pkg2appimage VS bubblewrap

The pkg2appimage script exists to do these conversions with many examples https://github.com/AppImageCommunity/pkg2appimage/tree/master/recipes

NOTE: I've built it using the recipe available at https://github.com/AppImageCommunity/pkg2appimage, added libunionpreload from https://github.com/project-portable/libunionpreload and some additional paths to LD_LIBRARy_PATH into the AppRun, just tested on Debian and Arch Linux... and works great!

Beyond all, my work is heavily focused on compiling AppImage from existing .deb packages through the use of pkg2appimage and appimagetool, as unofficial AppImage packages not present on AppImageHub are provided, but taken from fairly reliable sources ( Debian repositories, or in some cases a PPAs for Ubuntu). The sources are available via the -a or -w options of my scripts.

Does anyone actually do that? The official documentation says not to do that (see here). Also, the excludelist mentions a couple of problems that happen when certain libraries are bundled in an AppImage.

It sounds like there might also be at least some support for portable Linux formats on Mac: snap appears to allow installing on mac via brew, but it sounds like appimages and flatpaks cannot run on mac. that said, i haven't used snaps on mac nor have I ever heard of anyone who does so... so no clue if they work well there.

PS: yes, I know that better sources for this are already available, for example the Slackware repository and woolyss, but actually the more recent version, the 97, for old i386 machines is provided by Debian (ArchLinux32 has the v90, and other versions are quite buggy for this architecture, see this issue). Unluckily there is not a 32 bit version of pkg2appimage, if we had one or someone can fork better the main script, we can still have more appimages for old architectures, being many of my scripts for x86_64 wrote to support pkg2appimage (as you have already seen in my previous post).

If I have time enough, I wanna try to create a script that automatizes all the processes, also for you developers, but my knowledge is limited to the download of packages from Debian and derivatives or from Arch Linux to create these structures, I'm not much good in compiling these programs by myself into a chroot, I'm just an enthusiast.

Depends on who makes them, but generally everything besides this list

Brave doesn't officially provide any AppImages. There is a issue on GitHub tracking this, but it's definitely not their top priority right now. You can use pkg2appimage to produce an AppImage of Brave or use existing ones available on this GitHub repository. Keep in mind that these are unofficial sources that I don't recommend to use, but if you really want to, at your own risk.

Nothing nix specific but you may be interested in https://github.com/containers/bubblewrap

Recently, I came across Chainguard and wrote the article How to build Docker Images with Melange and Apko. As a fervent supporter of Kubernetes and GitLab CI, I was eager to experiment with building images using Melange in this particular setup. GitLab's shared Runners work seamlessly with Bubblewrap, eliminating the need for additional configurations. This post is intended for enthusiasts like myself, interested in hosting their own Kubernetes Runners and leveraging the Kubernetes Runner Type of Melange.

```

This is basically manually invoking what Flatpak does:

https://github.com/containers/bubblewrap

This is also useful for more than just security. E.G., you can test how your app would behave on a fresh install by masking your user configuration files. I personally also have a tool that uses it to basically bundle all dependencies from an entire Linux distribution in order to make highly portable AppImages— Been meaning to post that, will get around to it eventually maybe.

The flags above should hide your user data (`--tmpfs`), disable network access (`--unshare-all`), hide/virtualize devices and OS state (`--dev` and `--proc`), and make the rest of the root filesystem read-only (`--ro-bind`­— Including the insecure X11 socket in `/tmp`, which you might want to expose for GUI apps).

Check them against `bwrap --help`; I might have omitted one or two more things you'd need.

While trying to find out more comparison information, found this light on details issue:

https://github.com/containers/bubblewrap/issues/81

It mentions nsjail and minijail.