AppImage Needed, Build Script Provided. #1579
Comments
|
I would like you to show me the result of |
uazo
added
need triage
|
hi, I've not tested with the AppImage provided here, but I have performed a test with Details
simplescreenrecorder-2024-10-22_06.55.06.mkv.mp4I hope this can help somehow |
No change before sandbox and after. |
|
seems strange to me. I wonder how isolation protects an escalation of privileges. could you check whether the I will do some tests too, be patient. |
sure, my contributor @Samueru-sama have helped me a lot by adding metadata info in some of my Appimages, so some of them are updatable using as well, my package manager, "AM"/"AppMan" supports both update by deltas (as just said above) or the "comparison of versions" if metadata info are not implemented. See https://github.com/ivan-hc/AM#how-to-update-all-programs-for-real |
|
@uazo if you go on my profile, I have listed all appimages I create, I also have Google Chrome, Chromium, Vivaldi, Opera and Microsoft Edge, you can extract them using the following command the files are extracted into a "squashfs-root" directory. Remember to made the AppImage executable. |
The isolation uses aisap which ships its own non-SUID bubblewrap. https://github.com/mgord9518/aisap As far as I know it is not possible to escalate privileges since the binary itself is not SUID unlike other methods like firejail.
You can quickly check with the brave appimage (chromium based)
WIth this said, I know it is not recommended to do this to firefox based browsers, because it breaks its internal sandbox |
|
ayo @ivan-hc any updates on getting this to "AM" db? |
@ivan-hc any updates (really sorry I dont want to spam) This is the only foss chromium based browser that has a built-in adblocker (besides brave, brave is bloated as hell) (and adblock extensions like ublock origin has been nerfed a lot cuz of mv3) I'm thinking of switching to this browser but I don't want to rely on distro specific pkgs. Have a look at my rebos conf if u want |
|
Please add this to the actions tab of the repo so that the AppImage pkg can be grabbed via AM |
|
I am busy with something else, but I will get around to checking this sooner or later. |
|
@uazo what do you mean by "tests" ? you want me to test the flatpak pkg? or the appimage pkg I'm confused
|
I apologise if i am unclear: I meant the same tests but with appimage. |
|
(FYI asked for a gpg key I just pressed enter)
|
|
@uazo soo whats the hold up for the appimage? it seems to work fine |
|
Is this what you need to know?
This is the AppImage while running with aisap sandbox, which uses a non-suid bubblewrap. |
|
I made an AppImage of Cromite here: https://github.com/pkgforge-dev/Cromite-AppImage It is not like most appimages, this AppImage actually works on any linux system, be it musl, very old distro or even NixOS without the need of the AppImage wrapper that NixOS has. |
aye @ivan-hc could u add samu's pkg to the am db? |
|
@Twig6943 I'm still waiting an answer by @uazo You in the meantime can use the command ...if you don't want to wait me adding the app to the AM database. EDIT: just noticed that @Samueru-sama have done a PR ivan-hc/AM#1158 @Twig6943 you're lucky |
|
@uazo Feel free to use @Samueru-samas build instead of my script if you like. Mine is built utilizing go-appimage which is compatible with all glibc Linux versions, whereas his is compatible with every version of Linux (glibc/musl) as far as I can tell. I have personally tested it on Chimera-Linux and EasyOS (both musl based distros where go-appimage builds do not function) and his build works great. |
Preliminary checklist
Is your feature request related to privacy?
No
Is there a patch available for this feature somewhere?
Not that Im aware of.
Describe the solution you would like
We need a truly portable Linux Cromite release that can be easily updated as currently there is no way to easily update the Linux version that is put out. Appimages can be easily updated via https://github.com/ivan-hc/AM and/or through the use of go-appimage and likely others as well. AM/AppMan & Go-appimage daemon also provide integrated sand-boxing functionality among many other great features.
Describe alternatives you have considered
I spent the time to create a script that makes it incredibly easy to build the AppImage which makes use of the lin64 build that is already currently in production. Please consider making use of the included script to put out an Appimage for the community. This script makes use of the latest go-appimage repository (https://github.com/probonopd/go-appimage/) and should run well on most all available versions of Linux without any issues.
The text was updated successfully, but these errors were encountered: