Linux appimage installer#701
Merged
Merged
Conversation
Replace the GLIBC-versioned tar.gz + bundled GTK/WebKit2GTK installer with a single AppImage flow driven by the Tauri-format update JSON. Probe-driven dependency install: - After download, probe the AppImage with --no-sandbox --version. If it exits cleanly, system libraries are sufficient and apt/dnf/pacman is skipped entirely. - gnome-keyring daemon presence checked independently (binary check; --version doesn't exercise keytar). - AppArmor profile presence checked independently (Ubuntu 24.04+ / Debian 13+ where unprivileged user namespaces are restricted). - Each probe gates its own install step, so sudo is only requested for pieces actually missing. Cross-distro robustness: - apt-cache probe picks libfuse2 (Ubuntu 20.04-22.04, Debian 11-12, Mint 20-21, Neon 22) vs libfuse2t64 (Noble+, Trixie+, Kali, Mint 22+). - KDE sessions skip gnome-keyring to avoid the kwallet/Secret Service D-Bus race. - RHEL 10's missing libXScrnSaver is intentionally not requested (Wayland-only; Electron no-ops gracefully). - Arch gets libxss + libnotify explicitly (not pulled by gtk3). Wrapper script (~/.local/bin/phcode) handles runtime failure modes: - Falls back to --appimage-extract-and-run on FUSE errors. - Falls back to --no-sandbox on userns/AppArmor errors. Other UX improvements: - SIGINT/SIGTERM trap so Ctrl+C cleans up the tmpdir and exits 130. - apt-get install uses --force-confdef/--force-confold + DEBIAN_FRONTEND so an unrelated pending upgrade can't trigger config-file prompts. - Replaced the `yes | sudo apt install` pipeline that silently aborted the script under set -o pipefail when yes died of SIGPIPE. - AppArmor profile preserved across reinstall and --upgrade (only removed by explicit --uninstall) so routine version bumps don't need sudo just to recreate the same profile content. - Post-install hint when the keyring is locked (autologin sessions) explaining the one-time unlock prompt users will see. Removed dead code: check_os_version, download_and_install_gtk, create_launch_script_with_gtk, the GLIBC-version search loop in downloadAndInstall.
Phoenix Code's Electron renderer is already locked down (contextIsolation + nodeIntegration:false + local-only phtauri:// protocol). The kernel-side AppArmor profile only adds defense-in-depth against renderer V8 RCE → raw-syscall escape, which is a narrow class. The IPC-bridge attack surface (electronFSAPI, keytar via electronAPI) is not gated by the kernel sandbox either way. Removing the profile install matches what every other Electron AppImage in the wild does (Cursor, Obsidian, Discord, VSCode-AppImage), removes ~70 LOC, and stops requesting sudo to write under /etc/. Wrapper-script fallbacks stay (verified load-bearing by reading Chromium and AppImage type-2 runtime source): - Sandbox: Chromium LOG(FATAL)s when AppArmor blocks the userns clone on Ubuntu 24.04+ / Debian 13+; it does NOT auto-fall-back. Our --no-sandbox re-exec is the actual recovery and now the only one. - FUSE: the AppImage runtime self-recovers only when libfuse.so.2 can't dlopen; when /dev/fuse is missing or fusermount is denied (Docker/Podman containers, older WSL2, SELinux-restricted kernels), it prints "Cannot mount AppImage, please check your FUSE setup" and exits. Our --appimage-extract-and-run re-exec is the recovery. Wrapper regex tightened: - Drop `dlopen` from the FUSE branch (too broad, could match unrelated library-load failures and route them into a useless retry). - Add `Check failed` to the sandbox branch to catch Chromium's actual NamespaceSandbox / SUID-helper FATAL phrasing. uninstall() reverted to a single behavior (the keep_apparmor mode arg is no longer needed since there's no profile to preserve).
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.