Feature #17575: tutorial for the use of flatpak

Feature #17575

tutorial for the use of flatpak

Added by syster 2020-03-31 02:11:34 . Updated 2020-05-13 14:07:11 .

Status:

Confirmed

Priority:

Low

Assignee:

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

End-user documentation

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

A tutorial on how to use flatpak to install and run applications, and how to store them even on a second USB.

Advantages:

- many more apps that are currently unavailable to tails user become available (signal, wire, briar, onionshare 2.0…)

- apps become portable and can then be easily shared with others, even offline
- sandboxing

Some of this got already written in this blogpost:
https://blogs.gnome.org/mclasen/2018/08/26/about-flatpak-installations/

Subtasks

History

#1 Updated by intrigeri 2020-04-02 08:01:31

While researching the Flatpak-in-Tails topic, I’ve identified a bunch of problems that IMO such a tutorial should take into account.
It would make me sad if the person who wrote this tutorial rediscovered them on their own.
I lack time to document these problems right now. If someone ever wants to work on this issue, please ask me and I’ll do my best to share info in a timely manner.

#2 Updated by cypherpunks 2020-04-04 16:43:38

Flatpak’s sandboxing is extremely flawed. It fully trusts the applications and allows them to define their own policy. Its security is optional and apps can just choose not to use the sandbox.

Flatpak’s permissions are also far too vague to be meaningful. For example, many apps come with “filesystem=home” which is read-write access to the entire home directory, giving the app access to all your personal files and allowing trivial sandbox escapes via writing to files such as .bashrc.

#3 Updated by anonym 2020-05-13 14:07:11

Status changed from New to Confirmed