The officially official Devuan Forum!

You are not logged in.

#1 2020-12-22 21:10:15

rgl808
Member
Registered: 2020-12-08
Posts: 36  
Website

Info » AppImage security and alternatives

================================

Some ".AppImage" applications come from untrustworthy publishers. You can use "bwrap/firejial" to restrict the running environment of those ".AppImage" applications.

If you have a better way to restrict the running environment of ".AppImage" applications, please reply.

================================

[Info] (Please,dont reply/quote this, a reply/quote to this may can cause a nonsense discussion and a permanent loss of neurons)

Review "X" if you want, but be shure to share your best idea if you have ideas to solve/improve "X".
Are you going to criticize "X"?:
-Stop if you can (you may not know what you are talking about, no one knows everything)
-Explain why and wait for someone that have ideas to solve/improve "X" (if you think you may know what you are talking about)

Last edited by rgl808 (2020-12-26 00:28:13)

Offline

#2 2020-12-22 21:45:13

golinux
Administrator
Registered: 2016-11-25
Posts: 3,318  

Re: Info » AppImage security and alternatives

Or better yet, just don't use "appimage" at all.  I suspect that there aren't many devuan users who would touch it.

Online

#3 2020-12-22 22:29:18

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Info » AppImage security and alternatives

golinux wrote:

just don't use "appimage" at all

^ This.

See also https://www.techrepublic.com/article/wh … -on-linux/ & http://kmkeen.com/maintainers-matter/


Brianna Ghey — Rest In Power

Offline

#4 2020-12-23 11:14:00

rgl808
Member
Registered: 2020-12-08
Posts: 36  
Website

Re: Info » AppImage security and alternatives

Thank you for reply.

Last edited by rgl808 (2020-12-23 21:12:38)

Offline

#5 2020-12-23 12:00:28

rgl808
Member
Registered: 2020-12-08
Posts: 36  
Website

Re: Info » AppImage security and alternatives

My way to go:

1: apps from official distribution repositories
2: tar ball + binaries
3: apps from source
4: flatpak apps [try to avoid/dont promote]

Last edited by rgl808 (2020-12-23 21:13:10)

Offline

#6 2020-12-23 12:40:29

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Info » AppImage security and alternatives

Can these appimages be used in software centers like gnome software or kde etc? Ive never used them, just curious how they are got.

Offline

#7 2020-12-23 14:24:43

rgl808
Member
Registered: 2020-12-08
Posts: 36  
Website

Re: Info » AppImage security and alternatives

...

Last edited by rgl808 (2020-12-23 21:13:36)

Offline

#8 2020-12-23 14:52:35

golinux
Administrator
Registered: 2016-11-25
Posts: 3,318  

Re: Info » AppImage security and alternatives

These pre-packaged all-in-one apps are an aberration and insult to Linux users.  Methinks they are for handicapped Winblows refugees who don't know what they're doing.

Online

#9 2020-12-23 15:16:43

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Info » AppImage security and alternatives

golinux wrote:

These pre-packaged all-in-one apps are an aberration and insult to Linux users.  Methinks they are for handicapped Winblows refugees who don't know what they're doing.

looks as though they are trying to emulate google play store, apple itunes, microsoft download etc for the gnome smartphone software, ever increasingly gnome desktop will probably morph into an android/iphone os spinoff. I was looking at that gnome look org and some of the top themes are all apple mac clones for gtk3, lol...

Last edited by dice (2020-12-23 15:18:24)

Offline

#10 2020-12-23 15:58:21

rgl808
Member
Registered: 2020-12-08
Posts: 36  
Website

Re: Info » AppImage security and alternatives

...

Last edited by rgl808 (2020-12-23 21:14:27)

Offline

#11 2020-12-23 16:44:10

rgl808
Member
Registered: 2020-12-08
Posts: 36  
Website

Re: Info » AppImage security and alternatives

Analytics in each site: "Flatpak", "AppImage", "Snapcraft".

Flatpak:
di-WX9VML.png

AppImage:
9yiOpl0paQ.png

Snapcraft:
di-AYB3IV.png

Offline

#12 2020-12-23 16:51:40

rgl808
Member
Registered: 2020-12-08
Posts: 36  
Website

Re: Info » AppImage security and alternatives

https://thp.io/2019/flatpak-vs-snapcraft.html

Distribution Packages

I still hope that there's a place for distribution packages. The leaf packages ("apps") do need some kind of sandboxing, as sandboxing is good and important to have (not only to protect the "root" user, but protect the user's data, as usually there's more privacy-related juicy info in $HOME than in all of the system folders).

Even with Flatpak, there's still some duplication (e.g. the GTK version from the distro package and the Freedesktop Platform Flatpak), but it's better than Snap's "let every snap ship with its own version of ICU" or AppImage's "just run this executable, it contains Everything" approach.

Offline

#13 2020-12-23 18:37:52

rgl808
Member
Registered: 2020-12-08
Posts: 36  
Website

Re: Info » AppImage security and alternatives

After these replies i learned (hope this help someone):

"AppImages", "Flatpak" projects are good for portability

BUT

if we promote these projects may one day new linux users will left behind the distribution repositories replaced by one centralized platform like the "Apple""App Store"/"Google""Play Store".

Offline

#14 2021-01-03 08:54:29

ToxicExMachina
Member
Registered: 2019-03-11
Posts: 210  

Re: Info » AppImage security and alternatives

Anyone who recommend flatpak should note that flatpak is a big security hole itself by design. Flatpak is also SystemD-exclusive package manager. Snap is the same thing as flatpak. As for Appimage it's important to understand that Appimage is just an auxiliary way of software distribution. Consider Appimage as an advanced tarball. Of course, tarball is simpler and way more open thing than Appimage.

There is a problem: corporations are trying to force way of thinking incompatible with sane technical solutions.

Offline

#15 2021-01-03 09:36:41

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Info » AppImage security and alternatives

ToxicExMachina wrote:

Flatpak is also SystemD-exclusive package manager.

Nope: https://pkgs.alpinelinux.org/packages?n … ranch=edge

And it's spelled "systemd" FFS... mad


Brianna Ghey — Rest In Power

Offline

#16 2021-01-03 11:36:37

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Info » AppImage security and alternatives

Head_on_a_Stick wrote:
ToxicExMachina wrote:

Flatpak is also SystemD-exclusive package manager.

Nope: https://pkgs.alpinelinux.org/packages?n … ranch=edge

And it's spelled "systemd" FFS... mad

why does this trigger you so?

When people spell it that way it always makes me think of that manga/anime cartoon initial D

Last edited by dice (2021-01-03 11:38:27)

Offline

#17 2021-01-03 12:38:21

zapper
Member
Registered: 2017-05-29
Posts: 967  

Re: Info » AppImage security and alternatives

dice wrote:
Head_on_a_Stick wrote:
ToxicExMachina wrote:

Flatpak is also SystemD-exclusive package manager.

Nope: https://pkgs.alpinelinux.org/packages?n … ranch=edge

And it's spelled "systemd" FFS... mad

why does this trigger you so?

When people spell it that way it always makes me think of that manga/anime cartoon initial D

I don't get that either, let's just refer to systemd or system-d as system dumb from now on. Since it is so buggy and crappy...

wink


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#18 2021-01-04 20:56:42

mweishaar
Member
Registered: 2018-11-11
Posts: 36  

Re: Info » AppImage security and alternatives

I've used two appimages.

1. Kdenlive.  They implemented some new features in the latest version (20.12), and I am on 18.12.3 w/beowulf.  KDE provided the appimage.  I don't use it all that often, but the new features are nice. 

2. I have a live-usb-maker appimage from the MX-linux team.  For some reason, I couldn't get a bootable USB to work (i.e. boot) using unetbootin.

I don't mind them at all, but I wouldn't want to use them exclusively.

Offline

#19 2021-01-17 04:18:38

zapper
Member
Registered: 2017-05-29
Posts: 967  

Re: Info » AppImage security and alternatives

golinux wrote:

Or better yet, just don't use "appimage" at all.  I suspect that there aren't many devuan users who would touch it.

I have touched appimages in the past and occasionally still do, but that being said, you are probably right about appimage.

They probably aren't as secure or trustworthy as official repos for distros you trust.

I should add, i don't  flatpak and especially snaps even more so.

I am not sure about guix package manager, or other alternatives... but snap and npm ones currently rank my least trusted methods of installing.

Especially now that I know about ubuntu's non-free server for snaps. hmm

Aka, walled garden anyone?


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#20 2022-06-07 13:56:04

SpongeBOB
Member
From: Brussels
Registered: 2022-02-07
Posts: 114  

Re: Info » AppImage security and alternatives

Hi everyone,

Real interesting topic !

I'm trying to install ATOM (off-line) https://dev1galaxy.org/viewtopic.php?pid=36174#p36174 with the most practical solution possible.

I've been recommended to use appimage with Firejail. What you think about that solution ?


Linux noob, plz be kind big_smile

Offline

Board footer