Add flatpak support #114
Comments
|
Since the App is now integrated into most major distributions use of Snap or Flatpak loses on importance. Are there any special reasons for supporting it anyway? |
|
Just ine example: The update frequency of this app is on a much shorter timescale than distributions release. This kind of decoupling from dists is why flatpak exists. In the long run you may even want to drop distribution packages. |
|
App is updated through official repositories as usual package shortly after release and is managed by OS (Arch, Ubuntu, Fedora to name a few). There is no need to wait for next distribution release.
The only practical use I see now is running it on distributions with old Qt library (hello stable Debian). |
|
That is not how many mainstream distributions update packages. There are often several years between releases and plenty of people end up running half a decade old releases at some point. Package repositories are not app stores, that is what snap and flatpak are for. After release many dists don't update packages, so once a month would outpace their frequency by a factor 40 or something like that. |
|
I am not sure you know how the package update works. Distribution updates its own packages mainly and vendors/maintainers do their own. We have shipped v0.6.3 to Ubuntu (own PPA) and Fedora (main AFAIK) both 3 versions back without problems. I do not think the
It is true that we cannot support all distributions. I think most vendors can't. However large count are clones (sharing package or repository with mainline) and if someone use the original he/she is possibly a power user well accustomed to compiling applications. |
|
I'm not following. You seem to have packages in official repos, so you don't control the release cycle. Let's make an example. After the freeze of the testing repo Debian releases after about 7 months and it usually takes about 24-30 months until the next release. That means people will use about 3 years old software at the end of a cycle. There is also little reason for some people to upgrade immediately, since LTS is supposed to last for at least 5 years, possibly much longer. Also, maintaining all these packages is a lot of work, why would you want to do that in the long term? This app is exactly why snap and flatpak where invented (multiple reasons, not just updates). It's nice to have packages for now, because flatpak support is just now becoming the norm. But for upcoming releases it gives you an easy way for cross dist releases. Also don't forget that some people are just users, not admins. A great number of users can not install dist packages at work. |
|
I suggest to focus on the next stable version 1.0 first. If we may face
a situation Florian is describing (outdated packages in distributions)
we should reconsider it from there.
|
|
Absolutely, this shouldn't be a priority, especially since a lot of people are not familiar with flatpak yet. Regarding outdated packages: Debian started the code freeze in February, so the next chance to get 1.0 into Debian stable is a couple of years away. |
|
To investigate would using flatpack help to distribute App on Centos 6/7. |
szszszsz
added
invalid
|
Note that Nitrokey App 1.3 is available as AppImage. |
|
Hi, this is a very old issue I see. But for me it has great relevance. My current Linux distro is thinking about preferring flatpaks as sources. Could you imagine providing Flatpaks and sharing them on https://flathub.org/ for example? |
|
Yeah… Flatpaks are a new software distribution mechanism for Linux distros, can thus installed on any distro and are easy to update. Here is how to get started. |
|
We've been working on Flatpak builds recently and the latest one seems to be working fine, so it has been added to the 1.4 release on GitHub: https://github.com/Nitrokey/nitrokey-app/releases/tag/v1.4 Future releases will get Flatpak packages immediately. We're hoping to release it on Flathub soon as well but Flatpak makes it just as easy to install a manually downloaded package, so you can get it right now and don't have to wait. |
|
@enleth Thank you for your work! Will this Flatpak be officially created and maintained by Nitrokey when it appears on Flathub? Can this issue then be closed? p.s. I read that the Nitrokey app communicates with udev. And I heard from the developers of another software that Flatpak can't handle udev and therefore their camera function doesn't work. How did you solve this? |
IMHO only close it when it is on Flathub. Here is how to publish it: https://github.com/flathub/flathub/wiki/App-Submission The big advantage is that you get automatic updates this way, manual installation is only a fallback IMHO. |
|
Indeed, it's too early to close this issue. @rugk thanks. We've actually done some research already, we're just working on a new CI/CD platform that would, in addition to building binaries, also do automatic commits and pull requests to all git-based "hubs" such as FlatHub, brew or AppImageHub.
That's the plan.
Using this: https://github.com/flathub/shared-modules/tree/master/udev along with |
|
@enleth
Have you opened a ticket for it in the Flatpak repository or can you do it so that it can be realized in the foreseeable future? How critical do you see a --device=all permission for use in Nitrokey? Because you're all about security, aren't you? |
There is one: flatpak/xdg-desktop-portal#227
This is far too complex of an issue for an outside contributor to solve properly (or at all, I think).
