 Good evening all. So my name is Parag. So I'll be talking on the flat packs topic flat packs, a sandboxing technology. So the topics that I'm going to cover in this session are introduction to flat packs, a concept features. There is one more concept called a flat up. Then some of the commands we will see and if time permits, we will see the demo of a very simple application of how you can run a flat pack. So introduction. So what is flat pack actually? So flat pack is another way of packaging. So it's an option to distribute a desktop applications. Okay. It's a packaging format. Applications are run in a sandbox when you run a flat pack. What happens? I think you all know what sandbox means. It's an isolated environment where processes are run. So your desktop application can be run isolated from the host system. That is nothing but a sandboxing. And when you run any application, what happens that sometime that application need to be, need some dependencies to be installed prior. So this flat pack comes with either dependencies always or you can pull the dependencies. So dependencies are distributed either as a runtime or a bundle. Flat pack applications are made to be run on any Linux distribution because their base is a runtime and which is common to any Linux distribution. Currently Alexander Larson is a lead developer who is working on developing further the flat pack concept. Flat packs is an easy way to work on upstream projects by its developers and users. What happens that developers always demand that they need to ensure that their development always works on the Linux distributions. Now what happens that then they need to always make sure that that that Linux distribution they always be having is working fine and it is not breaking anything and they can properly run their new development. Now this requires a lot of things, but flat pack is an easy way for the developers that comes to their rescue that can help them to run the latest develop code on the their favorite Linux distribution. So flat pack can help their developers as well as the users who want to test this recent development done by the upstream different different upstream projects. So it's an easy way to work on the upstream project by its developers and users. Flat pack package is available in the repositories of most of the distributions now because it is under development since last two, three years heavily. There are a few more packaging formats that are similar to the flat pack. One is an app image and one is a snaps. So snaps basically if you are open to user, you will be knowing snaps about the thing. So these two are packaging formats that are similar to flat packs, but we are going to check how flat packs is useful to the Linux developers as well as the users. And again, this flat pack is not tied to anything particular like GNOME Fedora system D. Now flat pack is coming for KDE also QT files over for toolkit for electron applications. So different different framework toolkit of flat pack is available and you can use the flat pack and develop the applications. We will see what flat pack concept is actually so flat pack uses the OST. So what is OST? OST is basically a git for the binary objects, so binary binary files. So OST is nothing but OST provides a immutable OS where a basic basic operating system is being installed and you can install a parallel similar another OST for testing. So you can run a parallel operating systems using the concept of the OST. So flat pack uses the OST to distribute and manage the applications as well as the needed runtimes. Flat pack repositories follows the OST format and then the flat pack packaging uses the atomic way to update the system. So what is this atomic way atomic Bay guarantees that either the update will happen on your system or it is not going to happen at all. So it's not like that if you took a traditional Linux operating system like say Fedora and you are just pulling some bunch of the updates and you found that some update is broken or some update is needed some updated dependency and it's not available. So that is not the case if you are using the OST. So that is one of the benefit of the OST that is immutable OS. So if you want to try OST in Fedora we are working on the Fedora Silverview a new distribution. So you can check it and you can see how OST can be used. When a flat pack is run an isolated environment is created when the runtime is mounted on the slash user and the applications are mounted on slash up. So in the OST formatted system you get only two mount points that is slash user and slash app every other mount points are read only on the OST system. So on slash user the runtimes are getting mounted and on slash app the actual application get mounted. We will see that when we come to see the exact example of the flat pack. So this is how a typical diagram is there about the flat pack. So basically a host operating system is at the lower on top of the host operating system. You need to first ensure that the needed SDKs say suppose you are working on some GANOM application. So you need to first install the GANOM platform run time then the GANOM free desktop. There are both the SDKs available a GANOM SDK is available free desktop SDK is available. It depends what your application is needed. So you need to ensure that first these runtimes are installed on your system. So that's what the runtime is there. And on top of this runtime then using this runtime you can run the different different applications and each application is run in a in its own isolated platform. So these are the diagram that illustrates that suppose there are three different applications that can be run in a three different flat packs. And all can be run on a same host system and they can use the same runtimes. Even they can use a different different runtimes say suppose if one application needed a GANOM 3.32 platform or another application need a 3.28 platform. So that is possible because I just told you that in OST formatted system we can install the OST parallely. So different different different different runtimes can be installed on the same system parallel like 3.28 version 3.30 version 3.32 version. You choose whichever you want build your application and run it. So you have the flexibility of using the required dependency for your application. So I just explained that it is a program application is any program of your interest and any additional libraries it needed which is bundled up in the flat pack package. Applications are not permitted to use the host system resources unless explicitly requested by them. So applications can request a different different permissions and based on this permissions the host system resources can be used by the flat pack application. Like if they want to utilize audio if they want to utilize a system which is mounted on a different partition. So these all can be possible. You just need to add the respective snippet into the manifest file. So manifest file is the file which is need to be returned so that you can build the application. We will see the example runtime. I just explain you so I will skip it. So flat pack system. So what is flat pack systems? It's a system you can install application either a system wide application or even you can install a flat packs a per user basis. So if you are going to install a flat pack on a system wide the path where these applications will be installed is a badly flat pack app. And if you want to install the same flat pack as a user then it will be installed into your home directories dot local share flat pack and app directory. Now each application or runtime whatever will then have a further directive structure like after badly flat pack app there will be a name. So these name can be a dotted format name. Like suppose if you want to better show you why flat pack. So I have these almost six of flat pack applications are installed on my system. So we will take an example of a GAD. So see on the standard of platform system wide badly flat pack app. I have this or ggonome dot gadet. Let me. That does not look good. So. So this is the application directory that gets created on your system when you install a flat pack app. And in this application directory there is always a current is a directory which is linked to the architecture which you want to run. So it can be different different architecture like I see 36 or 7664 currently I have a 64 applicant bit application installed. So let's move to the 64 bit directory. And then I'm using a stable branch. You have a choice to use which branch. So under the architecture there are different different choices like a stable branch or suppose if it's a gun on. So 3.32 branch 3.30 branch or 3.28 branch. And then actual hash of your applications or a street comes and below that you can check the files that got installed as part of your gadet application. So under the bean you can find the gadet binary. So this is how. And flat packs. Directly structure will look like on your system when you install flat pack. So yeah, this is what I mean by the third bullet point name architecture branch is the structure. And a standard structure will also show you these files like a per per application you can find a deploy export files metadata. These are also standard directory structure often flat pack application. So sandboxing. So how this what is sandboxing actually flat packs main concept is based on the sandboxing and that is nothing but based on the bubble wrap tool. So flat pack uses project atomics bubble wrap tool bubble wrap to provide a containerize environment. So existing container runtime tools are not suitable to give up to unprivileged users. So what happens that you always need a privilege users to run the containers with the flat pack. So you've got an option to run the flat pack use using the unprivileged users. Now bubble wrap command bwrap command is always run as a PID one when you run a sandbox application that is a flat pack. So we will see whether it's really a PID one or not. So that helps to handle again bwrap also helps to handle the reaping children in the sandbox. What happens that sometimes parent creates some multiple processes and sometimes parent itself get died and the children becomes orphan. So now in order to what happened to what to do with these children. So these children are taken care by this PID one that is nothing but it's reaping the children the sandbox. Sandboxing again several Linux kernel features are being used when the sandboxing happens. That is nothing but a C groups and name spaces. These are the kernel features that are getting used for this sandbox environment. So flat pack applications are protected from each other because of their own isolated environment. Flat pack applications have extremely limited access to the host environment. So so the permissions are the thing. So I can show you. So we have this doc flat pack dot org website where you will find all the good documentation related to the flat pack. So here the permissions is also having its own page. And here you can find that different different permissions can be granted to the flat pack application. So these are these are the standard permissions like share whether you want to allow sharing the network or showing the windows using the X 11. Or if you want to use a well and then socket is pulse audio or not. So these all are different different permissions that you can grant to your application while building the flat pack application. Even a file system access if you want to give access to the normal files then file system is equal to host. You can write if you want to just give to the home users home directory then you can just add a file system is equal to home. So this is how the permissions can be given. So these permissions are actually written in a manifest file. Also sandboxing makes it easy to uninstall the application. Okay features of the flat pack so flat packs are nothing but you can build it once and run on any any any Linux distribution. Only what you need is that the base libraries or runtimes that need to be prior installed or if it is not proud install they may get bundled with that same application. So it depends on the application whether to pull the basic runtime or it is already having that bundle with the same application. Now by having it fragmented into different different applications or runtimes it will help you to reduce the size of the application. Then there are easy build tools are available like flat pack builder. It provides cleaner auto updating experience intended for basically the flat packs are intended for the desktop GUI application but you can even use it for the shell script. But basically its main purpose for writing this flat pack thing is for the desktop GUI application. Currently these different different operating systems are using the flat pack concept. Federalize having a flat packs you can install it any time. Ubuntu is also having Jintu, Magiskia, Deepin and if you are knowing Endless OS is the first OS that is purely using the flat packs. There is no arbitrary code execution happening at the install time as a root user so you should be safe. No arbitrary files are getting dropped at the arbitrary location when you install the flat pack. It allows application maintainers to choose their dependencies separately. Like I just explained you choose your own platform be it a GNOME 3.28, 30 or 3.32 choose your own platform and build your application and run it. It provides a way of testing different versions of the application also. Now there is one more thing called as a flat up. So flat up is like a kind of a distribution website where a lot of applications which are getting built daily they are hosted there. It's basically a central hosting repository so you just need to enable that hosting repository on your system and start pulling the applications. So yeah I mean the second bullet shows you that flat pack remote add, hyponaphan if not exist flat up and this is the repo that you can add. These are the different different flat pack commands are there so I think I will skip them and I can show you. So what I was telling you so this is the manifest file that you need. So this is very simple. It starts with the application ID. You need to write application ID say suppose org.flatpack.hello then on which runtime it is based suppose it's based on the org free desktop platform. Then what's the runtime version it's 18.08 then which SDK it depends on you need to write org free desktop SDK then what's the command so I'm just running this flat pack just to run a shell script a single shell script. Now this is the format the way you need to write it so I don't think I have time to explain everything but in simple terms what are the sources that are getting used to build the application. It's just a simple file type is file and script is hallo.sh and when you build it and when you try to install this flat pack just install it into the app bin hallo.sh path. Okay so and my hallo.sh is very simple echo hello world from sandbox and ps-hypen AUX so this command I have exclusively added to make sure that I will show you that when you get inside the sandboxing the first PID is always a bwrap so I have this couple of commands ready to show you so I will just run it. So the first to ensure that the flat up main repository has been enabled from where we can pull the runtimes and needed other applications. Okay so now the second command is flat pack remote so that will tell you that what different different remotes. Remotes are nothing but the remote repositories from where I can pull the runtime libraries or the application so I have on my system currently a Fedora flat up the test repo is the one that I am going to demo now is there. So these are the five repos are available or in flat pack terms it's called as a remotes are available. Now let's check whether a test repo what this test repo what provides it so flat pack remote LS test repo and what kind of applications are available in this test repo. So only one application is available so it output you that or flat pack hello application ideas or flat pack hello and it's a branches master. Okay now what I'm trying to do at here is that I'm trying to delete the for the for the deleting the command for the test repo deleting is flat pack remote delete test repo. So I just deleted so it just removed the hello world application. Okay after that the command Iran is that flat pack builder. So this is the flat pack builder into the build the air in this directory all the whatever the building happens all the files are getting placed in this directory. I'm using a force clean to make sure that if this directory already exists it get clean first it recreated and I have given a repo name as a my repo and the manifest file from which we are building the app like a flat pack app is nothing but the last argument that is or flat pack hello to Jason. Okay now after that this is the command to check to add this test repo on my system again because I have removed that test repo remote. Now I'm adding again that test repo remote and I'm again checking whether what apps are available so it again give the same output that or flat pack hello is available. Okay now I'm going to install it in a user mode so flat pack user mode install from the test repo or flat pack that hello application. Okay so it just checking whether that application is really available. Yes, it's available and it is asking me whether I should proceed or not. I just proceed it and now I just ran it using this command flat pack run or flat pack hello. So this is the output of the shell script and then the second line was PS hypernaux so the commands output you can see the first PID. It's always a bwrap command. So this is this is what proves that we have actually got the output from the sandbox environment so isolated environment. So this is how I just ran a simple flat pack application. All this information is also available on this doc dot flat pack dot org a first build building the first flat pack application. All these steps are written here so you can go through it. The same same example is given here. Now I have only two slides of future so now the future that Fedora project is looking is building a next distribution or a next release using only the flat packs but that will take some time. And yeah, summary. So flat pack is improving every release of every different different Linux distribution or a Fedora distribution. It's a helpful to use us to test under the development environment development for the development application. Also it auto installs the dependencies because we have already seen that manifest file is the file where we need to write all the dependencies while building the application. So it always ensure that the dependencies will get pulled when you install your flat pack application. Now the flat pack is integrated with the GNOME center also so you can pull the application search the application in GNOME center also. So currently flat on the flat of repository there are around more than 500 flat of applications are available today. So I think that's what my presentation is all about. So anybody got any questions for this topic flat pack? Yes. I just wanted to know what be that was is that the binary which is responsible for implementing the sandbox. Sorry bwrap. Yeah. So it's actually a tool written some year sometime back and it's getting got converted to enable more kernel features so that it can provide your container is environment sandbox environment. Okay. Okay. Thank you. Yes. So mentioning that moving forward most of the Linux distros is going to push for all this flat pack distributions. Does that mean for every flat pack application the dependencies is going to be packaged together and that's going to blow up your home directory or it's going to increase the storage that it requires. It will increase your storage because if it's two flat applications that require the same dependencies but it's going to be repeated. No, no, no, no. That is that is the feature of the OST deduplication. So OST helps you with that. So if suppose two different applications require the same runtime or same dependency. Are you asking that? Yes. Both the will will pool same runtime again or install it twice. Yes. No, no, that is not going to happen. Also if it's the same dependencies is only a single copy. Yes. Okay. So that is what I explained you like that different different structure like architecture and below architecture. There are different different versions are there. 3.28, 3.30 also. So that way also multiple different different versions can be installed on the same system as well. More questions if not then. Okay. Thank you. Thank you all. Thank you.