAME=VARIABLE[=VALUE]
220 Add extension point info. See the documentation for flatpak-
221 metadata(5) for the possible values of VARIABLE and VALUE.
222 --remove-extension=NAME
224 Remove extension point info.
225 --extension-priority=VALUE
227 Set the priority (library override order) of the extension point.
228 Only useful for extensions. 0 is the default, and higher value
229 means higher priority.
230 --extra-data=NAME:SHA256:DOWNLOAD-SIZE:INSTALL-SIZE:URL
232 Adds information about extra data uris to the app. These will be
233 downloaded and verified by the client when the app is installed and
234 placed in the /app/extra directory. You can also supply an
235 /app/bin/apply_extra script that will be run after the files are
236 downloaded.
237 --no-exports
239 Don't look for exports in the build.
240 --no-inherit-permissions
242 Don't inherit runtime permissions in the app.
243 -v, --verbose
245 Print debug information during command processing.
246 --ostree-verbose
248 Print OSTree debug information during command processing.
249
251 $ flatpak build-finish /build/my-app --socket=x11 --share=ipc
252 Exporting share/applications/gnome-calculator.desktop
254 Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
255 More than one executable
256 Using gcalccmd as command
257 Please review the exported files and the metadata
258
260 flatpak(1), flatpak-build-init(1), flatpak-build(1), flatpak-build-
261 export(1)
262flatpak FLATPAK BUILD-FINIS(1)