To work around restrictions surrounding redistribution and repackaging of proprietary applications, Flatpak supports storing only the URL and metadata needed for verifying file integrity in the app bundle. During installation, such files are downloaded and extracted completely locally, thus not breaking the license.
However, this solution is not ideal. If the vendor decides to use an unversioned
URL or removes older releases when new versions are released, it makes the
application impossible to
install until the Flatpak maintainer updates the metadata. It has become a growing problem for
Flathub, and annoying enough that fine people at Endless wrote a tool
which periodically checks Flatpak manifests and submits pull requests with fixed
extra-data information, and started to run it on few chosen apps.
The fact that it operated without a Flathub stamp of approval meant that it remained rather unknown.
Thanks to Will Thompson’s patience, last week it was transferred to Flathub
organization on Github and can be considered officially supported. It is enough
x-checker-data in application’s manifest and it will be scanned
If you maintain an
extra-data app – or use one and want to contribute! –
please take a look at the documentation of flatpak-external-data-checker.
It will prove useful also for regular applications, as it can detect broken
checksums of any external data too. While we do not run it on all applications
yet, it will happen in near future.