That's not a serious question, is it? Obviously, the whole point of the Nitrokey App and the only reason to use it is to configure a USB device, so a way to access the device is critical. Also obviously, Nitrokey App doesn't need access to all devices, just USB devices with specific VID/PID pairs, so accessing all devices is completely unnecessary. But all Flatpak offers now is Honestly, I'm not sure what sort of answer you actually expected here. |
Yes, it is. I'm interested in whether the use of these extended privileges can or will compromise my desired additional security through the Nitrokeys. |
|
You mean as opposed to installing it using regular distribution repository? The Flatpak privilege system defines restrictions - and restrictions only. The sandboxed application still runs under your user account and, in the end, is still just a normal POSIX process subject to normal system-wide permission checks. Flatpak's Thus, at the moment, Nitrokey App Flatpak gets exactly as much device access as Nitrokey App installed as a DEB package, not a bit more. I suppose Flatpak's naming for the privilege levels could be a bit better as to not be misleading in this manner. |
|
There is problem with publishing via Flathub. Flathub is a platform that also offers proprietary packages. Since I switched to Linux to only find free software in my Software Center, installing the Nitrokey-App Flatpak unfortunately takes me away from this goal. When I install an app via Flathub, the proprietary apps I don't want are suddenly displayed in my Software Center. I don't want that. Therefore I ask you to offer an official version for download via your website as an alternative for people who are looking for 100% Free Software. |
|
I think it is intended (to confirm) to be also distributed through Github releases, as here for v1.4: https://github.com/Nitrokey/nitrokey-app/releases/tag/v1.4 |
|
Thanks for your answer! Does downloading via GitHub mean that the package will receive automatic updates via my Software Center as soon as there is a new release tag in your GitHub repository? That leaves one point that worries me. GitHub uses Amazon Server to host the packages. Your website runs on servers of a small Berlin company. Would it be possible to offer an Amazon free download with a non-US server location? |
|
I'm a little irritated about the Flatpak file in your release repo. |
|
If you want to have automatic update via the Software Center you need to install the App via your Software Center or install our ppa as explained here. If you do not want to or can not install it over the Software Center because of whatever reason, you can either install the flatpak via Flathub (as soon it is published there) or install the App via snap. Both possibilities provide automatic updates though not over the Software Center as far as I know. If this also is not possible for you for whatever reason you need to update the App yourself. You can watch this repo for releases only and thus get informed about new releases. This applies for using the AppImage or installing the .deb file attached to every release. |
|
@alex-nitrokey Thanks for your feedback! What can you tell me about your GitHub Flatpak file format? "nitrokey-app-1.4.0.flatpak" doesn't seem to be valid. I would expect a "nitrokey-app-1.4.0.flatpakref" file. Flathub even looks a little different
I am clearly concerned about ethical reasons! see above. |
|
As stated above, our App is not at Flathub yet (afaik). Thus, I can not tell you any more, as I am not using flatpak. If you have a specific technical problem with the flatpak file, please let us know. Otherwise, I kindly ask you to change to our support forum as your questions may be of interest for other users as well and may are not development related.
I proposed multiple solutions above which should be no problem regarding ethical considerations. Please choose the one you like most. |
|
So my request is about an Flatpak alternative in addition to Flathub. At least for the transition until Flathub also works for users like me. If you can set up your publishing system so that the Flatpak is available at https://www.nitrokey.com/download, that would be very supportive and solves my ethical dilemma! But still, I have a problem with the Flatpak in your GitHub repo. #114 (comment) |
|
The problem with the unrecognized Flatpak repo file still exists. Is there someone at Nitrokey or in the community who can check it? |
|
Hi! Edit: demo is no longer available unfortunately - from what I remember I was just using |
|
Hmm, still confused. This just shows the uninstallation. The flatpak is still also not available on Flathub.org, and I also cannot find it on https://www.nitrokey.com/download, so hmm... |
|
@rugk As I see the video, both the installation and the uninstallation process are addressed. @szszszsz Thanks for getting your feedback! What concerns me:
|
|
Connected: flathub/flathub#2081 |
|
Hi @4jNsY6fCVqZv! Sorry for the delay. The binary we have on Github release page right now is built by us, however it is not easily discoverable by the GNOME Software. We have applied to Flathub for that, which compiles and distributes the binaries by itself. cc @daringer |
|
Good news, the nitrokey-app is now available via the official flathub repository: https://flathub.org/apps/details/com.nitrokey.nitrokey-app closing this issue, feel free to open a new one if you encounter issues... |
|
@szszszsz @daringer Thanks for working on Flatpak support!
For our company, this is still a current concern yes. Would you like to have a new issue for discussion? Then I will open one. |
|
@4jNsY6fCVqZv Please make a new one if possible, thank you! |
Snap is pretty Ubuntu specific (and partly proprietary). Please add a flatpak package, since that seems to be where the rest of the Linux world is headed for distribution independent apps.
The text was updated successfully, but these errors were encountered: