Regarding flatpak updates in template via /rw/config/rc.local: Wouldn’t this forcefully shutdown the flatpak update process, if template is started/updated via “Qubes update” and latter finishes first?
Yes, but I wasn’t able to figure something better that triggers at the same time as update process. 
Usually, updating flatpak is faster than updating the whole system, so it works most of the time, and templates are updated every days so in general flatpak is correctly up to date.
One could still manually trigger the process though.
org.freedesktop.Platform.openh264 cannot be installed, it says DNS resolution error. This is part of packages like LibreWolf. It seems the https proxy env var doesn’t affect this, is there a fix?
Can you share the exact message?
That would be curious if flatpak could fetch data from the repo but not for a single app on that repo.
Neither do I 
. Would be interesting to know, if there is some kind of blocking mechanism to let the updater waiting on pending operations.
Being a fan of manual updates, I’ll leave that out for now.
Actually, after searching a bit, you can automatically run flatpak upgrade after a template update.
After dnf operations, all the scripts in /etc/qubes/post-install.d/ are executed.
Create /etc/qubes/post-install.d/05-flatpak-update.sh and make it executable, with the content:
#!/bin/sh
export all_proxy=http://127.0.0.1:8082/
flatpak upgrade -y --noninteractive
4 Likes
[user@flatpak-test ~]$ flatpak install librewolf
Looking for matches…
F: An error was encountered searching remote ‘fedora’ for ‘librewolf’: Unable to load summary from remote fedora: Failed to update OCI summary: While fetching https://registry.fedoraproject.org/index/static?label%3Aorg.flatpak.ref%3Aexists=1&architecture=amd64&os=linux&tag=latest: [6] Couldn't resolve host name
Found ref ‘app/io.gitlab.librewolf-community/x86_64/stable’ in remote ‘flathub’ (system).
Use this ref? [Y/n]:
Required runtime for io.gitlab.librewolf-community/x86_64/stable (runtime/org.freedesktop.Platform/x86_64/23.08) found in remote flathub
Do you want to install it? [Y/n]:
io.gitlab.librewolf-community permissions:
ipc network cups fallback-x11
pcsc pulseaudio wayland x11
dri file access [1] dbus access [2] bus ownership [3]
system dbus access [4]
[1] xdg-download, xdg-run/pipewire-0
[2] org.a11y.Bus, org.freedesktop.FileManager1,
org.freedesktop.Notifications, org.freedesktop.ScreenSaver,
org.gnome.SessionManager, org.gtk.vfs.*
[3] io.gitlab.librewolf.*, org.mpris.MediaPlayer2.firefox.*
[4] org.freedesktop.NetworkManager
ID Branch Op Remote Download
1. [✓] org.freedesktop.Platform.GL.default 23.08 i flathub 164.4 MB / 164.6 MB
2. [✓] org.freedesktop.Platform.GL.default 23.08-extra i flathub 18.5 MB / 164.6 MB
3. [✓] org.freedesktop.Platform.Locale 23.08 i flathub 167.6 MB / 360.0 MB
4. [✓] org.freedesktop.Platform.ffmpeg-full 23.08 i flathub 9.1 MB / 9.2 MB
5. [✗] org.freedesktop.Platform.openh264 2.2.0 i flathub 273.0 kB / 944.3 kB
6. [✓] org.freedesktop.Platform 23.08 i flathub 174.9 MB / 225.7 MB
7. [✓] io.gitlab.librewolf-community stable i flathub 112.0 MB / 113.3 MB
Warning: While downloading http://ciscobinary.openh264.org/libopenh264-2.2.0-linux64.6.so.bz2: While fetching http://ciscobinary.openh264.org/libopenh264-2.2.0-linux64.6.so.bz2: [6] Couldn't resolve host name
Installation complete.
try to type export all_proxy=http://127.0.0.1:8082/ before the flatpak command.
