The launch of the new version of flat pack 1.14, which provides a system for creating self-contained packages that are not tied to specific Linux distributions and run in a special container that isolates the application from the rest of the system.
For those unfamiliar with Flatpak, you should know that this makes it possible for application developers to simplify the distribution of their programs that are not included in the regular distribution repositories by preparing a universal container without creating separate builds for each distribution.
For security-conscious users, Flatpak allows a questionable application to run in a container, giving access only to network functions and user files associated with the application. For users interested in what's new, Flatpak allows them to install the latest test and stable versions of applications without having to make changes to the system.
The key difference between Flatpak and Snap is that Snap uses the main system environment components and isolation based on system call filtering, while Flatpak creates a separate system container and operates with large runtime assemblies, providing typical packages instead of packages as dependencies.
Main new features of Flatpak 1.14
In this new version of Flatpak 1.14 that is presented, it is highlighted that fixed a vulnerability in libostree which could allow a user to delete arbitrary files on the system by manipulating the flatpak-system-helper driver (by sending a delete request with a specially formatted branch name). The issue only occurs in older versions of Flatpak and libostree released before 2018 (< 0.10.2) and does not affect current versions.
Added conditional checks of the form "have-kernel-module-name" to determine the presence of kernel modules (a universal analogue of the previously proposed check have-intel-gpu, instead of the expression "have-kernel-module-i915 " can now be used).
Added support for "DeploySideloadCollectionID" parameter to flatpakref and flatpakrepo files, when set, the collection ID will be set during the remote repository addition, and not after the metadata is loaded.
Another novelty that stands out is that nowa it is possible to be able to create nested sandbox environments for drivers in sessions with separate names MPRIS (Media Player Remote Interface Specification).
Of the other changes that stand out from the new version:
- Implemented “flatpak document-unexport –doc-id=…” command.
- Provided export of Appstream metadata for use in the main environment.
- Added flatpak command completion rules for Fish Shell
- Allowed network access to X11 and PulseAudio services (if appropriate configurations are added).
- The main branch in the Git repository has been renamed from "master" to "main", as the word "master" has been considered politically incorrect lately.
- Command line utilities display information about the use of deprecated runtime extensions.
- The uninstall command implements a confirmation prompt before removing the runtime or runtime extensions that are still in use.
- Overwriting of startup scripts in case of changing the application name is provided.
- Added “–include-sdk” and “–include-debug” options to install command to install SDK and debuginfo files.
- Created a directory for files in the state (.local/state) and set the XDG_STATE_HOME environment variable to point to this directory.
- Added support for the “–socket=gpg-agent” option to commands like “flatpak run”.
Finally, if you are interested in knowing more about it, you can check the details In the following link.
For those interested in trying out the new version now, you should know that support is provided for running Flatpak packages for Arch Linux, CentOS, Debian, Fedora, Gentoo, Mageia, Linux Mint, Alt Linux, and Ubuntu. Packages with Flatpak are included in the Fedora repository and are maintained in the native GNOME Application Manager.