Open AllienWorks opened 4 years ago
craigraw
commented
4 years ago Would like to, if only to have a single Linux release type, but the Java's packaging tool jpackage only supports .deb and .rpm at this time. That said I don't think it would be too hard to get the application image into AppImage format.
Will look into this in a future release.
monperrus
commented
3 years ago Yes, I also need to run sparrow on a machine on which I'm not root.
A standalone build of sparrow for Linux would be awesome.
craigraw
commented
3 years ago Sparrow v0.9.8 has been released with a Linux standalone build. It's not a Flatpak or AppImage, but just a tar.gz of the binary and associated libraries.
Does this work?
monperrus
commented
3 years ago Yes, it works, thanks a lot. Had to chmod 755 bin/Sparrow first.
AllienWorks
commented
3 years ago Yep, I can confirm. After chmodding the binary, it runs fine. Thanks much @craigraw!
craigraw
commented
3 years ago Thanks for the feedback! I'll still look into an AppImage in future.
6102bitcoin
commented
3 years ago Outstanding Action: Add AppImage release Proposed Priority: Low
mariaa144
commented
1 year ago Sparrow v0.9.8 has been released with a Linux standalone build. It's not a Flatpak or AppImage, but just a tar.gz of the binary and associated libraries.
Does this work?
The binary doesn't work for NixOS users. NixOS does have a package for Sparrow but it sometimes has broken features such as the border wallet not working currently. An Appimage or Flatpak would be a nice addition.
ademar111190
commented
1 year ago There is an official SDK Extension for OpenJDK 20 on flathub repo; I believe that can help a flatpak support effort.
craigraw
commented
1 year ago Thanks - Sparrow already uses jlink to package a minimized JRE, so this shouldn't be necessary. It's effectively a binary application.
storopoli
commented
9 months ago Is this legit? It has the verified icon in Flathub: https://flathub.org/apps/io.github.Strozer2002.sparrow
RequestPrivacy
commented
9 months ago Is this legit?
I don't think so, the question is can something be done against this?
monperrus
commented
9 months ago a compromised version through a package manager? (remember the Ledger attack on the Microsoft store https://www.hackread.com/fake-ledger-app-microsoft-app-store-crypto-funds/)
craigraw
commented
9 months ago Definitely not legit, and probably malware.
The download size, version number and app architecture (appears to be a flutter app) are all dramatically different.
I have reported to flathub@lists.freedesktop.org. I would appreciate any help in getting this removed.
craigraw
commented
9 months ago Have also reported the actual application at https://github.com/Strozer2002/sparrow-linux/ to Github.
xmready
commented
3 months ago @craigraw I would seriously recommend having a verified flatpak version on flathub. There are multiple pros for this:
craigraw
commented
3 months ago @xmready The problem with supporting flathub (or another app store like snap store, winget or the mac app store) is that it broadens the distribution attack vector. Right now, the only source for Sparrow binaries is Github. These binaries are independently watched by https://binarywatch.org. The security model for app stores is generally more complicated, and they don't usually have robust independent monitoring of binaries afaik.
xmready
commented
1 month ago @xmready The problem with supporting flathub (or another app store like snap store, winget or the mac app store) is that it broadens the distribution attack vector. Right now, the only source for Sparrow binaries is Github. These binaries are independently watched by https://binarywatch.org. The security model for app stores is generally more complicated, and they don't usually have robust independent monitoring of binaries afaik.
My understanding is that a verified Flatpak submission on Flathub comes from a GitHub PR made by the original developer, aka you. The Flatpak is built using your project's repo. Are you saying that the resulting build can't be verified?
ziqiq
commented
1 month ago I created a Flatpak manifest file and installed it on Fedora 40/GNOME/X11
How to reproduce:
flatpak-builder
dnf install flatpak-builderflatpak-builder --force-clean --user --install-deps-from=flathub --repo=repo --install builddir com.sparrowwallet.Sparrow.ymlThis will create two directories:
builddir, the actual files built for the Flatpak apprepo, a local Flatpak repo where the app published toflatpak build-bundle repo sparrow-1.9.1-x86_64.flatpak com.sparrowwallet.Sparrow 1.9.1 --runtime-repo=https://flathub.org/repo/flathub.flatpakrepoThis will create a single-file Flatpak bundle sparrow-1.9.1-x86_64.flatpak
See the Flatpak build guide for detail.
Note:
~/.var/app/com.sparrowwallet.Sparrow/.sparrow. You might want to copy the existing data file from ~/.sparrow into it (or create a symbolic link). ziqiq
commented
1 month ago Some other FYIs:
flatpak-builder itself is also available on Flathub as a Flatpak app, so if you are not comfortable with installing additional rpm/deb package to build the manifest, or don't have root permission, you could:flatpak install --user org.flatpak.Builder
alias flatpak-builder='flatpak run org.flatpak.Builder'--repo=repo. Also, usually most environment should have the base Freedesktop runtime, so I think most end user might just run this to install Sparrow as Flatpak:flatpak-builder --user --install builddir com.sparrowwallet.Sparrow.ymlAre you saying that the resulting build can't be verified?
@xmready No, please read my reply again.
First of all, based on the site, Sparrow looks really cool! Can't wait to test it out.
However, not all Linux distros support DEB/RPM packages – do you have any plans to releasing also via Flatpak or AppImage (which are both quite universal Linux packages)?