1FLATPAK BUILD-FINIS(1) flatpak build-finish FLATPAK BUILD-FINIS(1)
2
3
4
6 flatpak-build-finish - Finalize a build directory
7
9 flatpak build-finish [OPTION...] DIRECTORY
10
12 Finalizes a build directory, to prepare it for exporting. DIRECTORY is
13 the name of the directory.
14
15 The result of this command is that desktop files, icons, D-Bus service
16 files, and AppStream metainfo files from the files subdirectory are
17 copied to a new export subdirectory. In the metadata file, the command
18 key is set in the [Application] group, and the supported keys in the
19 [Environment] group are set according to the options.
20
21 As part of finalization you can also specify permissions that the app
22 needs, using the various options specified below. Additionally during
23 finalization the permissions from the runtime are inherited into the
24 app unless you specify --no-inherit-permissions
25
26 You should review the exported files and the application metadata
27 before creating and distributing an application bundle.
28
29 It is an error to run build-finish on a directory that has not been
30 initialized as a build directory, or has already been finalized.
31
33 The following options are understood:
34
35 -h, --help
36 Show help options and exit.
37
38 --command=COMMAND
39 The command to use. If this option is not specified, the first
40 executable found in files/bin is used.
41
42 Note that the command is used when the application is run via
43 flatpak run, and does not affect what gets executed when the
44 application is run in other ways, e.g. via the desktop file or
45 D-Bus activation.
46
47 --require-version=MAJOR.MINOR.MICRO
48 Require this version or later of flatpak to install/update to this
49 build.
50
51 --share=SUBSYSTEM
52 Share a subsystem with the host session. This updates the [Context]
53 group in the metadata. SUBSYSTEM must be one of: network, ipc. This
54 option can be used multiple times.
55
56 --unshare=SUBSYSTEM
57 Don't share a subsystem with the host session. This updates the
58 [Context] group in the metadata. SUBSYSTEM must be one of: network,
59 ipc. This option can be used multiple times.
60
61 --socket=SOCKET
62 Expose a well-known socket to the application. This updates the
63 [Context] group in the metadata. SOCKET must be one of: x11,
64 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
65 ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple
66 times.
67
68 The fallback-x11 option makes the X11 socket available only if
69 there is no Wayland socket. This option was introduced in 0.11.3.
70 To support older Flatpak releases, specify both x11 and
71 fallback-x11. The fallback-x11 option takes precedence when both
72 are supported.
73
74 --nosocket=SOCKET
75 Don't expose a well known socket to the application. This updates
76 the [Context] group in the metadata. SOCKET must be one of: x11,
77 wayland, fallback-x11, pulseaudio, system-bus, session-bus,
78 ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple
79 times.
80
81 --device=DEVICE
82 Expose a device to the application. This updates the [Context]
83 group in the metadata. DEVICE must be one of: dri, input, kvm, shm,
84 all. This option can be used multiple times.
85
86 --nodevice=DEVICE
87 Don't expose a device to the application. This updates the
88 [Context] group in the metadata. DEVICE must be one of: dri, input,
89 kvm, shm, all. This option can be used multiple times.
90
91 --allow=FEATURE
92 Allow access to a specific feature. This updates the [Context]
93 group in the metadata. FEATURE must be one of: devel, multiarch,
94 bluetooth, canbus, per-app-dev-shm. This option can be used
95 multiple times.
96
97 The devel feature allows the application to access certain syscalls
98 such as ptrace(), and perf_event_open().
99
100 The multiarch feature allows the application to execute programs
101 compiled for an ABI other than the one supported natively by the
102 system. For example, for the x86_64 architecture, 32-bit x86
103 binaries will be allowed as well.
104
105 The bluetooth feature allows the application to use bluetooth
106 (AF_BLUETOOTH) sockets. Note, for bluetooth to fully work you must
107 also have network access.
108
109 The canbus feature allows the application to use canbus (AF_CAN)
110 sockets. Note, for this work you must also have network access.
111
112 The per-app-dev-shm feature shares a single instance of /dev/shm
113 between the application, any unrestricted subsandboxes that it
114 creates, and any other instances of the application that are
115 launched while it is running.
116
117 --disallow=FEATURE
118 Disallow access to a specific feature. This updates the [Context]
119 group in the metadata. FEATURE must be one of: devel, multiarch,
120 bluetooth, canbus, per-app-dev-shm. This option can be used
121 multiple times.
122
123 --filesystem=FS
124 Allow the application access to a subset of the filesystem. This
125 updates the [Context] group in the metadata. FS can be one of:
126 home, host, host-os, host-etc, xdg-desktop, xdg-documents,
127 xdg-download, xdg-music, xdg-pictures, xdg-public-share,
128 xdg-templates, xdg-videos, xdg-run, xdg-config, xdg-cache,
129 xdg-data, an absolute path, or a homedir-relative path like ~/dir
130 or paths relative to the xdg dirs, like xdg-download/subdir. The
131 optional :ro suffix indicates that the location will be read-only.
