[Feature request]: setting to block non-freedom Flatpaks by default; setting to block unverified Flatpaks by default; --allow-nonfreedom, --allow-unverified

[adrelanos]

Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Suggestion

Issue:

For a Linux distribution (Kicksecure) (and Whonix), we are considering to enable Flathub by default. But there's 2 major concerns.

• 1. It's too easy to accidentally install non-freedom (proprietary) software.
• 2. It's too easy to install unverified software. (These without a verified badge on Flathub.)

Software that is considered both under FLOSS licenses and verified is considered much more trustworthy.

Suggested Distribution Settings File:

The distribution could drop a configuration snippet in the yet to be invented /usr/lib/flatpak/settings.d folder.

File /usr/lib/flatpak/settings.d/30_kicksecure.conf:

nonfreedom=false
unverified=false

This is just a default setting suitable for some Linux distributions. The user should have the freedom to easily undo this.

Suggested User Override Settings File:

File /etc/flatpak/settings.d/50_user.conf:

nonfreedom=true
unverified=true

Suggested User Command Line Overrides:

For overrides on the command line case by case:

• --allow-nonfreedom
• --allow-unverified

Suggested flatpak command line output output:

• Installation of non-freedom Flatpak denied. Use --allow-nonfreedom or change configuration to override.

• Installation of unverified Flatpak denied. Use --allow-unverified or change configuration to override.

[Erick555]

This is already implemented: https://docs.flathub.org/docs/for-users/installation/#subsets

flathub/flathub#691

[adrelanos]

Nice. But that only shows the flatpak command line use.

Configuration file format in:

• A) folder /etc/flatpak/remotes.d/ (which Linux distributions could use) seems to be different from,
• B) internal flatpak configuration file /var/lib/flatpak/repo/config (which Linux distribution should not touch directly).

The following configuration snippet works for Flathub upstream default repository (not using any subsets):

File /etc/flatpak/remotes.d/flathub.flatpakrepo:

[Flatpak Repo]
Title=Flathub
Url=https://dl.flathub.org/repo/
Homepage=https://flathub.org/
Comment=Central repository of Flatpak applications
Description=Central repository of Flatpak applications
Icon=https://dl.flathub.org/repo/logo.svg
GPGKey=...

How to enable the subset using such a configuration file? That seems to be undocumented.

Appending to that file:

xa.subset=verified_floss
xa.subset-is-set=true

does not work. Is this possible?

[adrelanos]

Appending

Subset=verified_floss

seems to work. That is documented here:
https://docs.flatpak.org/en/latest/flatpak-command-reference.html

Under File format. I didn't find that easily because it does not mention /etc/flatpak/remotes.d folder and there was no full example anywhere on the internet.

It's confusing that the internal config file /var/lib/flatpak/repo/config uses a different language than /etc/flatpak/remotes.d/ folder.