[Users] The Claws-Mail flatpak-package on flathub: information, comments?

[Danny van Heumen]

Hi all,

A few years ago, I posted that I was compiling a Flatpak-package of
Claws-Mail. Flatpak still felt kind of new, at least to me, back then.
The github project has not received many questions/issues since, but I
had not looked at the Claws-Mail mailinglist for a long time. I checked
recently and noticed there were some questions, so here's a bit of an
update and further down some background on flatpak.

First some remarks:

- Currently: Claws-Mail 4.0.0 on Freedesktop-platform 21.08.
- Repository: https://github.com/flathub/org.claws_mail.Claws-Mail
- I recently added some missing dependencies, which enables the
  following features:
  - Spell-checking (libenchant)
  - Audio- (libcanberra) and information-/system-notifications
    (libnotify)
  - NetworkManager and integration with host D-Bus, which enables
    Claws-Mail to respond to changes to the network connection.
- I updated the screenshots to include one of the Features-screen. This
  gives some insight into the features that are available in the
  flatpak-version.

- Questions:
  - Why doesn't clicking a link open up Firefox anymore? I don't know.
    I had the same issue, but hadn't noticed. I checked and then
    unchecked a checkbox in preferences and that miraculously solved
    it. My guess would be either the switch of Freedesktop-platform
    (20.08 -> 21.08) or Claws-Mail 3.18 -> 4.0.
  - Questions regarding flathub, flatpak packages, flatpak application,
    etc.: I'll try to give some detailed explanations below. I am not an
    expert/authority but I have learned quite a bit.
  - Why is feature X not available? Probably because I did not realize
    it wasn't, or the platform is missing the dependency and adding it
    manually landed me in web of transitive dependencies and build
    issues. (Most likely caused by my inexperience with building that
    particular library.)

Hopefully this clarifies some things about flatpak and the Claws-Mail
package, and also resolves some confusion.

Let me know your thoughts.

Kind regards,
Danny


Now follows open issues and detailed description of what flatpaks and
the Claws-Mail flatpak-package are.

Open issues:

* Ideally, I would like to maintain the package together with the
  Claws-Mail team. A few years ago, there was no interest. Has this
  changed?

* I am trying to put the github repo in the description of flathub to
  make it more clear that this is (currently at least) not an official
  package.

* I am compiling some notes in "packaging.md" in the repository, to
  capture some flatpak-specific questions/issues/solutions. (See
  https://github.com/flathub/org.claws_mail.Claws-Mail/blob/master/packaging.md)

* Integrating GnuPG (GPG) is a bit of a challenge for flatpaks. Linux
  distributions have different habits regarding: when gpg/gpg-agent
  should be started -- loaded at login, supervised by systemd, or at
  first use; same for scdaemon; same for availability of pinentry. As a
  consequence you might end up with a pinentry app that tries to start
  but cannot find a $DISPLAY to render itself on, for example.
  Consequently, packaging it in a way that works for everyone is
  difficult. More feedback would help in determining the right course.

* Flatpak allows for quite strict sandboxing/restriction. I currently
  have not employed this to the fullest, e.g. "$HOME" is read/writable
  from within the package, because of how Claws-Mail allows you to
  enter any arbitrary folder from an input box in order to create a
  mailbox at that path. If I would set these restrictions by default,
  the default local mailbox suggestion would fail.

-----

Again, I am not an authority on any of this, but I want to clarify what
this Flatpak-package is all about.

The outline: a flatpak-package runs in a (mostly) isolated environment
with some specific points of integration with the host -- if
needed/enabled. The isolated environment comes with its own
base-system, in this case Freedesktop-SDK/platform version 21.08. 

What does the Claws-Mail flatpak look like?
(See https://github.com/flathub/org.claws_mail.Claws-Mail)

- A manifest explains how the flatpak-package should be constructed.
  (org.claws_mail.Claws-Mail.json).

- Flathub asks for an "<appid>.appdata" file for application
  information on Flathub, and "flathub.json" to define the target
  platform-architectures.)

- The repository may contain additional files, but preferably
  all artifacts (patches, archives, checksums) are specified in the
  manifest.

- The application package is built and separately a ".Debug" extension
  and a ".Locale" extension that can be installed explicitly if needed.

- Flathub runs its own infrastructure to perform the flatpak builds.
  (My only influence is through modifying the manifest and static files
  in the repository, and I can kick the bot if the build does not
  start >:)

- Freedesktop is the base system (id: org.freedesktop.Platform)
  which receives regular updates in itself. Any Flatpak transparently
  uses the updated files.

- /usr/bin/flatpak (or wherever your distro puts it) is the
  "flatpak-launcher" -- to put it bluntly (it is of course a
  respectable application in itself) -- that sets up the process with
  the right permissions/isolation, the right underlying platform, etc.,
  such that the flatpak-app can run. Updates to 'flatpak' provide fixes
  only to this "launcher". For example, oversignts or tweaks in
  various isolation/supervisory mechanisms. Improved support for
  integration, or newer integration points, or better control
  over/prevent abuse of integration points. Typically, updates to
  /usr/bin/flatpak do not noticably modify the flatpak-app itself.

- Flatpak-apps can installed/run system-wide or as an individual user.
  This includes the platforms. So if the 'flatpak' command is installed
  on your linux OS, you can install flatpaks for the current user
  without additional permissions.

- Given an almost fully separated run-time, a flatpak can have a base
  system and/or dependency-libraries that are newer than on the host.

- Flatpak's permissions mechanism allows opening up: networking,
  sockets, d-bus -- as a whole or individual channels, storage-access,
  etc. For any flatpak, the user can also override these manually. So
  if you don't use a local mail folder, e.g. ~/Mail, you can override
  the default permissions to disallow read/write access to $HOME. (That
  works.)

- The manifest contains the build (and run-time) dependencies. So in
  case of significant updates or bugfixes to dependencies, the
  manifest-file needs to be updated. (Flathub's build infra does the
  rest.)

- Flathub offers temporary test builds on other branches than 'master',
  so it is possible to prepare and test changes before
  actually publishing. (probably obvious)