Closed ghost closed 4 years ago
Hi, thank you for your interest in the project! Currently we use Guix because of the many benefits and guarantees it provides, this currently works on any distribution. Do those solutions provide complete reproducibility and transparency for the end-user?
The archive is big because webkit is big and has too many dependencies.
With a bit of work on the Guix packages, we could reduce the size of the dependencies. By how much I don't know :p
Hello @jmercouris
Are you talking about Guix "an advanced distribution of the GNU operating system developed by the GNU Project—which respects the freedom of computer users"?
I'm not sure what you mean by reproducibility, but snap and flatpak sandbox the application and (if I'm not mistaken) run them in containers or sandboxes. Here's a page that compares them.
It should also reduce the size of the published application, especially when other applications use webkit. If a user has electron apps, then they would share the dependency.
There are quite a few distros that come with snapd preinstalled and quite a few with flatpak preinstalled. Therefore out of the box, you'd support a wide range of distros by publishing to either (or both).
Guix is a package manager which you can install on any distribution.
As with Flatpak and Snap, every application that uses WebKit will share the dependency.
See https://guix.gnu.org/blog/2018/tarballs-the-ultimate-container-image-format/ for some technical details.
Reproducibility means that you can rebuild the image on your end and check that you get the exact same result, bit per bit, thus ensuring that you nothing malicious was introduced in the distributed image.
In effect, all non-reproducible flatpaks and snaps are potentially malicious. I would not recommend to run a web browser with such a system.
See https://reproducible-builds.org/ for more.
Hope that helps :)
I see now. Thank you. Indeed it's interesting.
However, since snap and flatpak are already available quite a few distros, while guix
isn't, it might help quite a bit to have next
be packaged for those - at least until guix
is included in the repos of major distros.
Guix is available in Arch Linux, Debian (if not now, very soon), OpenSuse if I'm not mistaken and a few other popular distributions.
For other distributions, Guix can be installed via a simple script from the download page: https://guix.gnu.org/download/
But all this is irrelevant for the Next Guix pack since it does not even require Guix itself: it's a simple archive anyone can extract and execute.
I would prefer to stay away from Snap and Flatpak which don't fit the bill in terms of security requirements.
I guess that settles it
Hello again,
I have been trying to install next using guix on opensuse tumbleweed and it doesn't work. Installing hello
works, but it can't find next ("Unknown package"). Multiple guix pull
s and nothing.
How can I resolve that error?
I find downloading a tarball way less secure so that's one of the things I won't do.
You can also run the tarball in a container.
Regarding your issue with Guix, can you provide an exact recipe of the commands you typed and the outputs you got?
What does
guix search next
return?
Also can you provide the output of
which guix
? Thanks!
Guix 1.0.1
Please find the logs of guix install next
and guix search next
attached (hopefully emails allow it, otherwise I'll have to update this later).
And how can I run a tar.gz in a container? I don't think that's described on the install page
guile: warning: failed to install locale
hint: Consider installing the glibc-utf8-locales' or
glibc-locales' package and
defining `GUIX_LOCPATH', along these lines:
guix package -i glibc-utf8-locales
export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
See the "Application Setup" section in the manual, for more info.
name: perl-class-c3-adopt-next version: 0.13 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: perl-list-moreutils@0.428 perl-mro-compat@0.13
name: sbcl-next version: 1.2.1 outputs: out lib systems: x86_64-linux i686-linux armhf-linux dependencies: gcc@7.4.0 next-gtk-webkit@1.2.1 pkg-config@0.29.2
name: next-gtk-webkit version: 1.2.1 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: gcc@7.4.0 glib-networking@2.58.0
name: windowmaker version: 0.95.8 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: fontconfig@2.13.1 giflib@5.1.4 libjpeg@9c libpng@1.6.34
name: r-systempiper version: 1.18.0 outputs: out systems: x86_64-linux i686-linux dependencies: r-annotate@1.62.0 r-batchtools@0.9.11 r-biocgenerics@0.30.0
name: python2-nose2 version: 0.6.5 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: python2-cov-core@1.15.0 python2-pytest-cov@2.6.1
name: python-nose2
version: 0.6.5
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: python-cov-core@1.15.0 python-pytest-cov@2.6.1 python-six@1.11.0
location: gnu/packages/check.scm:641:2
homepage: https://github.com/nose-devs/nose2
license: FreeBSD
synopsis: Next generation of nicer testing for Python
description: Nose2 is the next generation of nicer testing for Python, based
name: ngs-sdk
version: 2.9.3
outputs: out
systems: i686-linux x86_64-linux
dependencies: perl@5.28.0
location: gnu/packages/bioinformatics.scm:5516:2
homepage: https://github.com/ncbi/ngs
license: Public Domain
synopsis: API for accessing Next Generation Sequencing data
description: NGS is a domain-specific API for accessing reads, alignments and
name: ngless version: 0.9.1 outputs: out systems: x86_64-linux dependencies: bwa@0.7.17 ghc-aeson@1.3.1.1 ghc-ansi-terminal@0.8.0.4
name: squashfs-tools-next
version: 4.3-1fb33dfc
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: lz4@1.8.1.2 lzo@2.10 xz@5.2.4 zlib@1.2.11
location: gnu/packages/compression.scm:791:4
homepage: http://squashfs.sourceforge.net/
license: GPL 2+
synopsis: Tools to create and extract squashfs file systems
description: Squashfs is a highly compressed read-only file system for Linux.
name: perl-encode-hanextra
version: 0.23
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/perl.scm:3109:2
homepage: https://metacpan.org/release/Encode-HanExtra
license: Expat
synopsis: Additional Chinese encodings
description: This Perl module provides Chinese encodings that are not part of
name: opensmtpd-next version: 6.4.1p2 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: bdb@6.2.32 bison@3.0.5 groff@1.22.3 libasr@201602131606
name: guile-next version: 2.9.1 outputs: out debug systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: bash-minimal@4.4.23 gmp@6.1.2 libffi@3.2.1 libgc@7.6.6
name: genext2fs
version: 1.4.1-4
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: autoconf@2.69 automake@1.16.1
location: gnu/packages/linux.scm:5278:2
homepage: https://github.com/jeremie-koenig/genext2fs
license: GPL 2
synopsis: Generate ext2 file system as a normal user
description: This package provides a program to generate an ext2 file system
name: emacs-nov-el
version: 0.2.6
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: emacs-dash@2.16.0 emacs-esxml@0.3.4 unzip@6.0
location: gnu/packages/emacs-xyz.scm:9084:2
homepage: https://github.com/wasamasa/nov.el/
license: GPL 3+
synopsis: Major mode for reading EPUBs in Emacs
description: `nov.el' provides a major mode for reading EPUB documents.
.ncx') and EPUB3 (
name: emacs-highlight-symbol
version: 1.3
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/emacs-xyz.scm:4076:2
homepage: https://nschum.de/src/emacs/highlight-symbol
license: GPL 2+
synopsis: Automatic and manual symbol highlighting for Emacs
description: Use `highlight-symbol' to toggle highlighting of the symbol at
highlight-symbol-next',
highlight-symbol-prev',highlight-symbol-next-in-defun' and
highlight-symbol-prev-in-defun' allowhighlight-symbol-nav-mode' to enable key bindings
M-p' and `M-p' forname: vim-neocomplete
version: 2.1
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/vim.scm:229:2
homepage: https://github.com/Shougo/neocomplete.vim/
license: Expat
synopsis: Next generation completion framework for Vim
description: `neocomplete', an abbreviation of 'neo-completion with cache', is
name: subread
version: 1.6.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: zlib@1.2.11
location: gnu/packages/bioinformatics.scm:6372:2
homepage: http://bioinf.wehi.edu.au/subread-package/
license: GPL 3+
synopsis: Tool kit for processing next-gen sequencing data
description: The subread package contains the following tools: subread
name: gnujump version: 1.0.8 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: glu@9.0.0 mesa@18.3.5 sdl-image@1.2.12 sdl-mixer@1.2.12
name: wesnoth version: 1.14.7 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: boost@1.69.0 dbus@1.12.12 fribidi@1.0.5 gettext-minimal@0.19.8.1
name: vim-fugitive
version: 2.5
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/vim.scm:481:2
homepage: https://github.com/tpope/vim-fugitive
license: Vim
synopsis: Vim plugin to work with Git
description: Vim-fugitive is a wrapper for Vim that complements the command
name: sortmerna
version: 2.1b
outputs: out db
systems: x86_64-linux i686-linux
dependencies: zlib@1.2.11
location: gnu/packages/bioinformatics.scm:6215:2
homepage: http://bioinfo.lifl.fr/RNA/sortmerna
license: LGPL 3
synopsis: Biological sequence analysis tool for NGS reads
description: SortMeRNA is a biological sequence analysis tool for filtering,
name: silkaj version: 0.6.5 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: python-click@7.0 python-duniterpy@0.53.1 python-ipaddress@1.0.22
name: sbcl-cl-who
version: 1.1.4-1.2c08caa
outputs: out
systems: x86_64-linux i686-linux armhf-linux
dependencies: sbcl-flexi-streams@1.0.16
location: gnu/packages/lisp.scm:4077:4
homepage: https://edicl.github.io/cl-who/
license: FreeBSD
synopsis: Yet another Lisp markup language
description: There are plenty of Lisp Markup Languages out there - every Lisp
name: ruby-minitest-focus
version: 1.1.2
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: ruby-hoe@3.16.2 ruby-minitest@5.11.3
location: gnu/packages/ruby.scm:3129:2
homepage: https://github.com/seattlerb/minitest-focus
license: Expat
synopsis: Allows a few specific tests to be focused on
description: `minitest-focus' gives the ability focus on a few tests with ease
name: ruby-bump
version: 0.7.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/ruby.scm:756:2
homepage: https://github.com/gregorym/bump
license: Expat
synopsis: Tool for working with Rubygems
description: Bump provides commands to manage Rubygem versioning, updating to
name: r-magrittr
version: 1.5
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/statistics.scm:892:2
homepage: https://cran.r-project.org/web/packages/magrittr/index.html
license: Expat
synopsis: A forward-pipe operator for R
description: Magrittr provides a mechanism for chaining commands with a new
name: r-fastseg version: 1.30.0 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: r-biobase@2.44.0 r-biocgenerics@0.30.0 r-genomicranges@1.36.0
name: r-dplyr version: 0.8.0.1 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: r-assertthat@0.2.1 r-bh@1.69.0-1 r-glue@1.3.1 r-magrittr@1.5
name: r-bayseq
version: 2.18.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: r-abind@1.4-5 r-edger@3.26.0 r-genomicranges@1.36.0
location: gnu/packages/bioconductor.scm:1304:2
homepage: https://bioconductor.org/packages/baySeq/
license: GPL 3
synopsis: Bayesian analysis of differential expression patterns in count data
description: This package identifies differential expression in
name: python-debug version: 3.7.0 outputs: out debug systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: bzip2@1.0.6 gdbm@1.18 libffi@3.2.1 openssl@1.0.2p
name: pdfpc version: 4.3.2 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: cairo@1.16.0 gst-plugins-base@1.14.4 gstreamer@1.14.4
name: openbox version: 3.6.1 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: imlib2@1.5.1 librsvg@2.40.20 libsm@1.2.2 libxcursor@1.2.0
name: ocaml-migrate-parsetree
version: 1.2.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: ocaml-ppx-derivers@1.2.1 ocaml-result@1.3 ocamlbuild@0.13.1
location: gnu/packages/ocaml.scm:1347:2
homepage: https://github.com/ocaml-ppx/ocaml-migrate-parsetree
license: LGPL 2.1+
synopsis: OCaml parsetree convertor
description: This library converts between parsetrees of different OCaml
name: neofetch
version: 6.0.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/admin.scm:2609:2
homepage: https://github.com/dylanaraps/neofetch
license: Expat
synopsis: System information script
description: Neofetch is a command-line system information tool written in
name: libdvdnav
version: 6.0.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: libdvdread@6.0.1 pkg-config@0.29.2
location: gnu/packages/video.scm:1778:2
homepage: http://dvdnav.mplayerhq.hu/
license: GPL 2+
synopsis: Library for video DVD navigation features
description: Libdvdnav is a library for developers of multimedia applications.
name: java-ngs
version: 2.9.3
outputs: out
systems: i686-linux x86_64-linux
dependencies: icedtea@3.7.0 ngs-sdk@2.9.3 perl@5.28.0
location: gnu/packages/bioinformatics.scm:5564:2
homepage: https://github.com/ncbi/ngs
license: Public Domain
synopsis: Java bindings for NGS SDK
description: NGS is a domain-specific API for accessing reads, alignments and
name: jamm version: 1.0.7.5 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: bash@4.4.23 coreutils@8.30 gawk@4.2.1 perl@5.28.0 r-mclust@5.4.3
name: hisat2
version: 2.0.5
outputs: out
systems: x86_64-linux i686-linux
dependencies: ghc-pandoc@2.2.1 perl@5.28.0 unzip@6.0
location: gnu/packages/bioinformatics.scm:3399:2
homepage: http://ccb.jhu.edu/software/hisat2/index.shtml
license: GPL 3+
synopsis: Graph-based alignment of genomic sequencing reads
description: HISAT2 is a fast and sensitive alignment program for mapping
name: go-github-com-gorhill-cronexpr
version: 0.0.0-0.f098431
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux
dependencies:
location: gnu/packages/golang.scm:1842:4
homepage: https://github.com/gorhill/cronexpr
license: GPL 3+, ASL 2.0
synopsis: Cron expression parser in the Go language
description: This package provides a cron expression parser in the Go
name: ghc-language-haskell-extract
version: 0.2.4
outputs: out
systems: x86_64-linux i686-linux
dependencies: ghc-regex-posix@0.95.2
location: gnu/packages/haskell.scm:8884:2
homepage: https://github.com/finnsson/template-helper
license: Modified BSD
synopsis: Haskell module to automatically extract functions from the local code
description: This package contains helper functions on top of Template
name: frescobaldi version: 3.0.0 outputs: out systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux dependencies: lilypond@2.19.80 poppler@0.72.0 portmidi@217 python-ly@0.9.5
name: fping
version: 4.2
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/networking.scm:662:2
homepage: https://fping.org/
license: Expat
synopsis: Send ICMP ECHO_REQUEST packets to network hosts
description: fping is a ping like program which uses the Internet Control
name: fortify-headers
version: 1.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/suckless.scm:560:2
homepage: https://git.2f30.org/fortify-headers/
license: ISC
synopsis: Standalone fortify-source implementation
description: This is a standalone implementation of fortify source. It
send()',
write()',name: flexbar
version: 3.4.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: pkg-config@0.29.2 seqan@2.4.0 tbb@2019_U6 zlib@1.2.11
location: gnu/packages/bioinformatics.scm:3020:2
homepage: https://github.com/seqan/flexbar
license: Modified BSD
synopsis: Barcode and adapter removal tool for sequencing platforms
description: Flexbar preprocesses high-throughput nucleotide sequencing data
name: fastx-toolkit
version: 0.0.14
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: libgtextutils@0.7 pkg-config@0.29.2
location: gnu/packages/bioinformatics.scm:2988:2
homepage: http://hannonlab.cshl.edu/fastx_toolkit/
license: AGPL 3+
synopsis: Tools for FASTA/FASTQ file preprocessing
description: The FASTX-Toolkit is a collection of command line tools for
name: emacs-org-tree-slide
version: 0.1-0.dff8f1a
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/emacs-xyz.scm:8955:4
homepage: https://github.com/takaxp/org-tree-slide
license: GPL 3+
synopsis: Presentation tool for org-mode
description: Org-tree-slide provides a slideshow mode to view org-mode files.
org-tree-slide-mode' to enter the slideshow mode, and then
C->' andname: emacs-ivy
version: 0.11.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: emacs-hydra@0.14.0 texinfo@6.5
location: gnu/packages/emacs-xyz.scm:4359:2
homepage: http://oremacs.com/swiper/
license: GPL 3+
synopsis: Incremental vertical completion for Emacs
description: This package provides `ivy-read' as an alternative to
ivy-next-line' and
ivy-previous-line'. The matching is done by splittingname: emacs-hl-todo
version: 3.0.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies:
location: gnu/packages/emacs-xyz.scm:4108:2
homepage: https://github.com/tarsius/hl-todo
license: GPL 3+
synopsis: Emacs mode to highlight TODO and similar keywords
description: This package provides an Emacs mode to highlight TODO and similar
name: efibootmgr
version: 16
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: efivar@37 pkg-config@0.29.2 popt@1.16
location: gnu/packages/linux.scm:4280:2
homepage: https://github.com/rhinstaller/efibootmgr
license: GPL 2+
synopsis: Modify the Extensible Firmware Interface (EFI) boot manager
description: `efibootmgr' is a user-space application to modify the Intel
name: cl-who
version: 1.1.4-1.2c08caa
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: cl-flexi-streams@1.0.16
location: gnu/packages/lisp.scm:4077:4
homepage: https://edicl.github.io/cl-who/
license: FreeBSD
synopsis: Yet another Lisp markup language
description: There are plenty of Lisp Markup Languages out there - every Lisp
name: bless version: 1p02 outputs: out systems: x86_64-linux dependencies: boost@1.69.0 openmpi@4.0.1 perl@5.28.0 pigz@2.4 sparsehash@2.0.3
name: bastet
version: 0.43.2
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: boost@1.69.0 hicolor-icon-theme@0.17 ncurses@6.1
location: gnu/packages/games.scm:329:2
homepage: http://fph.altervista.org/prog/bastet.html
license: GPL 3+
synopsis: Antagonistic Tetris-style falling brick game for text terminals
description: Bastet (short for Bastard Tetris) is a simple ncurses-based
name: ao
version: 1.2.0
outputs: out
systems: x86_64-linux i686-linux armhf-linux aarch64-linux mips64el-linux
dependencies: alsa-lib@1.1.8 pkg-config@0.29.2 pulseaudio@12.2
location: gnu/packages/xiph.scm:186:2
homepage: https://www.xiph.org/ao/
license: GPL 2+
synopsis: Cross platform audio library
description: Libao is a cross-platform audio library that allows programs to
guile: warning: failed to install locale
hint: Consider installing the glibc-utf8-locales' or
glibc-locales' package and
defining `GUIX_LOCPATH', along these lines:
guix package -i glibc-utf8-locales
export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
See the "Application Setup" section in the manual, for more info.
guix install: error: next: unknown package
OK, it's quite simple, you are running Guix 1.0.1 which is quite old now
and only knows sbcl-next
.
Simply update Guix with guix pull
.
Make sure you are running the updated version of guix: which guix
should return
$HOME/.config/guix/current/bin/guix
If which guix
return something else, make sure to source the above
profile from your .profile
or .bash_profile
:
GUIX_PROFILE=$HOME/.config/guix/current ; \ source $HOME/.config/guix/current/etc/profile
Then you'll be able to install the latest Next with
guix install next
You can run mostly anything in a container. This is an operation that mostly depends on your kernel, so you can do it with anything. For a variety of options, see:
Hello maintainers of Nyxt! I have created an experimental Flatpak for Nyxt based off the latest Ubuntu release that seems to work well. Maybe you'd like to adopt it and publish to Flathub?
I know you're very fond of Guix, but it actually doesn't work on every distribution, such as mine, Fedora Silverblue, because of its design around a read-only base filesystem. Flatpak also has the added benefit of proper sandboxing as @LoveIsGrief already mentioned, which is especially beneficial for an attack vector like a web browser.
If you're not interested, I will consider publishing it, if you don't mind.
because of its design around a read-only base filesystem
This is probably not the issue. The main issues are related to the kernel options or the graphics device driver. Don't hesitate to report the issue, we can help you out.
Flatpak does not solve everything either, and adds loads of more important problems, such as the lack of trust :p See https://guix.gnu.org/en/blog/2018/tarballs-the-ultimate-container-image-format/.
Also note that sandboxing works for the Guix pack.
I'm personally not interesting in maintaining the Flatpak as it would add to the maintenance burden. However, if you are interested, you're more than welcome, this would be very helpful for distributing Nyxt to more people I believe!
This is probably not the issue. The main issues are related to the kernel options or the graphics device driver. Don't hesitate to report the issue, we can help you out.
I realize I misread the instructions and was assuming an installation to /usr/local
, not ./usr/local
. Of course, this way nyxt works well on my machine.
Also note that sandboxing works for the Guix pack.
However about the sandboxing aspect, now nyxt has access to my full filesystem which I just verified using file:///etc
, however when I use the Flatpak version, it only sees the sandbox /etc
. Same for D-BUS access, etc. How would this work with a Guix package?
Flatpak does not solve everything either, and adds loads of more important problems, such as the lack of trust :p See https://guix.gnu.org/en/blog/2018/tarballs-the-ultimate-container-image-format/.
And how does Flatpak solve or not solve the lack of trust problem in contrast to Guix? I can build all Flatpaks myself rather easily, just like Guix packs, I suppose.
I'm personally not interesting in maintaining the Flatpak as it would add to the maintenance burden. However, if you are interested, you're more than welcome, this would be very helpful for distributing Nyxt to more people I believe!
More than happy to help, love your work, keep it up!
Also note that sandboxing works for the Guix pack.
However about the sandboxing aspect, now nyxt has access to my full filesystem which I just verified using
file:///etc
, however when I use the Flatpak version, it only sees the sandbox/etc
. Same for D-BUS access, etc. How would this work with a Guix package?
The Guix pack is unrelated to sandboxing. If you want to create a sandbox, you must install Guix. Then you can run
guix shell --container --network nyxt ...
This is documented in https://github.com/atlas-engineer/nyxt/blob/master/documents/README.org#run-nyxt-in-a-security-sandbox.
And how does Flatpak solve or not solve the lack of trust problem in contrast to Guix? I can build all Flatpaks myself rather easily, just like Guix packs, I suppose.
Flatpak is not designed with reproducibility in mind as far as I'm aware. See the article I've linked. Distributing Flatpaks is very much like distributing a blackbox, you can't trust these because if you build it yourself, you won't get the same result so you can't know what's in the box.
In order to support more distros, it would be great to have one of the above. There's surely a way to publish those with a CI at every release. Hopefully it will reduce the size of the executable too since at the moment the archive is 300MB. That's pretty large for a browser.