flatpak-metadata man page
flatpak-metadata — Information about an application or runtime
Flatpak uses metadata files to describe applications and runtimes. The metadata file for a deployed application or runtime is placed in the toplevel deploy directory. For example, the metadata for the locally installed application org.gnome.Calculator is in ~/.local/share/flatpak/app/org.gnome.Calculator/current/active/metadata.
Most aspects of the metadata configuration can be overridden when launching applications, either temporarily via options of the flatpak run command, or permanently with the flatpak override command.
A metadata file describing the effective configuration is available inside the running sandbox at /.flatpak-info. For compatibility with older Flatpak versions, /run/user/$UID/flatpak-info is a symbolic link to the same file.
The metadata file is using the same .ini file format that is used for systemd unit files or application .desktop files.
[Application] or [Runtime]
Metadata for applications starts with an [Application] group, metadata for runtimes with a [Runtime] group.
The following keys can be present in these groups:
- name (string)
The name of the application or runtime. This key is mandatory.
- runtime (string)
The fully qualified name of the runtime that is used by the application. This key is mandatory for applications.
- sdk (string)
The fully qualified name of the sdk that matches the runtime. Available since 0.1.
- command (string)
The command to run. Only relevant for applications. Available since 0.1.
- required-flatpak (string)
The required version of Flatpak to run this application or runtime. For applications, this was available since 0.8.0. For runtimes, this was available since 0.9.1, and backported to 0.8.3 for the 0.8.x branch.
- tags (string list)
Tags to include in AppStream XML. Available since 0.4.12.
This group determines various system resources that may be shared with the application when it is run in a flatpak sandbox.
All keys in this group (and the group itself) are optional.
- shared (list)
List of subsystems to share with the host system. Possible subsystems: network, ipc. Available since 0.3.
- sockets (list)
List of well-known sockets to make available in the sandbox. Possible sockets: x11, wayland, pulseaudio, session-bus, system-bus. When making a socket available, flatpak also sets well-known environment variables like DISPLAY or DBUS_SYSTEM_BUS_ADDRESS to let the application find sockets that are not in a fixed location. Available since 0.3.
- devices (list)
List of devices to make available in the sandbox. Possible values:
Graphics direct rendering (/dev/dri). Available since 0.3.
Virtualization (/dev/kvm). Available since 0.6.12.
All device nodes in /dev. Available since 0.6.6.
- filesystems (list)
List of filesystem subsets to make available to the application. Possible values:
The entire home directory. Available since 0.3.
The entire host file system, except for directories that are handled specially by Flatpak. In particular, this shares /home, /media, /opt, /run/media and /srv if they exist.
/dev is not shared: use devices=all; instead.
Parts of /sys are always shared. This option does not make additional files in /sys available.
These other reserved directories are currently excluded: /app, /bin, /boot, /etc, /lib, /lib32, /lib64, /proc, /root, /run, /sbin, /tmp, /usr, /var.
Available since 0.3.
- xdg-desktop, xdg-documents, xdg-download, xdg-music, xdg-pictures, xdg-public-share, xdg-videos, xdg-templates
freedesktop.org special directories. Available since 0.3.
- xdg-desktop/path, xdg-documents/path, etc.
Subdirectories of freedesktop.org special directories. Available since 0.4.13.
- xdg-cache, xdg-config, xdg-data
Directories defined by the freedesktop.org Base Directory Specification. Available since 0.6.14.
- xdg-cache/path, xdg-config/path, xdg-data/path
Subdirectories of directories defined by the freedesktop.org Base Directory Specification. Available since 0.6.14.
Subdirectories of the XDG_RUNTIME_DIR defined by the freedesktop.org Base Directory Specification. Note that xdg-run on its own is not supported. Available since 0.4.13.
An arbitrary absolute path. Available since 0.3.
An arbitrary path relative to the home directory. Available since 0.3.
One of the above followed by :ro
Make the given directory available read-only.
One of the above followed by :rw
Make the given directory available read/write. This is the default.
One of the above followed by :create
Make the given directory available read/write, and create it if it does not already exist.
- persistent (list)
List of homedir-relative paths to make available at the corresponding path in the per-application home directory, allowing the locations to be used for persistent data when the application does not have access to the real homedir. For instance making ".myapp" persistent would make "~/.myapp" in the sandbox a bind mount to "~/.var/app/org.my.App/.myapp", thus allowing an unmodified application to save data in the per-application location. Available since 0.3.
- features (list)
List of features available or unavailable to the application, currently from the following list:
Allow system calls used by development-oriented tools such as perf, strace and gdb. Available since 0.6.10.
Allow running multilib/multiarch binaries, for example i386 binaries in an x86_64 environment. Available since 0.6.12.
A feature can be prefixed with ! to indicate the absence of that feature, for example !devel if development and debugging are not allowed.
This group only appears in /.flatpak-info for a running app, and not in the metadata files written by application authors. It is filled in by Flatpak itself.
- app-path (string)
The absolute path on the host system of the app's app files, as mounted at /app inside the container. Available since 0.6.10.
- branch (string)
The branch of the app, for example stable. Available since 0.6.10.
- flatpak-version (string)
The version number of the Flatpak version that ran this app. Available since 0.6.11.
- runtime-path (string)
The absolute path on the host system of the app's runtime files, as mounted at /usr inside the container. Available since 0.6.10.
- session-bus-proxy (boolean)
True if this app cannot access the D-Bus session bus directly (either it goes via a proxy, or it cannot access the session bus at all). Available since 0.8.0.
- system-bus-proxy (boolean)
True if this app cannot access the D-Bus system bus directly (either it goes via a proxy, or it cannot access the system bus at all). Available since 0.8.0.
[Session Bus Policy]
If the sockets key is not allowing full access to the D-Bus session bus, then flatpak provides filtered access.
The default policy for the session bus only allows the application to own its own application ID and subnames. For instance if the app is called "org.my.App", it can only own "org.my.App" and "org.my.App.*". Its also only allowed to talk to the bus itself (org.freedesktop.DBus) and the portal APIs APIs (bus names of the form org.freedesktop.portal.*).
Additionally the app is always allowed to reply to messages sent to it, and emit broadcast signals (but these will not reach other sandboxed apps unless they are allowed to talk to your app.
If the [Session Bus Policy] group is present, it provides policy for session bus access.
Each key in this group has the form of a D-Bus bus name or prefix thereof, for example org.gnome.SessionManager or org.freedesktop.portal.*
The possible values for entry are, in increasing order or access:
The bus name or names in question is invisible to the application. Available since 0.2.
The bus name or names can be enumerated by the application. Available since 0.2.
The application can send messages/ and receive replies and signals from the bus name or names. Available since 0.2.
The application can own the bus name or names (as well as all the above). Available since 0.2.
[System Bus Policy]
If the sockets key is not allowing full access to the D-Bus system bus, then flatpak does not make the system bus available unless the [System Bus Policy] group is present and provides a policy for filtered access. Available since 0.2.
Entries in this group have the same form as for the [Session Bus Policy] group. However, the app has no permissions by default.
The [Environment] group specifies environment variables to set when running the application. Available since 0.3.
Entries in this group have the form VAR=VALUE where VAR is the name of an environment variable to set.
Runtimes and applications can define extension points, which allow optional, additional runtimes to be mounted at a specified location inside the sandbox when they are present on the system. Typical uses for extension points include translations for applications, or debuginfo for sdks. The name of the extension point is specified as part of the group heading.
- directory (string)
The relative path at which the extension will be mounted in the sandbox. If the extension point is for an application, the path is relative to /app, otherwise it is relative to /usr. This key is mandatory. Available since 0.1.
- version (string)
The branch to use when looking for the extension. If this is not specified, it defaults to the branch of the application or runtime that the extension point is for. Available since 0.4.1.
- versions (string)
The branches to use when looking for the extension. If this is not specified, it defaults to the branch of the application or runtime that the extension point is for. Available since 0.9.1, and backported to the 0.8.x branch in 0.8.4.
- add-ld-path (string)
A path relative to the extension point directory that will be appended to LD_LIBRARY_PATH. Available since 0.9.1, and backported to the 0.8.x branch in 0.8.3.
- merge-dirs (string)
A list of relative paths of directories below the extension point directory that will be merged. Available since 0.9.1, and backported to the 0.8.x branch in 0.8.3.
- download-if (string)
A condition that must be true for the extension to be auto-downloaded. The only currently recognized value is active-gl-driver, which is true if the name of the active GL driver matches the extension point basename. Available since 0.9.1, and backported to the 0.8.x branch in 0.8.3.
- enable-if (string)
A condition that must be true for the extension to be enabled. The only currently recognized value is active-gl-driver, which is true if the name of the active GL driver matches the extension point basename. Available since 0.9.1, and backported to the 0.8.x branch in 0.8.3.
- subdirectory-suffix (string)
A suffix that gets appended to the directory name. This is very useful when the extension point naming scheme is "reversed". For example, an extension point for GTK+ themes would be /usr/share/themes/$NAME/gtk-3.0, which could be achieved using subdirectory-suffix=gtk-3.0. Available since 0.9.1, and backported to the 0.8.x branch in 0.8.3.
- subdirectories (boolean)
If this key is set to true, then flatpak will look for extensions whose name is a prefix of the extension point name, and mount them at the corresponding name below the subdirectory. Available since 0.1.
- no-autodownload (boolean)
Whether to automatically download extensions matching this extension point when updating or installing a 'related' application or runtime. Available since 0.6.7.
- locale-subset (boolean)
If set, then the extensions are partially downloaded by default, based on the currently configured locales. This means that the extension contents should be a set of directories with the language code as name. Available since 0.9.13 (and 0.6.6 for any extensions called *.Locale)
- autodelete (boolean)
Whether to automatically delete extensions matching this extension point when deleting a 'related' application or runtime. Available since 0.6.7.
This optional group may be present if the runtime is an extension.
The ref of the runtime or application that this extension belongs to. Available since 0.9.1.
The priority to give this extension when looking for the best match. Default is 0. Available since 0.9.1, and backported to the 0.8.x branch in 0.8.3.
This optional group may be present if the runtime or application uses extra data that gets downloaded separately. The data in this group gets merged into the repository summary, with the xa.extra-data-sources key.
If multiple extra data sources are present, their uri, size and checksum keys are grouped together by using the same suffix. If only one extra data source is present, the suffix can be omitted.
- NoRuntime (boolean)
Whether to mount the runtime while running the /app/bin/apply_extra script. Defaults to true, i.e. not mounting the runtime. Available since 0.9.1, and backported to the 0.8.x branch in 0.8.4.
- uriX (string)
The uri for extra data source X. The only supported uri schemes are http and https. Available since 0.6.13.
- sizeX (integer)
The size for extra data source X. Available since 0.6.13.
- checksumX (string)
The sha256 sum for extra data source X. Available since 0.6.13.
Subsystems can define their own policies to be placed in a group whose name has this form. Their values are treated as lists, in which items can have their meaning negated by prepending ! to the value. They are not otherwise parsed by Flatpak. Available since 0.6.13.
[Application] name=org.gnome.Calculator runtime=org.gnome.Platform/x86_64/3.20 sdk=org.gnome.Sdk/x86_64/3.20 command=gnome-calculator [Context] shared=network;ipc; sockets=x11;wayland; filesystems=xdg-run/dconf;~/.config/dconf:ro; [Session Bus Policy] ca.desrt.dconf=talk [Environment] DCONF_USER_CONFIG_DIR=.config/dconf [Extension org.gnome.Calculator.Locale] directory=share/runtime/locale subdirectories=true [Extension org.gnome.Calculator.Debug] directory=lib/debug
flatpak(1), flatpak-run(1), flatpak-override(1)
freedesktop.org special directories
freedesktop.org Base Directory Specification