Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AppImage Needed, Build Script Provided. #1579

Open
4 tasks done
CrazyAce25 opened this issue Oct 20, 2024 · 9 comments
Open
4 tasks done

AppImage Needed, Build Script Provided. #1579

CrazyAce25 opened this issue Oct 20, 2024 · 9 comments
Labels
need triage I will look into it, I promise!

Comments

@CrazyAce25
Copy link

CrazyAce25 commented Oct 20, 2024
edited
Loading

Preliminary checklist

  • I have read the README
  • I have searched existing issues for my feature request. This is a new issue (NOT a duplicate) and is not related to another issue.
  • I have searched wont fix issues and this request is not among them
  • This is a feature request for the Cromite browser; not the website nor F-Droid nor anything else.

Is your feature request related to privacy?

No

Is there a patch available for this feature somewhere?

Not that Im aware of.

Describe the solution you would like

We need a truly portable Linux Cromite release that can be easily updated as currently there is no way to easily update the Linux version that is put out. Appimages can be easily updated via https://github.com/ivan-hc/AM and/or through the use of go-appimage and likely others as well. AM/AppMan & Go-appimage daemon also provide integrated sand-boxing functionality among many other great features.

Describe alternatives you have considered

I spent the time to create a script that makes it incredibly easy to build the AppImage which makes use of the lin64 build that is already currently in production. Please consider making use of the included script to put out an Appimage for the community. This script makes use of the latest go-appimage repository (https://github.com/probonopd/go-appimage/) and should run well on most all available versions of Linux without any issues.
@CrazyAce25
Copy link
Author

Go-AppImage-Cromite-Build_Script.txt

@uazo
Copy link
Owner

uazo commented Oct 21, 2024

I would like you to show me the result of chrome://sandbox with and without the isolation active.

@uazo uazo added need triage I will look into it, I promise! awaiting info Further information is requested labels Oct 21, 2024
@ivan-hc
Copy link

ivan-hc commented Oct 22, 2024
edited by uazo
Loading

hi, I've not tested with the AppImage provided here, but I have performed a test with chromium that instead is available in the repo of AM, this is the video

Details

simplescreenrecorder-2024-10-22_06.55.06.mkv.mp4

I hope this can help somehow

@CrazyAce25
Copy link
Author

I would like you to show me the result of chrome://sandbox with and without the isolation active.

Before and After Sandbox

No change before sandbox and after.

@uazo
Copy link
Owner

uazo commented Oct 23, 2024

seems strange to me. I wonder how isolation protects an escalation of privileges.
not that I mind, because it means that it would be possible to use browser isolation without touching the isolation of render processes and thus the chromium sandbox, but it also means that the protection might be ineffective. flatpack does not allow the modification of the protections it inserts for that very reason. I would have to check to understand better.

could you check whether the chrome_sandbox file is present and possibly delete it and then try again?
other thing, is there an automatic autoupdate?

I will do some tests too, be patient.

@uazo uazo removed the awaiting info Further information is requested label Oct 23, 2024
@uazo uazo mentioned this issue Oct 23, 2024
Open
5 tasks
@ivan-hc
Copy link

ivan-hc commented Oct 23, 2024

other thing, is there an automatic autoupdate?

sure, my contributor @Samueru-sama have helped me a lot by adding metadata info in some of my Appimages, so some of them are updatable using appimageupdatetool, by downloading only the deltas

as well, my package manager, "AM"/"AppMan" supports both update by deltas (as just said above) or the "comparison of versions" if metadata info are not implemented. See https://github.com/ivan-hc/AM#how-to-update-all-programs-for-real

@ivan-hc
Copy link

ivan-hc commented Oct 23, 2024

@uazo if you go on my profile, I have listed all appimages I create, I also have Google Chrome, Chromium, Vivaldi, Opera and Microsoft Edge, you can extract them using the following command

./*.AppImage --appimage-extract

the files are extracted into a "squashfs-root" directory. Remember to made the AppImage executable.

@Samueru-sama
Copy link

Samueru-sama commented Oct 23, 2024
edited
Loading

seems strange to me. I wonder how isolation protects an escalation of privileges.

The isolation uses aisap which ships its own non-SUID bubblewrap. https://github.com/mgord9518/aisap

As far as I know it is not possible to escalate privileges since the binary itself is not SUID unlike other methods like firejail.

I will do some tests too, be patient.

You can quickly check with the brave appimage (chromium based) am -i brave-appimage && am --sandbox brave and check all of that, this is what I get on sandbox status:

image

WIth this said, I know it is not recommended to do this to firefox based browsers, because it breaks its internal sandbox

@Twig6943
Copy link

Twig6943 commented Nov 2, 2024

ayo @ivan-hc any updates on getting this to "AM" db?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
need triage I will look into it, I promise!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@uazo @Samueru-sama @ivan-hc @Twig6943 @CrazyAce25