flatpak-manifest - Man Page
Information for building an application
Description
Flatpak uses manifest, or recipe, files in a json or yaml format to describe how an application and its bundled dependencies can be built from sources. The manifest gets used by flatpak-builder.
File Format
The top level of the manifest file describes global attributes of the application, how it can be built, and the list of modules that need to be built.
Toplevel properties
These are the properties that are accepted:
- id or app-id (string)
A string defining the application id.
Note, "app-id" is deprecated and preserved only for backwards compatibility.
- branch (string)
The branch to use when exporting the application. If this is unset the defaults come from the default-branch option.
This key overrides both the default-branch key, and the --default-branch commandline option. Unless you need a very specific branchname (like for a runtime or an extension) it is recommended to use the default-branch key instead, because you can then override the default using --default-branch when building for instance a test build.
- default-branch (string)
The default branch to use when exporting the application. Defaults to master.
This key can be overridden by the --default-branch commandline option.
- collection-id (string)
The collection ID of the repository, defaults to being unset. Setting a globally unique collection ID allows the apps in the repository to be shared over peer to peer systems without needing further configuration. If building in an existing repository, the collection ID must match the existing configured collection ID for that repository.
- extension-tag (string)
If building an extension, the tag for the extension point to use. Since flatpak 0.11.4 a runtime may define multiple locations for the same extension point with the intention that different branches for the extension are mounted at each location. When building an extension it is necessary to know what extension point to install the extension to. This option resolves any ambiguity in which extension point to choose. If not specified, the default choice is to install into either the only location for the extension point or into the location for the untagged extension point. If there are multiple locations for the same extension point defined with different tags then an error will occur.
- token-type (integer)
The type of token needed to install this commit. Setting this to a value greater than 0 implies that authentication will be needed to install the flatpak.
- runtime (string)
The name of the runtime that the application uses.
- runtime-version (string)
The version of the runtime that the application uses, defaults to master.
- sdk (string)
The name of the development runtime that the application builds with.
- var (string)
Initialize the (otherwise empty) writable /var in the build with a copy of this runtime.
- metadata (string)
Use this file as the base metadata file when finishing.
- command (string)
The filename or path to the main binary of the application. Note that this is really just a single file, not a commandline. If you want to pass arguments, install a shell script wrapper and use that as the command.
Also note that the command is used when the application is run via flatpak run, and does not affect what gets executed when the application is run in other ways, e.g. via the desktop file or D-Bus activation.
- build-runtime (boolean)
Build a new runtime instead of an application.
- build-extension (boolean)
Build an extension.
- separate-locales (boolean)
Separate out locale files and translations to an extension runtime. Defaults to true.
- id-platform (string)
When building a runtime sdk, also create a platform based on it with this id.
- metadata-platform (string)
The metadata file to use for the platform we create.
- writable-sdk (boolean)
If true, use a writable copy of the sdk for /usr. Defaults to true if build-runtime is specified.
- appstream-compose (boolean)
Run appstreamcli compose during cleanup phase. Defaults to true.
- sdk-extensions (array of strings)
Install these extra sdk extensions in /usr.
- platform-extensions (array of strings)
Install these extra sdk extensions when creating the platform.
- base (string)
Start with the files from the specified application. This can be used to create applications that extend another application.
- base-version (string)
Use this specific version of the application specified in base. If unspecified, this uses the value specified in branch
- base-extensions (array of strings)
Install these extra extensions from the base application when initializing the application directory.
- inherit-extensions (array of strings)
Inherit these extra extension points from the base application or sdk when finishing the build.
- inherit-sdk-extensions (array of strings)
Inherit these extra extension points from the base application or sdk when finishing the build, but do not inherit them into the platform.
- tags (array of strings)
Add these tags to the metadata file.
- build-options (object)
Object specifying the build environment. See below for details.
- modules (array of objects or strings)
An array of objects specifying the modules to be built in order. String members in the array are interpreted as the name of a separate json or yaml file that contains a module. See below for details.
