In a normal workstation (or atomic desktop) install, `flatpak install` itself does not require `sudo`. When running under WSL2, this seems to require some permissions that are not granted. I'm not sure if this is a configuration issue that Fedora can fix as part of the user config, or if it is a limitation in how WSL's kernel and/or systemd configuration. Reproducible: Always Steps to Reproduce: 1. sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo 2. flatpak install org.kicad.KiCad Actual Results: $ flatpak install org.kicad.KiCad Looking for matches… F: An error was encountered searching remote ‘fedora’ for ‘org.kicad.KiCad’: Unable to load summary from remote fedora: Flatpak system operation GenerateOciSummary not allowed for user Remotes found with refs similar to ‘org.kicad.KiCad’: 1) ‘flathub’ (system) 2) ‘flathub’ (user) Which do you want to use (0 to abort)? [0-2]: 1 Required runtime for org.kicad.KiCad/x86_64/stable (runtime/org.freedesktop.Sdk/x86_64/24.08) found in remote flathub Do you want to install it? [Y/n]: org.kicad.KiCad permissions: ipc network x11 dri file access [1] [1] home ID Branch Op Remote Download 1. [✗] org.freedesktop.Sdk.Locale 24.08 i flathub 18.6 kB / 385.7 MB 2. [✗] org.freedesktop.Sdk 24.08 i flathub 421.5 MB / 620.3 MB 3. [ ] org.kicad.KiCad.Library.Footprints stable i flathub < 41.4 MB 4. [ ] org.kicad.KiCad.Library.Packages3D stable i flathub < 875.1 MB 5. [ ] org.kicad.KiCad.Library.Symbols stable i flathub < 10.7 MB 6. [ ] org.kicad.KiCad.Library.Templates stable i flathub < 3.0 MB 7. [ ] org.kicad.KiCad.Locale stable i flathub < 57.2 kB (partial) 8. [ ] org.kicad.KiCad stable i flathub < 427.7 MB Warning: Failed to get revokefs-fuse socket from system-helper: Flatpak system operation GetRevokefsFd not allowed for user Warning: Flatpak system operation Deploy not allowed for user Warning: Failed to get revokefs-fuse socket from system-helper: Flatpak system operation GetRevokefsFd not allowed for user Error: Flatpak system operation Deploy not allowed for user error: Failed to install org.freedesktop.Sdk: Flatpak system operation Deploy not allowed for user Expected Results: No errors, should have installed. As a mitigation, you can run `sudo flatpak install` instead and it will be able to install the app. Running the app as a user works with `flatpak run` as usual.
I think this is due to the polkit rules. The rule in /usr/share/polkit-1/rules.d/org.freedesktop.Flatpak.rules has: polkit.addRule(function(action, subject) { if ((action.id == "org.freedesktop.Flatpak.app-install" || action.id == "org.freedesktop.Flatpak.runtime-install"|| action.id == "org.freedesktop.Flatpak.app-uninstall" || action.id == "org.freedesktop.Flatpak.runtime-uninstall" || action.id == "org.freedesktop.Flatpak.modify-repo") && subject.active == true && subject.local == true && subject.isInGroup("wheel")) { return polkit.Result.YES; } return polkit.Result.NOT_HANDLED; }); I dropped some debug logs in the rule and tested it with "pkcheck --action-id "org.freedesktop.Flatpak.app-install" --process $$ -u --enable-internal-agent [Subject pid=260 user='jcline' groups=jcline,wheel seat=null session=null system_unit=null local=false active=false] So the rule doesn't apply because the user is not marked local (true if the seat associated with the subject is local) or active (true if the session is active). This is not an area I'm terribly familiar with so I'm going to have to do some further research on the right way to fix this.
I don't have a windows machine at hand any longer but this is very likely an artifact of WSL not spawning a proper user session through PAM (https://github.com/microsoft/WSL/issues/9213) and thus also not dbus etc (https://github.com/microsoft/WSL/issues/8842)