Hello everyone,
I’ve been trying to build a customized Fedora 40 live CD/USB image using livecd-creator the same way as shown on the Docs. Everything works well so far, except that some software (even some popular) isn’t available as RPMs neither in Fedora’s repos, nor in RPMFusion repos. However, those apps are available on Flathub (as flatpaks, of course).
My goal is to install flatpak apps from Flathub at ISO build time. Post-installations scripts (like custom systemd units) aren’t an option, because you have to install those apps each time your USB boots and may run into “not enough disk space” issues.
I have finally managed to resolve hostnames in the Kickstart file using network --device=link --nameserver=8.8.8.8 --activate (there are other ways but this one suffices). But even though I can now add the Flathub repo successfully, the installation of flatpaks themselves fails. The commands I’ve been trying to use are:
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak install -y --noninteractive flathub com.google.Chrome
When I tried putting it into a %post section, it caused this expected error because this section runs via normal chroot and Flatpak officially doesn’t support chroot:
Installing runtime/org.freedesktop.Platform.GL.default/x86_64/23.08
Installing runtime/org.freedesktop.Platform.GL.default/x86_64/23.08-extra
Installing runtime/org.freedesktop.Platform.Locale/x86_64/23.08
Installing runtime/org.freedesktop.Platform.VAAPI.Intel/x86_64/23.08
Installing runtime/org.freedesktop.Platform.openh264/x86_64/2.2.0
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
Warning: Failed to install org.freedesktop.Platform.openh264: While trying to apply extra data: apply_extra script failed, exit status 256
Installing runtime/org.freedesktop.Platform/x86_64/23.08
Installing app/com.google.Chrome/x86_64/stable
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
Error: Failed to install com.google.Chrome: While trying to apply extra data: apply_extra script failed, exit status 256
Debian has solved this issue in their live-build by providing so-called “container hooks” that, according to the source code for live-build,
case "${HOOK}" in
*.container)
umount chroot/proc
systemd-nspawn --capability=all --register=no --keep-unit -D chroot "/root/$(basename ${HOOK})" || { Echo_error "${HOOK} failed (exit non-zero). You should check for errors."; exit 1 ;}
mount proc-live -t proc chroot/proc
;;
run via systemd-nspawn. My first attempt was to recreate this code like that:
%post --nochroot
cat << EOF > $INSTALL_ROOT/root/setup-flatpaks.sh
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak install -y --noninteractive flathub com.google.Chrome
EOF
chmod +x $INSTALL_ROOT/root/setup-flatpaks.sh
TempLiveProcMountpoint=$(findmnt -n -o SOURCE --target "$INSTALL_ROOT/proc")
umount "$INSTALL_ROOT/proc"
systemd-nspawn --capability=all --register=no --keep-unit -D "$INSTALL_ROOT" "/root/setup-flatpaks.sh"
mount "$TempLiveProcMountpoint" -t proc "$INSTALL_ROOT/proc"
%end
But it fails with this error stating that “filesystem is read-only”:
Spawning container installroot on /var/tmp/imgcreate-o9n3x7yo/install_root.
Press Ctrl-] three times within 1s to kill container.
Installing runtime/org.freedesktop.Platform.GL.default/x86_64/23.08
Installing runtime/org.freedesktop.Platform.GL.default/x86_64/23.08-extra
Installing runtime/org.freedesktop.Platform.Locale/x86_64/23.08
Installing runtime/org.freedesktop.Platform.VAAPI.Intel/x86_64/23.08
Installing runtime/org.freedesktop.Platform.openh264/x86_64/2.2.0
bwrap: cannot open /proc/sys/user/max_user_namespaces: Read-only file system
Warning: Failed to install org.freedesktop.Platform.openh264: While trying to apply extra data: apply_extra script failed, exit status 256
Installing app/com.google.Chrome/x86_64/stable
bwrap: cannot open /proc/sys/user/max_user_namespaces: Read-only file system
Error: Failed to install com.google.Chrome: While trying to apply extra data: apply_extra script failed, exit status 256
I also tried doing it via systemd-nspawn but without unmounting ‘proc’ on the target live system root before calling flatpak install commands:
%post --nochroot
cat << EOF > $INSTALL_ROOT/root/setup-flatpaks.sh
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak install -y --noninteractive flathub com.google.Chrome
EOF
chmod +x $INSTALL_ROOT/root/setup-flatpaks.sh
systemd-nspawn --capability=all --register=no --keep-unit -D "$INSTALL_ROOT" "/root/setup-flatpaks.sh"
%end
But it also fails with a slightly different error:
Spawning container installroot on /var/tmp/imgcreate-5sd_p36z/install_root.
Press Ctrl-] three times within 1s to kill container.
Installing runtime/org.freedesktop.Platform.GL.default/x86_64/23.08
Installing runtime/org.freedesktop.Platform.GL.default/x86_64/23.08-extra
Installing runtime/org.freedesktop.Platform.Locale/x86_64/23.08
Installing runtime/org.freedesktop.Platform.VAAPI.Intel/x86_64/23.08
Installing runtime/org.freedesktop.Platform/x86_64/23.08
Installing runtime/org.freedesktop.Platform.openh264/x86_64/2.2.0
bwrap: open /proc/157/ns/ns failed: No such file or directory
Warning: Failed to install org.freedesktop.Platform.openh264: While trying to apply extra data: apply_extra script failed, exit status 256
Installing app/com.google.Chrome/x86_64/stable
bwrap: open /proc/167/ns/ns failed: No such file or directory
Error: Failed to install com.google.Chrome: While trying to apply extra data: apply_extra script failed, exit status 256
What should I do? Is there perhaps any possible way to install flatpaks in a Kickstart file? I’ve searched here, on Reddit, and just everywhere on the web, but haven’t found a solution.
Thank you for your time!