flatpak tries to download a binary from cisco for h264 (patent stuff…), I don’t know how you configured your proxy, but all_proxy should always work 
I did export all_proxy=http://127.0.0.1:8082/ beforehand. Are you able to reproduce?
it worked for me on fedora 39 xfce
[user@fedora-39-xfce-gaming ~]$ flatpak list
Name Application ID Version Branch Installation
i386 ….freedesktop.Platform.Compat.i386 23.08 system
Mesa …g.freedesktop.Platform.GL.default 24.0.2 23.08 system
Mesa (Ext… …g.freedesktop.Platform.GL.default 24.0.2 23.08-extra system
[user@fedora-39-xfce-gaming ~]$ export all_proxy=http://127.0.0.1:8082/
[user@fedora-39-xfce-gaming ~]$ flatpak install librewolf
Looking for matches…
F: An error was encountered searching remote ‘fedora’ for ‘librewolf’: Unable to load summary from remote fedora: Failed to update OCI summary: While fetching https://registry.fedoraproject.org/index/static?label%3Aorg.flatpak.ref%3Aexists=1&architecture=amd64&os=linux&tag=latest: [6] Couldn't resolve host name
Found ref ‘app/io.gitlab.librewolf-community/x86_64/stable’ in remote ‘flathub’ (system).
Use this ref? [Y/n]: y
Required runtime for io.gitlab.librewolf-community/x86_64/stable (runtime/org.freedesktop.Platform/x86_64/23.08) found in remote flathub
Do you want to install it? [Y/n]: y
io.gitlab.librewolf-community permissions:
ipc network cups fallback-x11 pcsc
pulseaudio wayland x11 dri file access [1]
dbus access [2] bus ownership [3] system dbus access [4]
[1] xdg-download, xdg-run/pipewire-0
[2] org.a11y.Bus, org.freedesktop.FileManager1, org.freedesktop.Notifications, org.freedesktop.ScreenSaver, org.gnome.SessionManager,
org.gtk.vfs.*
[3] io.gitlab.librewolf.*, org.mpris.MediaPlayer2.firefox.*
[4] org.freedesktop.NetworkManager
ID Branch Op Remote Download
1. [✓] org.freedesktop.Platform.Locale 23.08 i flathub 167.6 MB / 360.0 MB
2. [✓] org.freedesktop.Platform.ffmpeg-full 23.08 i flathub 9.1 MB / 9.2 MB
3. [✓] org.freedesktop.Platform.openh264 2.2.0 i flathub 886.7 kB / 944.3 kB
4. [✓] org.freedesktop.Platform 23.08 i flathub 174.9 MB / 225.7 MB
5. [✓] io.gitlab.librewolf-community stable i flathub 112.0 MB / 113.3 MB
Installation complete.
My mistake, sorry. It works now.
1 Like
Is it possible to have a Qubes update notification display updates for a template if only flatpak updates are available, but not dnf/apt? Theoretically, especially on Debian which probably gets less frequent updates than Fedora, you may lag behind on security updates for most vulnerable flatpaks like web browsers, if there are not apt updates available for a few days but Brave’s update just rolled out.
there is a script that checks for updates, I’m not able to figure where it’s stored… I found it a few months ago but I forgot its path 
I followed your instructions to successfully get the flatpaks I am wanting running as user. I am new to Qubes and was wondering if you could give example of how to get flatpak --user app shortcut in menu?
Thanks
I have my personal menu with links that I personally use (aka Launcher in Xfce). The command for the link for the --user flakpak apps would be something like:
qvm-run yourqube "flatpak --user run org.telegram.desktop"
Also I have global shortcuts for opening terminal (konsole in my case) for qube that shows active window, open file manager (dolphin in my case), opens text editor (kate) for active qube and etc. So, I need only 1 link per qube. Also I use gestures to open most often used apps in different qubes.
This approaches are 1000 times better for me than what is present in the Qubes OS out of the box, so I almost never open Xfce menu at all.