Open probonopd opened 8 years ago
Sound like this could finally provide an easy way to install SSR on the distributions that don't have packages yet. I will try to generate one from the Ubuntu 12.04 package when I release the next SSR version.
Excellent @MaartenBaert, thank you very much.
Here is the script I used to produce the AppImage; just replace trusty by 12.04. https://github.com/probonopd/AppImages/blob/master/recipes/simplescreenrecorder/Recipe
Pure insanity. Nice backdoor waiting to be implemented in that script. There's zero error checking, zero sanity checking, sources other files and quite distribution centric. Are the appimage campers seriously parading this as a solution on Github??
# URL=$(wget -q "https://s3.amazonaws.com/archive.travis-ci.org/jobs/$((ID+2))/log.txt" -O - | grep "https://transfer.sh/.*/appimagetool" | tail -n 1 | sed -e 's|\r||g')
# fi
URL="https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-${SYSTEM_ARCH}.AppImage"
wget -c "$URL" -O appimagetool
chmod a+x ./appimagetool
set +x
if ( [ ! -z "$KEY" ] ) && ( ! -z "$TRAVIS" ) ; then
wget https://github.com/AppImage/AppImageKit/files/584665/data.zip -O data.tar.gz.gpg
( set +x ; echo $KEY | gpg2 --batch --passphrase-fd 0 --no-tty --skip-verify --output data.tar.gz --decrypt data.tar.gz.gpg )
tar xf data.tar.gz
sudo chown -R $USER .gnu*
shivers You guys are out of your minds.
@h1z1 What exactly are you referring to? Where did that piece of code come from?
Any package system has the potential of abuse, that's also true for my Ubuntu PPA or Arch Linux AUR packages. You are taking a risk even if you compile from source, unless you have literally read every line of code in the build scripts as well as the SSR source code itself. As a user you are relying on the developers to not abuse their power to push a malicious update. Sandboxing seems to be the only practical way to get real security, but in the case of SSR that would break the functionality.
@h1z1 concrete suggestions for improvements are welcome. By the way, if @MaartenBaert would decide to do an official AppImage, he could of course properly sign it with GPG using his own private key and credentials.
Would you be interested in providing an official AppImage?
Here is a video by SSR user Joe Collins that shows why this might be useful: https://www.youtube.com/watch?v=YAtS6XEwyQY