nix-bundle
flatpak-cve-checker | nix-bundle | |
---|---|---|
2 | 8 | |
2 | 598 | |
- | - | |
10.0 | 1.0 | |
over 5 years ago | 3 months ago | |
Python | Nix | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flatpak-cve-checker
-
Update from the world of Fedora Workstation
Parsing the manifest for vulns is doable. Here I wrote one: https://github.com/TingPing/flatpak-cve-checker
-
Flaptak (and Snap) is not the future
If Debian (or whatever org/group/project/initiative that) provides the images has a security policy, they can extend that to the images too.
Users don't run CVE checkers [0], at best they reluctantly click on the update button. Of course the authoritarian evergreen auto-update thing is what actually works in practice.
For example as much as snap's UX sucks it does auto update by default.
[0] Though they could, as files in container images are trivially accessible, after all it's their purpose. Plus there are metadata based approaches: https://github.com/TingPing/flatpak-cve-checker (plus the Flatpak project already spends some energy on ensuring that the base image is chechekd against CVEs https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/jobs/18... ) of course duplicating this effort, and building a parallel world besides packages is not ideal, but
nix-bundle
-
Our Fastest, Most Beautiful Release Ever: Thunderbird 115 “Supernova” Is Here
I admit that there is an element of, "but I chose an obscure and challenging linux variant, waaah why isn't it supported" here, but (a) there's currently no flatpak and (b) when, for goodness sakes, will major linux projects begin packaging for Nix/NixOS as a matter of course?
It's not hard, and the benefits go far outside merely supporting Nix, as e.g. a flake.nix file would allow this project to generate docker images, and appImage images, as basically afterthoughts. (See e.g. https://github.com/matthewbauer/nix-bundle.)
Nix flake support would also provide a perfectly reproducible build environment, which can help clarify dependencies, and thus help the project build achieve idempotence, but I'll save the full shill for some github issue.
In fact, I'm inclined to roll up my shirtsleeves and help make this real.
-
Container runtime as a static binary?
https://github.com/matthewbauer/nix-bundle perhaps?
-
Pushing/marketing the nix package manager as a Flatpak/Snap competitor?
Another way to approach this would be to advocate Nix as the build system for Flatpak or AppImage. Don't know what the status is of nix-bundle, but if it is possible to turn a Nix package into an AppImage with little extra work that would be ideal.
-
Flaptak (and Snap) is not the future
Nix itself is more focused on "distribute from this host with nix, to this other host with nix".
Though, here is e.g. https://github.com/matthewbauer/nix-bundle, which is supported as an experimental command in nix 2.4.
- Nix-bundle: package Nix attributes into single-file executables
-
Does Nix or NixOS address the problem raised by Linus Torvalds on package management?
I believe this tool does: https://github.com/matthewbauer/nix-bundle
-
NixOS 21.05 Released
Yes, it's extremely powerful once you truly understand Nix.
There are efforts to improve documentation, but it still is lacking (I think the biggest problem is that Nix is so big, not just the OS but it can be utilized as a build system).
Just with NixOS is not exactly clear how can you for example build your custom image.
I think https://nix.dev/ is approaching the documentation from the right direction.
There are also many pieces that people built that you need to find.
For example some things that I found accidentally:
* https://github.com/matthewbauer/nix-bundle
* https://github.com/cleverca22/not-os
Unfortunately those side projects often have even worse documentation.
What are some alternatives?
us.zoom.Zoom
runix
xdg-desktop-portal-gtk - Gtk implementation of xdg-desktop-portal
nixGL - A wrapper tool for nix OpenGL application [maintainer=@guibou]
freedesktop-sdk
nix-gui - Use NixOS Without Coding
org.signal.Signal
nixos-config - My NixOS configuration.
mpz - Music player for big local collections
flake-utils-plus - Use Nix flakes without any fluff.
nixos-shell - Spawns lightweight nixos vms in a shell