Move org.getmonero.Monero into the upstream repository

[BigmenPixel0]

Move the manifest of org.getmonero.Monero into the monero-gui repository just like it's done in OBS .

[BigmenPixel0]

So will anyone help?

[barthalion]

Is there anything to actually review right now?

[nahuhh]

@barthalion we would like the monero flatpak to be pulled from the official repo.

Any pointers to documentation or how to get started would be greatly appreciated.

Also,
Would this also add Verified Status?
Is Flathub beta requires for both Verified and to self host?

Thanks, and apologies for not RTFM

[barthalion]

Please have a look at https://github.com/obsproject/obs-studio/blob/master/.github/workflows/flatpak.yml which uses https://github.com/flatpak/flatpak-github-actions to build its Flatpak. You can comment out flat-manager-client part and build only flatpak bundles for now – when we review the pipeline, I will send you a token allowing to push directly to our flatpak repository.

As for verification badge, @BigmenPixel0 can log in at https://beta.flathub.org/login and generate an HTTP token that needs to be exposed at a specific org.getmonero address.

[BigmenPixel0]

Please have a look at https://github.com/obsproject/obs-studio/blob/master/.github/workflows/flatpak.yml which uses https://github.com/flatpak/flatpak-github-actions to build its Flatpak. You can comment out flat-manager-client part and build only flatpak bundles for now – when we review the pipeline, I will send you a token allowing to push directly to our flatpak repository.

As for verification badge, @BigmenPixel0 can log in at https://beta.flathub.org/login and generate an HTTP token that needs to be exposed at a specific org.getmonero address.

I have some questions about a token.

1. Could you send a token to the monero-gui repository owner (not now, I will message again)?
2. Is it possible to somehow protect the token from leaks (and not only. so this is not built on trust)? For example, so that you can push the application only from the certain source? (make a pull request, and then, a verify workflow on flathub repo could check, for example, that the hash of the build file is listed here https://www.getmonero.org/downloads/hashes.txt)

[barthalion]

2. No. Once handed out the token, you are fully responsible for managing it securely.

[plowsof]

@barthalion regarding question 1 above: can we get the token sent directly to a member of the Monero Core team (basically the trusted guardians of the project who maintain critical infrastructure) encrypted with one of their PGP keys? so only you and they know.

[plowsof]

@barthalion can you encrypt the token with this public key https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/luigi1111.asc and post the message here and i will get it to luigi. Thanks!

[BigmenPixel0]

Well, I added appstream tool for validate the appdata every release. Is flatpak-builder-lint really needed? Because it's not in the fedora repositories (or is it in another package?).

[plowsof]

@barthalion sir?

[barthalion]

-----BEGIN PGP MESSAGE-----

hQEMA7oYE4lO3Vi5AQf/ZR5JIwkhu6gLEFa9OeQdNDaP4Qr1EIeJHlib0FXIJaAN
o9oyoIpzdwsKkU10H3Y710QU8m0mN8dpvDWk3qYRCHRpYbxGTml8kW/x7OdaCqzA
8biqWGM/Vfwg1b7VFVXuwpPU6eNVql0j/j8JPwSZHTevWNK2y5nWp4iVOTtD41/z
Mi01I9cVWsTGvOe7mBqulLGbrIWth8fpIv6QhLfnm08+QhWqydExjw517xhwhq23
7DByaS187PgyDT6EGQGBOUwKWakCyJYobvvPtlBmYLmuqeq9eVK0VtN4wTi1l2tq
QUf/klvw9tGuDkNGiZkeS5uc1Yw7TK535cJuvbtKodLAjwFhhhoIr1H3VhqGzo48
lolmGMjzmLnwO+EiBAiOwLab/F641Cam47SpmtbckVVGtQJiOMfA5jUTZ2wnOWY0
RQGgPnLj3+BmQVhwddLyzIpAvguyBmeGwmL8rrTpkxmLKdoqRJy+425UMiHkr2ga
blSPvJuwu9BmdNVjGJGxVnnAsj0Uq4FoDbPXUSUcxYDxjbBliGcAYLOd9wHXKiaQ
haDJ+1c2vEj+PBUAAZCK2Be8fgO96482vZHkIHVk1VG+HCN6umE8fMVWner3+hcG
m/H2JU1k02o5pc+5D+8omFjrtbBOjxOL3EplfJM8FDYy9G669VCYLfRm6u/8+rYp
yJyGQXaDSabJDU3K/nbI+3hwMybQbzTqowxlbKsrKgdnjlwiG4mfFUfkDCUgayBH
BfsO1+FMbM7zF0TPxCm8y0Z9B71xCy15GAzHTFqtqMQi
=9UjO
-----END PGP MESSAGE-----

Please note this is a beta token. Let me know when a first build is uploaded so I can review it.

