[arch-general] Announcing pacpak

Sun Jul 10 09:05:16 UTC 2016

Hello,

A specter is haunting the GNU/Linux ecosystem: the specter of per-user
containerization. Software like Flatpak and Snappy promise fully
sandboxed GNU/Linux application bundles (instead of merely launching an
application with fewer privileges but without hiding the operating
system, like Bubblewrap or Firejail do). Bundles ship with the version
of their dependencies which they need. Dependencies are not
force-upgraded with the operating system, but easily upgradable by the
bundle creator. The same files in different bundles and versions are
deduplicated to save space. Applications can be containerized once for
all modern GNU/Linux operating systems. Unlike Docker, Flatpak works
without root privileges.

Flatpak allows you to run, say, a sandboxed and containerized copy of
LibreOffice where opening an infected file can only cause harm to what
the sandbox has access to, but not compromise the integrity of the
system as a whole. Untrustworthy games can be isolated and run without
fear of a system compromise. More generally, most GUI applications
should probably be installed to and run from a Flatpak sandbox.

This has major implications for traditional package managers. Pacman
would be demoted to providing the base system on top of which Flatpak
bundles downloaded from elsewhere are run (e.g. from gnome.org or from
reallytheofficialwebsiteoflibreofficeipromise.com).

However, I would prefer having a unified pacman-like interface for
installing containerized and non-containerized applications. I believe a
PKGBUILD is a good way to specify how to build an application for
Flatpak as well. I do not want to lose the many packages from Arch and
derivative distributions.

tl;dr:
Therefore I started writing a tool called pacpak which uses pacman to
populate Flatpak application bundles. Its interface is meant to be
similar to pacman’s. For example, in order to install gedit into a
Flatpak application using a bundle of the gnome packages as a runtime,
you install pacpak from the AUR and use:

 $ pacpak -S Base xterm

You can run the resulting application like this:

 $ flatpak run $(hostname).app.xterm

pacpak is still in its early alpha stages. I do not currently have the
time to devote more than a day per week to its development. However, I’d
like some feedback on the basic idea.

I am also looking for a home for the project in the longer term, since I
do not currently like to administer a bug tracker on my own rented
server and dislike centralizing all free software development on GitHub
or Sourceforge (I’d rather administer my own then). This will only be
helpful once all the basic features are implemented of course. I would
be glad if pacpak or a similar tool eventually becomes an official Arch
project.

Let me conclude by thanking those who develop Flatpak, those who package
and maintain Flatpak for Arch and all the other Arch and free software
developers we rely on.

Regards,
Florian Pelz