132 The optional :create suffix indicates that the location will be
133 read-write and created if it doesn't exist. This option can be used
134 multiple times. See the "[Context] filesystems" list in flatpak-
135 metadata(5) for details of the meanings of these filesystems.
136
137 --nofilesystem=FILESYSTEM
138 Remove access to the specified subset of the filesystem from the
139 application. This overrides to the Context section from the
140 application metadata. FILESYSTEM can be one of: home, host,
141 host-os, host-etc, xdg-desktop, xdg-documents, xdg-download,
142 xdg-music, xdg-pictures, xdg-public-share, xdg-templates,
143 xdg-videos, an absolute path, or a homedir-relative path like
144 ~/dir. This option can be used multiple times.
145
146 --add-policy=SUBSYSTEM.KEY=VALUE
147 Add generic policy option. For example,
148 "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
149 map to this metadata:
150
151 [Policy subsystem]
152 key=v1;v2;
153
154
155 This option can be used multiple times.
156
157 --remove-policy=SUBSYSTEM.KEY=VALUE
158 Remove generic policy option. This option can be used multiple
159 times.
160
161 --env=VAR=VALUE
162 Set an environment variable in the application. This updates the
163 [Environment] group in the metadata. This overrides to the Context
164 section from the application metadata. This option can be used
165 multiple times.
166
167 --unset-env=VAR
168 Unset an environment variable in the application. This updates the
169 unset-environment entry in the [Context] group of the metadata.
170 This option can be used multiple times.
171
172 --env-fd=FD
173 Read environment variables from the file descriptor FD, and set
174 them as if via --env. This can be used to avoid environment
175 variables and their values becoming visible to other users.
176
177 Each environment variable is in the form VAR=VALUE followed by a
178 zero byte. This is the same format used by env -0 and
179 /proc/*/environ.
180
181 --own-name=NAME
182 Allow the application to own the well known name NAME on the
183 session bus. If NAME ends with .*, it allows the application to own
184 all matching names. This updates the [Session Bus Policy] group in
185 the metadata. This option can be used multiple times.
186
187 --talk-name=NAME
188 Allow the application to talk to the well known name NAME on the
189 session bus. If NAME ends with .*, it allows the application to
190 talk to all matching names. This updates the [Session Bus Policy]
191 group in the metadata. This option can be used multiple times.
192
193 --system-own-name=NAME
194 Allow the application to own the well known name NAME on the system
195 bus. If NAME ends with .*, it allows the application to own all
196 matching names. This updates the [System Bus Policy] group in the
197 metadata. This option can be used multiple times.
198
199 --system-talk-name=NAME
200 Allow the application to talk to the well known name NAME on the
201 system bus. If NAME ends with .*, it allows the application to talk
202 to all matching names. This updates the [System Bus Policy] group
203 in the metadata. This option can be used multiple times.
204
205 --persist=FILENAME
206 If the application doesn't have access to the real homedir, make
207 the (homedir-relative) path FILENAME a bind mount to the
208 corresponding path in the per-application directory, allowing that
209 location to be used for persistent data. This updates the [Context]
210 group in the metadata. This option can be used multiple times.
211
212 --runtime=RUNTIME, --sdk=SDK
213 Change the runtime or sdk used by the app to the specified partial
214 ref. Unspecified parts of the ref are taken from the old values or
215 defaults.
216
217 --metadata=GROUP=KEY[=VALUE]
218 Set a generic key in the metadata file. If value is left out it
219 will be set to "true".
220
221 --extension=NAME=VARIABLE[=VALUE]
222 Add extension point info. See the documentation for flatpak-
223 metadata(5) for the possible values of VARIABLE and VALUE.
224
225 --remove-extension=NAME
226 Remove extension point info.
227
228 --extension-priority=VALUE
229 Set the priority (library override order) of the extension point.
230 Only useful for extensions. 0 is the default, and higher value
231 means higher priority.
232
233 --extra-data=NAME:SHA256:DOWNLOAD-SIZE:INSTALL-SIZE:URL
234 Adds information about extra data uris to the app. These will be
235 downloaded and verified by the client when the app is installed and
236 placed in the /app/extra directory. You can also supply an
237 /app/bin/apply_extra script that will be run after the files are
238 downloaded.
239
240 --no-exports
241 Don't look for exports in the build.
242
243 --no-inherit-permissions
244 Don't inherit runtime permissions in the app.
245
246 -v, --verbose
247 Print debug information during command processing.
248
249 --ostree-verbose
250 Print OSTree debug information during command processing.
251
253 $ flatpak build-finish /build/my-app --socket=x11 --share=ipc
254
255 Exporting share/applications/gnome-calculator.desktop
256 Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
257 More than one executable
258 Using gcalccmd as command
259 Please review the exported files and the metadata
260
262 flatpak(1), flatpak-build-init(1), flatpak-build(1), flatpak-build-
263 export(1)
264
265
266
267flatpak FLATPAK BUILD-FINIS(1)