[barthalion]

Also, Monero should get verified on flathub.org before I send you the stable token.

[BigmenPixel0]

Please note this is a beta token

So does it upload the app to Flathub Beta?

[barthalion]

Yes.

[BigmenPixel0]

@barthalion
A beta build was uploaded.
https://github.com/monero-project/monero-gui/actions/runs/5895208662

[BigmenPixel0]

Can you give a stable token?

[razzeee]

Barth is on vacation and will probably return during the next week.

[BigmenPixel0]

So..?

[plowsof]

Any updates on this @barthalion? We need to obtain the verified status first right?

here is the workflow using the beta api key https://github.com/monero-project/monero-gui/blob/master/.github/workflows/flatpak.yml

[barthalion]

I see two remotes being pushed out to flathub-beta right now, app/org.getmonero.Monero/x86_64/master (last commit 2023-10-11) and app/org.getmonero.Monero/x86_64/beta (last commit 2023-10-12). Which is the one I should be looking at?

[barthalion]

If master is the one to look at, screenshots are not mirrored:

    <screenshots>
      <screenshot type="default">
        <caption>A screenshot of the Monero GUI wallet</caption>
        <image type="source">https://raw.githubusercontent.com/monero-project/monero-site/master/img/downloads/gui.png</image>
      </screenshot>
    </screenshots>

[BigmenPixel0]

If master is the one to look at, screenshots are not mirrored:

    <screenshots>
      <screenshot type="default">
        <caption>A screenshot of the Monero GUI wallet</caption>
        <image type="source">https://raw.githubusercontent.com/monero-project/monero-site/master/img/downloads/gui.png</image>
      </screenshot>
    </screenshots>

Yes, master. Should it be solved so?

[barthalion]

Yes, that's the right parameter. There are other upcoming changes:

Flathub will be enabling server-side build validation on a tentative date of November 6th. This will require some changes to your pipeline for publishing new builds:

• the validation part can be replicated by using docker pull ghcr.io/flathub/flatpak-builder-lint:latest on the ostree repo produced by flatpak/flatpak-builder. Example usage: flatpak-builder-lint --exceptions repo /path/to/ostree/repo
• flat-manager-client create needs to include --build-log-url $URL, where $URL points to a pipeline building the flatpak. This is also exposed by the latest release of the flatpak/flatpak-github-actions/flat-manager GitHub Action.

Also please make sure the pipeline that will be used to push stable build to regular Flathub uses stable branch.

[BigmenPixel0]

Yes, that's the right parameter. There are other upcoming changes:

Flathub will be enabling server-side build validation on a tentative date of November 6th. This will require some changes to your pipeline for publishing new builds:

• the validation part can be replicated by using docker pull ghcr.io/flathub/flatpak-builder-lint:latest on the ostree repo produced by flatpak/flatpak-builder. Example usage: flatpak-builder-lint --exceptions repo /path/to/ostree/repo
• flat-manager-client create needs to include --build-log-url $URL, where $URL points to a pipeline building the flatpak. This is also exposed by the latest release of the flatpak/flatpak-github-actions/flat-manager GitHub Action.

Also please make sure the pipeline that will be used to push stable build to regular Flathub uses stable branch.

I don't understand well how does the linter work. What argument type do I have to enter? If repo, which path? Also, does it have to start before the building or after? And at the end, how should I perform the second point in github-actions? :)

[BigmenPixel0]

@barthalion, could you review this?

[BigmenPixel0]

@barthalion, are you waiting for the verified status? We want to get it after (after this moving). Do we have to do it before?

[razzeee]

The new automatic workflow (without barth involved) needs to first have verification, before you can push anything afaik

[TNTBOMBOM]

ping!