flatpak-build-sign - Linux
Overview
flatpak-build-sign generates and embeds a signature into a Flatpak manifest to ensure its authenticity and integrity. Essential for creating trusted and verifiable Flatpak applications.
Syntax
flatpak-build-sign [global options] [command-specific options] [arguments]
Options/Flags
Global Options:
- –platform-version: Specify the target platform version for the build.
- –repo-version: Set the repository version for the build.
- –from: Path to an existing Flatpak manifest to sign. (default: standard input)
- –to: Path to the output Flatpak manifest. (default: standard output)
- –signer: Specify the signing method. (default: local)
- –subject: Signing certificate’s subject.
Command-Specific Options:
- –public-key: Path to the signing key used to generate the signature.
- –private-key: Path to the private key matching the public key.
- –publish: Publish the signed manifest to a specified repository.
- –skip-verify: Skip verifying the local repository before signing.
- –batch: Batch-sign multiple Flatpak manifests.
Examples
Sign a Manifest:
flatpak-build-sign \
--public-key ~/.ssh/id_rsa.pub \
--private-key ~/.ssh/id_rsa \
--from /path/to/input.flatpak \
--to /path/to/output.flatpak
Sign and Publish to a Repository:
flatpak-build-sign \
--publish \
--repo https://flathub.org \
--public-key ~/my-key.pem \
--private-key ~/my-key.pem \
--from /path/to/flatpak.flatpak
Common Issues
- Signature Verification Failure: Ensure that the private key used for signing matches the public key used for verification.
- Invalid Target Platform: Verify that the platform version specified matches the target environment for the Flatpak application.
Integration
Combining with Flatpak Commands:
- flatpak-create: Sign a newly created Flatpak manifest.
- flatpak-builder: Build and sign a Flatpak application in one step.
Related Commands
- flatpak: Manage Flatpak applications and repositories.
- flatpak-config: Configure Flatpak system settings.
- flatpak-install: Install Flatpak applications.