FlatPak as a Software Source / flathub as a source of software

We aren’t relying on flatpak’s sandbox so this is a moot point, but still interesting to follow.

EDIT:

TL;DR Summary of the post is: “it’s bad, but not that bad and they’re working on it.”

2 Likes

Unfortunately any flatpak package manager capabilities are overshadowed by any flatpak sandbox capabilities.

In comparison, APT does not attempt to sandbox any packages it installed. Hence, a lot less negative press about it.

Actually I might be better if flatpak and the sandbox would be separate projects so one project doesn’t inherit the reputation by the other.

1 Like

But it pass TUF which flatpak fail as well to (fully) pass it. So not only sandboxing issue but as well on package level issues.

Not quite. Debian APT issues… SecureApt/TufDerivedImprovements - Debian Wiki

  1. Known issues
  2. Indefinite freeze and replay attacks
  3. Repository impersonation
  4. Key rotation issues
1 Like

Similar argument to…

Refactoring default installed packages…

Should flatpak be installed by default on Whonix-Gateway? Usefulness? Some future hypothetical situation where flatpak might be useful to get a newer Tor version?

flatpak has quite some more dependencies than extrepo.

sudo apt install flatpak
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
The following additional packages will be installed:
fuse gnome-desktop3-data libappstream-glib8 libavahi-glib1 libgnome-desktop-3-19 libmalcontent-0-0 libostree-1-1 libpipewire-0.3-0 libpipewire-0.3-modules libspa-0.2-modules libstemmer0d
libxkbregistry0 p11-kit p11-kit-modules pipewire pipewire-bin xdg-desktop-portal xdg-desktop-portal-gtk
Suggested packages:
avahi-daemon malcontent-gui accountsservice evince
The following NEW packages will be installed:
flatpak fuse gnome-desktop3-data libappstream-glib8 libavahi-glib1 libgnome-desktop-3-19 libmalcontent-0-0 libostree-1-1 libpipewire-0.3-0 libpipewire-0.3-modules libspa-0.2-modules
libstemmer0d libxkbregistry0 p11-kit p11-kit-modules pipewire pipewire-bin xdg-desktop-portal xdg-desktop-portal-gtk
0 upgraded, 19 newly installed, 0 to remove and 1 not upgraded.
Need to get 3,438 kB/4,721 kB of archives.
After this operation, 23.5 MB of additional disk space will be used.
Do you want to continue? [Y/n]


sudo apt install –no-install-recommends flatpak
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
The following additional packages will be installed:
libappstream-glib8 libavahi-glib1 libmalcontent-0-0 libostree-1-1 libstemmer0d
Suggested packages:
avahi-daemon malcontent-gui
Recommended packages:
p11-kit xdg-desktop-portal xdg-desktop-portal-gtk | xdg-desktop-portal-backend
The following NEW packages will be installed:
flatpak libappstream-glib8 libavahi-glib1 libmalcontent-0-0 libostree-1-1 libstemmer0d
0 upgraded, 6 newly installed, 0 to remove and 1 not upgraded.
Need to get 642 kB/1,925 kB of archives.
After this operation, 9,062 kB of additional disk space will be used.
Do you want to continue? [Y/n]

I didn’t check yet which of the Recommends: would be actually be useful but useful for me without already.

Seems like overkill. No need to consider it unless Tor or its pluggable transports are not (easily) obtainable through any other means. Has to be officially distributed in this channel to even be considered, which isn’t the case AFAIK.

1 Like

Possible long-term flatpak solution (particularly for Qubes-Whonix) based on 400 lines of code.

If you like it, it could be built and added as a default package in Whonix-WS in Whonix?

The steps below are functional, but you might have a cleaner method of doing it.

Tested to work with Signal Desktop as an example in anon-whonix-signal.

1. Clone anon-whonix to anon-whonix-flatpak.

2. Open a terminal in anon-whonix-flatpak.

3. Get the code.

sudo apt install git
git clone GitHub - micahflee/qube-apps: Install, run, and update apps without root and only in your home directory
cd flatpak-apps

4. Install Debian dependencies (fakeroot and build-essential are also required to build correctly in Whonix).

sudo apt-get install -y python3-setuptools python3-stdeb dh-python flatpak python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets fakeroot build-essential

5. Build the package.

./build_deb.sh

6. Create a whonix-ws-16 clone called whonix-ws-16-flatpak

7. Copy the deb_dist folder (maybe only .deb required?) to whonix-ws-16-flatpak Template

Open Thunar file manager and navigate to the directory /home/user/flatpak-apps
Right-click on deb_dist folder
Select Copy to VM and select the destination as whonix-ws-16-flatpak

8. Install Qube Apps in the whonix-ws-16-flatpak Template

cd QubesIncoming/anon-whonix-flatpak/deb_dist
sudo apt install ./qube-apps_0.1.0-1_all.deb

9. Create a special anon-whonix App Qube for desired application. In this example let’s create anon-whonix-signal-desktop.

Make sure the whonix-ws-16-flatpak template is used when creating the App Qube and has all the other normal settings i.e. sys-whonix as NetVM.

Also increase the VM disk size to ~10GB so it doesn’t run out of space when later downloading applications with flatpak.

10. Launch anon-whonix-signal-desktop.

11. Add Qube Apps application to the App Qube menu under Qubes Settings → Applications, then launch it.

12. Search for “Signal”.

Click install “Signal Desktop” once it appears.

13. Once it has finished downloading, click “Run”.

After shutting down the App Qube, Signal can be easily run again or updated via this utility (or removed if necessary).

This means all that is now required for future flatpak apps is:

  1. Creating a new App Qube based on whonix-ws-16-flatpak template
  2. Running Qubes Apps
  3. Searching for the desired application
  4. Clicking “Install”, then clicking “Run” once it has finished.

A lot easier than constantly stuffing around with flatpak manually, although obviously the flatpak application is in the App Qube, not the Template itself.

Overall, this package if pre-built and released as part of the Whonix build would be very useful IMO. :slight_smile:

Thanks Micah!

1 Like

That’s more a feature request for Qubes, not (Qubes-)Whonix.

This is a GUI for flatpak? What’s the Qubes specific part? Perhaps it should even be contributed to flatpak instead?

Meanwhile as the companion blog post that you linked points out, this is already possible from the command line by using flatpak with --user. Then flatpak installs applications inside the user’s home folder. This is persistent among reboots in App Qubes as well.

1 Like

Yes, GUI for flatpak.

Good point - should be made a Qubes package that is available across all distros. It would address a few things:

  • bad usability at present for flatpak: users shouldn’t be required to rely on the terminal when possible. Annoying, painful, and easy to make mistakes.
  • anyone complaining that XYZ version doesn’t work/doesn’t have the latest features can simply run Qube Apps, search for the package, install it in their home user directory in a cloned App Qube. Very simple.
  • avoids manual update checks compared to when flatpak is installed on the command line i.e. they just click a button - “Check for updates” occasionally.

Whonix’s greatest weakness is poor usability & complex instructions for various tasks. If this can be avoided in certain cases - like this - then it should be embraced.

I’d create a Qubes ticket for it, but I don’t really play over there.

1 Like

Now documented:
Flatpak Sandbox Security

2 Likes

https://ludocode.com/blog/flatpak-is-not-the-future

“install KCalc from Flathub. You’re looking at a nearly 900 MB download to get your first runtime. For a calculator. Note that the app package itself is only 4.4 MB. The rest is all redundant libraries that are already on my system.”

not just the package size issue, the issue of package upgrade which will almost always will download about 500+ MB

2 Likes

You have it wrong, Flatpak shares runtimes between apps meaning it de-duplicates libraries and saves space in the process compared to Ubuntu snap. Sure it may initially grab a large number of libs to bootstrap the environment, but afterwards it doesn;t increase much with every new app downloaded.

