Improving the Flatpak sideloading experience

Brainstorm
,
1

Sideloading Flatpaks is kind of weird right now. You sometimes don’t see the application’s icon or description (which is not very interesting, since the site you downloaded the flatpak bundle or flatpakref from probably already told you what the app does), and you don’t seem to see the permissions that the app will be given, which is the most important information.

a screenshot of Discover showing a flatpak bundle
a screenshot of Discover showing a flatpak bundle936×730 60.9 KB
a screenshot of Discover showing a flatpakref
a screenshot of Discover showing a flatpakref936×730 69.4 KB

Elementary has a helper app for sideloading flatpaks, which seems to do this a bit nicer. The fact that the app is sandboxed (or not) is clearly visible, and it makes it clearer to the user that this app hasn’t really been reviewed by your distro or Flathub. Maybe the design from there could be an inspiration?

a screenshot of Flatpak Installer from Pantheon, taken from its GitHub repository
a screenshot of Flatpak Installer from Pantheon, taken from its GitHub repository1004×667 60.5 KB

2 Likes
2

What does “sideloading” mean? Do you mean “installing”?

2 Likes
3

To be clear, I meant ‘sideloading’ as “installing a Flatpak from somewhere other than the system’s main repositories (i.e. from a third-party repository via a .flatpakref or from a bundle)”, since that’s the case where you should probably say “Hi, this application wasn’t reviewed by anybody trusted and could be bad, here are its permissions, do you still want to install?”

4

I would’ve never have guessed that is what you meant.

1 Like
5

That’s a common definition of sideloading in the context of downloading applications. It’s even described as such on Wikipedia.

2 Likes
6

It’s not, but okay. Carry on.

7

"[…]but also applies to the transfer of apps from web sources that are not vendor-approved. "

8

Right. Yes, my apologies. Missed that. Had always heard it in the context of “download an APK from somewhere, copy to mobile phone via USB and install”. My bias kicked in.

1 Like
9

Is there a way to install flatpaks using Discover without adding the repo, or is this about how Discover displays flatpaks that have been installed some other way? I mostly manage flatpaks using the CLI, so I’m not sure what all Discover can do. I see what you mean with flatpaks I have built locally, in Discover there is not much information displayed about them.

10

Discover has support for installing manually downloaded distro packages, e.g. it opens when you double click a .deb in Dolphin.

But I also mostly do this in a shell so I don’t remember if I ever checked which information it displays for such packages

11

Well, I’m talking about installing a flatpak from a .flatpak bundle or from a .flatpakref, which adds the repository it’s pointing to alongside installing the app (the screenshot shows how it warns you that other software from the repo will appear in Discover).

My point is mostly that what is shown when installing from a file or flatpak+https:// URL is not really relevant, and what is relevant isn’t (at the very least, prominently) shown.

(I would take more screenshots, but it seems I broke my Discover and now it freezes when I try to open a flatpakref :woozy_face:)

12

Yeah, it would probably make sense to do this for distro packages (and snaps too), since you don’t really need to know e.g. the description of the package you just downloaded from the site that probably already told you what it does.