Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Official Snap #70

Closed
dmp1ce opened this issue Jan 22, 2019 · 4 comments
Closed

Official Snap #70

dmp1ce opened this issue Jan 22, 2019 · 4 comments
Assignees
@ripcurlx @devinbileck
Labels
was:stalled

Comments

@dmp1ce
Copy link

dmp1ce commented Jan 22, 2019

This is a Bisq Network proposal. Please familiarize yourself with the submission and review process.

I propose adding a snapcraft.yaml file which allows a Bisq Snap package to be distributed on the Snapcraft store. Then link Snapcraft build service to the bisq-network/bisq repository so the snap can be automatically built on each release.

I believe a Snap package would help in distributing Bisq on a variety of Linux distributions. Having an official Snap will help users find the correct version of Bisq if multiples appear on the Snapcraft store.

I already have experimented with a Snap package myself but am still working on getting it to build automatically from Github. I will make a pull request once I have the automatic builds working.

Here is my source: https://github.com/dmp1ce/bisq-snap
Here is the Bisq snap I create for the Snapcraft store: https://snapcraft.io/bisq-desktop
Here is the issue where there has already been some discussion about a Snap package: bisq-network/bisq#568
@devinbileck
Copy link
Member

As discussed in bisq-network/bisq#2378, I have some concerns using the snapcraft store as an official way to distribute Bisq. Essentially it comes down to the following points:

  1. Uncertainty whether locally generated signatures for a snap file (when we prep a release) can still be used to validate once installed via the snapcraft store.

  2. Do we want to rely on snap to auto-update Bisq for the user? Aside from concerning issues about data consistency discussed in the snapcraft community when it comes to snap auto-updates (https://forum.snapcraft.io/t/bug-saves-are-blocked-to-snap-user-data-if-snap-updates-when-it-is-already-running/3226/16), the more secure method of updating is via the in-app mechanism which downloads and automatically performs signature verification. Also, the user should be able to choose when they want to update rather than snap updating it automatically.

I feel that we need to address those concerns before we can consider this as an official distribution method.

@devinbileck devinbileck mentioned this issue Feb 9, 2019
Closed
@dmp1ce
Copy link
Author

dmp1ce commented Feb 9, 2019

The hash is identical after going through the Snapcraft store. I have verified it for one of my releases.

I agree with the second point.

@ManfredKarrer
Copy link
Member

I am not familiar with snap but I think we should focus our resources rather to get to a deterministic build (gitian build). Most software does not require the level of secrurity Bitcoin related software does. I fear if we get into other infrastructure we might inherit security policies which are not good enough for Bitcoin related software. Though I have to admit that is uninformed speculation - don't have time to look closer into it...

@devinbileck
Copy link
Member

@ManfredKarrer Agreed. Deterministic builds has been on my mind for some time now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ripcurlx ripcurlx

@devinbileck devinbileck

Labels
was:stalled
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dmp1ce @ripcurlx @devinbileck @ManfredKarrer