One of the features in the recent flatpak relase is described as:
Applications can now list a set of URIs that will be downloaded with the application
This seems a bit weird. Downloading an application already means your loading data from a URI. What is the usecase for this?
Normally all the data that is needed for your application will be bundled with it and this feature is not needed. However, in some cases applications are freely downloadable, but not redistributable. This only affects non-free software, but Flatpak wants to support both free and non-free software for pragmatic reasons.
Common examples of this are Spotify and Skype. I hope that they eventually will be available as native flatpaks, but in order to bootstrap the flatpak ecosystem we want to make it possible to distribute these right now.
So, how does this work? Lets take Spotify as an example. It is available as a binary debian package. I’ve created a wrapper application for it which contains all the dependencies it needs. It also specifies the URL of the debian package and its sha256 checksum, plus a script to unpack it.
When the user downloads the application it also downloads the deb, and then (in a sandbox) it runs the unpack script which extracts it and puts the files in the right place. Only then is the installation considered done, and from thereon it is used read-only.
I put up a build of the spotify app on S3, so to install spotify all you need to do is:
flatpak install --from https://s3.amazonaws.com/alexlarsson/spotify-repo/spotify.flatpakref
(Note: This requires flatpak 0.6.13 and the remote with the freedesktop runtime configured)
Here is an example of installing spotify from scratch: