Alpine still keeps /bin and /usr/bin separated.
And iirc the next fedora release will finally unify everything under /usr/bin.
Alpine still keeps /bin and /usr/bin separated.
And iirc the next fedora release will finally unify everything under /usr/bin.
Very interesting tool. So this is for appimages but also binaries?
Anything portable.
Thats not a sandbox, its a nice wrapper for firejail,
aisap uses bwrap it is mentioned in both links I gave you.
appman used to have firejail sandbox but it was dropped in favor of aisap because of that.
Are all Appimages using that, if not what percentage of the ones you know?
Usually if the appimage has a github release with a zsync you have that verification.
And are tools like Gearlever enforcing or using that signature check?
I don't use gearlever, as far as I know gearlever doesn't even let you sandbox the appimage like AM does. I don't think any of those forces signature verification besides AppImageUpdateTool and that's because that's part of the zsync update process.
Running things from random directories (like ~/Applications which AppimagePool uses) destroys that.
~/Applications
is no a random place, it comes from macos. And what is appimagepool?
You mean appimagetool? that's used to turn the AppDir into an appimage.
If you meant appimagelauncher, ~/Applications
is the default location but it can be changed to any location.
(including appimages which are nearly impossible to sandbox)
See that lock next to some appimages? Yes that's aisap sandbox..
It isn't perfect though, right now its biggest limitation is that a sandboxed appimage can't launch another sandboxed appimage. But dbus, pipewire, vulkan, themes, etc works.
The “open with” and “create new” things. Actually,
You can totally do that with appimages once they are integrated into the system by the previously mentioned tools, those menus rely on desktop entries in $XDG_DATA_HOME/Applications
.
That concept is so broken that it needs to go.
Good thing we have choices on linux, you can make your entire home not executable if you want to.
I like to keep all the software that I need in my home, because that way I don't depend on what my distro provides. I can just drop my home anywhere (besides a musl distro) and I'm ready to go, I even have my window manager as an appimage because I couldn't compile it statically.
But the issue is that they were just thrown out there, “here devs, do the same shit you do on Windows, it is totally normal for people to double click an executable, not have any sandboxing, deal with updates on their own, dont have any cryptographic verification, …”.
AppImage is just a format, same as a deb or rpm, you decide how you handle it afterwards.
doing the actual update process (instead of deleting a file and placing a new one)
Same link again: https://github.com/AppImageCommunity/AppImageUpdate
Many of the appimage devs actually worked on making zsync2 for this: https://github.com/AppImageCommunity/zsync2
On Android you still have a package manager but the APKs are signed individually, updates just allowed if the signatures match. So you can sideload how you want, it is still secure.
You mean the APK itself does the signature verification or what? With appimage it is AppImageUpdateTool that does the verification.
(appimages are impossible to sandbox with bubblewrap, and hard with firejail (which is a setuid binary and had security issues), dont know about nsjail, crabjail, minijail or others)
Regarding what?
You still have that github repo saying that appimages bloat the system when that is a total lie. they can even use less storage than native packages let alone comparing it to flatpak...
But they dont have installers, so no verification
https://lemmy.ml/post/17283790/11897811
on Linux the entire home is executable which is a huge security issue
You still have to give the exec permission to the appimage.
no desktop integration, no context menu, no file associations.
Maybe no context menu depending on what you mean exactly, but the rest are fully possible and I do it on a regular basics with my appimages...
edit: Omg you are the guy from don't use appimages, I see you haven't changed one bit.
And Windows executables have some weird signature verification which Appimages dont have at all.
EDIT:
Appimages have no install wizard.
Appimagelauncher, gearlever, AM, etc. Which is the same as a install wizard since it integrates the appimage into the system. AppImages do not need to be extracted into the system which is what windows install wizards do.
What happened to just donwload the app from it’s own creator and install on your machine?
You have that option with the appimage, inkscape releases it themselves.
Oh it's done by assigning the same keybind to each action.
That will likeky make my config 1000 lines long 😅
That’s just the way you write the rules being deprecated, not the functionality.
I didn't say that it is impossible to do it, just that after I read the documentation it told me that.
Something that I couldn't even find in the documentation was how to do several actions with one keybind, on i3 each action is separated by a comma and you can assign variables to them, for example:
$BIND $MOD+$SHFT+Mod2+KP_1 $MVTO $WS1, $WS1, $WDUNST "$WS1"
Which means:
bindsym Mod4+Shift+Mod2+KP_1 move container to WorkSpace "1", WorkSpace "1", --no-startup-id dunstify -r 33 -t 600 "$WS1"
In english that is move the focused window to workspace 1, focus workspace 1 and send a notification of the current workspace (the last one is for some visual feedback).
hyperland itself told me that, I have a terrible picture (I didn't setup screenshots lol) of it: https://imgur.com/a/fWwmt1e
This was right before yuzu closed down btw.
and have none of the problems you mentioned.
You can move floating windows between displays with the move left/right commands? (not the move to workspace commands).
edit: Found a related issue https://github.com/hyprwm/hyprland-wiki/issues/242
Yeah I meant this: https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin