We aren’t relying on flatpak’s sandbox so this is a moot point, but still interesting to follow.
EDIT:
TL;DR Summary of the post is: “it’s bad, but not that bad and they’re working on it.”
We aren’t relying on flatpak’s sandbox so this is a moot point, but still interesting to follow.
EDIT:
TL;DR Summary of the post is: “it’s bad, but not that bad and they’re working on it.”
Unfortunately any flatpak package manager capabilities are overshadowed by any flatpak sandbox capabilities.
In comparison, APT does not attempt to sandbox any packages it installed. Hence, a lot less negative press about it.
Actually I might be better if flatpak and the sandbox would be separate projects so one project doesn’t inherit the reputation by the other.
But it pass TUF which flatpak fail as well to (fully) pass it. So not only sandboxing issue but as well on package level issues.
Similar argument to…
Refactoring default installed packages…
Should flatpak be installed by default on Whonix-Gateway? Usefulness? Some future hypothetical situation where flatpak might be useful to get a newer Tor version?
flatpak has quite some more dependencies than extrepo.
sudo apt install flatpak
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
The following additional packages will be installed:
fuse gnome-desktop3-data libappstream-glib8 libavahi-glib1 libgnome-desktop-3-19 libmalcontent-0-0 libostree-1-1 libpipewire-0.3-0 libpipewire-0.3-modules libspa-0.2-modules libstemmer0d
libxkbregistry0 p11-kit p11-kit-modules pipewire pipewire-bin xdg-desktop-portal xdg-desktop-portal-gtk
Suggested packages:
avahi-daemon malcontent-gui accountsservice evince
The following NEW packages will be installed:
flatpak fuse gnome-desktop3-data libappstream-glib8 libavahi-glib1 libgnome-desktop-3-19 libmalcontent-0-0 libostree-1-1 libpipewire-0.3-0 libpipewire-0.3-modules libspa-0.2-modules
libstemmer0d libxkbregistry0 p11-kit p11-kit-modules pipewire pipewire-bin xdg-desktop-portal xdg-desktop-portal-gtk
0 upgraded, 19 newly installed, 0 to remove and 1 not upgraded.
Need to get 3,438 kB/4,721 kB of archives.
After this operation, 23.5 MB of additional disk space will be used.
Do you want to continue? [Y/n]
sudo apt install –no-install-recommends flatpak
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
The following additional packages will be installed:
libappstream-glib8 libavahi-glib1 libmalcontent-0-0 libostree-1-1 libstemmer0d
Suggested packages:
avahi-daemon malcontent-gui
Recommended packages:
p11-kit xdg-desktop-portal xdg-desktop-portal-gtk | xdg-desktop-portal-backend
The following NEW packages will be installed:
flatpak libappstream-glib8 libavahi-glib1 libmalcontent-0-0 libostree-1-1 libstemmer0d
0 upgraded, 6 newly installed, 0 to remove and 1 not upgraded.
Need to get 642 kB/1,925 kB of archives.
After this operation, 9,062 kB of additional disk space will be used.
Do you want to continue? [Y/n]
I didn’t check yet which of the Recommends:
would be actually be useful but useful for me without already.
Seems like overkill. No need to consider it unless Tor or its pluggable transports are not (easily) obtainable through any other means. Has to be officially distributed in this channel to even be considered, which isn’t the case AFAIK.
Possible long-term flatpak solution (particularly for Qubes-Whonix) based on 400 lines of code.
If you like it, it could be built and added as a default package in Whonix-WS in Whonix?
The steps below are functional, but you might have a cleaner method of doing it.
Tested to work with Signal Desktop as an example in anon-whonix-signal
.
1. Clone anon-whonix
to anon-whonix-flatpak
.
2. Open a terminal in anon-whonix-flatpak
.
3. Get the code.
sudo apt install git
git clone GitHub - micahflee/qube-apps: Install, run, and update apps without root and only in your home directory
cd flatpak-apps
4. Install Debian dependencies (fakeroot and build-essential are also required to build correctly in Whonix).
sudo apt-get install -y python3-setuptools python3-stdeb dh-python flatpak python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets fakeroot build-essential
5. Build the package.
./build_deb.sh
6. Create a whonix-ws-16
clone called whonix-ws-16-flatpak
7. Copy the deb_dist folder (maybe only .deb required?) to whonix-ws-16-flatpak
Template
Open Thunar file manager and navigate to the directory /home/user/flatpak-apps
Right-click on deb_dist folder
Select Copy to VM and select the destination as whonix-ws-16-flatpak
8. Install Qube Apps in the whonix-ws-16-flatpak
Template
cd QubesIncoming/anon-whonix-flatpak/deb_dist
sudo apt install ./qube-apps_0.1.0-1_all.deb
9. Create a special anon-whonix App Qube for desired application. In this example let’s create anon-whonix-signal-desktop
.
Make sure the whonix-ws-16-flatpak
template is used when creating the App Qube and has all the other normal settings i.e. sys-whonix as NetVM.
Also increase the VM disk size to ~10GB so it doesn’t run out of space when later downloading applications with flatpak.
10. Launch anon-whonix-signal-desktop
.
11. Add Qube Apps application to the App Qube menu under Qubes Settings → Applications, then launch it.
12. Search for “Signal”.
Click install “Signal Desktop” once it appears.
13. Once it has finished downloading, click “Run”.
After shutting down the App Qube, Signal can be easily run again or updated via this utility (or removed if necessary).
This means all that is now required for future flatpak apps is:
whonix-ws-16-flatpak
templateA lot easier than constantly stuffing around with flatpak manually, although obviously the flatpak application is in the App Qube, not the Template itself.
Overall, this package if pre-built and released as part of the Whonix build would be very useful IMO.
Thanks Micah!
That’s more a feature request for Qubes, not (Qubes-)Whonix.
This is a GUI for flatpak? What’s the Qubes specific part? Perhaps it should even be contributed to flatpak instead?
Meanwhile as the companion blog post that you linked points out, this is already possible from the command line by using flatpak with --user
. Then flatpak installs applications inside the user’s home folder. This is persistent among reboots in App Qubes as well.
Yes, GUI for flatpak.
Good point - should be made a Qubes package that is available across all distros. It would address a few things:
Whonix’s greatest weakness is poor usability & complex instructions for various tasks. If this can be avoided in certain cases - like this - then it should be embraced.
I’d create a Qubes ticket for it, but I don’t really play over there.
https://ludocode.com/blog/flatpak-is-not-the-future
“install KCalc from Flathub. You’re looking at a nearly 900 MB download to get your first runtime. For a calculator. Note that the app package itself is only 4.4 MB. The rest is all redundant libraries that are already on my system.”
not just the package size issue, the issue of package upgrade which will almost always will download about 500+ MB
You have it wrong, Flatpak shares runtimes between apps meaning it de-duplicates libraries and saves space in the process compared to Ubuntu snap. Sure it may initially grab a large number of libs to bootstrap the environment, but afterwards it doesn;t increase much with every new app downloaded.
https://blogs.gnome.org/wjjt/2021/11/24/on-flatpak-disk-usage-and-deduplication/
But these libraries gonna be upgraded and also these upgrades gonna be 500 to 1 GB+ space (i have already posted the complains about that in reddit link)
And according to the link you have posted he said:
If Kcalc is the only Flatpak you have installed, sure, not great, but that’s an artificial degenerate case. If you have most of your apps installed with Flatpak, the numbers are very different.
mean either go full dependent on flatpak or not.
practical test: (qubes-debian new standalone or template need to have their storage increased as default cannot handle these sizes)
user@host:~$ flatpak --user install flathub
Looking for matches…
Found similar ref(s) for ‘flathub’ in remote ‘flathub’ (user).
Use this remote? [Y/n]: y
Found ref ‘app/org.flathub.flatpak-external-data-checker/x86_64/stable’ in remote ‘flathub’ (user).
Use this ref? [Y/n]: y
Required runtime for org.flathub.flatpak-external-data-checker/x86_64/stable (runtime/org.freedesktop.Sdk/x86_64/21.08) found in remote flathub
Do you want to install it? [Y/n]: y
ID Branch Op Remote Download
1. [ ] org.flathub.flatpak_external_data_checker.Locale stable i flathub 4.6 kB / 1.7 MB
2. [ ] org.freedesktop.Platform.GL.default 21.08 i flathub 130.9 MB / 131.2 MB
3. [ ] org.freedesktop.Platform.openh264 2.0 i flathub 1.5 MB / 1.5 MB
4. [ ] org.freedesktop.Sdk.Locale 21.08 i flathub 17.7 kB / 330.6 MB
5. [✗] org.freedesktop.Sdk 21.08 i flathub 340.1 MB / 471.7 MB
6. [ ] org.flathub.flatpak-external-data-checker stable i flathub < 11.2 MB
~ 1GB
user@host:~$ flatpak --user install chromium
Looking for matches…
Found similar ref(s) for ‘chromium’ in remote ‘flathub’ (user).
Use this remote? [Y/n]: y
Similar refs found for ‘chromium’ in remote ‘flathub’ (user):
1) app/net.sourceforge.chromium-bsu/x86_64/stable
2) runtime/com.github.Eloston.UngoogledChromium.Codecs/x86_64/stable
3) runtime/org.chromium.Chromium.Codecs/x86_64/stable
4) app/org.chromium.Chromium/x86_64/stable
5) app/com.github.Eloston.UngoogledChromium/x86_64/stable
Which do you want to use (0 to abort)? [0-5]: 4
Required runtime for org.chromium.Chromium/x86_64/stable (runtime/org.freedesktop.Platform/x86_64/21.08) found in remote flathub
Do you want to install it? [Y/n]: y
org.chromium.Chromium permissions:
ipc network cups pulseaudio
wayland x11 devices file access [1]
dbus access [2] bus ownership [3] system dbus access [4]
[1] /run/.heim_org.h5l.kcm-socket, home
[2] com.canonical.AppMenu.Registrar, org.freedesktop.FileManager1, org.freedesktop.Notifications,
org.freedesktop.secrets, org.gnome.SessionManager, org.kde.kwalletd5
[3] org.mpris.MediaPlayer2.chromium.*
[4] org.freedesktop.Avahi, org.freedesktop.UPower
ID Branch Op Remote Download
1. org.chromium.Chromium.Codecs stable i flathub < 1.1 MB
2. org.chromium.Chromium.Locale stable i flathub < 112.8 kB (partial)
3. org.freedesktop.Platform.Locale 21.08 i flathub < 325.7 MB (partial)
4. org.freedesktop.Platform 21.08 i flathub < 199.6 MB
5. org.chromium.Chromium stable i flathub < 117.9 MB
Proceed with these changes to the user installation? [Y/n]:
704 MB
user@host:~$ flatpak --user install kcalc
Looking for matches…
Found similar ref(s) for ‘kcalc’ in remote ‘flathub’ (user).
Use this remote? [Y/n]: y
Found ref ‘app/org.kde.kcalc/x86_64/stable’ in remote ‘flathub’ (user).
Use this ref? [Y/n]: y
Required runtime for org.kde.kcalc/x86_64/stable (runtime/org.kde.Platform/x86_64/5.15-21.08) found in remote flathub
Do you want to install it? [Y/n]: y
org.kde.kcalc permissions:
ipc wayland x11 dri file access [1] dbus access [2]
[1] xdg-config/kdeglobals:ro
[2] com.canonical.AppMenu.Registrar
ID Branch Op Remote Download
1. [✓] org.kde.KStyle.Adwaita 5.15-21.08 i flathub 6.7 MB / 6.7 MB
2. [✓] org.kde.Platform.Locale 5.15-21.08 i flathub 17.8 kB / 344.2 MB
3. [✓] org.kde.Platform 5.15-21.08 i flathub 169.5 MB / 304.4 MB
4. [✓] org.kde.kcalc.Locale stable i flathub 5.6 kB / 427.1 kB
5. [✓] org.kde.kcalc stable i flathub 4.2 MB / 4.4 MB
Installation complete.
650MB
Each of these numbers are similar to downloading fully debian CD version.
comparing this to native installation from debian repo:
user@host:~$ sudo apt install chromium kcalc
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
chromium-common chromium-sandbox cups-pk-helper fonts-liberation gir1.2-atk-1.0 gir1.2-freedesktop
gir1.2-gdkpixbuf-2.0 gir1.2-gtk-3.0 gir1.2-harfbuzz-0.0 gir1.2-notify-0.7 gir1.2-packagekitglib-1.0
gir1.2-pango-1.0 gir1.2-polkit-1.0 gir1.2-secret-1 kwayland-data kwayland-integration liba52-0.7.4 libaa1
libaacs0 libappstream4 libaribb24-0 libass9 libatomic1 libavc1394-0 libavformat58 libbdplus0 libbluray2 libcaca0
libcddb2 libchromaprint1 libcurl3-gnutls libdbusmenu-qt5-2 libdc1394-25 libdca0 libdouble-conversion3 libdvbpsi10
libdvdnav4 libdvdread8 libdw1 libebml5 libevdev2 libfaad2 libfam0 libgles2 libgme0 libgpm2 libgstreamer1.0-0
libimobiledevice6 libinput-bin libinput10 libixml10 libjansson4 libjsoncpp24 libkate1 libkf5archive5
libkf5attica5 libkf5auth-data libkf5authcore5 libkf5codecs-data libkf5codecs5 libkf5config-bin libkf5config-data
libkf5configcore5 libkf5configgui5 libkf5configwidgets-data libkf5configwidgets5 libkf5coreaddons-data
libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-bin libkf5dbusaddons-data libkf5dbusaddons5 libkf5globalaccel-bin
libkf5globalaccel-data libkf5globalaccel5 libkf5globalaccelprivate5 libkf5guiaddons5 libkf5i18n-data libkf5i18n5
libkf5iconthemes-bin libkf5iconthemes-data libkf5iconthemes5 libkf5idletime5 libkf5itemviews-data
libkf5itemviews5 libkf5notifications-data libkf5notifications5 libkf5waylandclient5 libkf5widgetsaddons-data
libkf5widgetsaddons5 libkf5windowsystem-data libkf5windowsystem5 libkf5xmlgui-bin libkf5xmlgui-data libkf5xmlgui5
libldb2 liblirc-client0 liblmdb0 liblua5.2-0 libmad0 libmatroska7 libmd4c0 libminizip1 libmpcdec6 libmpeg2-4
libmpg123-0 libmtdev1 libmtp-common libmtp-runtime libmtp9 libmysofa1 libnfs13 libnghttp2-14 libnorm1 libnspr4
libnss3 libopenmpt-modplug1 libopenmpt0 libpackagekit-glib2-18 libpangoxft-1.0-0 libpcre2-16-0 libpgm-5.3-0
libphonon4qt5-4 libphonon4qt5-data libplacebo72 libplist3 libpolkit-qt5-1-1 libpostproc55 libprotobuf-lite23
libproxy-tools libpulse-mainloop-glib0 libpython3.9 libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5
libqt5printsupport5 libqt5qml5 libqt5qmlmodels5 libqt5quick5 libqt5svg5 libqt5texttospeech5 libqt5waylandclient5
libqt5waylandcompositor5 libqt5widgets5 libqt5x11extras5 libqt5xml5 librabbitmq4 libraw1394-11 libre2-9
libresid-builder0c2a librtmp1 libsdl-image1.2 libsdl1.2debian libsecret-1-0 libsecret-common libshout3
libsidplay2 libsmbclient libsndio7.0 libsodium23 libspatialaudio0 libspeechd2 libsrt1.4-gnutls libssh-gcrypt-4
libssh2-1 libswscale5 libtag1v5 libtag1v5-vanilla libtalloc2 libtevent0 libu2f-udev libudfread0 libupnp13
libupower-glib3 libusb-1.0-0 libusbmuxd6 libva-wayland2 libvlc-bin libvlc5 libvlccore9 libvorbisfile3
libwacom-bin libwacom-common libwacom2 libwbclient0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1
libxcb-render-util0 libxcb-res0 libxcb-shape0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0
libxkbcommon-x11-0 libxslt1.1 libxss1 libxv1 libxxf86dga1 libzmq5 notification-daemon packagekit packagekit-tools
phonon4qt5 phonon4qt5-backend-vlc python3-cairo python3-certifi python3-chardet python3-cups python3-cupshelpers
python3-idna python3-ldb python3-requests python3-smbc python3-talloc python3-urllib3 qt5-gtk-platformtheme
qtspeech5-speechd-plugin qttranslations5-l10n qtwayland5 samba-libs system-config-printer
system-config-printer-common system-config-printer-udev upower usbmuxd vlc-data vlc-plugin-base
vlc-plugin-video-output x11-utils
Suggested packages:
chromium-l10n chromium-shell chromium-driver libbluray-bdj libdvdcss2 fam gpm gstreamer1.0-tools libusbmuxd-tools
lirc qt5-image-formats-plugins qt5-qmltooling-plugins libraw1394-doc sndiod appstream
phonon4qt5-backend-gstreamer python3-cryptography python3-openssl python3-socks python-requests-doc
gnome-software mesa-utils
The following NEW packages will be installed:
chromium chromium-common chromium-sandbox cups-pk-helper fonts-liberation gir1.2-atk-1.0 gir1.2-freedesktop
gir1.2-gdkpixbuf-2.0 gir1.2-gtk-3.0 gir1.2-harfbuzz-0.0 gir1.2-notify-0.7 gir1.2-packagekitglib-1.0
gir1.2-pango-1.0 gir1.2-polkit-1.0 gir1.2-secret-1 kcalc kwayland-data kwayland-integration liba52-0.7.4 libaa1
libaacs0 libappstream4 libaribb24-0 libass9 libatomic1 libavc1394-0 libavformat58 libbdplus0 libbluray2 libcaca0
libcddb2 libchromaprint1 libcurl3-gnutls libdbusmenu-qt5-2 libdc1394-25 libdca0 libdouble-conversion3 libdvbpsi10
libdvdnav4 libdvdread8 libdw1 libebml5 libevdev2 libfaad2 libfam0 libgles2 libgme0 libgpm2 libgstreamer1.0-0
libimobiledevice6 libinput-bin libinput10 libixml10 libjansson4 libjsoncpp24 libkate1 libkf5archive5
libkf5attica5 libkf5auth-data libkf5authcore5 libkf5codecs-data libkf5codecs5 libkf5config-bin libkf5config-data
libkf5configcore5 libkf5configgui5 libkf5configwidgets-data libkf5configwidgets5 libkf5coreaddons-data
libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-bin libkf5dbusaddons-data libkf5dbusaddons5 libkf5globalaccel-bin
libkf5globalaccel-data libkf5globalaccel5 libkf5globalaccelprivate5 libkf5guiaddons5 libkf5i18n-data libkf5i18n5
libkf5iconthemes-bin libkf5iconthemes-data libkf5iconthemes5 libkf5idletime5 libkf5itemviews-data
libkf5itemviews5 libkf5notifications-data libkf5notifications5 libkf5waylandclient5 libkf5widgetsaddons-data
libkf5widgetsaddons5 libkf5windowsystem-data libkf5windowsystem5 libkf5xmlgui-bin libkf5xmlgui-data libkf5xmlgui5
libldb2 liblirc-client0 liblmdb0 liblua5.2-0 libmad0 libmatroska7 libmd4c0 libminizip1 libmpcdec6 libmpeg2-4
libmpg123-0 libmtdev1 libmtp-common libmtp-runtime libmtp9 libmysofa1 libnfs13 libnghttp2-14 libnorm1 libnspr4
libnss3 libopenmpt-modplug1 libopenmpt0 libpackagekit-glib2-18 libpangoxft-1.0-0 libpcre2-16-0 libpgm-5.3-0
libphonon4qt5-4 libphonon4qt5-data libplacebo72 libplist3 libpolkit-qt5-1-1 libpostproc55 libprotobuf-lite23
libproxy-tools libpulse-mainloop-glib0 libpython3.9 libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5
libqt5printsupport5 libqt5qml5 libqt5qmlmodels5 libqt5quick5 libqt5svg5 libqt5texttospeech5 libqt5waylandclient5
libqt5waylandcompositor5 libqt5widgets5 libqt5x11extras5 libqt5xml5 librabbitmq4 libraw1394-11 libre2-9
libresid-builder0c2a librtmp1 libsdl-image1.2 libsdl1.2debian libsecret-1-0 libsecret-common libshout3
libsidplay2 libsmbclient libsndio7.0 libsodium23 libspatialaudio0 libspeechd2 libsrt1.4-gnutls libssh-gcrypt-4
libssh2-1 libswscale5 libtag1v5 libtag1v5-vanilla libtalloc2 libtevent0 libu2f-udev libudfread0 libupnp13
libupower-glib3 libusb-1.0-0 libusbmuxd6 libva-wayland2 libvlc-bin libvlc5 libvlccore9 libvorbisfile3
libwacom-bin libwacom-common libwacom2 libwbclient0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1
libxcb-render-util0 libxcb-res0 libxcb-shape0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0
libxkbcommon-x11-0 libxslt1.1 libxss1 libxv1 libxxf86dga1 libzmq5 notification-daemon packagekit packagekit-tools
phonon4qt5 phonon4qt5-backend-vlc python3-cairo python3-certifi python3-chardet python3-cups python3-cupshelpers
python3-idna python3-ldb python3-requests python3-smbc python3-talloc python3-urllib3 qt5-gtk-platformtheme
qtspeech5-speechd-plugin qttranslations5-l10n qtwayland5 samba-libs system-config-printer
system-config-printer-common system-config-printer-udev upower usbmuxd vlc-data vlc-plugin-base
vlc-plugin-video-output x11-utils
0 upgraded, 234 newly installed, 0 to remove and 0 not upgraded.
Need to get 117 MB of archives.
After this operation, 430 MB of additional disk space will be used.
Do you want to continue? [Y/n]
combined 430MB
and with --no-install-recommends:
user@host:~$ sudo apt install --no-install-recommends chromium kcalc
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
chromium-common liba52-0.7.4 libaa1 libaribb24-0 libass9 libatomic1 libavc1394-0 libavformat58 libbluray2
libcaca0 libcddb2 libchromaprint1 libdbusmenu-qt5-2 libdc1394-25 libdca0 libdouble-conversion3 libdvbpsi10
libdvdnav4 libdvdread8 libebml5 libevdev2 libfaad2 libfam0 libgles2 libgme0 libgpm2 libinput-bin libinput10
libixml10 libjsoncpp24 libkate1 libkf5archive5 libkf5attica5 libkf5auth-data libkf5authcore5 libkf5codecs-data
libkf5codecs5 libkf5config-data libkf5configcore5 libkf5configgui5 libkf5configwidgets-data libkf5configwidgets5
libkf5coreaddons-data libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-data libkf5dbusaddons5
libkf5globalaccel-bin libkf5globalaccel-data libkf5globalaccel5 libkf5globalaccelprivate5 libkf5guiaddons5
libkf5i18n-data libkf5i18n5 libkf5iconthemes-data libkf5iconthemes5 libkf5itemviews-data libkf5itemviews5
libkf5notifications-data libkf5notifications5 libkf5widgetsaddons-data libkf5widgetsaddons5
libkf5windowsystem-data libkf5windowsystem5 libkf5xmlgui-data libkf5xmlgui5 liblirc-client0 liblua5.2-0 libmad0
libmatroska7 libmd4c0 libminizip1 libmpcdec6 libmpeg2-4 libmpg123-0 libmtdev1 libmtp-common libmtp9 libmysofa1
libnfs13 libnorm1 libnspr4 libnss3 libopenmpt-modplug1 libopenmpt0 libpcre2-16-0 libpgm-5.3-0 libphonon4qt5-4
libphonon4qt5-data libplacebo72 libpolkit-qt5-1-1 libpostproc55 libprotobuf-lite23 libpulse-mainloop-glib0
libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5 libqt5printsupport5 libqt5qml5 libqt5svg5 libqt5texttospeech5
libqt5waylandclient5 libqt5widgets5 libqt5x11extras5 libqt5xml5 librabbitmq4 libraw1394-11 libre2-9
libresid-builder0c2a libsdl-image1.2 libsdl1.2debian libsecret-1-0 libsecret-common libshout3 libsidplay2
libsndio7.0 libsodium23 libspatialaudio0 libsrt1.4-gnutls libssh-gcrypt-4 libssh2-1 libswscale5 libtag1v5
libtag1v5-vanilla libudfread0 libupnp13 libusb-1.0-0 libva-wayland2 libvlc5 libvlccore9 libvorbisfile3
libwacom-common libwacom2 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render-util0 libxcb-res0
libxcb-shape0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxkbcommon-x11-0 libxslt1.1 libxv1
libxxf86dga1 libzmq5 phonon4qt5 phonon4qt5-backend-vlc vlc-data vlc-plugin-base vlc-plugin-video-output x11-utils
Suggested packages:
chromium-l10n chromium-shell chromium-driver libbluray-bdj libdvdcss2 fam gpm lirc qt5-image-formats-plugins
qtwayland5 qt5-qmltooling-plugins libraw1394-doc sndiod phonon4qt5-backend-gstreamer mesa-utils
Recommended packages:
chromium-sandbox upower libu2f-udev fonts-liberation notification-daemon system-config-printer libaacs0
libkf5config-bin libkf5dbusaddons-bin libkf5iconthemes-bin kwayland-integration qtwayland5 libkf5xmlgui-bin
libmtp-runtime qttranslations5-l10n qt5-gtk-platformtheme qtspeech5-speechd-plugin | qtspeech5-flite-plugin
libvlc-bin libproxy-tools libwacom-bin
The following NEW packages will be installed:
chromium chromium-common kcalc liba52-0.7.4 libaa1 libaribb24-0 libass9 libatomic1 libavc1394-0 libavformat58
