What are the best practices for installing Flatpaks (or Snaps, or AppImages) in Qubes? In particular, where should they be installed?
Installing Flatpaks in a TemplateVM requires enabling networking in the TemplateVM, which could be a security risk. As far as I know, Flatpaks are signed just like regular packages, but I believe the risk here is having all the networking code running in the TemplateVM. Do you think this method is safe “enough” for most people?
Another option is installing Flatpaks in AppVMs, either in user-mode, or under /usr/local. There are a couple of downsides to this. This method is fine if you’re only using them in a few AppVMs, but it’s inconvenient if you want to install and update the same Flatpaks across many AppVMs. The other downside is that Flatpak must use the same NetVM as the rest of the apps. This is a problem if you want to proxy updates over sys-whonix, or if the AppVM is offline or its firewall blocks Flatpak from accessing the internet. For example, I have several AppVMs whose firewall only allows access to the local network, but they are updated in the TemplateVM via the updates proxy.
Finally, in a StandaloneVM, Flatpak should work pretty much the same as regular package managers, along with the same drawbacks of course.
If there were a Flatpak proxy that used the existing UpdateProxy policy, it would potentially solve all the above problems. It would not only allow Flatpaks to work as expected in offline TemplateVMs, but if the proxy were also accessible from AppVMs, then Flatpaks could be installed and updated within AppVMs and StandaloneVMs regardless of their firewall or NetVM settings. Unfortunately, no such thing exists yet.
Does anyone have any experience or recommendations about this?