Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Introducing the Red Hat Flatpak runtime for desktop containers

August 12, 2020
otaylor
Related topics:
ContainersLinuxOpen source
Related products:
Red Hat OpenShift Container Platform

Share:

    For many years, application developers who wanted to create desktop applications for Linux had to build their applications not just for a particular Linux operating system, but for a particular version of that operating system. Whether it was on the server-side or the desktop, developers wanted to create applications that reliably worked the same in development and production environments. They wanted to upgrade the production environment without having to rebuild and revalidate every running application.

    Containers solved these requirements for server-side applications, but not for the desktop. That's why we need Flatpak, a container system just for desktop applications. In this article, I offer an overview of Flatpak, its integration with Red Hat Enterprise Linux (RHEL) 8.2, and what developers can expect from the new Red Hat Enterprise Linux Flatpak runtime.

    Note: Red Hat is including Flatpak runtime and software development kit (SDK) images with Red Hat Enterprise Linux 8.2. Integrating a Flatpak runtime will allow application developers to build containerized desktop applications on top of Red Hat Enterprise Linux.

    Flatpak: A dedicated desktop container system

    Flatpak, which had its first stable release in August 2018, applies the same ideas and Linux kernel technology found in server-side containers to the desktop. Once a desktop application is packaged as a container image for use with Flatpak, which we call simply a Flatpak, it can be reliably used across different operating systems and versions. The user doesn't have to worry that differences in dependencies will cause the application to misbehave or stop working.

    As a dedicated system for desktop containers, Flatpak enables transparent and reliable integration with the desktop user interface (UI). A wide range of integration just works—from launching applications to allowing applications access to the window system to accessing the user's files. Flatpak also introduces portals, which offer the application a safe way to access host services from within its sandbox. Portals make the user's decisions part of the user interaction. Whereas a traditional system might ask at installation time if an application should be allowed to print, with portals, the user simply accepts or cancels when shown a print dialog.

    Flatpak runtimes

    As with server-side containers, Flatpak isolates applications from the operating system. Each application uses its own libraries, not the operating system's libraries. Having a separate copy of all libraries for each desktop application would be prohibitive, however, so multiple applications can share a Flatpak runtime. A runtime is a filesystem image with system-level libraries and other files. As shown in Figure 1, a system can contain a variety of runtimes, with each being used by multiple applications.

    A diagram of a Linux operating system containing multiple Flatpak runtimes.
    Figure 1. A Linux operating system can contain multiple runtimes.

    In addition to saving space, another big advantage of the runtime separation is handling security updates. If there is a security bug in a system library, we only need to update the runtime, and don't need to rebuild every application. A runtime can't possibly include every library that any application would want to use, so libraries can also be bundled with the application. An application typically uses a mix of libraries from the runtime and bundled libraries.

    Why we need a Red Hat runtime

    Presently, many existing applications use the Freedesktop Runtime, which provides a core set of libraries. Other applications use the GNOME and KDE runtimes, which add additional libraries specific to those Linux environments.

    The Freedesktop Runtime is actively maintained—in particular, Codethink contributes considerable effort to keep it up to date. But each major version of the Freedesktop runtime is only supported for a limited period. When you reach that limit, you have to port your applications to a new version. Many application developers would like to have a runtime that is updated for a longer period of time. Enterprise users would also like to know that they can get support for the combination of the host system and the runtime.

    For these reasons, Red Hat's Red Hat Enterprise Linux team has decided to release Red Hat Enterprise Linux (RHEL) 8.2 with a Flatpak runtime built from RHEL packages. This runtime follows the Red Hat Enterprise Linux lifecycle. We intend to continue providing security fixes for 10 years from RHEL 8's May 2019 release date.

    In the near future, we will be distributing the runtime and SDK under terms similar to the Red Hat Universal Base Images (UBI). These terms allow developers to create applications that work with many Linux distributions. Users won't need to have a Red Hat Enterprise Linux subscription. Support will be available as long as the runtime is running on a Red Hat Enterprise Linux host.

    Distributing Flatpaks and runtimes

    Flatpak doesn't require all Flatpaks to come from a single, central store. Instead, a system can have any number of configured remotes, which serve as sources of Flatpaks. A user browsing Flatpaks via the flatpak command-line tool (CLI) or with GNOME Software will see Flatpaks from all of the configured remotes.

    Currently, there are two types of Flatpak remotes. Originally, Flatpaks were distributed from an OStree repository. OStree is a Git-like system for managing binary operating system trees. It is used for operating systems like Fedora CoreOS, Fedora Silverblue, and Endless OS. You can export an OStree repository over HTTPS for remote download.

    More recently, Flatpak gained support for downloading Flatpaks as container images from a container registry. The container images can be Open Container Initiative (OCI) container images, or they can be traditional Docker images. Having support for both formats allows using a wide range of container registries. For example, the Red Hat Container Catalog currently distributes Flatpaks as Docker images.

    A graphical software installer like GNOME Software needs information like descriptions and icons. With the Docker and OCI registry protocols, there's no way to collect this required information for all of the images. Therefore, it's necessary to provide a separate JSON index to the Flatpaks on the registry. Work is underway to add Flatpak indexing support to Quay.io. This service will provide application developers with a convenient way to distribute their work.

    Installing the Red Hat Enterprise Linux Flatpak runtime

    Download the RHEL Flatpak repository file to add the repository to your system. On a recent RHEL or Fedora system, GNOME Software should offer to add the repository to the system. You can also use the command-line to add the repository:

    $ flatpak remote-add rhel https://flatpaks.redhat.io/rhel.flatpakrepo
    

    Next, provide the credentials for your Red Hat Enterprise Linux account:

    $ podman login registry.redhat.io
    enter your username and password
    

    Note: If you don't have a Red Hat subscription, and you want to use the runtime for development purposes, then you can register for a free developer subscription.

    Podman only saves credentials until the user logs out. If you want to save your credentials permanently, enter:

    $ cp $XDG_RUNTIME_DIR/containers/auth.json $HOME/.config/flatpak/oci-auth.json
    

    If you want to enable the RHEL Flatpak remote for a set of workstations within an organization, you should use a Registry Service Account. You can install credentials for such an account systemwide at /etc/flatpak/oci-auth.json.

    Now install the Flatpak runtime:

    $ flatpak install rhel com.redhat.Platform
    

    The RHEL Flatpak remote will also contain applications in the future. These applications will appear in GNOME Software for browsing and installation together with applications from other Flatpak remotes.

    Creating application images

    Creating an application involves creating an application image that, at runtime, will be mounted at /app. The application image goes along with the runtime image, which is mounted at /usr. There are various ways to create these images. For example, Fedora creates Flatpaks out of Red Hat Package Managers (RPMs). RPMs are rebuilt and installed into a container image within Fedora's container build system. However, the most typical way to create a Flatpak is to use the flatpak-builder tool.

    Using flatpak-builder

    Developers use the flatpak-builder tool together with an SDK image to build application code along with any required libraries. As a developer, you would create a JSON or YAML manifest that lists the sources to build and install flatpak-builder. Then, flatpak-builder would build the source code inside an isolated Flatpak runtime environment. Instead of mounting a normal runtime at /usr, the SDK is mounted instead. The SDK is an extended runtime that contains compilers and other tools necessary to build applications. Each runtime has an accompanying SDK. To build an application for the org.freedesktop.Platform runtime, for instance, you would use the org.freedesktop.Sdk SDK. To build an application for the com.redhat.Platform runtime, you would use the com.redhat.Sdk SDK.

    We intend the scope of the RHEL Flatpak SDK to be similar to that of the Freedesktop SDK. This allows developers to easily migrate applications built for the Freedesktop runtime to the RHEL runtime. Almost all the build tools and libraries in the Freedesktop SDK are also available in the RHEL Flatpak SDK.

    Building a sample application

    As a simple example, we will create a Flatpak of the GHex hex editor. This example is based on github.com/flathub/org.gnome.GHex, but adapted to use the RHEL Flatpak Runtime.

    To start, create a directory named org.gnome.GHex. Inside the directory, create a file named org.gnome.GHex.yaml:

    app-id: org.gnome.GHex
    runtime: com.redhat.Platform
    runtime-version: el8
    sdk: com.redhat.Sdk
    command: ghex
    finish-args:
        # X11 + XShm
        - --share=ipc
        - --socket=x11
        # Wayland
        - --socket=wayland
        # Filesystem
        - --filesystem=host
    modules:
      - name: ghex
        buildsystem: meson
        sources:
         - type: git
           url: https://gitlab.gnome.org/GNOME/ghex.git
           tag: 3.18.4
           commit: 228094e8d203ab62e49c33df2734fc9628c74775
    

    Install the SDK image:

    $ flatpak install rhel com.redhat.Sdk
    

    Build the application:

    $ flatpak-builder --repo=repo build-dir org.gnome.GHex.yaml
    

    Install the resulting application:

    $ flatpak --user remote-add --no-gpg-verify ghex-el8-repo repo
    $ flatpak --user install ghex-el8-repo org.gnome.GHex
    

    And now run it:

    $ flatpak run org.gnome.GHex
    

    Conclusion

    Flatpak allows application developers to package their application in a way that can be used across Linux operating systems and operating system versions. By using the Flatpak runtime and SDK included with Red Hat Enterprise Linux 8.2, developers can build such applications on top of a familiar platform and take advantage of the Red Hat Enterprise Linux lifecycle. Users who need a stable and supported environment get this from the combination of the runtime with a Red Hat Enterprise Linux host.

    For more detail about creating a build manifest for your application, see the Flatpak documentation on building. Also, see Bringing OCI images to the desktop with Flatpak, which describes how Flatpaks work with the OCI images and registries.

    Last updated: February 11, 2024

    Recent Posts

    • AI meets containers: My first step into Podman AI Lab

    • Live migrating VMs with OpenShift Virtualization

    • Storage considerations for OpenShift Virtualization

    • Upgrade from OpenShift Service Mesh 2.6 to 3.0 with Kiali

    • EE Builder with Ansible Automation Platform on OpenShift

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue