Offer AppImage, snaps & flatpaks #894
Comments
|
The superbuild solves non-Linux distribution problems by Linux distribution practices (and source packages!). Snap & flatpak are very different from this approach. Anyway, there is some OBS support for snap: and of course |
|
It would be much better use AppImage package Cast @probonopd |
|
Why better, no? AppImage is also a possibility, but it does e.g. have no possibility to sandbox the applications. |
ghost
mentioned this issue
@rugk, because snap & flatpack are unsecure!
What you mean under 'sandbox' for OOMapper? |
|
First the correct word is "insecure". Secondly the link only talks about flatpaks, not snaps. Thirdly that looks like a vulnerability,
But after all, just because there was a vulnerability to escape the sandbox of flatpak/snap, it still means AppImages are way more insecure as they do not have this sandbox at all. So they have full user-rights by default… |
It was fixed only few days ago, and nobody know did flatpack not include today. snap is fully Ubuntu project, that could be dropped in any time (R.I.P. mir... Hello, GNOMEbuntu!) AppImage already used by Scribus, Krita and many other major open-source projects |
This applies to any vulnerability. And in every software vulnerabilities exist. And we don't know the state of AppImage.
Aha, well…, there is always someone who continues/forks it, but I doubt it will be dropped so fast. ANd if they do, then maybe in favour of flatpaks… 😉 So use them then.
Sweet, and how does this affect this project? Searching for snaps I just experienced is horrible as there are all kind of other software with this name… (even some dinosaurs they should really have choosen another name), but here are some images of popular snaps. In any case we don't need to argue what is better. It likely also won't matter… Of course this can be packaged as appimages and as snaps and as flatpaks. Letting the user to choose what/how to install it, is always good. |
|
So much noise, and little of this touching my personal concerns as a user or developer, such as security updates of dependencies, or licensing compliance. But looks like there is also a link between OBS and AppImage: |
And these slides cover it very well: |
|
For the record, I want to repeat here (from #898) what needs to be known or solved for these kind of packages before we can distribute them:
|
Can you give direct link to this AppImage? |
|
This AppImage is not published for the reasons given. |
|
For the record, this is the list of libs in the 33.2 MB AppImage if NOT deploying Qt Assistant (WebKit). The checked libraries are the ones which are build with superbuild for non-Linux systems. (On the other hand, some libraries seems to be alternative to the ones we use in superbuild, such as libxml2 <-> expat.)
Looks like there won't be printing without CUPS, which in turn requires OpenSSL or similar... I'm not going to spent more time on this. |
|
I don't understand what the problem is. What don't you want to spend more time on? Can I help? |
|
See what I wrote before:
This is due to the fact that distributing shared object files is subject to common terms such as
And this review has to be repeated for each binary component which is updated. This is different from regular Linux packages, where binary components are distributed independently, packaged with the required documentation. What would help is if the AppImage tools would not only copy shared objects, but also copyright files. (And that's what we do for our non-Linux packages.) In addition, since Mapper is GPL V3 licensed and the listed libraries do no longer constitute system libraries when bundled in the AppImage, we we must consider the libraries' source code as being part of the Corresponding Source which must be provided in certain ways (GPL V3 section 6). This will be even more work than adding the documentation! So I decided to not spent more time on this because it would continuously consume too much of my precious time for the development of the app, while acceptable alternative solutions do exist. (OTOH I didn't close the ticket as wontfix, and the AppImage recipe is available on OBS.) |
|
I was about to say, OBS can take care for much of this for you... thanks for your detailed explanation. |
As OBS currently is not automated, lets add AppImage build to |
|
@Symbian9 Probonopd's contribution is tracked in #898. The lack of an AppImage offer from OpenOrienteering is not due to the lack of OBS automation. The biggest piece of work to be done is verifying the legal terms and attributions which needs to be part of this package. It is more than for other platforms (see above). |
Hi @dg0yt is OBS a must for an AppImage of OpenOrienteering to be produced? Please comment in my PR which has not been merged for 2 years. |
|
BTW in flatpak you have the concepts of runtimes, which are independently installed "base images" with most common software. As these may include much software, that would likely solve:
|
|
@rugk Can you provide links to documentation or examples? |
Offering the new snap & flatpak formats for Linux could allow you. Maybe you can integrate them in your superbuild.
The advantages of snap/flatpak are you only need to support these two distribution types in order to make it available to many distros and they can offer a sandbox for better security.
The text was updated successfully, but these errors were encountered: