WIP: Flathub distribution (Flatpak manifest + AppStream metainfo, ADR 0034)#87
Draft
Kyle-Falconer wants to merge 1 commit into
Draft
WIP: Flathub distribution (Flatpak manifest + AppStream metainfo, ADR 0034)#87Kyle-Falconer wants to merge 1 commit into
Kyle-Falconer wants to merge 1 commit into
Conversation
Draft Flathub channel alongside the ADR 0022 native bundles, reusing the same app ID, desktop file, and icon set. Builds offline against the freedesktop runtime + rust-stable SDK extension, vendoring all 769 crates. - flatpak/com.circuitstitch.apps.janitor.yml — manifest (tight sandbox: network + GUI only, no --filesystem; OAuth loopback survives via shared host netns, browser launch via the OpenURI portal) - flatpak/cargo-sources.json — generated vendor set (crates.io only, no git) - flatpak/gen-cargo-sources.sh + README.md — regen wrapper + how-to - janitor-gui/assets/com.circuitstitch.apps.janitor.metainfo.xml — AppStream, also installed by the rpm - janitor-gui/Cargo.toml — metainfo wired into generate-rpm assets - docs/adr/0034-flathub-distribution.md Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Draft. Adds a fifth Linux channel — Flathub — alongside the ADR 0022 native bundles, reusing the same app ID,
.desktopfile, and icon set. Flathub builds and hosts from its own manifest, sorelease.ymlis untouched.What's here
flatpak/com.circuitstitch.apps.janitor.yml— the manifest. Builds offline against the freedesktop runtime +rust-stableSDK extension; vendors all 769 crates viacargo-sources.json.flatpak/cargo-sources.json— generated vendor set (1527 entries, all crates.io — no git deps, so generation is network-free).flatpak/gen-cargo-sources.sh+flatpak/README.md— regen wrapper (rerun on anyCargo.lockchange) + local-build / submission how-to.janitor-gui/assets/com.circuitstitch.apps.janitor.metainfo.xml— AppStream metainfo (mandatory for Flathub; also installed by the rpm).janitor-gui/Cargo.toml— metainfo wired into thegenerate-rpmassets.docs/adr/0034-flathub-distribution.md— the decision record.Sandbox
Tight by default (the threat model gives this for free — nothing secret on disk, config is per-app):
--share=network+ Slint's GUI sockets only. No--filesystem, no extra talk-names.--share=networkshares the host netns, so the host browser's127.0.0.1:5369x/oauth/callbackredirect reaches the in-app listener.CommandBrowserincognito-isolation opener can't see host binaries in the sandbox (would needflatpak-spawn --host, deliberately not granted).DefaultBrowserworks; documented in the ADR.Validation
appstreamcli validate— clean except one expected warning (screenshot file not yet committed; see follow-ups).desktop-file-validate— pass.cargo-sources.jsonparse.flatpak-builderrun yet (not available in the authoring env) — see follow-ups.Follow-up work (blocks merge / submission)
docs/screenshots/matrix.png(or repoint the metainfo<image>URL) — clears the last validator warning.flatpak-builder --user --install --force-clean build-dir flatpak/com.circuitstitch.apps.janitor.ymland confirm the app launches, signs in (loopback), and renders the matrix.sourceto a releasetagand itscommitsha.runtime-version(24.08) to whatever freedesktop runtime is current at submission.flathub/flathub(thenew-prbranch); reviewers confirm domain control ofcircuitstitch.comfor thecom.circuitstitch.*ID.Optional / nice-to-have
.debtoo (cargo-packager has no clean file-map; rpm + Flatpak cover it today).🤖 Generated with Claude Code