Include encryption deps

[alexpattyn]

Is your feature request related to a problem? Please describe.
On distros like fedora silverblue you generally are discouraged from layering packages.

Describe the solution you'd like
Include gocryptfs, CryFS, libfuse in the flatpak.

Additional context
Considering these are sensitive deps I wouldn't want them included in the flatpak unless there was a way to have a flathub bot watch upstream for updates and make automatic PRs.

[mpobaschnig]

I tried this at the beginning, but was unsuccessful in doing so. According to this, this and this it is currently not possible to use fuse in a Flatpak. Maybe it is possible, but I'm not sure how.

[alexpattyn]

Gotcha! I figured there was some reason. However borg does mount its archives as FUSE mounts and other flatpak apps like pika and vorta don't require borg on the host. So those apps may offer a clue. I know pika has a matrix room if you wanted to talk to the dev.

[mpobaschnig]

Thanks, I'll look into it again.

[mpobaschnig]

This is now being implemented at #22 but might take a while.

Help and contributions very much appreciated.

[mhogomchungu]

Greetings,

I have a project named SiriKali and it does what you are doing and i though i should assist in making vaults bundle its dependencies.

My project's manifest file is here and how to biuld and bundle Gocryptfs and Cryfs starts at line 218.

From within your flatpak application, you can get the "out of flatpak" path to where these binaries are installed by parsing the contents of "/.flatpak-info" and then get "Instance/app-path" option.

[mpobaschnig]

Thank you very much for your hints and help! I'll take a look at the weekend when I got some more time :)

[mpobaschnig]

Hey, I tried your approach and it worked, thanks a lot! I had hoped mounting gocryptfs directories without flatpak-spawn --host would work too but I guess this is probably too much to dive into. Maybe we'll switch over if someone finds out the exact problem.

[mhogomchungu]

FUSE is not permitted inside Flatpak by design so using "flatpak-spawn --host" is the only available option.

[mpobaschnig]

Alright, then there's not much we can do here. Thanks!

[mhogomchungu]

The problem here was to bundle CryFs and Gocryptfs.

You can bundle them and then use flatpak-spawn --host to run them outside of flatpak. The outside path to these bundled binaries can be obtained using "flatpak-info" file i explained in my first post.

[mpobaschnig]

Yes, I tried all of it and it works great! However, I'm still wondering why cryfs works within flatpak while gocryptfs does not when they are both based on fuse.

[mhogomchungu]

Are you sure CryFs works within flatpak?

It does not work here and i am getting "fuse: device not found, try 'modprobe fuse' first" error.

[mpobaschnig]

Unless there's some magic happening, yes. I pushed some work to https://github.com/mpobaschnig/vaults/tree/update-dependencies if you want to look at it or try out (e.g. using GNOME Builder).