Flatpak completely changes how developers distribute applications. It creates one standard app that works across the entire Linux desktop market. This system lets you run sandboxed desktop applications on Linux. Now, the Flatpak independent community introduces version 1.17.0, a pre-release packed with big improvements.
This new version focuses heavily on security, OCI integration, and making life easier for users and developers.
Furthermore, these changes help distribution maintainers focus on innovation instead of constant packaging work.
Table of Contents
1. New Tools for Security and Isolation
Flatpak 1.17.0 release brings in new features that make sandboxing more precise than ever.
First, Flatpak now supports conditional permissions. Permissions can adapt based on the system or the runtime features available. This means you can replace overly broad permissions, like granting access to all devices (--device=all). Instead, you can set a rule that grants access only if the system lacks a specific capability. This makes resource management much tighter.
Second, building apps is now safer. When you use flatpak build, the system no longer grants host permissions by default. This important change dramatically improves build isolation and reproduction results.
Finally, for users who need total separation, you can now use a new option: --clear-env. This option lets you clear the host environment completely before your application starts inside the sandbox.
2. OCI Integration
Flatpak continues to embrace modern container standards, particularly OCI (Open Container Initiative). So, distributing applications becomes simpler and more flexible.
Flatpak 1.17.0 now supports direct installation from an OCI image. You can also sideload applications from OCI repositories and archives. This allows you to install apps from OCI images saved in local sideload repositories.
Moreover, OCI remotes can now have a collection ID. This small detail lets them work correctly when you use flatpak preinstall.
The release even adds new installation protocol support for flatpak+https:// URIs. If you use bundles, you can now use the reinstall option on bundle installations as well.
3. Better Experience for Developers and Administrators
This version includes multiple quality-of-life upgrades that improve scripting, debugging, and system integration:
- JSON Output: Flatpak now provides JSON output support for several commands. This change makes it much easier for tools and scripts to read and automatically parse command output.
- Directory Forwarding: You can now forward directories directly to a sandboxed application using command-line arguments. However, remember that this cool feature needs
xdg-desktop-portalversion 1.7.0 or newer. - Helpful Messages: If you run
flatpak uninstallorflatpak document-listand they find nothing, the system now shows a clear message. This prevents user confusion. - Hardware Support: Flatpak now enables the VA-API extension for Intel Xe GPUs. This improves multimedia performance for users with this hardware.
Finally, for system administrators, Flatpak now sends basic operating system information in the Flatpak-Os-Info header when objects are pulled. This data helps administrators understand which operating systems users run.
The release also fixes several bugs, including allowing the use of sudo when changing the user inside the system.
Should You Try Flatpak Pre-release?
Please note that Flatpak 1.17.0 is a pre-release. This version gives developers powerful new tools for distribution and security.
If you are a developer or an experienced user interested in testing the new features (such as conditional permissions, OCI sideloading, or JSON output), you can try the pre-release version.
If you're a general user, please wait for your distribution maintainers to package and release the final stable version of Flatpak based on the 1.17 branch.
What is Flatpak, anyway?
For those wondering, Flatpak is the unified solution for building, distributing, and securely running desktop applications on virtually any Linux distribution.
1. The Core Function: Solving Linux Fragmentation
Flatpak primarily exists to solve the historic problem of packaging fragmentation on the Linux desktop.
- One App, All Distros: Flatpak changes app distribution for the better by allowing a developer to create one single application package and distribute it to the entire Linux desktop market. This eliminates the need for developers to learn the package format of every individual distribution or support only a few.
- Universality and Stability: It allows applications to be installed and run on virtually any Linux distribution. More importantly, Flatpak ensures forward-compatibility: the same application continues to be compatible with new versions of Linux distributions, even unreleased versions.
2. The Defining Feature: Sandboxing and Security
Flatpak is a framework designed for application sandboxing. This is its defining technical characteristic, providing greater security.
- Isolation: One of Flatpak’s main goals is to increase the security of desktop systems. It achieves this by isolating applications from one another and limiting their access to the host operating system environment.
- System Stability: Breakages or issues within a Flatpak application do not affect the system because they run in these isolated environments.
3. Developer Control and Consistency
Flatpak gives developers necessary tools to ensure their applications run exactly as intended, regardless of the user's setup.
- Dependency Control: Developers gain full control over dependencies, making it easy to bundle their own libraries as part of their application.
- Consistent Environment: Flatpak uses runtimes (also called platforms) which provide a consistent and identical application runtime environment across different distributions and devices. This consistency makes bug identification and testing much easier.
In summary, Flatpak is the sandboxing and distribution framework that standardizes how software reaches Linux users, providing a secure, stable, and universal method for application delivery.
For more details, check our detailed Flatpak usage guide.