- add-extensions (objects)
This is a dictionary of extension objects. The key is the name of the extension. See below for details.
- add-build-extensions (objects)
This is a dictionary of extension objects similar to add-extensions. The main difference is that the extensions are added early and are available for use during the build.
- cleanup (array of strings)
An array of file patterns that should be removed at the end. Patterns starting with / are taken to be full pathnames (without the /app prefix), otherwise they just match the basename.
- cleanup-commands (array of strings)
An array of commandlines that are run during the cleanup phase.
- cleanup-platform (array of strings)
Extra files to clean up in the platform.
- cleanup-platform-commands (array of strings)
An array of commandlines that are run during the cleanup phase of the platform.
- prepare-platform-commands (array of strings)
An array of commandlines that are run after importing the base platform, but before applying the new files from the sdk. This is a good place to e.g. delete things from the base that may conflict with the files added in the sdk.
- finish-args (array of strings)
An array of arguments passed to the flatpak build-finish command.
- rename-desktop-file (string)
Any desktop file with this name will be renamed to a name based on id during the cleanup phase. The appdata file launchable will be updated if needed.
- rename-appdata-file (string)
Any appdata (metainfo) file with this name will be renamed to a name based on id during the cleanup phase. The id in the file will be updated as needed and the subsequent provides. (since 1.4.1)
- rename-mime-file (string)
Any mimetypes file with this name will be renamed to a name based on id during the cleanup phase. (since 1.4.0)
- rename-icon (string)
Any icon with this name will be renamed to a name based on id during the cleanup phase. Note that this is the icon name, not the full filename, so it should not include a filename extension.
- rename-mime-icons (array of string)
Any mime icons with any of these names will be renamed to a name prefixed with id during the cleanup phase. Note that these are the icon names, not the full filenames, so they should not include a filename extension. (since 1.4.0)
- appdata-license (string)
Replace the appdata (metainfo) project_license field with this string. This is useful as the upstream license is typically only about the application itself, whereas the bundled app can contain other licenses too.
- copy-icon (boolean)
If rename-icon is set, keep a copy of the old icon file.
- desktop-file-name-prefix (string)
This string will be prefixed to the Name key in the main application desktop file.
- desktop-file-name-suffix (string)
This string will be suffixed to the Name key in the main application desktop file.
Build Options
Build options specify the build environment of a module, and can be specified globally as well as per-module. Options can also be specified on a per-architecture basis using the arch property.
These are the properties that are accepted:
- cflags (string)
This is set in the environment variable CFLAGS during the build. Multiple specifications of this (in e.g. per-arch area) are concatenated, separated by spaces.
- cflags-override (boolean)
If this is true, clear cflags from previous build options before adding it from these options.
- cppflags (string)
This is set in the environment variable CPPFLAGS during the build. Multiple specifications of this (in e.g. per-arch area) are concatenated, separated by spaces.
- cppflags-override (boolean)
If this is true, clear cppflags from previous build options before adding it from these options.
- cxxflags (string)
This is set in the environment variable CXXFLAGS during the build. Multiple specifications of this (in e.g. per-arch area) are concatenated, separated by spaces.
- cxxflags-override (boolean)
If this is true, clear cxxflags from previous build options before adding it from these options.
- ldflags (string)
This is set in the environment variable LDFLAGS during the build. Multiple specifications of this (in e.g. per-arch area) are concatenated, separated by spaces.
- ldflags-override (boolean)
If this is true, clear ldflags from previous build options before adding it from these options.
- prefix (string)
The build prefix for the modules (defaults to /app for applications and /usr for runtimes).
- libdir (string)
The build libdir for the modules (defaults to /app/lib for applications and /usr/lib for runtimes).
- append-path (string)
This will get appended to PATH in the build environment (with an leading colon if needed).
- prepend-path (string)
This will get prepended to PATH in the build environment (with an trailing colon if needed).
- append-ld-library-path (string)
This will get appended to LD_LIBRARY_PATH in the build environment (with an leading colon if needed).
- prepend-ld-library-path (string)
This will get prepended to LD_LIBRARY_PATH in the build environment (with an trailing colon if needed).
- append-pkg-config-path (string)
This will get appended to PKG_CONFIG_PATH in the build environment (with an leading colon if needed).
- prepend-pkg-config-path (string)
This will get prepended to PKG_CONFIG_PATH in the build environment (with an trailing colon if needed).
- env (object)
This is a dictionary defining environment variables to be set during the build. Elements in this override the properties that set the environment, like cflags and ldflags. Keys with a null value unset the corresponding variable.
- secret-env (array of strings)
This is a array defining which host environment variables is transfered to build-commands or post-install environment.
- build-args (array of strings)
This is an array containing extra options to pass to flatpak build.
- test-args (array of strings)
Similar to build-args but affects the tests, not the normal build.
- config-opts (array of strings)
This is an array containing extra options passed to the build system during configuration.
- secret-opts (array of strings)
This is an array of options that will be passed to configure, meant to be used to pass secrets through host environment variables. Put the option with an environment variables and will be resolved beforehand. '-DSECRET_ID=$CI_SECRET'
- make-args (array of strings)
An array of extra arguments that will be passed to make
- make-install-args (array of strings)
An array of extra arguments that will be passed to make install
- strip (boolean)
If this is true (the default is false) then all ELF files will be stripped after install.
- no-debuginfo (boolean)
By default (if strip is not true) flatpak-builder extracts all debug info in ELF files to a separate files and puts this in an extension. If you want to disable this, set no-debuginfo to true.
- no-debuginfo-compression (boolean)
By default when extracting debuginfo we compress the debug sections. If you want to disable this, set no-debuginfo-compression to true.
- arch (object)
This is a dictionary defining for each arch a separate build options object that override the main one.
Extension
Extension define extension points in the app/runtime that can be implemented by extensions, supplying extra files which are available during runtime..
These are the properties that are accepted:
directory (string)
The directory where the extension is mounted. If the extension point is for an application, this path is relative to /app, otherwise it is relative to /usr.
bundle (boolean)
If this is true, then the data created in the extension directory is omitted from the result, and instead packaged in a separate extension.
remove-after-build (boolean)
If this is true, the extension is removed during when finishing. This is only interesting for extensions in the add-build-extensions property.
Additionally the standard flatpak extension properties are supported, and put directly into the metadata file: autodelete, no-autodownload, subdirectories, add-ld-path, download-if, enable-if, autoprune-unless, merge-dirs, subdirectory-suffix, locale-subset, version, versions. See the flatpak metadata documentation for more information on these.
Module
Each module specifies a source that has to be separately built and installed. It contains the build options and a list of sources to download and extract before building.
Modules can be nested, in order to turn related modules on and off with a single key.
These are the properties that are accepted:
- name (string)
The name of the module, used in e.g. build logs. The name is also used for constructing filenames and commandline arguments, therefore using spaces or '/' in this string is a bad idea.
- disabled (boolean)
If true, skip this module
- sources (array of objects or strings)
An array of objects defining sources that will be downloaded and extracted in order. String members in the array are interpreted as the name of a separate json or yaml file that contains sources. See below for details.
- secret-env (array of strings)
An array defining which host environment variables is transfered to build-commands or post-install environment.
- config-opts (array of strings)
An array of options that will be passed to configure
- secret-opts (array of strings)
An array of options that will be passed to configure, meant to be used to pass secrets through host environment variables. Put the option with an environment variables and will be resolved beforehand. '-DSECRET_ID=$CI_SECRET'
- make-args (array of strings)
An array of arguments that will be passed to make
- make-install-args (array of strings)
An array of arguments that will be passed to make install
- rm-configure (boolean)
If true, remove the configure script before starting build
- no-autogen (boolean)
Ignore the existence of an autogen script
- no-parallel-make (boolean)
Don't call make with arguments to build in parallel
- install-rule (string)
Name of the rule passed to make for the install phase, default is install
- no-make-install (boolean)
Don't run the make install (or equivalent) stage
- no-python-timestamp-fix (boolean)
Don't fix up the *.py[oc] header timestamps for ostree use.
- cmake (boolean)
Use cmake instead of configure (deprecated: use buildsystem instead)
- buildsystem (string)
Build system to use: autotools, cmake, cmake-ninja, meson, simple, qmake
- builddir (boolean)
Use a build directory that is separate from the source directory
- subdir (string)
Build inside this subdirectory of the extracted sources
- build-options (object)
A build options object that can override global options
- build-commands (array of strings)
An array of commands to run during build (between make and make install if those are used). This is primarily useful when using the "simple" buildsystem. Each command is run in /bin/sh -c, so it can use standard POSIX shell syntax such as piping output. If any individual entry in the array fails, then the whole build process will fail, similar to commands in a make(1) recipe.
- post-install (array of strings)
An array of shell commands that are run after the install phase. Can for example clean up the install dir, or install extra files.
- cleanup (array of strings)
An array of file patterns that should be removed at the end. Patterns starting with / are taken to be full pathnames (without the /app prefix), otherwise they just match the basename. Note that any patterns will only match files installed by this module.
- ensure-writable (array of strings)
The way the builder works is that files in the install directory are hard-links to the cached files, so you're not allowed to modify them in-place. If you list a file in this then the hardlink will be broken and you can modify it. This is a workaround, ideally installing files should replace files, not modify existing ones.
- only-arches (array of strings)
If non-empty, only build the module on the arches listed.
- skip-arches (array of strings)
Don't build on any of the arches listed.
- cleanup-platform (array of strings)
Extra files to clean up in the platform.
- run-tests (boolean)
If true this will run the tests after installing.
- test-rule (string)
The target to build when running the tests. Defaults to "check" for make and "test" for ninja. Set to empty to disable.
- test-commands (array of strings)
Array of commands to run during the tests.
- modules (array of objects or strings)
An array of objects specifying nested modules to be built before this one. String members in the array are interpreted as names of a separate json or yaml file that contains a module.
Sources
These contain a pointer to the source that will be extracted into the source directory before the build starts. They can be of several types, distinguished by the type property.
Additionally, the sources list can contain a plain string, which is interpreted as the name of a separate json or yaml file that is read and inserted at this point. The file can contain a single source, or an array of sources.
All sources
only-arches (array of strings)
If non-empty, only build the module on the arches listed.
skip-arches (array of strings)
Don't build on any of the arches listed.
dest (string)
Directory inside the source dir where this source will be extracted.
- Archive sources (tar, zip)
type
"archive"
- path (string)
The path of the archive
- url (string)
The URL of a remote archive that will be downloaded. This overrides path if both are specified.
- mirror-urls (array of strings)
A list of alternative urls that are used if the main url fails.
- referer (string)
Sets the HTTP "Referer" header when downloading the archive.
- disable-http-decompression (boolean)
Disables decompression of downloads over HTTP for misconfigured servers.
- git-init (boolean)
Whether to initialise the repository as a git repository.
- archive-type (string)
The type of archive if it cannot be guessed from the path. Possible values are "rpm", "tar", "tar-gzip", "tar-compress", "tar-bzip2", "tar-lzip", "tar-lzma", "tar-lzop", "tar-xz", "tar-zst", "zip" and "7z".
- md5 (string)
The md5 checksum of the file, verified after download
Note that md5 is no longer considered a safe checksum, we recommend you use at least sha256.
- sha1 (string)
The sha1 checksum of the file, verified after download
Note that sha1 is no longer considered a safe checksum, we recommend you use at least sha256.
- sha256 (string)
The sha256 checksum of the file, verified after download
- sha512 (string)
The sha512 checksum of the file, verified after download
- strip-components (integer)
The number of initial pathname components to strip during extraction. Defaults to 1.
- dest-filename (string)
Filename to for the downloaded file, defaults to the basename of url.
- Git sources
type
"git"
- path (string)
The path to a local checkout of the git repository. Due to how git-clone works, this will be much faster than specifying a URL of file:///...
- url (string)
URL of the git repository. This overrides path if both are specified. When using git via SSH, the correct syntax is ssh://user@domain/path/to/repo.git.
- branch (string)
The branch to use from the git repository. As of 1.2.3 this will try to auto-detect the upstream default branch. Previously this defaulted to master.
- tag (string)
The tag to use from the git repository
- commit (string)
The commit to use from the git repository. If branch is also specified, then it is verified that the branch/tag is at this specific commit. This is a readable way to document that you're using a particular tag, but verify that it does not change.
- disable-fsckobjects (boolean)
Don't use transfer.fsckObjects=1 to mirror git repository. This may be needed for some (broken) repositories.
- disable-shallow-clone (boolean)
Don't optimize by making a shallow clone when downloading the git repo.
- disable-submodules (boolean)
Don't checkout the git submodules when cloning the repository.
- Bzr sources
type
"bzr"
url (string)
URL of the bzr repository
revision (string)
A specific revision to use in the branch
- Svn sources
type
"svn"
url (string)
URL of the svn repository, including branch/tag part
revision (string)
A specific revision number to use
- Directory sources
type
"dir"
path (string)
The path of a local directory whose content will be copied into the source dir. Note that directory sources don't currently support caching, so they will be rebuilt each time.
skip (array of strings)
Source files to ignore in the directory.
- File sources
type
"file"
- path (string)
The path of a local file that will be copied into the source dir
- url (string)
The URL of a remote file that will be downloaded and copied into the source dir. This overrides path if both are specified.
- mirror-urls (array of strings)
A list of alternative urls that are used if the main url fails.
- referer (string)
Sets the HTTP "Referer" header when downloading the file.
- disable-http-decompression (boolean)
Disables decompression of downloads over HTTP for misconfigured servers.
- md5 (string)
The md5 checksum of the file, verified after download. This is optional for local files.
Note that md5 is no longer considered a safe checksum, we recommend you use at least sha256.
- sha1 (string)
The sha1 checksum of the file, verified after download. This is optional for local files.
Note that sha1 is no longer considered a safe checksum, we recommend you use at least sha256.
- sha256 (string)
The sha256 checksum of the file, verified after download. This is optional for local files.
- sha512 (string)
The sha512 checksum of the file, verified after download. This is optional for local files.
- dest-filename (string)
Filename to use inside the source dir, default to the basename of path.
- Script sources
This is a way to create a shell (/bin/sh) script from an inline set of commands.
type
"script"
commands (array of strings)
An array of shell commands that will be put in a shellscript file
dest-filename (string)
Filename to use inside the source dir, default to autogen.sh.
- Inline data sources
This is a way to create a file with given contents.
type
"inline"
dest-filename (string)
Filename to use inside the source dir.
contents (string)
Text data that will be put in the file.
base64 (boolean)
Whether content is base64-encoded.
- Shell sources
This is a way to create/modify the sources by running shell commands.
type
"shell"
commands (array of strings)
An array of shell commands that will be run during source extraction
- Patch sources
type
"patch"
- path (string)
The path of a patch file that will be applied in the source dir
- paths (array of strings)
An list of paths to a patch files that will be applied in the source dir, in order
- strip-components (integer)
The value of the -p argument to patch, defaults to 1.
- use-git (boolean)
Whether to use "git apply" rather than "patch" to apply the patch, required when the patch file contains binary diffs.
- use-git-am (boolean)
Whether to use "git am" rather than "patch" to apply the patch, required when the patch file contains binary diffs. You cannot use this at the same time as use-git.
- options (array of strings)
Extra options to pass to the patch command.
- Extra data sources
type
"extra-data"
- filename (string)
The name to use for the downloaded extra data
- url (string)
The url to the extra data.
- sha256 (string)
The sha256 of the extra data.
- size (number)
The size of the extra data in bytes.
- installed-size (string)
The extra installed size this adds to the app (optional).
Build Environment
When building the application each command is run in a separate sandbox with access to only the things required for it. This section describes the details of the sandbox. Any options here can be overridden globally or per-module with the build-args option (although such manifest will not work if you start flatpak-builder with --sandbox).
Filesystem
Each module is built in its own build directory, stored in a sub directory called build/$modulename-$count in the state dir (which is typically .flatpak-builder/). Additionally there is a symlink build/$modulename to the latest version. In order to generate reproducible builds this directory is also mounted as /run/build/$modulename in the sandbox (or /run/build-runtime/$modulename when building runtimes). This is used as current working directory for all build ops.
The destination directory for installation is accessible for writing at the place it will seen at runtime. In the case of a regular application this will be /app. If building a runtime it will instead be /usr, and when building an extension it will be at the extensionpoint directory somewhere below /app (for app extension) or /usr (for runtime extensions).
Additionally the there will be (as needed, depending on what is building) read-only mounts of the sdk at /usr, sdk extensions below that, and the application at /app. No other filesystem access is available.
Environment
The environment can be modified in several ways in the manifest, but the default values are:
- FLATPAK_ID
The id of the application currently building.
- FLATPAK_ARCH
The architecture currently building.
- FLATPAK_DEST
The path to where the current build should install into. This is /app for application builds.
- FLATPAK_BUILDER_N_JOBS
The number of jobs that flatpak-builder would normally use for make -j. Defaults to ncpus unless the module disabled parallel make.
- FLATPAK_BUILDER_BUILDDIR
The path to the build directory of the module currently building. This is normally /run/build/$MODULE.
PATH
/app/bin:/usr/bin
LD_LIBRARY_PATH
/app/lib
PKG_CONFIG_PATH
/app/lib/pkgconfig:/app/share/pkgconfig:/usr/lib/pkgconfig:/usr/share/pkgconfig
ACLOCAL_PATH
/app/share/aclocal
C_INCLUDE_PATH
/app/include
CPLUS_INCLUDE_PATH
/app/include
LDFLAGS
-L/app/lib
- LC_ALL
en_US.utf8
Permissions
Builds have the --allow=devel and --allow=multiarch permissions that regular flatpak runs don't have by default. This limits the syscall filtering that is normally done so development tools like debuggers work. Otherwise the build sandbox is very limited, for example there is no network access.
Examples
$ flatpak-builder my-app-dir manifest.json
Example manifest file:
{ "id": "org.test.TestApp", "runtime": "org.freedesktop.Platform", "runtime-version": "1.2", "sdk": "org.freedesktop.Sdk", "command": "test", "clean": [ "/include", "*.la" ], "build-options" : { "cflags": "-O2 -g", "cxxflags": "-O2 -g", "env": { "V": "1" }, "arch": { "x86_64": { "cflags": "-O3 -g", } } }, "modules": [ { "name": "pygobject", "config-opts": [ "--disable-introspection" ], "sources": [ { "type": "archive", "url": "http://ftp.gnome.org/pub/GNOME/sources/pygobject/2.28/pygobject-2.28.6.tar.xz", "sha256": "fb8a1d4f665130a125011659bd347c7339c944232163dbb9a34fd0686577adb8" }, { "type": "patch", "path": "required-pygobject-fix.patch" }, { "type": "file", "path": "pygobject-extra-file", "dest-filename": "extra-file" } ] }, { "name": "babl", "build-options" : { "cxxflags": "-O2 -g -std=c++11" }, "cleanup": [ "/bin" ], "sources": [ { "type": "git", "url": "https://gitlab.gnome.org/GNOME/babl.git" } ] }, { "name": "testapp", "sources": [ { "type": "bzr", "url": "lp:testapp" } ] } ] }