libbluray2 libcaca0 libcddb2 libchromaprint1 libdbusmenu-qt5-2 libdc1394-25 libdca0 libdouble-conversion3
libdvbpsi10 libdvdnav4 libdvdread8 libebml5 libevdev2 libfaad2 libfam0 libgles2 libgme0 libgpm2 libinput-bin
libinput10 libixml10 libjsoncpp24 libkate1 libkf5archive5 libkf5attica5 libkf5auth-data libkf5authcore5
libkf5codecs-data libkf5codecs5 libkf5config-data libkf5configcore5 libkf5configgui5 libkf5configwidgets-data
libkf5configwidgets5 libkf5coreaddons-data libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-data libkf5dbusaddons5
libkf5globalaccel-bin libkf5globalaccel-data libkf5globalaccel5 libkf5globalaccelprivate5 libkf5guiaddons5
libkf5i18n-data libkf5i18n5 libkf5iconthemes-data libkf5iconthemes5 libkf5itemviews-data libkf5itemviews5
libkf5notifications-data libkf5notifications5 libkf5widgetsaddons-data libkf5widgetsaddons5
libkf5windowsystem-data libkf5windowsystem5 libkf5xmlgui-data libkf5xmlgui5 liblirc-client0 liblua5.2-0 libmad0
libmatroska7 libmd4c0 libminizip1 libmpcdec6 libmpeg2-4 libmpg123-0 libmtdev1 libmtp-common libmtp9 libmysofa1
libnfs13 libnorm1 libnspr4 libnss3 libopenmpt-modplug1 libopenmpt0 libpcre2-16-0 libpgm-5.3-0 libphonon4qt5-4
libphonon4qt5-data libplacebo72 libpolkit-qt5-1-1 libpostproc55 libprotobuf-lite23 libpulse-mainloop-glib0
libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5 libqt5printsupport5 libqt5qml5 libqt5svg5 libqt5texttospeech5
libqt5waylandclient5 libqt5widgets5 libqt5x11extras5 libqt5xml5 librabbitmq4 libraw1394-11 libre2-9
libresid-builder0c2a libsdl-image1.2 libsdl1.2debian libsecret-1-0 libsecret-common libshout3 libsidplay2
libsndio7.0 libsodium23 libspatialaudio0 libsrt1.4-gnutls libssh-gcrypt-4 libssh2-1 libswscale5 libtag1v5
libtag1v5-vanilla libudfread0 libupnp13 libusb-1.0-0 libva-wayland2 libvlc5 libvlccore9 libvorbisfile3
libwacom-common libwacom2 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render-util0 libxcb-res0
libxcb-shape0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxkbcommon-x11-0 libxslt1.1 libxv1
libxxf86dga1 libzmq5 phonon4qt5 phonon4qt5-backend-vlc vlc-data vlc-plugin-base vlc-plugin-video-output x11-utils
0 upgraded, 157 newly installed, 0 to remove and 0 not upgraded.
Need to get 95.2 MB of archives.
After this operation, 341 MB of additional disk space will be used.
Do you want to continue? [Y/n]
combined 341MB…
Don’t these updates replace the current code instead of taking up additional space? Have you tried testing it to see if more space is needed after the initial disk expansion is done?
Thats true, actually im addressing 2 issues:
So what you have said is true that upgrades wont consume further storage but it will need efficient bandwidth speed to have that upgrade (or installing new fresh software).
Should we enable the flathub.org repository by default? In other words…
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
Any reason to not apply this command by default in Kicksecure / Whonix?
I’d say any secure software acquisition mechanism that is more
practical to use than backports is a plus to include. With that said, I
think it is important to document the security limitations of its
sandboxing including our discussion links with upstream (circling back
to my original post here) so users understand the full picture and make
informed decisions accordingly.
on flathub security: