forked from Mirrors/flatpak-builder
Fixed README.md
Many fixes to phrasing, wording, proper noun capitalization, etctingping/wmclass
parent
503b2f8b4c
commit
140b646a58
47
README.md
47
README.md
|
@ -19,49 +19,50 @@ Flatpak uses a traditional autoconf-style build mechanism. To build just do
|
||||||
make install
|
make install
|
||||||
```
|
```
|
||||||
|
|
||||||
Most configure arguments are documented in ./configure --help. However, there
|
Most configure arguments are documented in `./configure --help`. However,
|
||||||
are some options that are a bit more complicated.
|
there are some options that are a bit more complicated.
|
||||||
|
|
||||||
Flatpak relies on a project called
|
Flatpak relies on a project called
|
||||||
[bubblewrap](https://github.com/projectatomic/bubblewrap) for the
|
[Bubblewrap](https://github.com/projectatomic/bubblewrap) for the
|
||||||
lowlevel sandboxing. By default, an in-tree copy of this is built
|
low-level sandboxing. By default, an in-tree copy of this is built
|
||||||
(distributed in the tarball or using git submodules in the git
|
(distributed in the tarball or using git submodules in the git
|
||||||
tree). This will build a helper called flatpak-bwrap. If your system
|
tree). This will build a helper called flatpak-bwrap. If your system
|
||||||
have a recent enough version of bubblewrap already, you can use
|
has a recent enough version of Bubblewrap already, you can use
|
||||||
`--with-system-bubblewrap` to use that instead.
|
`--with-system-bubblewrap` to use that instead.
|
||||||
|
|
||||||
Bubblewrap can run in two modes, either using unprivileged user
|
Bubblewrap can run in two modes, either using unprivileged user
|
||||||
namespaces. This requires that the kernel supports this, which some
|
namespaces or setuid mode. This requires that the kernel supports this,
|
||||||
distributions disable. For instance, Arch completely disables user
|
which some distributions disable. For instance, Arch completely
|
||||||
namespaces, while Debian supports unprivileged user namespaces, but
|
disables user namespaces, while Debian supports unprivileged user
|
||||||
only if you turn on the kernel.unprivileged_userns_clone sysctl.
|
namespaces, but only if you turn on the
|
||||||
|
`kernel.unprivileged_userns_clone` sysctl.
|
||||||
|
|
||||||
If unprivileged user namespaces is not available, then bubblewrap must
|
If unprivileged user namespaces are not available, then Bubblewrap must
|
||||||
be built as setuid root. This is believed to be safe, as it is
|
be built as setuid root. This is believed to be safe, as it is
|
||||||
designed to do this. Any build of bubblewrap supports both
|
designed to do this. Any build of Bubblewrap supports both
|
||||||
unprivileged and setuid mode, you just need to set the setuid bit for
|
unprivileged and setuid mode, you just need to set the setuid bit for
|
||||||
it to change mode.
|
it to change mode.
|
||||||
|
|
||||||
However, this it does complicate the installation a bit. If you pass
|
However, this does complicate the installation a bit. If you pass
|
||||||
`--with-priv-mode=setuid` to configure (of flatpak or bubblewrap) then
|
`--with-priv-mode=setuid` to configure (of Flatpak or Bubblewrap) then
|
||||||
make install will try to set the setuid bit. However that means you
|
`make install` will try to set the setuid bit. However that means you
|
||||||
have to run make install as root. Alternatively, you can pass
|
have to run `make install` as root. Alternatively, you can pass
|
||||||
`--enable-sudo` to configure and it will call sudo when setting the
|
`--enable-sudo` to configure and it will call `sudo` when setting the
|
||||||
setuid bit. Alternatively you can enable setuid completely outside of
|
setuid bit. Alternatively you can enable setuid completely outside of
|
||||||
the installation, which is common for example when packaging bubblewrap
|
the installation, which is common for example when packaging Bubblewrap
|
||||||
in a .deb or .rpm.
|
in a .deb or .rpm.
|
||||||
|
|
||||||
There are some complications when building flatpak to a different
|
There are some complications when building Flatpak to a different
|
||||||
prefix than the system-installed version. First of all, the newly
|
prefix than the system-installed version. First of all, the newly
|
||||||
built flatpak will look for system-installed flatpaks in
|
built Flatpak will look for system-installed flatpaks in
|
||||||
`$PREFIX/var/lib/flatpak`, which will not match existing installed
|
`$PREFIX/var/lib/flatpak`, which will not match existing installed
|
||||||
flatpaks. You can use `--with-system-install-dir=/var/lib/flatpak`
|
flatpaks. You can use `--with-system-install-dir=/var/lib/flatpak`
|
||||||
to make both installations use the same location.
|
to make both installations use the same location.
|
||||||
|
|
||||||
Secondly, flatpak ships with a root-privileged policykit helper for
|
Secondly, Flatpak ships with a root-privileged policykit helper for
|
||||||
system-installation, called flatpak-system-helper. This is dbus
|
system-installation, called `flatpak-system-helper`. This is dbus
|
||||||
activated (on the system-bus) and if you install in a non-standard
|
activated (on the system-bus) and if you install in a non-standard
|
||||||
location it is likely that this will not be found by dbus and
|
location it is likely that this will not be found by dbus and
|
||||||
policykit. However, if the system installation is synchronized it
|
policykit. However, if the system installation is synchronized,
|
||||||
you can often use the system installed helper instead. At least
|
you can often use the system installed helper instead - at least
|
||||||
if the two versions are close in versions.
|
if the two versions are close in versions.
|
||||||
|
|
Loading…
Reference in New Issue