14 - Flatpak Software Management¶
Navigation: ← Scheduled Tasks | Index | Next → Troubleshooting
1. Executive Summary¶
Topic Scope: Flatpak application packaging, repository management, and software distribution on RHEL 10
RHCSA Relevance: Flatpak replaces container management (Podman) as an RHCSA exam objective starting with RHEL 10. Candidates must be able to configure Flatpak repositories and manage Flatpak-based software.
Exam Weight: High
Prerequisites: Basic package management (Module 06), familiarity with DNF/RPM
Related Topics: Package Management
2. Conceptual Foundation¶
What is Flatpak?¶
Flatpak is a framework for distributing desktop and command-line applications on Linux. It provides a sandboxed environment where applications run isolated from the host system, with their own bundled dependencies.
Key characteristics:
- Sandboxed execution: Applications run in isolated environments with controlled access to host resources
- Bundled dependencies: Each application ships with its own runtime and libraries, avoiding dependency conflicts
- Distribution-agnostic: The same Flatpak runs on any Linux distribution
- Automatic updates: Applications can be updated independently of the host OS
- OSTree-based: Uses content-addressable storage for efficient deduplication and delta updates
Flatpak Architecture¶
- Runtimes: Shared sets of base libraries (e.g.,
org.freedesktop.Platform,org.gnome.Platform) that provide common dependencies. Multiple applications can share the same runtime. - Applications: The actual software packages, built against a specific runtime
- Remotes: Repositories from which runtimes and applications are fetched (similar to DNF repositories)
- Refs: References to specific versions of applications or runtimes (e.g.,
app/org.gimp.GIMP/x86_64/stable) - Sandbox: The isolation boundary using namespaces, seccomp, and portals
System vs User Installs¶
Flatpak supports two installation scopes:
- System installs (
--system, default): Available to all users, stored in/var/lib/flatpak/. Requires root or polkit authorization. - User installs (
--user): Available only to the current user, stored in~/.local/share/flatpak/. No root required.
Remotes and Repositories¶
- Flathub (
https://flathub.org/repo/flathub.flatpakrepo): The largest Flatpak repository with thousands of community and vendor applications - RHEL Flatpak remote: Red Hat's curated Flatpak repository for enterprise applications
- Fedora Flatpaks: Fedora's official Flatpak repository
Sandboxing and Permissions¶
Flatpak uses a portal-based permission system:
- Filesystem access: Controlled via
--filesystem=overrides - Network access: Enabled/disabled per application
- Device access: Camera, GPU, etc. via portals
- D-Bus access: Controlled bus access for desktop integration
- Applications request permissions at install time; users can override them
Common Misconceptions¶
- Flatpak is not a container runtime — Unlike Podman/Docker, Flatpak is designed for desktop/CLI applications, not server workloads
- Flatpaks are not always large — Runtimes are shared across applications, so the second Flatpak using the same runtime adds minimal disk usage
- Flatpak does not replace RPM/DNF — System packages (kernel, systemd, libraries) are still managed by DNF. Flatpak is for application-layer software
3. Command Mastery¶
Essential Commands¶
# Repository (remote) management
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo # Add Flathub
flatpak remote-add --user myremote https://example.com/repo/example.flatpakrepo # Add user remote
flatpak remote-delete flathub # Remove a remote
flatpak remote-ls flathub # List available apps from remote
flatpak remotes # List configured remotes
# Search and information
flatpak search gimp # Search for applications
flatpak info org.gimp.GIMP # Show detailed app information
# Install and uninstall
flatpak install flathub org.gimp.GIMP # Install from specific remote
flatpak install org.gimp.GIMP # Install (auto-selects remote)
flatpak install --user org.gimp.GIMP # Install for current user only
flatpak uninstall org.gimp.GIMP # Uninstall application
flatpak uninstall --unused # Remove unused runtimes
# List installed applications
flatpak list # List all installed Flatpaks
flatpak list --app # List only applications (not runtimes)
flatpak list --runtime # List only runtimes
# Run and update
flatpak run org.gimp.GIMP # Run application
flatpak update # Update all Flatpaks
flatpak update org.gimp.GIMP # Update specific application
Command Reference Table¶
| Command | Purpose | Key Options | Example |
|---|---|---|---|
flatpak remote-add |
Add repository | --if-not-exists, --user |
flatpak remote-add flathub URL |
flatpak remote-delete |
Remove repository | --force |
flatpak remote-delete flathub |
flatpak remote-ls |
List remote apps | --app, --runtime |
flatpak remote-ls flathub |
flatpak remotes |
Show configured remotes | --show-details |
flatpak remotes |
flatpak search |
Search for apps | — | flatpak search firefox |
flatpak install |
Install application | --user, --system, -y |
flatpak install flathub org.gimp.GIMP |
flatpak uninstall |
Remove application | --unused |
flatpak uninstall org.gimp.GIMP |
flatpak list |
List installed | --app, --runtime |
flatpak list --app |
flatpak run |
Run application | --command= |
flatpak run org.gimp.GIMP |
flatpak update |
Update apps | -y |
flatpak update |
flatpak info |
Show app details | — | flatpak info org.gimp.GIMP |
4. Procedural Workflows¶
Standard Procedure: Adding a Remote and Installing Software¶
-
Add the Flathub remote (if not already configured):
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo -
Verify the remote is configured:
flatpak remotes -
Search for the desired application:
flatpak search gimp -
Install the application:
flatpak install flathub org.gimp.GIMP -y -
Verify installation:
flatpak list --app | grep -i gimp flatpak info org.gimp.GIMP -
Run the application:
flatpak run org.gimp.GIMP
Standard Procedure: User-Level Installation¶
-
Add remote for current user only:
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo -
Install application for current user:
flatpak install --user flathub org.mozilla.firefox -y -
Verify user-level install:
flatpak list --user --app ls ~/.local/share/flatpak/app/
Standard Procedure: Updating and Cleaning Up¶
-
Check for available updates:
flatpak update --appstream # Update metadata flatpak remote-ls --updates # List available updates -
Update all installed Flatpaks:
flatpak update -y -
Remove unused runtimes (after uninstalling applications):
flatpak uninstall --unused -y
5. Configuration Deep Dive¶
Primary Configuration Locations¶
- System remotes:
/var/lib/flatpak/repo/ - System installations:
/var/lib/flatpak/app/,/var/lib/flatpak/runtime/ - User remotes and installations:
~/.local/share/flatpak/ - Remote configuration:
/etc/flatpak/remotes.d/(system-wide remote definitions)
Adding Remotes via Configuration File¶
Flatpak remotes can be pre-configured by placing .flatpakrepo files in /etc/flatpak/remotes.d/:
# /etc/flatpak/remotes.d/flathub.flatpakrepo
[Flatpak Repo]
Title=Flathub
Url=https://dl.flathub.org/repo/
Homepage=https://flathub.org/
Comment=Central repository of Flatpak applications
Icon=https://dl.flathub.org/repo/logo.svg
GPGKey=mQINBFlD2sABEADsiUZUO...
Permission Overrides¶
Override application sandbox permissions:
# Grant filesystem access
flatpak override --user --filesystem=home org.gimp.GIMP
# Remove network access
flatpak override --user --no-network org.example.App
# View current overrides
flatpak override --user --show org.gimp.GIMP
# Reset overrides to defaults
flatpak override --user --reset org.gimp.GIMP
Override files are stored in:
- System:
/var/lib/flatpak/overrides/ - User:
~/.local/share/flatpak/overrides/
6. Hands-On Labs¶
Lab 14.1: Configure Flatpak and Install Applications (Ghori Ch 12)¶
Objective: Set up Flatpak repositories and install applications at system and user levels
Steps:
-
Verify Flatpak is installed (it should be on RHEL 10 by default):
rpm -q flatpak flatpak --version -
List currently configured remotes:
flatpak remotes -
Add the Flathub repository (system-wide, requires root):
sudo flatpak remote-add --if-not-exists flathub \ https://flathub.org/repo/flathub.flatpakrepo -
Verify the remote was added:
flatpak remotes --show-details -
Search for and install an application:
flatpak search calculator sudo flatpak install flathub org.gnome.Calculator -y -
Verify the installation:
flatpak list --app flatpak info org.gnome.Calculator -
Run the installed application:
flatpak run org.gnome.Calculator -
Install an application at user level (no root needed):
flatpak remote-add --user --if-not-exists flathub \ https://flathub.org/repo/flathub.flatpakrepo flatpak install --user flathub org.gnome.TextEditor -y flatpak list --user --app
Verification:
flatpak remotes # Should show flathub
flatpak list --app # Should show installed apps
flatpak info org.gnome.Calculator # Should show app details
Expected Result: Flathub is configured, applications are installed at both system and user levels, and can be launched successfully.
Lab 14.2: Managing Flatpak Applications¶
Objective: Practice updating, removing, and managing Flatpak applications
Steps:
-
Update all installed Flatpaks:
flatpak update -y -
List installed runtimes:
flatpak list --runtime -
Uninstall an application:
sudo flatpak uninstall org.gnome.Calculator -y -
Clean up unused runtimes:
sudo flatpak uninstall --unused -y -
Verify removal:
flatpak list --app -
Check disk usage:
du -sh /var/lib/flatpak/ du -sh ~/.local/share/flatpak/
Verification:
flatpak list --app # Removed apps should be gone
flatpak list --runtime # Unused runtimes should be cleaned
Lab 14.3: Synthesis Challenge - Enterprise Flatpak Deployment¶
Objective: Configure a complete Flatpak environment suitable for enterprise use
Scenario: As a system administrator, configure Flatpak on a RHEL 10 system so that:
- Flathub is available as a system-wide remote
- A standard set of applications is installed for all users
- A regular user can install additional applications at the user level
Requirements:
- Add Flathub as a system-wide remote
- Install two system-wide applications
- As a regular user, add a user-level remote and install one application
- Update all installed Flatpaks
- Verify system vs user install locations
Solution Steps:
-
System-wide setup (as root):
sudo flatpak remote-add --if-not-exists flathub \ https://flathub.org/repo/flathub.flatpakrepo sudo flatpak install flathub org.gnome.Calculator org.gnome.TextEditor -y -
User-level setup (as regular user):
flatpak remote-add --user --if-not-exists flathub \ https://flathub.org/repo/flathub.flatpakrepo flatpak install --user flathub org.gnome.Logs -y -
Update everything:
sudo flatpak update -y flatpak update --user -y -
Verify:
flatpak list --app # All apps flatpak list --app --system # System apps flatpak list --app --user # User apps ls /var/lib/flatpak/app/ # System install path ls ~/.local/share/flatpak/app/ # User install path
7. Troubleshooting Playbook¶
Common Issues¶
Issue 1: Remote Add Fails with GPG Error¶
Symptoms:
- Error about GPG verification when adding a remote
- "GPG signatures found, but none are in trusted keyring"
Diagnosis:
flatpak remotes --show-details # Check existing remote config
Resolution:
# Re-add the remote (the .flatpakrepo file includes the GPG key)
flatpak remote-delete flathub
flatpak remote-add flathub https://flathub.org/repo/flathub.flatpakrepo
Prevention: Always use the official .flatpakrepo URL which bundles the GPG key.
Issue 2: Application Won't Install — Missing Runtime¶
Symptoms:
- Installation fails with "runtime not found" error
Diagnosis:
flatpak info --show-runtime org.example.App # Check required runtime
flatpak list --runtime # List installed runtimes
Resolution:
# Install the required runtime manually
flatpak install flathub org.freedesktop.Platform//24.08 -y
# Then retry the application install
flatpak install flathub org.example.App -y
Issue 3: Application Crashes or Cannot Access Files¶
Symptoms:
- Application starts but cannot read/write files
- Permission denied errors in application
Diagnosis:
flatpak info --show-permissions org.example.App
flatpak override --user --show org.example.App
Resolution:
# Grant filesystem access
flatpak override --user --filesystem=home org.example.App
# Or grant access to a specific path
flatpak override --user --filesystem=/path/to/data org.example.App
Diagnostic Command Sequence¶
flatpak --version # Verify Flatpak installation
flatpak remotes --show-details # Check remote configuration
flatpak list --app # List installed applications
flatpak list --runtime # List installed runtimes
flatpak info org.example.App # Check specific app details
journalctl --user -b | grep flatpak # Check logs for errors
8. Quick Reference Card¶
Essential Commands At-a-Glance¶
# Remotes
flatpak remotes # List remotes
flatpak remote-add --if-not-exists NAME URL # Add remote
flatpak remote-delete NAME # Remove remote
flatpak remote-ls NAME # List apps in remote
# Applications
flatpak search KEYWORD # Search for apps
flatpak install REMOTE APP_ID # Install app
flatpak uninstall APP_ID # Remove app
flatpak list --app # List installed apps
flatpak run APP_ID # Run app
flatpak update # Update all
flatpak info APP_ID # App details
# Cleanup
flatpak uninstall --unused # Remove unused runtimes
Key File Locations¶
- System installations:
/var/lib/flatpak/ - User installations:
~/.local/share/flatpak/ - System remote configs:
/etc/flatpak/remotes.d/ - Permission overrides (system):
/var/lib/flatpak/overrides/ - Permission overrides (user):
~/.local/share/flatpak/overrides/
Verification Commands¶
flatpak remotes # Confirm remotes are configured
flatpak list --app # Confirm apps are installed
flatpak info APP_ID # Confirm app details
flatpak run APP_ID # Confirm app runs
9. Knowledge Check¶
Conceptual Questions¶
-
Question: What is the difference between a Flatpak runtime and a Flatpak application? Answer: A runtime is a shared set of base libraries (like
org.freedesktop.Platform) that provides common dependencies. An application is the actual software built against a specific runtime. Multiple applications can share the same runtime, reducing disk usage. -
Question: What is the difference between system-level and user-level Flatpak installs? Answer: System installs (default) are stored in
/var/lib/flatpak/and available to all users but require root privileges. User installs (--user) are stored in~/.local/share/flatpak/and available only to the installing user but require no elevated privileges. -
Question: How does Flatpak differ from RPM/DNF package management? Answer: DNF manages system-level packages (kernel, libraries, system services) from RPM repositories. Flatpak manages sandboxed applications with bundled dependencies, providing isolation from the host system. They serve complementary roles — DNF for the base OS, Flatpak for application-layer software.
Practical Scenarios¶
-
Scenario: A user needs to install GIMP from Flathub but Flathub is not configured on the system. Solution:
sudo flatpak remote-add --if-not-exists flathub \ https://flathub.org/repo/flathub.flatpakrepo sudo flatpak install flathub org.gimp.GIMP -y -
Scenario: A regular user wants to install applications without root access. Solution:
flatpak remote-add --user --if-not-exists flathub \ https://flathub.org/repo/flathub.flatpakrepo flatpak install --user flathub org.example.App -y
Command Challenges¶
-
Challenge: List all Flatpak applications (not runtimes) installed on the system. Answer:
flatpak list --appExplanation: The--appflag filters output to show only applications, excluding shared runtimes. -
Challenge: Remove all unused runtimes left over from uninstalled applications. Answer:
flatpak uninstall --unusedExplanation: After uninstalling applications, their runtimes may remain.--unusedidentifies and removes runtimes no longer needed by any installed application.
10. Exam Strategy¶
Topic-Specific Tips¶
- Know the difference between
--system(default) and--userinstallation scopes - Remember that
flatpak remote-addrequires a URL to a.flatpakrepofile, not just a hostname - Use
--if-not-existswhen adding remotes to make commands idempotent - The Flatpak application ID format is reverse-DNS:
org.gimp.GIMP,org.mozilla.firefox
Common Exam Scenarios¶
-
Scenario: Configure Flathub repository and install a specified application Approach:
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo flatpak install flathub org.example.App -y flatpak list --app # Verify -
Scenario: Install a Flatpak application for a specific user without root Approach:
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo flatpak install --user flathub org.example.App -y
Time Management¶
- Estimated Time: 5-8 minutes for Flatpak tasks (remote setup + install + verify)
- Quick Verification:
flatpak list --appconfirms installation immediately
Pitfalls to Avoid¶
- Forgetting to add the remote before trying to install
- Not using
--if-not-exists(causes errors if remote already configured) - Confusing system vs user installs (check which the question asks for)
- Not verifying with
flatpak listafter installation
Summary¶
Key Takeaways¶
- Flatpak is the RHEL 10 RHCSA method for application distribution (replacing containers/Podman from RHEL 9)
- Remotes (repositories) must be configured before applications can be installed
- System installs require root; user installs do not
- Applications run sandboxed with controlled permissions
- Unused runtimes should be cleaned up with
flatpak uninstall --unused
Critical Commands to Remember¶
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak install flathub org.example.App
flatpak list --app
flatpak uninstall org.example.App
flatpak uninstall --unused
flatpak update
flatpak search keyword
flatpak run org.example.App
Next Steps¶
- Continue to Troubleshooting
- Review related topics: Package Management
- Practice installing and managing Flatpak applications on your RHEL 10 lab VM
Navigation: ← Scheduled Tasks | Index | Next → Troubleshooting