1FLATPAK BUILD-FINIS(1)       flatpak build-finish       FLATPAK BUILD-FINIS(1)
2
3
4

NAME

6       flatpak-build-finish - Finalize a build directory
7

SYNOPSIS

9       flatpak build-finish [OPTION...] DIRECTORY
10

DESCRIPTION

12       Finalizes a build directory, to prepare it for exporting.  DIRECTORY is
13       the name of the directory.
14
15       The result of this command is that desktop files, icons, D-Bus service
16       files, and AppStream metainfo files from the files subdirectory are
17       copied to a new export subdirectory. In the metadata file, the command
18       key is set in the [Application] group, and the supported keys in the
19       [Environment] group are set according to the options.
20
21       As part of finalization you can also specify permissions that the app
22       needs, using the various options specified below. Additionally during
23       finalization the permissions from the runtime are inherited into the
24       app unless you specify --no-inherit-permissions
25
26       You should review the exported files and the application metadata
27       before creating and distributing an application bundle.
28
29       It is an error to run build-finish on a directory that has not been
30       initialized as a build directory, or has already been finalized.
31

OPTIONS

33       The following options are understood:
34
35       -h, --help
36           Show help options and exit.
37
38       --command=COMMAND
39           The command to use. If this option is not specified, the first
40           executable found in files/bin is used.
41
42           Note that the command is used when the application is run via
43           flatpak run, and does not affect what gets executed when the
44           application is run in other ways, e.g. via the desktop file or
45           D-Bus activation.
46
47       --require-version=MAJOR.MINOR.MICRO
48           Require this version or later of flatpak to install/update to this
49           build.
50
51       --share=SUBSYSTEM
52           Share a subsystem with the host session. This updates the [Context]
53           group in the metadata. SUBSYSTEM must be one of: network, ipc. This
54           option can be used multiple times.
55
56       --unshare=SUBSYSTEM
57           Don't share a subsystem with the host session. This updates the
58           [Context] group in the metadata. SUBSYSTEM must be one of: network,
59           ipc. This option can be used multiple times.
60
61       --socket=SOCKET
62           Expose a well-known socket to the application. This updates the
63           [Context] group in the metadata. SOCKET must be one of: x11,
64           wayland, fallback-x11, pulseaudio, system-bus, session-bus,
65           ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple
66           times.
67
68           The fallback-x11 option makes the X11 socket available only if
69           there is no Wayland socket. This option was introduced in 0.11.3.
70           To support older Flatpak releases, specify both x11 and
71           fallback-x11. The fallback-x11 option takes precedence when both
72           are supported.
73
74       --nosocket=SOCKET
75           Don't expose a well known socket to the application. This updates
76           the [Context] group in the metadata. SOCKET must be one of: x11,
77           wayland, fallback-x11, pulseaudio, system-bus, session-bus,
78           ssh-auth, pcsc, cups, gpg-agent. This option can be used multiple
79           times.
80
81       --device=DEVICE
82           Expose a device to the application. This updates the [Context]
83           group in the metadata. DEVICE must be one of: dri, input, kvm, shm,
84           all. This option can be used multiple times.
85
86       --nodevice=DEVICE
87           Don't expose a device to the application. This updates the
88           [Context] group in the metadata. DEVICE must be one of: dri, input,
89           kvm, shm, all. This option can be used multiple times.
90
91       --allow=FEATURE
92           Allow access to a specific feature. This updates the [Context]
93           group in the metadata. FEATURE must be one of: devel, multiarch,
94           bluetooth, canbus, per-app-dev-shm. This option can be used
95           multiple times.
96
97           The devel feature allows the application to access certain syscalls
98           such as ptrace(), and perf_event_open().
99
100           The multiarch feature allows the application to execute programs
101           compiled for an ABI other than the one supported natively by the
102           system. For example, for the x86_64 architecture, 32-bit x86
103           binaries will be allowed as well.
104
105           The bluetooth feature allows the application to use bluetooth
106           (AF_BLUETOOTH) sockets. Note, for bluetooth to fully work you must
107           also have network access.
108
109           The canbus feature allows the application to use canbus (AF_CAN)
110           sockets. Note, for this work you must also have network access.
111
112           The per-app-dev-shm feature shares a single instance of /dev/shm
113           between the application, any unrestricted subsandboxes that it
114           creates, and any other instances of the application that are
115           launched while it is running.
116
117       --disallow=FEATURE
118           Disallow access to a specific feature. This updates the [Context]
119           group in the metadata. FEATURE must be one of: devel, multiarch,
120           bluetooth, canbus, per-app-dev-shm. This option can be used
121           multiple times.
122
123       --filesystem=FS
124           Allow the application access to a subset of the filesystem. This
125           updates the [Context] group in the metadata. FS can be one of:
126           home, host, host-os, host-etc, xdg-desktop, xdg-documents,
127           xdg-download, xdg-music, xdg-pictures, xdg-public-share,
128           xdg-templates, xdg-videos, xdg-run, xdg-config, xdg-cache,
129           xdg-data, an absolute path, or a homedir-relative path like ~/dir
130           or paths relative to the xdg dirs, like xdg-download/subdir. The
131           optional :ro suffix indicates that the location will be read-only.
132           The optional :create suffix indicates that the location will be
133           read-write and created if it doesn't exist. This option can be used
134           multiple times. See the "[Context] filesystems" list in flatpak-
135           metadata(5) for details of the meanings of these filesystems.
136
137       --nofilesystem=FILESYSTEM
138           Remove access to the specified subset of the filesystem from the
139           application. This overrides to the Context section from the
140           application metadata. FILESYSTEM can be one of: home, host,
141           host-os, host-etc, xdg-desktop, xdg-documents, xdg-download,
142           xdg-music, xdg-pictures, xdg-public-share, xdg-templates,
143           xdg-videos, an absolute path, or a homedir-relative path like
144           ~/dir. This option can be used multiple times.
145
146       --add-policy=SUBSYSTEM.KEY=VALUE
147           Add generic policy option. For example,
148           "--add-policy=subsystem.key=v1 --add-policy=subsystem.key=v2" would
149           map to this metadata:
150
151               [Policy subsystem]
152               key=v1;v2;
153
154
155           This option can be used multiple times.
156
157       --remove-policy=SUBSYSTEM.KEY=VALUE
158           Remove generic policy option. This option can be used multiple
159           times.
160
161       --env=VAR=VALUE
162           Set an environment variable in the application. This updates the
163           [Environment] group in the metadata. This overrides to the Context
164           section from the application metadata. This option can be used
165           multiple times.
166
167       --unset-env=VAR
168           Unset an environment variable in the application. This updates the
169           unset-environment entry in the [Context] group of the metadata.
170           This option can be used multiple times.
171
172       --env-fd=FD
173           Read environment variables from the file descriptor FD, and set
174           them as if via --env. This can be used to avoid environment
175           variables and their values becoming visible to other users.
176
177           Each environment variable is in the form VAR=VALUE followed by a
178           zero byte. This is the same format used by env -0 and
179           /proc/*/environ.
180
181       --own-name=NAME
182           Allow the application to own the well known name NAME on the
183           session bus. If NAME ends with .*, it allows the application to own
184           all matching names. This updates the [Session Bus Policy] group in
185           the metadata. This option can be used multiple times.
186
187       --talk-name=NAME
188           Allow the application to talk to the well known name NAME on the
189           session bus. If NAME ends with .*, it allows the application to
190           talk to all matching names. This updates the [Session Bus Policy]
191           group in the metadata. This option can be used multiple times.
192
193       --system-own-name=NAME
194           Allow the application to own the well known name NAME on the system
195           bus. If NAME ends with .*, it allows the application to own all
196           matching names. This updates the [System Bus Policy] group in the
197           metadata. This option can be used multiple times.
198
199       --system-talk-name=NAME
200           Allow the application to talk to the well known name NAME on the
201           system bus. If NAME ends with .*, it allows the application to talk
202           to all matching names. This updates the [System Bus Policy] group
203           in the metadata. This option can be used multiple times.
204
205       --persist=FILENAME
206           If the application doesn't have access to the real homedir, make
207           the (homedir-relative) path FILENAME a bind mount to the
208           corresponding path in the per-application directory, allowing that
209           location to be used for persistent data. This updates the [Context]
210           group in the metadata. This option can be used multiple times.
211
212       --runtime=RUNTIME, --sdk=SDK
213           Change the runtime or sdk used by the app to the specified partial
214           ref. Unspecified parts of the ref are taken from the old values or
215           defaults.
216
217       --metadata=GROUP=KEY[=VALUE]
218           Set a generic key in the metadata file. If value is left out it
219           will be set to "true".
220
221       --extension=NAME=VARIABLE[=VALUE]
222           Add extension point info. See the documentation for flatpak-
223           metadata(5) for the possible values of VARIABLE and VALUE.
224
225       --remove-extension=NAME
226           Remove extension point info.
227
228       --extension-priority=VALUE
229           Set the priority (library override order) of the extension point.
230           Only useful for extensions. 0 is the default, and higher value
231           means higher priority.
232
233       --extra-data=NAME:SHA256:DOWNLOAD-SIZE:INSTALL-SIZE:URL
234           Adds information about extra data uris to the app. These will be
235           downloaded and verified by the client when the app is installed and
236           placed in the /app/extra directory. You can also supply an
237           /app/bin/apply_extra script that will be run after the files are
238           downloaded.
239
240       --no-exports
241           Don't look for exports in the build.
242
243       --no-inherit-permissions
244           Don't inherit runtime permissions in the app.
245
246       -v, --verbose
247           Print debug information during command processing.
248
249       --ostree-verbose
250           Print OSTree debug information during command processing.
251

EXAMPLES

253       $ flatpak build-finish /build/my-app --socket=x11 --share=ipc
254
255           Exporting share/applications/gnome-calculator.desktop
256           Exporting share/dbus-1/services/org.gnome.Calculator.SearchProvider.service
257           More than one executable
258           Using gcalccmd as command
259           Please review the exported files and the metadata
260

SEE ALSO

262       flatpak(1), flatpak-build-init(1), flatpak-build(1), flatpak-build-
263       export(1)
264
265
266
267flatpak                                                 FLATPAK BUILD-FINIS(1)
Impressum