https://blogs.gnome.org/wjjt/2021/11/24/on-flatpak-disk-usage-and-deduplication/

1 Like

But these libraries gonna be upgraded and also these upgrades gonna be 500 to 1 GB+ space (i have already posted the complains about that in reddit link)

And according to the link you have posted he said:

If Kcalc is the only Flatpak you have installed, sure, not great, but that’s an artificial degenerate case. If you have most of your apps installed with Flatpak, the numbers are very different.

mean either go full dependent on flatpak or not.

practical test: (qubes-debian new standalone or template need to have their storage increased as default cannot handle these sizes)

user@host:~$ flatpak --user install flathub
Looking for matches…
Found similar ref(s) for ‘flathub’ in remote ‘flathub’ (user).
Use this remote? [Y/n]: y
Found ref ‘app/org.flathub.flatpak-external-data-checker/x86_64/stable’ in remote ‘flathub’ (user).
Use this ref? [Y/n]: y
Required runtime for org.flathub.flatpak-external-data-checker/x86_64/stable (runtime/org.freedesktop.Sdk/x86_64/21.08) found in remote flathub
Do you want to install it? [Y/n]: y
        ID                                                    Branch      Op      Remote       Download
 1. [ ] org.flathub.flatpak_external_data_checker.Locale      stable      i       flathub         4.6 kB / 1.7 MB
 2. [ ] org.freedesktop.Platform.GL.default                   21.08       i       flathub       130.9 MB / 131.2 MB
 3. [ ] org.freedesktop.Platform.openh264                     2.0         i       flathub         1.5 MB / 1.5 MB
 4. [ ] org.freedesktop.Sdk.Locale                            21.08       i       flathub        17.7 kB / 330.6 MB
 5. [✗] org.freedesktop.Sdk                                   21.08       i       flathub       340.1 MB / 471.7 MB
 6. [ ] org.flathub.flatpak-external-data-checker             stable      i       flathub      < 11.2 MB

~ 1GB

user@host:~$ flatpak --user install chromium
Looking for matches…
Found similar ref(s) for ‘chromium’ in remote ‘flathub’ (user).
Use this remote? [Y/n]: y
Similar refs found for ‘chromium’ in remote ‘flathub’ (user):

   1) app/net.sourceforge.chromium-bsu/x86_64/stable
   2) runtime/com.github.Eloston.UngoogledChromium.Codecs/x86_64/stable
   3) runtime/org.chromium.Chromium.Codecs/x86_64/stable
   4) app/org.chromium.Chromium/x86_64/stable
   5) app/com.github.Eloston.UngoogledChromium/x86_64/stable

Which do you want to use (0 to abort)? [0-5]: 4
Required runtime for org.chromium.Chromium/x86_64/stable (runtime/org.freedesktop.Platform/x86_64/21.08) found in remote flathub
Do you want to install it? [Y/n]: y

org.chromium.Chromium permissions:
    ipc                       network                     cups                            pulseaudio
    wayland                   x11                         devices                         file access [1]
    dbus access [2]           bus ownership [3]           system dbus access [4]

    [1] /run/.heim_org.h5l.kcm-socket, home
    [2] com.canonical.AppMenu.Registrar, org.freedesktop.FileManager1, org.freedesktop.Notifications,
        org.freedesktop.secrets, org.gnome.SessionManager, org.kde.kwalletd5
    [3] org.mpris.MediaPlayer2.chromium.*
    [4] org.freedesktop.Avahi, org.freedesktop.UPower


        ID                                        Branch          Op          Remote           Download
 1.     org.chromium.Chromium.Codecs              stable          i           flathub            < 1.1 MB
 2.     org.chromium.Chromium.Locale              stable          i           flathub          < 112.8 kB (partial)
 3.     org.freedesktop.Platform.Locale           21.08           i           flathub          < 325.7 MB (partial)
 4.     org.freedesktop.Platform                  21.08           i           flathub          < 199.6 MB
 5.     org.chromium.Chromium                     stable          i           flathub          < 117.9 MB

Proceed with these changes to the user installation? [Y/n]:

704 MB

user@host:~$ flatpak --user install kcalc
Looking for matches…
Found similar ref(s) for ‘kcalc’ in remote ‘flathub’ (user).
Use this remote? [Y/n]: y
Found ref ‘app/org.kde.kcalc/x86_64/stable’ in remote ‘flathub’ (user).
Use this ref? [Y/n]: y
Required runtime for org.kde.kcalc/x86_64/stable (runtime/org.kde.Platform/x86_64/5.15-21.08) found in remote flathub
Do you want to install it? [Y/n]: y

org.kde.kcalc permissions:
    ipc      wayland      x11      dri     file access [1]     dbus access [2]

    [1] xdg-config/kdeglobals:ro
    [2] com.canonical.AppMenu.Registrar


        ID                                Branch               Op          Remote           Download
 1. [✓] org.kde.KStyle.Adwaita            5.15-21.08           i           flathub            6.7 MB / 6.7 MB
 2. [✓] org.kde.Platform.Locale           5.15-21.08           i           flathub           17.8 kB / 344.2 MB
 3. [✓] org.kde.Platform                  5.15-21.08           i           flathub          169.5 MB / 304.4 MB
 4. [✓] org.kde.kcalc.Locale              stable               i           flathub            5.6 kB / 427.1 kB
 5. [✓] org.kde.kcalc                     stable               i           flathub            4.2 MB / 4.4 MB

Installation complete.

650MB

Each of these numbers are similar to downloading fully debian CD version.

comparing this to native installation from debian repo:

user@host:~$ sudo apt install chromium kcalc 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  chromium-common chromium-sandbox cups-pk-helper fonts-liberation gir1.2-atk-1.0 gir1.2-freedesktop
  gir1.2-gdkpixbuf-2.0 gir1.2-gtk-3.0 gir1.2-harfbuzz-0.0 gir1.2-notify-0.7 gir1.2-packagekitglib-1.0
  gir1.2-pango-1.0 gir1.2-polkit-1.0 gir1.2-secret-1 kwayland-data kwayland-integration liba52-0.7.4 libaa1
  libaacs0 libappstream4 libaribb24-0 libass9 libatomic1 libavc1394-0 libavformat58 libbdplus0 libbluray2 libcaca0
  libcddb2 libchromaprint1 libcurl3-gnutls libdbusmenu-qt5-2 libdc1394-25 libdca0 libdouble-conversion3 libdvbpsi10
  libdvdnav4 libdvdread8 libdw1 libebml5 libevdev2 libfaad2 libfam0 libgles2 libgme0 libgpm2 libgstreamer1.0-0
  libimobiledevice6 libinput-bin libinput10 libixml10 libjansson4 libjsoncpp24 libkate1 libkf5archive5
  libkf5attica5 libkf5auth-data libkf5authcore5 libkf5codecs-data libkf5codecs5 libkf5config-bin libkf5config-data
  libkf5configcore5 libkf5configgui5 libkf5configwidgets-data libkf5configwidgets5 libkf5coreaddons-data
  libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-bin libkf5dbusaddons-data libkf5dbusaddons5 libkf5globalaccel-bin
  libkf5globalaccel-data libkf5globalaccel5 libkf5globalaccelprivate5 libkf5guiaddons5 libkf5i18n-data libkf5i18n5
  libkf5iconthemes-bin libkf5iconthemes-data libkf5iconthemes5 libkf5idletime5 libkf5itemviews-data
  libkf5itemviews5 libkf5notifications-data libkf5notifications5 libkf5waylandclient5 libkf5widgetsaddons-data
  libkf5widgetsaddons5 libkf5windowsystem-data libkf5windowsystem5 libkf5xmlgui-bin libkf5xmlgui-data libkf5xmlgui5
  libldb2 liblirc-client0 liblmdb0 liblua5.2-0 libmad0 libmatroska7 libmd4c0 libminizip1 libmpcdec6 libmpeg2-4
  libmpg123-0 libmtdev1 libmtp-common libmtp-runtime libmtp9 libmysofa1 libnfs13 libnghttp2-14 libnorm1 libnspr4
  libnss3 libopenmpt-modplug1 libopenmpt0 libpackagekit-glib2-18 libpangoxft-1.0-0 libpcre2-16-0 libpgm-5.3-0
  libphonon4qt5-4 libphonon4qt5-data libplacebo72 libplist3 libpolkit-qt5-1-1 libpostproc55 libprotobuf-lite23
  libproxy-tools libpulse-mainloop-glib0 libpython3.9 libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5
  libqt5printsupport5 libqt5qml5 libqt5qmlmodels5 libqt5quick5 libqt5svg5 libqt5texttospeech5 libqt5waylandclient5
  libqt5waylandcompositor5 libqt5widgets5 libqt5x11extras5 libqt5xml5 librabbitmq4 libraw1394-11 libre2-9
  libresid-builder0c2a librtmp1 libsdl-image1.2 libsdl1.2debian libsecret-1-0 libsecret-common libshout3
  libsidplay2 libsmbclient libsndio7.0 libsodium23 libspatialaudio0 libspeechd2 libsrt1.4-gnutls libssh-gcrypt-4
  libssh2-1 libswscale5 libtag1v5 libtag1v5-vanilla libtalloc2 libtevent0 libu2f-udev libudfread0 libupnp13
  libupower-glib3 libusb-1.0-0 libusbmuxd6 libva-wayland2 libvlc-bin libvlc5 libvlccore9 libvorbisfile3
  libwacom-bin libwacom-common libwacom2 libwbclient0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1
  libxcb-render-util0 libxcb-res0 libxcb-shape0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0
  libxkbcommon-x11-0 libxslt1.1 libxss1 libxv1 libxxf86dga1 libzmq5 notification-daemon packagekit packagekit-tools
  phonon4qt5 phonon4qt5-backend-vlc python3-cairo python3-certifi python3-chardet python3-cups python3-cupshelpers
  python3-idna python3-ldb python3-requests python3-smbc python3-talloc python3-urllib3 qt5-gtk-platformtheme
  qtspeech5-speechd-plugin qttranslations5-l10n qtwayland5 samba-libs system-config-printer
  system-config-printer-common system-config-printer-udev upower usbmuxd vlc-data vlc-plugin-base
  vlc-plugin-video-output x11-utils
Suggested packages:
  chromium-l10n chromium-shell chromium-driver libbluray-bdj libdvdcss2 fam gpm gstreamer1.0-tools libusbmuxd-tools
  lirc qt5-image-formats-plugins qt5-qmltooling-plugins libraw1394-doc sndiod appstream
  phonon4qt5-backend-gstreamer python3-cryptography python3-openssl python3-socks python-requests-doc
  gnome-software mesa-utils
The following NEW packages will be installed:
  chromium chromium-common chromium-sandbox cups-pk-helper fonts-liberation gir1.2-atk-1.0 gir1.2-freedesktop
  gir1.2-gdkpixbuf-2.0 gir1.2-gtk-3.0 gir1.2-harfbuzz-0.0 gir1.2-notify-0.7 gir1.2-packagekitglib-1.0
  gir1.2-pango-1.0 gir1.2-polkit-1.0 gir1.2-secret-1 kcalc kwayland-data kwayland-integration liba52-0.7.4 libaa1
  libaacs0 libappstream4 libaribb24-0 libass9 libatomic1 libavc1394-0 libavformat58 libbdplus0 libbluray2 libcaca0
  libcddb2 libchromaprint1 libcurl3-gnutls libdbusmenu-qt5-2 libdc1394-25 libdca0 libdouble-conversion3 libdvbpsi10
  libdvdnav4 libdvdread8 libdw1 libebml5 libevdev2 libfaad2 libfam0 libgles2 libgme0 libgpm2 libgstreamer1.0-0
  libimobiledevice6 libinput-bin libinput10 libixml10 libjansson4 libjsoncpp24 libkate1 libkf5archive5
  libkf5attica5 libkf5auth-data libkf5authcore5 libkf5codecs-data libkf5codecs5 libkf5config-bin libkf5config-data
  libkf5configcore5 libkf5configgui5 libkf5configwidgets-data libkf5configwidgets5 libkf5coreaddons-data
  libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-bin libkf5dbusaddons-data libkf5dbusaddons5 libkf5globalaccel-bin
  libkf5globalaccel-data libkf5globalaccel5 libkf5globalaccelprivate5 libkf5guiaddons5 libkf5i18n-data libkf5i18n5
  libkf5iconthemes-bin libkf5iconthemes-data libkf5iconthemes5 libkf5idletime5 libkf5itemviews-data
  libkf5itemviews5 libkf5notifications-data libkf5notifications5 libkf5waylandclient5 libkf5widgetsaddons-data
  libkf5widgetsaddons5 libkf5windowsystem-data libkf5windowsystem5 libkf5xmlgui-bin libkf5xmlgui-data libkf5xmlgui5
  libldb2 liblirc-client0 liblmdb0 liblua5.2-0 libmad0 libmatroska7 libmd4c0 libminizip1 libmpcdec6 libmpeg2-4
  libmpg123-0 libmtdev1 libmtp-common libmtp-runtime libmtp9 libmysofa1 libnfs13 libnghttp2-14 libnorm1 libnspr4
  libnss3 libopenmpt-modplug1 libopenmpt0 libpackagekit-glib2-18 libpangoxft-1.0-0 libpcre2-16-0 libpgm-5.3-0
  libphonon4qt5-4 libphonon4qt5-data libplacebo72 libplist3 libpolkit-qt5-1-1 libpostproc55 libprotobuf-lite23
  libproxy-tools libpulse-mainloop-glib0 libpython3.9 libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5
  libqt5printsupport5 libqt5qml5 libqt5qmlmodels5 libqt5quick5 libqt5svg5 libqt5texttospeech5 libqt5waylandclient5
  libqt5waylandcompositor5 libqt5widgets5 libqt5x11extras5 libqt5xml5 librabbitmq4 libraw1394-11 libre2-9
  libresid-builder0c2a librtmp1 libsdl-image1.2 libsdl1.2debian libsecret-1-0 libsecret-common libshout3
  libsidplay2 libsmbclient libsndio7.0 libsodium23 libspatialaudio0 libspeechd2 libsrt1.4-gnutls libssh-gcrypt-4
  libssh2-1 libswscale5 libtag1v5 libtag1v5-vanilla libtalloc2 libtevent0 libu2f-udev libudfread0 libupnp13
  libupower-glib3 libusb-1.0-0 libusbmuxd6 libva-wayland2 libvlc-bin libvlc5 libvlccore9 libvorbisfile3
  libwacom-bin libwacom-common libwacom2 libwbclient0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1
  libxcb-render-util0 libxcb-res0 libxcb-shape0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0
  libxkbcommon-x11-0 libxslt1.1 libxss1 libxv1 libxxf86dga1 libzmq5 notification-daemon packagekit packagekit-tools
  phonon4qt5 phonon4qt5-backend-vlc python3-cairo python3-certifi python3-chardet python3-cups python3-cupshelpers
  python3-idna python3-ldb python3-requests python3-smbc python3-talloc python3-urllib3 qt5-gtk-platformtheme
  qtspeech5-speechd-plugin qttranslations5-l10n qtwayland5 samba-libs system-config-printer
  system-config-printer-common system-config-printer-udev upower usbmuxd vlc-data vlc-plugin-base
  vlc-plugin-video-output x11-utils
0 upgraded, 234 newly installed, 0 to remove and 0 not upgraded.
Need to get 117 MB of archives.
After this operation, 430 MB of additional disk space will be used.
Do you want to continue? [Y/n] 

combined 430MB

and with --no-install-recommends:

user@host:~$ sudo apt install --no-install-recommends chromium kcalc
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  chromium-common liba52-0.7.4 libaa1 libaribb24-0 libass9 libatomic1 libavc1394-0 libavformat58 libbluray2
  libcaca0 libcddb2 libchromaprint1 libdbusmenu-qt5-2 libdc1394-25 libdca0 libdouble-conversion3 libdvbpsi10
  libdvdnav4 libdvdread8 libebml5 libevdev2 libfaad2 libfam0 libgles2 libgme0 libgpm2 libinput-bin libinput10
  libixml10 libjsoncpp24 libkate1 libkf5archive5 libkf5attica5 libkf5auth-data libkf5authcore5 libkf5codecs-data
  libkf5codecs5 libkf5config-data libkf5configcore5 libkf5configgui5 libkf5configwidgets-data libkf5configwidgets5
  libkf5coreaddons-data libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-data libkf5dbusaddons5
  libkf5globalaccel-bin libkf5globalaccel-data libkf5globalaccel5 libkf5globalaccelprivate5 libkf5guiaddons5
  libkf5i18n-data libkf5i18n5 libkf5iconthemes-data libkf5iconthemes5 libkf5itemviews-data libkf5itemviews5
  libkf5notifications-data libkf5notifications5 libkf5widgetsaddons-data libkf5widgetsaddons5
  libkf5windowsystem-data libkf5windowsystem5 libkf5xmlgui-data libkf5xmlgui5 liblirc-client0 liblua5.2-0 libmad0
  libmatroska7 libmd4c0 libminizip1 libmpcdec6 libmpeg2-4 libmpg123-0 libmtdev1 libmtp-common libmtp9 libmysofa1
  libnfs13 libnorm1 libnspr4 libnss3 libopenmpt-modplug1 libopenmpt0 libpcre2-16-0 libpgm-5.3-0 libphonon4qt5-4
  libphonon4qt5-data libplacebo72 libpolkit-qt5-1-1 libpostproc55 libprotobuf-lite23 libpulse-mainloop-glib0
  libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5 libqt5printsupport5 libqt5qml5 libqt5svg5 libqt5texttospeech5
  libqt5waylandclient5 libqt5widgets5 libqt5x11extras5 libqt5xml5 librabbitmq4 libraw1394-11 libre2-9
  libresid-builder0c2a libsdl-image1.2 libsdl1.2debian libsecret-1-0 libsecret-common libshout3 libsidplay2
  libsndio7.0 libsodium23 libspatialaudio0 libsrt1.4-gnutls libssh-gcrypt-4 libssh2-1 libswscale5 libtag1v5
  libtag1v5-vanilla libudfread0 libupnp13 libusb-1.0-0 libva-wayland2 libvlc5 libvlccore9 libvorbisfile3
  libwacom-common libwacom2 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render-util0 libxcb-res0
  libxcb-shape0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxkbcommon-x11-0 libxslt1.1 libxv1
  libxxf86dga1 libzmq5 phonon4qt5 phonon4qt5-backend-vlc vlc-data vlc-plugin-base vlc-plugin-video-output x11-utils
Suggested packages:
  chromium-l10n chromium-shell chromium-driver libbluray-bdj libdvdcss2 fam gpm lirc qt5-image-formats-plugins
  qtwayland5 qt5-qmltooling-plugins libraw1394-doc sndiod phonon4qt5-backend-gstreamer mesa-utils
Recommended packages:
  chromium-sandbox upower libu2f-udev fonts-liberation notification-daemon system-config-printer libaacs0
  libkf5config-bin libkf5dbusaddons-bin libkf5iconthemes-bin kwayland-integration qtwayland5 libkf5xmlgui-bin
  libmtp-runtime qttranslations5-l10n qt5-gtk-platformtheme qtspeech5-speechd-plugin | qtspeech5-flite-plugin
  libvlc-bin libproxy-tools libwacom-bin
The following NEW packages will be installed:
  chromium chromium-common kcalc liba52-0.7.4 libaa1 libaribb24-0 libass9 libatomic1 libavc1394-0 libavformat58
  libbluray2 libcaca0 libcddb2 libchromaprint1 libdbusmenu-qt5-2 libdc1394-25 libdca0 libdouble-conversion3
  libdvbpsi10 libdvdnav4 libdvdread8 libebml5 libevdev2 libfaad2 libfam0 libgles2 libgme0 libgpm2 libinput-bin
  libinput10 libixml10 libjsoncpp24 libkate1 libkf5archive5 libkf5attica5 libkf5auth-data libkf5authcore5
  libkf5codecs-data libkf5codecs5 libkf5config-data libkf5configcore5 libkf5configgui5 libkf5configwidgets-data
  libkf5configwidgets5 libkf5coreaddons-data libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-data libkf5dbusaddons5
  libkf5globalaccel-bin libkf5globalaccel-data libkf5globalaccel5 libkf5globalaccelprivate5 libkf5guiaddons5
  libkf5i18n-data libkf5i18n5 libkf5iconthemes-data libkf5iconthemes5 libkf5itemviews-data libkf5itemviews5
  libkf5notifications-data libkf5notifications5 libkf5widgetsaddons-data libkf5widgetsaddons5
  libkf5windowsystem-data libkf5windowsystem5 libkf5xmlgui-data libkf5xmlgui5 liblirc-client0 liblua5.2-0 libmad0
  libmatroska7 libmd4c0 libminizip1 libmpcdec6 libmpeg2-4 libmpg123-0 libmtdev1 libmtp-common libmtp9 libmysofa1
  libnfs13 libnorm1 libnspr4 libnss3 libopenmpt-modplug1 libopenmpt0 libpcre2-16-0 libpgm-5.3-0 libphonon4qt5-4
  libphonon4qt5-data libplacebo72 libpolkit-qt5-1-1 libpostproc55 libprotobuf-lite23 libpulse-mainloop-glib0
  libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5 libqt5printsupport5 libqt5qml5 libqt5svg5 libqt5texttospeech5
  libqt5waylandclient5 libqt5widgets5 libqt5x11extras5 libqt5xml5 librabbitmq4 libraw1394-11 libre2-9
  libresid-builder0c2a libsdl-image1.2 libsdl1.2debian libsecret-1-0 libsecret-common libshout3 libsidplay2
  libsndio7.0 libsodium23 libspatialaudio0 libsrt1.4-gnutls libssh-gcrypt-4 libssh2-1 libswscale5 libtag1v5
  libtag1v5-vanilla libudfread0 libupnp13 libusb-1.0-0 libva-wayland2 libvlc5 libvlccore9 libvorbisfile3
  libwacom-common libwacom2 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render-util0 libxcb-res0
  libxcb-shape0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxkbcommon-x11-0 libxslt1.1 libxv1
  libxxf86dga1 libzmq5 phonon4qt5 phonon4qt5-backend-vlc vlc-data vlc-plugin-base vlc-plugin-video-output x11-utils
0 upgraded, 157 newly installed, 0 to remove and 0 not upgraded.
Need to get 95.2 MB of archives.
After this operation, 341 MB of additional disk space will be used.
Do you want to continue? [Y/n]

combined 341MB…

Don’t these updates replace the current code instead of taking up additional space? Have you tried testing it to see if more space is needed after the initial disk expansion is done?

Thats true, actually im addressing 2 issues:

  • First installation of anything = size issue for the storage (we can say as well bandwidth issue)
  • Upgrading anything = bandwidth issue (since its over Tor, Upgrading 500MB or so is not easy task)

So what you have said is true that upgrades wont consume further storage but it will need efficient bandwidth speed to have that upgrade (or installing new fresh software).

1 Like

Should we enable the flathub.org repository by default? In other words…

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Any reason to not apply this command by default in Kicksecure / Whonix?

1 Like

I’d say any secure software acquisition mechanism that is more
practical to use than backports is a plus to include. With that said, I
think it is important to document the security limitations of its
sandboxing including our discussion links with upstream (circling back
to my original post here) so users understand the full picture and make
informed decisions accordingly.

1 Like

on flathub security: