On Mon, Jun 5 2023 at 01:37:24 PM -0400, Stephen Smoogen
<ssmoogen@xxxxxxxxxx> wrote:
1. What is a flatpak and what does it mean to have an application in
it? Is it everything bundled in it or does it use layers?
Two layers:
* Runtime (base platform, responsibility of runtime maintainers)
* Application (including bundled dependencies not present in the
runtime)
It's a compromise between traditional distribution-style dynamic
linking for the most common dependencies (the runtime), plus bundling
for the less-common dependencies the application needs that are not
present in the runtime.
2. So there are these 'SDKs' that people mention? What is in them?
How are they built? How are they updated? Who maintains them and how
can we 'verify' in the 'trust and verify' method (aka source code,
build flags, build system).
Confusingly, SDK has two meanings.
First, the SDK is an alternate version of the runtime intended for
developers. The runtime normally used by users is the "platform"
runtime and the runtime for developers is the SDK. The SDK adds
developer tools like gdb, valgrind, etc. For example, GNOME
applications usually run against the org.gnome.Platform runtimes, but
you might need to tell them to use org.gnome.Sdk instead if you need to
debug something.
Second, there is freedesktop-sdk, which is the name of the project that
produces the base runtime that is the de facto default runtime that
most Flatpak applications use. Both the GNOME and KDE runtimes are
based on freedesktop-sdk. (The Fedora runtime is a notable exception in
that it is mostly independent of freedesktop-sdk, with everything built
from Fedora RPMs instead.)
The runtimes are maintained in places like [1] and [2] and [3] and [4]
by friendly neighborhood open source people, so it's easy to check what
they contain. They are built in different ways. [1] and [2] are built
using Buildstream. [3] is built using flatpak-builder. [4] is built
using modulemd (but that will have to change due to failure of Fedora
modularity). So these are three quite different ways of building
runtimes.
I'm familiar with the Buildstream runtimes. For source code, there are
references to tarballs or git repos in each Buildstream element. For
build flags, the freedesktop and GNOME runtimes use build flags based
on Fedora's build flags [5] with some adjustments (there are no GCC
specs, GCC is configured a bit differently than ours). As far as
verification, I guess you want to look at build logs? Unfortunately I'm
not smart enough to do this reliably anymore, as Buildstream likes to
reuse cached builds and I don't know how to see logs for these builds.
:( It's a problem. But for at least freedesktop-sdk and GNOME, you can
see *some* build logs by looking at the CI artifacts.
[1] https://gitlab.com/freedesktop-sdk/freedesktop-sdk
[2] https://gitlab.gnome.org/GNOME/gnome-build-meta
[3] https://invent.kde.org/packaging/flatpak-kde-runtime
[4] https://src.fedoraproject.org/flatpaks/flatpak-runtime/
[5]
https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/master/include/flags.yml
I think a FAQ around these and others would probably cut down a lot
of the uncertainty and doubt people feel.
Probably, but I'm not going to volunteer to help with that. :) There is
[6], but it's pretty basic and doesn't answer your questions.
[6] https://flatpak.org/faq/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
